This chapter summarizes all the new features in the Solaris 10 11/06 release.
The following system administration features and enhancements have been added to the Solaris 10 11/06 release.
This feature provides Sun's implementation of the Storage Networking Industry Association (SNIA) Multipath Management API(MP API). The support includes the following:
MP API common library
Plug-in library for Solaris native multipathing solution - MPxIO/scsi_vhci driver
mpathadm CLI
The MP API common library exports the defined set of standard interfaces. The plug-in library for the scsi_vhci driver enables scsi_vhci multipathing devices to be administered through MP API and its associated CLI, mpathadm.
The SNIA MP API defines standard interfaces for multipathing discovery and administration which enables multipathing management applications to use the common set of APIs across vendor-unique multipathing solutions on Solaris. Sun is supplying a plug-in library that enables Solaris native multipathing solution to be managed through the API and associated CLI.
The Sun JavaTM Web Console provides a common location for users to work with web-based management applications. Users access the console by logging in through an HTTPS port, using one of several supported web browsers. The single entry point that is provided by the console eliminates having to learn URLs for multiple applications. The console provides authentication and authorization services for all applications that are registered with the console.
All console-based applications conform to the same user interface guidelines. The Sun Java Web Console also provides auditing and logging services for all registered applications.
The Solaris ZFS Administration tool is a console application that is provided beginning with the Solaris 10 6/06 release. For more information about using the Solaris ZFS web-based management tool, see Solaris ZFS Administration Guide.
Starting with the Solaris 10 11/06 release, the Sun Java Web Console includes the following changes:
The console now supports applications that are based on the JavaServerTM Faces technology.
The console server is configured to run as a service that is managed by the Service Management Facility (SMF). SMF commands can now be used to manage the console web server by using the Fault Managed Resource Identifier (FMRI) “system/webconsole:console.” The smcwebserver command can also be used to start, stop, enable, and disable the console server, as in previous Solaris 10 releases.
For more information, see the smcwebserver(1M) man page.
A new command, wcadmin, is used to configure console properties. The command is also used to deploy and enable console applications that are written for the new version of the console. The smreg command, which was previously used to perform similar tasks, is now used only to register and unregister the applications that were developed for previous versions of the console.
For more information, see the smreg(1M) and wcadmin(1M) man pages.
For more information, see “Working With the Sun Java Web Console (Tasks)” in System Administration Guide: Basic Administration.
This file system enhancement is new in the Solaris 10 11/06 release.
A new file-system monitoring tool, fsstat, is available to report file-system operations. Activity can be reported by mount point or by file-system type.
For more information, see the fsstat(1M) man page.
The following system resource features and enhancements have been added to the Solaris 10 11/06 release.
The following resource management features and enhancements have been added to the Solaris 10 11/06 release.
Resource pools and dynamic resource pools have been integrated into the Solaris service management facility (SMF). Dynamic resource pools are now enabled separately of the resource pools service.
The dynamic resource pools service fault management resource identifier (FMRI) is svc:/system/pools/dynamic. The resource pools service FMRI is svc:/system/pools.
The enabling and disabling mechanisms through pooladm(1M) are still available.
When a system is upgraded, if a /etc/pooladm.conf file exists, the configuration contained in the file is applied to the system.
For more information, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
pooladm(1M) man page
poold(1M) man page
libpool(3LIB) man page
smf(5) man page
The following Solaris zones features and enhancements have been added to the Solaris 10 11/06 release.
The zone name is now an attribute that can be set through the zonecfg command. Only zones in the configured or installed states can be renamed.
For information about zones configuration and zone states, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
zonecfg(1M) man page
zones(5) man page
Two new subcommands, move and clone, have been added to the zoneadm command. You can now do the following:
Relocate a non-global zone from one point on a system to another point on the same system
Rapidly provision a new non-global zone based on the configuration of an existing zone on the same system
For more information, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
zoneadm(1M) man page
The zonecfg and zoneadm commands have been modified to enable you to migrate a non-global zone from one system to another. The procedure used detaches a halted zone from its current location, and attaches the zone at a new location. The global zone on the target system must be running the following:
The same release as the original host
The same versions of operating system packages and patches as the original host
The zone detach process creates the information necessary to attach the zone on a different system. The zone attach process verifies that the new machine has the correct configuration to host the zone. You can make the zonepath available on the new host in several ways. Therefore, the actual movement of the zonepath from one system to another is a manual process that is performed by the zone administrator.
When attached to the new system, the zone is in the installed state.
For more information, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
zonecfg(1M) man page
zoneadm(1M) man page
The limitpriv property of the zonecfg command can be used to specify the set of privileges that processes are limited to in a non-global zone.
You can do the following:
Augment the default set of privileges with the understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource
Create a zone with fewer privileges than the default, safe set
For more information about configuring privileges for zones and zone privilege restrictions, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
zonecfg(1M) man page
Note the following:
Non-global zones are still booted with the standard set of safe privileges by default.
One set of privileges cannot be removed from the zone's privilege set, and another set of privileges cannot be included in the zone's privilege set
The following logical domains features and enhancements have been added to the Solaris 10 11/06 release.
The Logical Domains (LDoms) 1.0 software enables system administrators to create and manage logical domains. This software provides multiple software partition support and the following features for Sun4v-based platforms:
Software upgrade to UltraSPARC T1 systems (Solaris 10 11/06 and firmware upgrade)
Up to 32 logical domains per system, managed by a CLI, the Logical Domains (LDoms) Manager 1.0 software, which is a separate download
Each guest domain can be created, destroyed, reconfigured, and rebooted independently
Virtual console, Ethernet, disk, and cryptographic acceleration
Live dynamic reconfiguration of virtual CPUs
Fault management architecture (FMA) diagnosis for each logical domain
In addition to the Solaris 10 11/06 OS, a minimum level of system firmware 6.4 and Logical Domains Manager 1.0 software is required to have Logical Domains functionality.
The following security features and enhancements have been added to the Solaris 10 11/06 release.
The Solaris Trusted Extensions software provides multilevel security for the Solaris OS, including mandatory access control for the following:
Files
File systems
Processes
Removable devices
Networking
Desktop environments
Printing
The Solaris Trusted Extensions software also provides tools for the following actions:
Defining policies
Setting up sensitivity labels
Performing trusted system management
The Solaris Trusted Extensions feature enables you to define your data access policies to control information in a flexible but highly secure manner. Solaris Trusted Extensions can be used as a configuration option for the Solaris OS.
For more information about Solaris Trusted Extensions, http://www.sun.com/smi/Press/sunflash/2006-02/sunflash.20060214.3.xml.
The Solaris Trusted Extensions for printing feature enables the following features:
Restricted output to printers by label ranges
Specially labeled banner and trailer pages
Specially labeled headers and footers
Starting with this release, files and directories are labeled by the zone or host that exports them. The mount policy is restricted to prevent writing down.
The following device management features and enhancements have been added to the Solaris 10 11/06 release.
This Solaris release provides support for the PCI Express (PCIe) interconnect for both SPARC and x86 systems.
PCIe is designed to connect peripheral devices to desktop, enterprise, mobile, communication, and embedded applications.
The PCIe interconnect is an industry-standard, high-performance, serial I/O bus.
The PCIe software provides the following features in this Solaris release:
Support for extended PCIe configuration space
Support for PCIe baseline error handling and MSI interrupts
Modified IEEE-1275 properties for PCIe devices
PCIe hot-plug support (both native and ACPI-based) by enhancing the cfgadm_pci component of the cfgadm command
ATTN button usage-based PCIe peripheral autoconfiguration
The following cfgadm example output displays the hot-pluggable PCIe devices on x86 systems. Note that the following display might differ from platform to platform. Check your hardware platform guide for the correct cfgadm syntax.
# cfgadm pci Ap_Id Type Receptacle Occupant Condition pcie1 unknown empty unconfigured unknown pcie2 unknown empty unconfigured unknown pcie3 unknown empty unconfigured unknown pcie4 etherne/hp connected configured ok pcie5 pci-pci/hp connected configured ok pcie6 unknown disconnected unconfigured unknown |
The administrative model for hot-plugging PCIe peripherals is the same as for PCI peripherals, which use the cfgadm command.
For more information, see the cfgadm_pci(1M) man page and System Administration Guide: Devices and File Systems. Check your hardware platform guide to ensure that PCIe and PCIe hot-plug support is provided on your system. In addition, carefully review the instructions for physically inserting or removing adapters on your system and the semantics of device autoconfiguration, if applicable.
For more information about PCIe technology, see http://www.pcisig.com.
A new Fault Management Architecture-based diagnosis engine (DE) is provided on the Sun Fire X4500. This DE monitors the disk drives for predictive failures by using the SMART technology in the disk drive's own firmware. When a disk failure is imminent, the LED next to the disk is illuminated and a Fault Management Architecture fault is generated. This fault alerts the administrator to take specific action to ensure system availability and full performance.
Ipge drivers are used in Ontario and other SPARC platforms that have the NorthStar card installed. E1000g drivers are used in all other platforms.
Starting with this release, Ontario and other SPARC based platforms transition from ipge to e1000g drivers. This feature makes the e1000g the default driver for all Sun platforms that use Intel 1G chipsets. With the transition, the customer does not need to know which platform the ipge or the e1000g driver covers or which driver to install in a particular platform. This feature reduces system management complexity.
For more information, see “Certain 3rd Party Applications May Break on Transition From ipge to e1000g Network Driver” on http://sunsolve.sun.com/.
The Solaris fibre channel logical unit number (LUN) masking feature enables system administrators to prevent the kernel from creating device nodes for specific unapproved LUNs.
For more information, see the fp(7d) man page.
Extended Message Signaled Interrupts (MSI-X) are an enhanced version of MSI interrupts. With MSI-X support, device driver writers have a choice between MSI and MSI-X interrupts. MSI-X interrupts are now supported on SPARC PCI-Express platforms (Ultra 45 and Sun Fire T2000). The Sun Fire T2000 might also include the Sun Fire T1000 machine.
A new mdb/kmdb debugger command, ::interrupts, is also provided to retrieve a device's registered interrupt information on supported SPARC and x86 systems.
For more information, see “Interrupt Handlers” in Writing Device Drivers.
The following utilities have been enhanced to detect when a specified device is in use:
dumpadm
format
mkfs and newfs
swap
These enhancements mean that these utilities might detect some of the following usage scenarios:
Device is part of a ZFS storage pool
Device is a dump or swap device
Mounted file system or an entry for the device exists in the /etc/vfstab file
Device is part of a live upgrade configuration
Device is part of a Solaris Volume Manager configuration or Veritas Volume Manager configuration
For example, if you attempt to use the format utility to access an active device, you will see a message similar to the following:
# format . . . Specify disk (enter its number): 1 selecting c0t1d0 [disk formatted] Warning: Current Disk has mounted partitions. /dev/dsk/c0t1d0s0 is currently mounted on /. Please see umount(1M). /dev/dsk/c0t1d0s1 is currently used by swap. Please see swap(1M). |
However, these utilities do not detect all scenarios in the same way. For example, you can use the newfs command to create a new file system on a device in a live upgrade configuration. You cannot use the newfs command to create a new file system on a device that is part of a live upgrade configuration if it also has a mounted file system.
The following desktop features and enhancements have been added to the Solaris 10 11/06 release.
Starting with this release, when a user logs in to the Solaris Desktop for the first time, Sun Java Desktop System (Java DS) is the default desktop environment instead of the Common Desktop Environment (CDE). Java DS has also become the default environment for users who chose a desktop environment on an earlier Solaris release that is no longer present in this Solaris release, such as OpenWindowsTM or GNOME 2.0.
System administrators can modify the dtlogin configuration to override the default choices by using the defaultDt and fallbackDt resources.
For more information about defaultDt and fallbackDt resources, see the dtlogin(1M) man page.
The Adobe Flash Player, formerly known as Macromedia Flash Player is the standard for delivering high-impact and rich web content. Designs, animation, and application user interfaces are deployed immediately across all browsers and platforms, attracting and engaging users with a rich web experience.
Starting with this release, ACL support has been added to GNOME-VFS and Nautilus. The GNOME file manager now enables the file system access control lists to be accessed and modified. The GNOME-VFS and Nautilus ACL support feature brings an existing file system functionality to the desktop.
Labeled security has been extended to the two desktop interfaces in the Solaris 10 11/06 release. Users have access to both Trusted Java Desktop System (Trusted Java DS) and Trusted Common Desktop Environment (Trusted CDE) which include the following features:
Multilevel sessions to enable users to access the data that they are authorized to see without compromising security
Trusted path verification for to assure that the user session is not being hijacked
Labeled windows to display the label of a window or a document
Drag-and-drop security enforcement to ensure data movement is controlled and users are informed about security violations
Labeled device allocation for CD-ROM, DVD, audio, and other devices to limit the transfer of sensitive data to insecure devices
Secured remote access to multilevel sessions and single level sessions from other systems
The following installation features and enhancements have been added to the Solaris 10 11/06 release.
This Solaris Flash enhancement enables a user to create an archive that includes large files. The flarcreate command creates a Solaris Flash archive that can contain individual files of 4 Gbytes or more. The available archive utilities are as follows:
The cpio archive utility is the default. Individual files cannot be larger than 2 or 4 Gbytes The size limitation depends on the version of cpio used.
The portable archive interchange utility, pax, is started with the -L pax option. If the -L pax option is specified, the archive can be created without size limitations on individual files. The pax utility was included in the Solaris 7 OS release. The Solaris Flash archives created by using the pax utility can only be deployed on a Solaris OS with a pax utility. When a user deploys the archive on systems that are running the Solaris 2.6 or earlier versions, the user must use the cpio option.
For more information, see the pax(1) and the cpio(1) man pages. See also the Solaris 10 Installation Guide: Solaris Flash Archives (Creation and Installation).
Starting with this release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a limited network profile by using a new service_profile keyword in the sysidcfg file.
If you choose to restrict network security during the initial installation, numerous services are fully disabled during the installation. Other services are still enabled, but these services are limited to local connections only. Solaris Secure Shell remains available for remote administrative access to the system.
With this limited networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.
The existing service configuration is not altered by an upgrade.
The network services can be easily reopened after installation by using the netservices open or by enabling individual services by using SMF commands.
For more information about this new security option, see the following references.
Table 6–1 Additional Security Information
Administer security for network services |
How to Create an SMF Profile in System Administration Guide: Basic Administration |
Reopen network services after installation | |
Plan installation configuration | |
Select restricted network security during a hands-on installation | |
Set up restricted network security for a JumpStart installations |
service_profile Keyword in Solaris 10 11/06 Installation Guide: Network-Based Installations |
Solaris Trusted Extensions provides multilevel security for the Solaris OS. This feature enables you to control information in a flexible but highly secure manner. You can now enforce strict access controls to your data, based on data sensitivity, not just data ownership.
An installation that accesses Solaris Trusted Extensions differs from a standard installation. For a list of these installation differences and further information about Solaris Trusted Extensions, see Chapter 3, Installing Solaris Trusted Extensions Software (Tasks), in Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases.
For more information about Solaris Trusted Extensions, see the README file in the Solaris_10/ExtraValue/CoBundled/Trusted_Extensions directory. See also, Solaris Trusted Extensions.
The following system performance features and enhancements have been added to the Solaris 10 11/06 release.
This feature provides system wide watchdog timer functionality. The watchdog timer will be continually reset by the kernel. Failure to reset the timer by the kernel before it expires will result in the system getting reset.
The following networking features and enhancements have been added to the Solaris 10 11/06 release.
Message Queue (MQ) 3.7 Update 1 is a maintenance release for MQ 3.6. This release contains bug fixes as well as performance improvements which reduce disk write overhead for transacted messages.
The following drivers have been added or enhanced in the Solaris 10 11/06 release.
Starting with this release, there is ST driver support for Quantum LTO-2 and LTO-3 Tape Drives.
For more information about the ST driver, see the st man page.
HBA drivers can enable target drivers to query the maximum supported CDB length by using scsi_ifgetcap. The target driver asks for the capability at attach time and if the HBA driver supports the capability, it returns the maximum length of the CDB in bytes. The target driver can then use this value to make decisions about which CDBs to use for that HBA.
The following language support features and enhancements have been added to the Solaris 10 11/06 release.
The Internet Intranet Input Method Framework (IIIMF) has been upgraded from rev.10 to rev.12.
This framework provides the following new features:
Input Method Switcher - This feature displays input method status and switches input languages. You can add the input method switcher to the Java Desktop System (Java DS) panel. Select Add to Panel -> Utility -> InputMethod Switcher to add the input method switcher to the Java DS panel.
Utility for iiim-properties - This feature supports various input method preferences. Use one of the following methods to start the iiim-properties utility:
Select Launch -> Preferences -> Desktop Preferences -> Input Methods.
Click mouse button 3 on the Input method switcher and select Preference.
In the CDE environment, select Tool -> Input Method Preference from the CDE main menu or type iiim-properties at the command prompt.
Each language engine has also been upgraded to the IIIMF rev.12 base. The Japanese language engines, ATOK12 and Wnn6, have been updated to “ATOK for Solaris” and Wnn8 respectively. “ATOK for Solaris” is equivalent to ATOK17. A new Chinese chewing input method has also been added to the IIIMF.