Solaris 10 What's New

Chapter 6 What's New in the Solaris 10 11/06 Release

This chapter summarizes all the new features in the Solaris 10 11/06 release.

System Administration Enhancements

The following system administration features and enhancements have been added to the Solaris 10 11/06 release.

Storage Networking Industry Association Multipath Management API Support

This feature provides Sun's implementation of the Storage Networking Industry Association (SNIA) Multipath Management API(MP API). The support includes the following:

The MP API common library exports the defined set of standard interfaces. The plug-in library for the scsi_vhci driver enables scsi_vhci multipathing devices to be administered through MP API and its associated CLI, mpathadm.

The SNIA MP API defines standard interfaces for multipathing discovery and administration which enables multipathing management applications to use the common set of APIs across vendor-unique multipathing solutions on Solaris. Sun is supplying a plug-in library that enables Solaris native multipathing solution to be managed through the API and associated CLI.

Sun Java Web Console Changes

The Sun JavaTM Web Console provides a common location for users to work with web-based management applications. Users access the console by logging in through an HTTPS port, using one of several supported web browsers. The single entry point that is provided by the console eliminates having to learn URLs for multiple applications. The console provides authentication and authorization services for all applications that are registered with the console.

All console-based applications conform to the same user interface guidelines. The Sun Java Web Console also provides auditing and logging services for all registered applications.

The Solaris ZFS Administration tool is a console application that is provided beginning with the Solaris 10 6/06 release. For more information about using the Solaris ZFS web-based management tool, see Solaris ZFS Administration Guide.

Starting with the Solaris 10 11/06 release, the Sun Java Web Console includes the following changes:

For more information, see “Working With the Sun Java Web Console (Tasks)” in System Administration Guide: Basic Administration.

File-System Monitoring Tool

This file system enhancement is new in the Solaris 10 11/06 release.

A new file-system monitoring tool, fsstat, is available to report file-system operations. Activity can be reported by mount point or by file-system type.

For more information, see the fsstat(1M) man page.

System Resource Enhancements

The following system resource features and enhancements have been added to the Solaris 10 11/06 release.

Resource Management Features

The following resource management features and enhancements have been added to the Solaris 10 11/06 release.

Resource Pools Facility Service FMRIs

Resource pools and dynamic resource pools have been integrated into the Solaris service management facility (SMF). Dynamic resource pools are now enabled separately of the resource pools service.

The dynamic resource pools service fault management resource identifier (FMRI) is svc:/system/pools/dynamic. The resource pools service FMRI is svc:/system/pools.

The enabling and disabling mechanisms through pooladm(1M) are still available.

Note –

When a system is upgraded, if a /etc/pooladm.conf file exists, the configuration contained in the file is applied to the system.

For more information, see:

Solaris Zones Features

The following Solaris zones features and enhancements have been added to the Solaris 10 11/06 release.

Solaris Zones Renaming Feature

The zone name is now an attribute that can be set through the zonecfg command. Only zones in the configured or installed states can be renamed.

For information about zones configuration and zone states, see:

Zones Move and Clone Features

Two new subcommands, move and clone, have been added to the zoneadm command. You can now do the following:

For more information, see:

Migrating a Non-Global Zone From One Machine to Another

The zonecfg and zoneadm commands have been modified to enable you to migrate a non-global zone from one system to another. The procedure used detaches a halted zone from its current location, and attaches the zone at a new location. The global zone on the target system must be running the following:

The zone detach process creates the information necessary to attach the zone on a different system. The zone attach process verifies that the new machine has the correct configuration to host the zone. You can make the zonepath available on the new host in several ways. Therefore, the actual movement of the zonepath from one system to another is a manual process that is performed by the zone administrator.

When attached to the new system, the zone is in the installed state.

For more information, see:

Configurable Privileges for Non-Global Zones

The limitpriv property of the zonecfg command can be used to specify the set of privileges that processes are limited to in a non-global zone.

You can do the following:

For more information about configuring privileges for zones and zone privilege restrictions, see:

Note –

Note the following:

Logical Domains Features

The following logical domains features and enhancements have been added to the Solaris 10 11/06 release.

Logical Domains (LDoms) 1.0 Software

The Logical Domains (LDoms) 1.0 software enables system administrators to create and manage logical domains. This software provides multiple software partition support and the following features for Sun4v-based platforms:

In addition to the Solaris 10 11/06 OS, a minimum level of system firmware 6.4 and Logical Domains Manager 1.0 software is required to have Logical Domains functionality.

Security Enhancements

The following security features and enhancements have been added to the Solaris 10 11/06 release.

Solaris Trusted Extensions

The Solaris Trusted Extensions software provides multilevel security for the Solaris OS, including mandatory access control for the following:

The Solaris Trusted Extensions software also provides tools for the following actions:

The Solaris Trusted Extensions feature enables you to define your data access policies to control information in a flexible but highly secure manner. Solaris Trusted Extensions can be used as a configuration option for the Solaris OS.

For more information about Solaris Trusted Extensions,

Solaris Trusted Extensions for Printing

The Solaris Trusted Extensions for printing feature enables the following features:

Solaris Trusted Extensions File-System Labeling

Starting with this release, files and directories are labeled by the zone or host that exports them. The mount policy is restricted to prevent writing down.

Device Management Enhancements

The following device management features and enhancements have been added to the Solaris 10 11/06 release.

Support for PCI Express (PCIe)

This Solaris release provides support for the PCI Express (PCIe) interconnect for both SPARC and x86 systems.

PCIe is designed to connect peripheral devices to desktop, enterprise, mobile, communication, and embedded applications.

The PCIe interconnect is an industry-standard, high-performance, serial I/O bus.

The PCIe software provides the following features in this Solaris release:

The following cfgadm example output displays the hot-pluggable PCIe devices on x86 systems. Note that the following display might differ from platform to platform. Check your hardware platform guide for the correct cfgadm syntax.

# cfgadm pci
Ap_Id                          Type         Receptacle   Occupant     Condition
pcie1                          unknown      empty        unconfigured unknown
pcie2                          unknown      empty        unconfigured unknown
pcie3                          unknown      empty        unconfigured unknown
pcie4                          etherne/hp   connected    configured   ok
pcie5                          pci-pci/hp   connected    configured   ok
pcie6                          unknown      disconnected unconfigured unknown

The administrative model for hot-plugging PCIe peripherals is the same as for PCI peripherals, which use the cfgadm command.

For more information, see the cfgadm_pci(1M) man page and System Administration Guide: Devices and File Systems. Check your hardware platform guide to ensure that PCIe and PCIe hot-plug support is provided on your system. In addition, carefully review the instructions for physically inserting or removing adapters on your system and the semantics of device autoconfiguration, if applicable.

For more information about PCIe technology, see

x86: Sun Fire X4500 SATA Disk FMA

A new Fault Management Architecture-based diagnosis engine (DE) is provided on the Sun Fire X4500. This DE monitors the disk drives for predictive failures by using the SMART technology in the disk drive's own firmware. When a disk failure is imminent, the LED next to the disk is illuminated and a Fault Management Architecture fault is generated. This fault alerts the administrator to take specific action to ensure system availability and full performance.

SPARC: Transitioning SPARC-Based Systems From Ipge to E1000g Network Drivers

Ipge drivers are used in Ontario and other SPARC platforms that have the NorthStar card installed. E1000g drivers are used in all other platforms.

Starting with this release, Ontario and other SPARC based platforms transition from ipge to e1000g drivers. This feature makes the e1000g the default driver for all Sun platforms that use Intel 1G chipsets. With the transition, the customer does not need to know which platform the ipge or the e1000g driver covers or which driver to install in a particular platform. This feature reduces system management complexity.

For more information, see “Certain 3rd Party Applications May Break on Transition From ipge to e1000g Network Driver” on

Solaris Fibre Channel Host-Based Logical Unit Number Masking

The Solaris fibre channel logical unit number (LUN) masking feature enables system administrators to prevent the kernel from creating device nodes for specific unapproved LUNs.

For more information, see the fp(7d) man page.

SPARC: Extended Message Signaled Interrupt Support for Fire-Based Platforms

Extended Message Signaled Interrupts (MSI-X) are an enhanced version of MSI interrupts. With MSI-X support, device driver writers have a choice between MSI and MSI-X interrupts. MSI-X interrupts are now supported on SPARC PCI-Express platforms (Ultra 45 and Sun Fire T2000). The Sun Fire T2000 might also include the Sun Fire T1000 machine.

A new mdb/kmdb debugger command, ::interrupts, is also provided to retrieve a device's registered interrupt information on supported SPARC and x86 systems.

For more information, see “Interrupt Handlers” in Writing Device Drivers.

Improved Device in Use Error Checking

The following utilities have been enhanced to detect when a specified device is in use:

These enhancements mean that these utilities might detect some of the following usage scenarios:

For example, if you attempt to use the format utility to access an active device, you will see a message similar to the following:

# format
Specify disk (enter its number): 1
selecting c0t1d0
[disk formatted]
Warning: Current Disk has mounted partitions.
/dev/dsk/c0t1d0s0 is currently mounted on /. Please see umount(1M).
/dev/dsk/c0t1d0s1 is currently used by swap. Please see swap(1M).

However, these utilities do not detect all scenarios in the same way. For example, you can use the newfs command to create a new file system on a device in a live upgrade configuration. You cannot use the newfs command to create a new file system on a device that is part of a live upgrade configuration if it also has a mounted file system.

Desktop Enhancements

The following desktop features and enhancements have been added to the Solaris 10 11/06 release.

Default Desktop Session in dtlogin

Starting with this release, when a user logs in to the Solaris Desktop for the first time, Sun Java Desktop System (Java DS) is the default desktop environment instead of the Common Desktop Environment (CDE). Java DS has also become the default environment for users who chose a desktop environment on an earlier Solaris release that is no longer present in this Solaris release, such as OpenWindowsTM or GNOME 2.0.

System administrators can modify the dtlogin configuration to override the default choices by using the defaultDt and fallbackDt resources.

For more information about defaultDt and fallbackDt resources, see the dtlogin(1M) man page.

Adobe Flash Player Plugin for Solaris

The Adobe Flash Player, formerly known as Macromedia Flash Player is the standard for delivering high-impact and rich web content. Designs, animation, and application user interfaces are deployed immediately across all browsers and platforms, attracting and engaging users with a rich web experience.

GNOME-VFS and Nautilus ACL Support

Starting with this release, ACL support has been added to GNOME-VFS and Nautilus. The GNOME file manager now enables the file system access control lists to be accessed and modified. The GNOME-VFS and Nautilus ACL support feature brings an existing file system functionality to the desktop.

Solaris Trusted Extensions Desktops

Labeled security has been extended to the two desktop interfaces in the Solaris 10 11/06 release. Users have access to both Trusted Java Desktop System (Trusted Java DS) and Trusted Common Desktop Environment (Trusted CDE) which include the following features:

Installation Enhancements

The following installation features and enhancements have been added to the Solaris 10 11/06 release.

Solaris Flash Archives

This Solaris Flash enhancement enables a user to create an archive that includes large files. The flarcreate command creates a Solaris Flash archive that can contain individual files of 4 Gbytes or more. The available archive utilities are as follows:

For more information, see the pax(1) and the cpio(1) man pages. See also the Solaris 10 Installation Guide: Solaris Flash Archives (Creation and Installation).

Secure By Default Network Profile

Starting with this release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a limited network profile by using a new service_profile keyword in the sysidcfg file.

If you choose to restrict network security during the initial installation, numerous services are fully disabled during the installation. Other services are still enabled, but these services are limited to local connections only. Solaris Secure Shell remains available for remote administrative access to the system.

With this limited networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.

The existing service configuration is not altered by an upgrade.

The network services can be easily reopened after installation by using the netservices open or by enabling individual services by using SMF commands.

For more information about this new security option, see the following references.

Table 6–1 Additional Security Information

Administer security for network services 

How to Create an SMF Profile in System Administration Guide: Basic Administration

Reopen network services after installation 

Revising Security Settings After Installation in Solaris 10 11/06 Installation Guide: Planning for Installation and Upgrade

Plan installation configuration 

Planning Network Security in Solaris 10 11/06 Installation Guide: Planning for Installation and Upgrade

Select restricted network security during a hands-on installation 

Chapter 2, Installing With the Solaris Installation Program (Tasks), in Solaris 10 Installation Guide: Basic Installations

Set up restricted network security for a JumpStart installations 

service_profile Keyword in Solaris 10 11/06 Installation Guide: Network-Based Installations

Installing Solaris Trusted Extensions

Solaris Trusted Extensions provides multilevel security for the Solaris OS. This feature enables you to control information in a flexible but highly secure manner. You can now enforce strict access controls to your data, based on data sensitivity, not just data ownership.

An installation that accesses Solaris Trusted Extensions differs from a standard installation. For a list of these installation differences and further information about Solaris Trusted Extensions, see Chapter 3, Installing Solaris Trusted Extensions Software (Tasks), in Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases.

For more information about Solaris Trusted Extensions, see the README file in the Solaris_10/ExtraValue/CoBundled/Trusted_Extensions directory. See also, Solaris Trusted Extensions.

System Performance Enhancements

The following system performance features and enhancements have been added to the Solaris 10 11/06 release.

SPARC: Watchdog Timer for Sun4V

This feature provides system wide watchdog timer functionality. The watchdog timer will be continually reset by the kernel. Failure to reset the timer by the kernel before it expires will result in the system getting reset.

Networking Enhancements

The following networking features and enhancements have been added to the Solaris 10 11/06 release.

Sun Java System Message Queue 3.7 Update 1

Message Queue (MQ) 3.7 Update 1 is a maintenance release for MQ 3.6. This release contains bug fixes as well as performance improvements which reduce disk write overhead for transacted messages.

New and Updated Drivers

The following drivers have been added or enhanced in the Solaris 10 11/06 release.

ST Driver Support for Quantum LTO-2 and LTO-3 Tape Drives

Starting with this release, there is ST driver support for Quantum LTO-2 and LTO-3 Tape Drives.

For more information about the ST driver, see the st man page.

CDB Length Capability

HBA drivers can enable target drivers to query the maximum supported CDB length by using scsi_ifgetcap. The target driver asks for the capability at attach time and if the HBA driver supports the capability, it returns the maximum length of the CDB in bytes. The target driver can then use this value to make decisions about which CDBs to use for that HBA.

Language Support

The following language support features and enhancements have been added to the Solaris 10 11/06 release.

IIIMF and Language Engines

The Internet Intranet Input Method Framework (IIIMF) has been upgraded from rev.10 to rev.12.

This framework provides the following new features:

Each language engine has also been upgraded to the IIIMF rev.12 base. The Japanese language engines, ATOK12 and Wnn6, have been updated to “ATOK for Solaris” and Wnn8 respectively. “ATOK for Solaris” is equivalent to ATOK17. A new Chinese chewing input method has also been added to the IIIMF.