|
Sun Finally Gets Solaris 10 11/06 Update Out the Door
Published: January 16, 2007
by Timothy Prickett Morgan
It is the nature of the software business to have delays in product rollouts and their subsequent updates, and so it has been with the latest update to Sun Microsystems' 11/06 update for its Solaris 10 Unix variant. But the delay in the launch of the 11/06 update was, at about two months, not large by the rather poor benchmarks set by other operating system suppliers. Windows, AIX, and HP-UX, just to name three enterprise-class operating systems, have had delays that are measured in years.
In addition to getting the update out the door for the operating system, Sun is also today reworking its pricing for support for the Solaris 10 operating system, which is distributed freely as compiled code for X86 and X64 servers and which is bundled onto Sun's own Sun Fire server line, which includes various Sparc and Opteron machines. Sun is also announcing its intention to allow other server makers and systems integrators to pre-bundle Solaris 10 on their iron.
Throughout 2006, Sun had been pre-announcing many of the key features in the 11/06 Update, which was the second update to the software that was made last year. (The other was in March.) The two primary new features are the Solaris Trusted Extensions, a set of add-ons for Solaris 10 that lock it down for high-security environments, and Logical Domain logical partitions for servers that use the multicore "Niagara" Sparc T1 processors.
The Solaris Trusted Extensions have been years in the making, and will undoubtedly make customers in government departments, financial services, and the defense industry--who need the highest levels of security for their systems--want to upgrade from their Trusted Solaris 8 installations. During the Solaris 8 and Solaris 9 generations, which spanned from 2000 to 2005, Trusted Solaris 8 accounted for between 10 and 15 percent of Solaris shipments. This is a significant penetration. The reason why Trusted Solaris is popular is that it can restrict how information can be copied, moved, or printed inside applications running on Solaris; moreover, it tags files with different security levels and transparently restricts or provides access to files and their data based on the security profile of each individual user.
The extensions approach that Sun has taken with Solaris 10 is a big improvement over the ruggedized Solaris variants Sun has shipped in the past, which were essentially forks off the main Solaris tree and therefore products that had to have their own support structure and application certification that was separate from the stock Solaris shipping at the time. The forking was bad enough that there never was a Trusted Solaris 8 release, which means that ultra-secure Solaris boxes are running two generations and many updates behind.
While the Solaris 10 11/06 update is only two months late, the Trusted Solaris Extensions are 12 to 18 months late coming to market. In the wake of the Solaris 10 announcement in January 2005, Sun said that it had learned its lessons with the difficulties of keeping regular and trusted variants of Solaris in synch, and would instead embed a lot of features from Trusted Solaris into Solaris 10 itself and then extend standard Solaris with any other security features that should not be embedded in the core operating system. By doing it this way, any application certified to run on Solaris 10 would automatically be certified to run with the Trusted Solaris Extensions applied to the box. Apparently, this turned the rugged extensions into a software layer for Solaris 10 was more difficult that Sun had planned. Trusted Extensions were originally expected to be ready in mid- to late 2005, and then were pushed out to 2006, and are now coming to market in January 2007.
The LDom partitioning feature, which is only available on the Sparc T1 chips, allows that processor to be carved up into as many as 32 logical machines, each with their own instance of Solaris 10 running on them. The Niagara chips have electronic features that allow it to support Sun's own homegrown virtualization hypervisor, which can virtualize across the eight cores and four threads per core in the Niagara chips. These LDoms cannot be used on other Sparc chips, which do not have the virtualization electronics and which cannot run the hypervisor, and LDoms are similarly incompatible with the Opteron processor used in the "Galaxy" line of Sun Fire servers. Users of other Sparc servers will have to be content with dynamic domain hardware partitioning, and those using Sun's Opteron servers will have to use VMware's VMware Server or ESX Server hypervisors or wait until the open source Xen hypervisor from XenSource is cooked into Solaris itself--perhaps later this year, perhaps in the summer. The OpenSolaris project has a Xen integration effort underway, and Sun is only launching LDoms as a stop-gap measure because Xen itself is just now becoming ready for primetime. Some will say that Xen is not yet ready for the enterprise, and is being tweaked and changed so fast that operating system vendors such as Sun, Novell, and Red Hat cannot easily incorporate the product into the operating systems and platforms.
Solaris 10 does support another type of virtualization on Sparc machines--Solaris containers. These containers, which were available with the original Solaris 10 product, virtualize Solaris above the kernel and file system level, providing what looks like a separate instance of Solaris inside of a secure container. As far as applications know, each container is a whole Solaris-Sparc system, complete with separate users, passwords, network settings, and security.
According to Tom Goguen, vice president of marketing for Sun's operating platforms group, these Solaris containers have been tweaked in the 11/06 update so system administrators can clone, migrate, and rename containers and move them around a system. "We believe that the combination of containers and security allows Solaris to support Web servers and application servers in the most secure fashion possible," says Goguen.
As Sun has previously announced, the company is pursuing the Common Criteria's EAL4+ security rating on Solaris 10 11/06 both with and without the Trusted Extensions. Both Sparc and Opteron servers will be certified on these tests, which could take until the summer or fall to be fully tested. (Testing actually began in June 2006.) The plain vanilla Solaris 10 platform is being evaluated at the EAL4+ level for three different profiles: Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBACPP). Solaris 10 11/06 with Trusted Extensions is being evaluated for the LSPP.
"This will be the highest level of security ever attained by a commercial operating system," boasts Goguen.
As part of the 11/06 update, Goguen also wanted to talk about applications and boxes that are certified to on Solaris 10 for X86 and X64 platforms. By Sun's latest count, over 2,000 commercial applications have been certified on Solaris 10 for the chips made by Intel and Advanced Micro Devices. The official Sun application catalog shows 3,680 applications supported on Solaris 10 for Sparc platforms and 2,302 applications certified on X86/X64 processors, for a total of 4,364 unique applications across both hardware platforms. This is a considerably smaller number than the 12,000-strong application portfolio that Sun used to quite back in the late 1990s and early 2000s, and one suspects that back then, there was a lot of double counting across Solaris generations.
Sun also says that over 700 individual servers have been certified to run Solaris 10--including machines from rivals Hewlett-Packard, IBM, and Dell. Goguen says that the application and system certification count on Solaris 10 for X86/X64 platforms is now larger than that for Red Hat's Enterprise Linux 4 operating system for servers.
To help bolster that number further, Goguen said that Sun is working on a channel program that will allow system integrators and resellers to pre-install Solaris 10 on their boxes and--more importantly for them--to sell the Solaris technical support services that Sun is providing as a means of making money off the Solaris product. This program, called Ready for Resellers--is coming some time in 2007, and Goguen did not want to provide a more precise date.
Those support services, by the way, have been repriced compared to the pricing Sun announced at its Solaris 10 announcement almost two years ago. Back then, basic patch support cost $120 per CPU socket per year, with 9x5 business support costing $240 per socket per year and 24x7 support costing $360 per socket per year.
Under the new Solaris support pricing, Sun is offering five different plans, and these support contracts are based at the system level and they are more expensive. Back in 2005, Sun was trying to under-price Solaris compared to Linux, which was a smart tactic considering that Solaris was an underdog compared to Linux. But with over 6 million downloads of Solaris and as many certified applications and systems, Sun thinks it can charge more money for support. Specifically, the basic support contract provides 30 days of telephone support and one year of online support for $240 a year on a two-socket server. A standard 12x5 support contract--that's 12 hours a day, five business days a week--costs $720 on a two-socket machine. A premium 24x7 contract costs $1,080 on a two-socket box, and it offers mission-critical support for Solaris as well as any application that is running on Solaris. At the low end, developers are being offered a $49 annual email-based support contract, and enterprise customers are being offered a custom annual contract for their sites called the Solaris Everywhere plan. Under this plan, Sun stops counting boxes, and it only makes sense for customers who have dozens or hundreds of machines--or more.
RELATED STORIES
Sun Ponders the Future of Virtualized Solaris
Sun Readies LDom Partitioning for Sparc T1 Servers
Solaris 10 with Trusted Extensions Readied for 11/06 Update
Sun Begins Common Criteria Testing for Solaris 10 and Trusted Extensions
Sun Previews Next Rev of Solaris 10
Sun Finally Delivers ZFS and Linux Containers
Sun Modifies Its Packaging of Trusted Solaris
 Post this story to del.icio.us
 Post this story to Digg
 Post this story to Slashdot
|
