Description |
---|
Solaris 9 Resource Manager Solaris 9 Resource Manager provides improvements to the management of system resources. The resource manager features enable system administrators to do the following:
The resource controls framework allows you to set constraints on the system resources that are consumed by processes and tasks. Tasks are collections of processes that are related to a single activity. Resource pools provide a way to partition system resources, such as processors, and maintain those partitions across reboots. A new fair share scheduler (FSS) has been added that allows the fine-grained sharing of CPU resources on a system. These features enhance your ability to manage how resources are allocated to applications in a server consolidation environment. In the Solaris 9 release, the full functionality is administered through a command-line interface. Performance monitoring and the setting of resource controls can also be done through the Solaris Management Console. For more information on resource management, see the System Administration Guide: Resource Management and Network Services |
New Fixed-Priority (FX) Scheduling Class The FX scheduler provides a scheduling policy for processes that require user or application control of scheduling priorities. The priorities of processes that run under FX are fixed. These priorities are not dynamically adjusted by the system. The FX class has the same priority range as the TS, IA, and FSS classes. For more information on the FX scheduler, see the Programming Interfaces Guide and the Multithreaded Programming Guide. Also see the priocntl(1) and dispadmin(1M) man pages. For restrictions on using the FX and FSS schedulers on the same system, see "Fair Share Scheduler" in System Administration Guide: Resource Management and Network Services. |
New Display Options for the df, du, and ls Commands The df, du, and ls -l commands have a new -h option. This option displays disk usage and file or file system sizes in powers of 1024. This display simplifies interpretation of the output of the df, du, and ls -l commands. The -h option provides disk space in Kbytes, Mbytes, Gbytes, or Tbytes if the file or directory size is larger than 1024 bytes. See the df(1M), du(1), and ls(1) man pages for further information. |
Improved Process Debugging With the pargs and preap Commands Two new commands, pargs and preap, improve process debugging. Use the pargs command to print the arguments and environment variables that are associated with a live process or a core file. Use the preap command to remove zombie processes. See the preap(1) man page and the proc(1) man page for information on using these commands. |
Feature Description |
---|
Sun ONE Directory Server The Solaris 9 release provides an integrated version of the Sun ONE Directory Server (formerly iPlanet Directory Server ). This server is a Lightweight Directory Access Protocol (LDAP) directory server. The Sun ONE Directory Server is a powerful, distributed directory server that is designed to manage an enterprise-wide directory of users and resources. This scalable directory service can be used for intranet applications, extranets with trading partners, and e-commerce applications to reach customers over the Internet. The Directory Server is managed through the Sun ONE Console, the graphical user interface that is provided with the Sun ONE Directory Server. Administrators use the Console to grant access rights, manage databases, configure the directory, and replicate the data to multiple directory servers. Users access the data through any LDAP-enabled client application, such as applications that were developed with the Sun ONE Software Developers Kits (SDKs) for C and the Java programming language. Configuration for setup of the Sun ONE Directory Server has been simplified by using idsconfig. Server and client configuration information is available in the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). See also the iPlanet Directory Server 5.1 Collection (Solaris Edition) at http://docs.sun.com. This collection includes the following books:
The Sun ONE Directory Server 5.1 is integrated in the Solaris 9 release. For licensing terms, refer to the binary code license. Note - The following name changes have been made for features in the Sun Open Net Environment (Sun ONE):
|
Naming Service Support for Lightweight Directory Access Protocol (LDAP) Naming service support has been enhanced in the Solaris 9 release. Changes include the following:
For information on security features in the Solaris 9 release, including the Secure LDAP Client, see Security Enhancements. For further information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). |
NIS+-to-LDAP Migration Tools The Solaris 9 release announces end-of-software-support for NIS+ and the move to the LDAP-based naming environment. This release includes migration tools to use for migrating from NIS+ to LDAP. For more information on the NIS+ announcement, refer to the following Web site: http://www.sun.com/directory/nisplus/transition.html A detailed discussion of how to migrate from the NIS+ naming service to LDAP is included in the System Administration Guide: Naming and Directory Services (FNS and NIS+). Note - In the Solaris 9 9/02 Update release, this "Transitioning From NIS+ to LDAP" appendix moved to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). |
IP Security Architecture for IPv6 The IPsec security framework has been enhanced in the Solaris 9 release to enable secure IPv6 datagrams between machines. For the Solaris 9 release, only the use of manual keys is supported when using IPsec for IPv6. Note - The IPsec security framework for IPv4 was introduced in the Solaris 8 release. The Internet Key Exchange (IKE) Protocol is available for IPv4. For further information, see "IPsec (Overview)" in System Administration Guide: IP Services. |
Enhanced inetd Command The inetd networking command has been enhanced to support the monitoring and filtering of incoming requests for network services. The server can be configured to log the client host name of incoming requests and thus enhance network security. The inetd command uses the same mechanism that is used by the Tcp-wrappers 7.6 utility. For information about Tcp-wrappers 7.6, see Freeware. For further information, see the inetd(1M), hosts_access(4), and hosts_options(4) man pages. |
Solaris FTP Client The Solaris FTP client has been enhanced to include support for the following:
For information on the ftp command, see the ftp(1) man page. |
Trivial File Transfer Protocols (TFTP) Enhancements The Solaris TFTP client and server have been enhanced to support TFTP option extensions, negotiations of the blocksize, time-out interval, and transfer size. For further information, see the tftp(1) and in.tftpd(1M) man pages. See also the RFCs 2347, 2348, and 2349. |
Support for IPv6 Over ATM Support for using IPv6 over Asynchronous Transfer Mode (ATM) networks as specified by RFC 2492 has been introduced in the Solaris 9 release. For further information, see the System Administration Guide: IP Services. |
Enhanced snoop Packet Capture The snoop packet capture and display tool has been enhanced to decode and filter both AppleTalk and SCTP packets. See the snoop(1M) man page for further information on this command. |
Solaris PPP 4.0 Solaris PPP 4.0 enables a system in one location to communicate over telephone lines or leased communications media with a system at a remote location. This implementation of the Point-to-Point Protocol (PPP) is based on the widely used Australian National University (ANU) PPP. Solaris PPP 4.0 is entirely new for the Solaris operating environment. PPP 4.0 is easily configured through a set of files. PPP 4.0 supports synchronous communications and asynchronous communications. PPP 4.0 provides Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP) authentication. Because Solaris PPP 4.0 is highly configurable, customers can easily tailor PPP to fit their remote communications needs. Also provided is the asppp2pppd conversion script for migrating from the earlier Solaris PPP (asppp) to Solaris PPP 4.0. PPP 4.0 now includes the PPPoE feature, which enables the use of tunneling with PPP. Support for PPPoE was introduced in the Solaris 8 10/01 release. For further information, see the PPP section in the System Administration Guide: Resource Management and Network Services and the pppd(1M) man page. For information on licensing terms, refer to the incorporated material at the following locations: /var/sadm/pkg/SUNWpppd/install/copyright /var/sadm/pkg/SUNWpppdu/install/copyright /var/sadm/pkg/SUNWpppg/install/copyright |
Sun Internet FTP Server Sun Internet FTP ServerTM is fully compatible with the Solaris 8 FTP software. The FTP Server offers new capabilities and new performance improvements for Solaris 9 users. The Solaris 9 FTP Server is based on WU-ftpd. Originally developed by Washington University, WU-ftpd is widely used for the distribution of bulk data over the Internet. WU-ftpd is the preferred standard for large FTP sites. |
Extensions to the Sun RPC Library The RPC library extensions project extends the Sun ONC+TM RPC library with an asynchronous protocol. Programming interfaces have been added to the Transport Independent Remote Procedure Calls to provide one-way asynchronous messaging and non-blocking I/O. For further information on ONC+ development, see the ONC+ Developer's Guide. |
Enhancements to sendmail The following new features are available in sendmail version 8.12, which is included in the Solaris 9 operating environment:
The following details might be of particular interest:
For further information, see the "Mail Services Topics" in System Administration Guide: Resource Management and Network Services. The chapters on mail services provide overview information and procedures for setting up and modifying your mail service. Also provided are procedures for troubleshooting, some background information, and details about the new features. Note - Version 8.10 of sendmail was first made available in the Solaris 8 4/01 operating environment. Version 8.12 of sendmail is available in the Solaris 9 operating environment. |
Solaris Network Cache and Accelerator (NCA) The Solaris Network Cache and Accelerator (NCA) has been improved with the addition of a sockets interface to NCA. With minimal modifications, any web server can communicate through the sockets interface. Web servers such as Apache, Sun ONE Web Server (formerly iPlanet Web Server), and Zeus are able to make use of NCA performance by using standard socket library functions. Also, NCA now supports vectored sendfile, which provides support for AF_NCA. Finally, the ncab2clf command has been enhanced. New options enable you to skip records before a selected date and to process a particular number of records when converting log files. For more information about NCA, see "Managing Web Cache Servers" in System Administration Guide: Resource Management and Network Services. |
IP Network Multipathing IP network multipathing provides your system with recovery from single-point failures with network adapters and increased traffic throughput. As of the Solaris 8 10/00 release, the system switches all the network accesses automatically from a failed adapter to an alternate adapter. The alternate adapter must be connected to the same IP link. This process ensures uninterrupted access to the network. When you have multiple network adapters connected to the same IP link, you achieve increased traffic throughput by spreading the traffic across multiple network adapters. In the Solaris 8 4/01 release, dynamic reconfiguration (DR) uses IP network multipathing to decommission a specific network device. This process has no impact on existing IP users. The Solaris 8 7/01 release introduced the new IP network multipathing Reboot Safe feature, which saves the IP address in the following conditions. A failed NIC is removed from the system by using dynamic reconfiguration. A reboot occurs prior to reinsertion of a functioning NIC. In these circumstances, the system attempts, but fails, to plumb an interface for the missing NIC. Rather than lose the IP address, the IP network multipathing Reboot Safe feature transfers the IP address to another NIC in the IP network multipathing interface group. For more information, see "IP Network Multipathing Topics" in System Administration Guide: IP Services. |
SPARC: IP Network Multipathing DLPI Link-Up and Link-Down Notification Support Link-down notifications enable the IP multipathing daemon to detect physical link failures faster. When a network interface is started, the IP multipathing daemon attempts to enable link-up and link-down notifications from the network interface driver. A link-down notification is generated when the interface detects the loss of the physical link to the network. A link-up notification is generated when the physical link is restored. The driver must support this feature in order for the notification procedure to work. The RUNNING flag is unset when a link-down notification is received, and set when a link-up notification is received. The IP multipathing daemon uses the RUNNING flag to monitor the physical link state. For more information, see the IP network multipathing chapters in the System Administration Guide: IP Services. |
Mobile Internet Protocol Mobile Internet Protocol (Mobile IP) enables the transfer of information to and from mobile computers, such as laptop and wireless communications. The mobile computer can change its location to a foreign network and still access and communicate with and through the mobile computer's home network. The Solaris implementation of Mobile IP supports only IPv4. As of the Solaris 8 4/01 release, Mobile IP enables system administrators to set up reverse tunnels. A reverse tunnel can be set up from the mobile node's care-of address to the home agent. This reverse tunnel ensures a topologically correct source address for the IP data packet. By using reverse tunnels, system administrators can also assign private addresses to mobile nodes. For more information on the Mobile Internet Protocol, see "Mobile IP Topics" in System Administration Guide: IP Services. |
Mobile Internet Protocol (Mobile IP) Agent Advertisements Over Dynamic Interfaces Dynamically created interfaces are interfaces that are configured after the mipagent daemon starts. You can now configure the foreign agent implementation to send advertisements over dynamically created interfaces. You can also enable or disable some unsolicited advertisements over the advertising interfaces. For more information on Mobile Internet Protocol, see "Mobile IP Topics" in System Administration Guide: IP Services. |
Berkeley Internet Name Domain An updated version of Berkeley Internet Name Domain (BIND) has been integrated in the Solaris 9 release. The updated version is BIND version 8.2.4. BIND functionality includes the following:
For more information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). |
Networking Freeware See Freeware for information about GNU wget 1.6, Ncftp Client 3.0.3, and Samba 2.2.2 in the Solaris 9 release.
|
Feature Description |
---|
Solaris Volume Manager Solaris Volume Manager provides storage management tools. These tools enable you to create and manage RAID 0, RAID 1, and RAID 5 volumes, as well as transactional (logging) devices and soft partitions. Solaris Volume Manager provides all of the capabilities of Solstice DiskSuiteTM. Solaris Volume Manager adds the following:
The Solaris 9 release seamlessly supports upgrading existing systems that run Solstice DiskSuite (SDS) to the Solaris Volume Manager. This upgrade does not disturb or change the configuration. Upgrades of mirrored root file systems are fully and automatically supported. For more information, see the Solaris Volume Manager Administration Guide. |
Unified diff Format The diff and sccs-sccsdiff commands have been updated to include support for the GNU-style unified diff format. In this format, context lines are only printed once in the listing of differences. For information on these commands, see the diff(1) and sccs-sccsdiff(1) man pages. |
Generic Log Rotation Facility A generic log rotation facility is available in the Solaris 9 release. System administrators can use this facility to maintain and rotate system and application log files. For further information, see the logadm(1M) and logadm.conf(4) man pages. |
Solaris Management Console Solaris Management Console 2.1 is a GUI-based "umbrella application" that serves as the starting point for a variety of management tools. The console comes complete with a default toolbox that contains the following tools:
You can add or delete tools from the default toolbox. You can create a new toolbox to manage a different set of tools by using the console Toolbox Editor. Diskless clients can also be managed, but only through a command-line interface. For further information, see the "Solaris Management Console (Overview)" in System Administration Guide: Basic Administration. |
Patch Manager Patch Manager manages patches that are created for the Solaris 9 operating environment and compatible releases. You can display installed patches and their properties. You can add patches to one or more systems concurrently. You can remove patches, analyze a system's patch requirements, and download patches from the SunSolve Online service. The new smpatch command installs patches on a single machine or multiple machines, analyzes patch requirements, and downloads required patches. See the smpatch(1M) man page for further information. |
Solaris WBEM Services 2.5 Solaris WBEM Services 2.5 is Sun Microsystems' implementation of Web-Based Enterprise Management (WBEM). WBEM is a set of management and Internet-related technologies. These technologies are intended to unify the management of enterprise compute environments. Solaris WBEM Services was updated to version 2.5 in the Solaris 9 release. Further information is provided in Web-Based Enterprise Management Tools. |
CIM Object Manager Now Listens to HTTP Port 5988 The CIM Object Manager listens for remote method invocation (RMI) connections on RMI port 5987. And, the Object Manager now listens for XML and HTTP connections on HTTP port 5988. In the Solaris 8 release and Solaris 8 update releases, the CIM Object Manager listened for XML and HTTP connections on default HTTP port 80. For further information, see the Solaris WBEM Services Administration Guide. |
SNMP Adapter for WBEM The SNMP Adapter for WBEM is intended for use by system administrators. This adapter enables Simple Network Management Protocol (SNMP) management applications to access the system management information that is provided by Solaris WBEM Services. The SNMP Adapter for WBEM is used with the SolsticeTM Enterprise Agent (SEA) Master Agent. The adapter maps SNMP requests into equivalent WBEM Common Information Model (CIM) properties or instances. The SNMP Adapter for WBEM also remaps the response from the CIM Object Manager into an SNMP response, which is returned to the management application. A mapping file contains the corresponding object identifier (OID), class name, property name, and Abstract Syntax Notation One (ASN.1) type for each object. The Solaris WBEM Services Administration Guide contains information about the SNMP Adapter for WBEM. |
Solaris Product Registry 3.0 The Solaris Product Registry 3.0 includes the following new features:
For further information, see the System Administration Guide: Basic Administration. |
Modify Software Groups in Solaris Web Start Program The "Solaris Web Start" installation method was updated to enable you to modify the selected Solaris Software Group. You can add or remove software packages. For further information, see the System Administration Guide: Basic Administration. |
System Administration Freeware Tools For information about GNU grep 2.4.2 and GNU tar 1.13, see Freeware. GNU grep 2.4.2 is a pattern matcher. GNU tar 1.13 is an archiver. |
Feature Description |
---|
Extended File Attributes The UFS, NFS, and TMPFS file systems have been enhanced to include extended file attributes. Application developers can associate specific attributes to a file. For example, a developer of a file management application for a windowing system might choose to associate a display icon with a file. Extended attributes are logically represented as files within a hidden directory that is associated with the target file. You can use the extended file attribute API and a set of shell commands to add and manipulate file system attributes. See the fsattr(5), openat(2), and runat(1) man pages for more information. Many file system commands in Solaris provide an attribute-aware option that you can use to query, copy, modify, or find file attributes. For more information, see the specific file system command in the man pages. See also the System Administration Guide: Basic Administration for more information. |
Improved UFS Direct I/O Concurrency The performance of direct I/O is used by database applications to access unbuffered file-system data. Direct I/O improvements allow concurrent read access and write access to regular UFS files. Previously, an operation that updated file data would lock out all other read or write accesses until the update operation was completed. See the System Administration Guide: Basic Administration and the man page, mount_ufs(1M), for more information. |
DNLC Improvements The directory name look-up cache (DNLC) is enhanced to provide improved performance when you access files in large directories with 1000 or more files. The DNLC is a general file-system service. DNLC caches the most recently referenced directory names and their associated vnodes. UFS directory entries are stored linearly on disk. This means that locating an entry requires searching each entry for the name. Adding a new entry requires searching the entire directory to ensure the name does not exist. To solve this performance problem, entire directories are cached in memory by the DNLC. Another feature in this release is that DNLC caches file objects that have been looked up but do not exist. This feature is known as negative caching, and is useful because some applications repeatedly test to check if a file exists. New tunable parameters are associated with the DNLC improvements. These parameters are set optimally. Do not change the parameters casually. See the Solaris Tunable Parameters Reference Manual for further information. |
UFS Snapshots (fssnap) You can use the fssnap command to create a snapshot of a file system. A snapshot is a file system's temporary image that is intended for backup operations. When run, the fssnap command creates a virtual device and a backing-store file. You can back up the virtual device, which looks and acts like a real device, with any of the existing Solaris backup commands. The backing-store file is a bitmapped file that contains copies of pre-snapshot data that has been modified since the snapshot was taken. See the System Administration Guide: Basic Administration and the man page, fssnap(1M), for more information. |
Updated mkfs Command The mkfs command has been updated to improve performance when you create file systems. Improved mkfs performance is often 10 times faster than in previous Solaris releases. Performance improvements are seen on systems when you create both large file systems and small file systems. However, the biggest mkfs performance improvements occur on systems with high-capacity or high-speed disks. |
Feature Description |
---|
Solaris Live Upgrade 2.0 Solaris Live Upgrade provides a method of upgrading that substantially reduces the usual service outage that is associated with an operating system upgrade. You can duplicate your current running boot environment, then while the original boot environment continues to run, you can upgrade the duplicate. The duplicate boot environment is then activated to become the active boot environment when the system is rebooted. If a failure occurs, you can quickly fall back to the original boot environment with a simple reboot. This feature eliminates the downtime for the production environment that is associated with a normal test and evaluation process. In addition to upgrading a boot environment, you can install a Web Start Flash archive on an inactive boot environment. When you reboot the system, the configuration that you installed on an inactive boot environment is active. The Solaris 9 release includes several Live Upgrade enhancements that apply to the command-line interface only. These enhancements affect the following:
For further information on Solaris Live Upgrade, see "Solaris Live Upgrade (Topics)" in the Solaris 9 Installation Guide. Note - In the Solaris 9 Update releases, note the following name change: Solaris Flash (formerly Web Start Flash) |
"Web Start Flash" Installation Feature The "Web Start Flash" installation feature enables you to create a single reference installation of the Solaris operating environment on a machine. You can then replicate that installation on several machines. For further information, see "Solaris Flash Installation Feature (Topics)" in the Solaris 9 Installation Guide. Note - In the Solaris 9 Update releases, note the following name change: Solaris Flash (formerly Web Start Flash) |
Web Start Flash Archive Retrieval Using FTP The Web Start Flash program has been updated to allow you to retrieve a Web Start Flash archive by using FTP. When installing an archive, you can specify the location of an archive on an FTP server. For details about how to retrieve an archive from an FTP server, see the Solaris 9 Installation Guide. Note - In the Solaris 9 Update releases, note the following name change: Solaris Flash (formerly Web Start Flash) |
Minimal Installation Files that constitute several features in the core software group, or metacluster, are now moved into separate, more logically organized packages. You can optionally exclude these packages from the Solaris operating environment when you install the Solaris software. You can also remove these packages by using the pkgrm command after installation. See the pkgrm(1M) man page. Files that constitute the following features are moved into new packages or existing packages:
|
IA: PXE Network Boot The Intel Pre-boot eXecution Environment (PXE) enables you to boot a Solaris IA system directly from the network without using the Solaris boot diskette. The IA system must support PXE. On a system that supports PXE, enable the system to use PXE by using the system's BIOS setup tool or the network adapter's configuration setup tool. The Solaris boot diskette is available for the systems that do not support this feature. For further information, see the Solaris 9 Installation Guide. |
Longer Package Names The pkgmk utility can now be used to create packages with names up to 32 characters in length. See the pkgmk(1) and pkgadd(1M) man pages. |
Installation From the Solaris DVD You can now install the Solaris operating environment and additional software from the Solaris DVD. The DVD enables you to perform either a SolarisTM Web Start installation or a custom JumpStartTM installation. The Solaris DVD includes the Solaris software, ExtraValue software, and the Solaris documentation. For detailed instructions, see the Solaris 9 Installation Guide. |
Solaris "Web Start" Program Uses sysidcfg File The Solaris "Web Start" installation method has been modified to use the sysidcfg file to configure system information during an installation or upgrade. Create a sysidcfg file with configuration information for your system. With this file in place, the Solaris "Web Start" program does not prompt you to enter the system information during installation. For detailed instructions, see the Solaris 9 Installation Guide. |
Enhancements to the Solaris "Web Start" Program The Solaris "Web Start" installation method was updated to enable you to perform the following functions during the Solaris installation or upgrade:
For detailed instructions, see the Solaris 9 Installation Guide. |
Additions to Time Zone Selections The number of time zones that are available in the Solaris 9 operating environment has dramatically increased. When you install the Solaris operating environment, you can select time zones by geographic region. The time zone selections in the lists of continents and countries have been expanded. For detailed instructions, see the Solaris 9 Installation Guide. |
Solaris "Web Start Wizards" SDK 3.0.1 Solaris Web Start WizardsTM SDK simplifies the installation, setup, and administration of native Solaris, Java, and non-Java applications. With Solaris "Web Start Wizards" software, developers can copackage both Solaris versions and Microsoft Windows versions of their applications. The installation wizard manages the platform specifics. The "Web Start Wizards" SDK 3.0.1 is now included with the Solaris 9 release. SDK 3.0.1 can be installed by using the Solaris "Web Start" installation program. |
New Boot Options for a Custom JumpStart Installation New options have been added for use with the boot command when you perform a custom JumpStart installation. With the boot command, you can specify the location of the configuration files to use to perform the installation. You can specify a path to an HTTP server, an NFS server, or a file that is available on local media. If you do not know the path to the files, you can require that the installation program prompt you for the path. The prompt displays after the machine boots and connects to the network. The nowin option enables you to specify that the custom JumpStart program not begin the X program. You do not need to use the X program to perform a custom JumpStart installation. You can shorten the installation time by using the nowin option. For detailed instructions about how to use these new options, refer to "Custom JumpStart Installation (Topics)" in the Solaris 9 Installation Guide. |
Upgrading Mirrors The Solaris 9 release now supports operating environment upgrades of root mirrors and metadevices that were created by the Solaris Volume Manager, formerly Solstice DiskSuite. If you are upgrading a system that has a metadevice that was created by the Solaris Volume Manager, you no longer need to edit the system's vfstab. The root mirror is detected, and the operating environment on the mirror is upgraded. This process runs just as in a typical upgrade without metadevices. |
Default Routing With System Identification Utilities The system identification utilities automatically attempt to determine the default router during installation. For installation information, see the Solaris 9 Installation Guide. |
Configuration With System Identification Utilities During system identification, the system identification utilities can configure systems to be LDAP clients. Prior Solaris releases allowed the configuration of a machine only as an NIS, NIS+, or DNS client. For installation information, see the Solaris 9 Installation Guide. |
Patch Analyzer The Patch Analyzer is now available when you use the Solaris Web Start program to upgrade to a Solaris Update release. The Patch Analyzer performs an analysis on your system. This analysis determines which patches would be removed or downgraded by an upgrade to a Solaris Update release. You do not need to use the Patch Analyzer when you upgrade to the Solaris 9 release. For further installation information, see the Solaris 9 Installation Guide. |
Feature Description |
---|
SPARC: Multiple Page Size Support Multiple Page Size Support (MPSS) allows a program to use any hardware-supported page sizes to access portions of virtual memory. Previously, only 8–KB pages were available on UltraSPARC platforms for a program's stack, heap, or anonymous memory mapped with mmap(). You can use MPSS to run legacy applications with specific memory page size settings where the applications benefit from this sort of performance tuning. The use of larger page sizes might significantly improve the performance of programs that intensively use large amounts of memory. For more information, see the man pages pagesize(1), mpss.so.1(1), ppgsz(1), and mmap(2). |
Improved Multithreading Library This release includes an improved and faster multithreading library, which was available as the alternate libthread in previous Solaris software releases. For further information, see the Multithreaded Programming Guide and the threads(3THR) man page. |
Solaris Network Cache and Accelerator (NCA) The Solaris Network Cache and Accelerator (NCA) has been improved with the addition of a sockets interface to NCA. Any web server can, with minimal modifications, communicate with NCA through this sockets interface. See Networking. |
SPARC: Performance Improvement for Servers Enhancements have been made to the algorithm that controls virtual pages and physical pages and how the pages are cached. These enhancements deliver increased system performance of around 10% for general user loads in servers. |
Dynamic Intimate Shared Memory (DISM) Dynamic Intimate Shared Memory (DISM) allows a database to dynamically extend or reduce the size of the shared data segment. This feature eliminates the misconfiguration problem and denial-of-service security vulnerability of Intimate Shared Memory (ISM). The ISM is a shared memory segment consisting of large locked memory pages. The ISM number of locked pages remains constant or unchanged. Dynamic ISM (DISM) is pageable ISM shared memory, where the number of locked pages is variable or changeable. Therefore, the DISM supports releasing or adding more physical memory to the system during dynamic reconfiguration. The size of the DISM can span available physical memory plus disk swap. See the man page shmop(2). |
Feature Description |
---|
Dynamic Host Configuration Protocol (DHCP) The Dynamic Host Configuration Protocol (DHCP) service enables host systems to receive IP addresses and network configuration information. This information is provided at boot time from a network server. The Solaris DHCP service has been enhanced in several ways to enable the service to support larger numbers of clients:
In addition, the Solaris DHCP server now supports dynamic DNS updates. You can enable the DHCP service to update the DNS service with the host names of DHCP clients that request a specific host name. The Solaris DHCP client can now be configured to request a specific host name. For more information, see the System Administration Guide: IP Services. |
Diskless Client Management Diskless client management is available through the command line. You can manage diskless clients, list OS services for diskless clients, and manage patches on all existing diskless clients. For information on diskless client management, see "Managing Diskless Clients (Tasks)" in System Administration Guide: Basic Administration. |
Feature Description |
---|
Internet Key Exchange (IKE) Protocol Internet Key Exchange (IKE) automates key management for IPsec. IKE replaces manual key assignment and refreshment on an IPv4 network. IKE enables the administrator to manage larger numbers of secure networks. System administrators use IPsec to set up secure IPv4 networks. The in.iked daemon provides key derivation, authentication, and authentication protection at boot time. The daemon is configurable. The administrator sets up the parameters in a configuration file. After the parameters are set up, no manual key refreshment is required. For further information, see "Internet Key Exchange" in System Administration Guide: IP Services. |
Solaris Secure Shell Secure Shell allows a user to securely access a remote host over an unsecured network. Data transfers and interactive user network sessions are protected from eavesdropping, session hijacking, and intermediary attacks. Solaris 9 Secure Shell supports SSHv1 and SSHv2 protocol versions. Strong authentication that uses public key cryptography is provided. The X Window System and other network services can be tunneled safely over Secure Shell connections for additional protection. The Secure Shell server, sshd, supports the monitoring and filtering of incoming requests for network services. The server can be configured to log the client host name of incoming requests and thus enhance network security. sshd uses the same mechanism that is used by the Tcp-wrappers 7.6 utility that is described in Freeware. For further information, see the sshd(1M), hosts_access(4), and hosts_options(4) man pages. See also "Using Secure Shell (Tasks)" in System Administration Guide: Security Services. |
Kerberos Key Distribution Center (KDC) and Administration Tools System administrators can improve system security by using Kerberos V5 authentication, privacy, and integrity. NFS is an example of an application that is secured with Kerberos V5. The following list highlights the new features of Kerberos V5.
For further information, see "Administering the Kerberos Database" in System Administration Guide: Security Services. |
Secure LDAP Client The Solaris 9 release includes new features for LDAP client-based security. A new LDAP library provides for SSL (TLS) and CRAM-MD5 encryption mechanisms. These encryption mechanisms enable customers to deploy methods for encryption over the wire between LDAP clients and the LDAP server. The Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server 5.1) is the LDAP directory server. For further information on this server, see Networking. |
Encryption Modules for IPsec and Kerberos Encryption with a maximum key length of 128 bits is included in the Solaris 9 release. Prior to the Solaris 9 release, encryption modules were available only on the Solaris Encryption Kit CD-ROM or through a web download. A number of these algorithms are now in the Solaris 9 operating environment. These algorithms include 56-bit DES privacy support for Kerberos as well as 56-bit DES and 3-key Triple-DES support for IPsec. Note - Support for greater than 128-bit encryption with IPsec is available on the Solaris Encryption Kit CD-ROM or through a web download. IPsec supports the 128-bit, 192-bit, or 256-bit Advanced Encryption Standard (AES), and 32-bit to 448-bit Blowfish in 8–bit increments. For information on IPsec support, see "IPsec (Overview)" in System Administration Guide: IP Services. For information on Kerberos support, see "Introduction to SEAM" in System Administration Guide: Security Services. |
IP Security Architecture for IPv6 The IPsec security framework has been enhanced in the Solaris 9 release to enable secure IPv6 datagrams between machines. For the Solaris 9 release, only the use of manual keys is supported when using IPsec for IPv6. Note - The IPsec security framework for IPv4 was introduced in the Solaris 8 release. The Internet Key Exchange (IKE) Protocol is available for IPv4. For further information, see "IPsec (Overview)" in System Administration Guide: IP Services. |
Role-Based Access Control (RBAC) Enhancements Role-based access control (RBAC) databases can be managed through the Solaris Management Console graphical interface. Rights can now be assigned by default in the policy.conf file. In addition, rights can now contain other rights. For further information on RBAC, see "Role-Based Access Control (Overview)" in System Administration Guide: Security Services. For information about the Solaris Management Console, see System Administration Tools. |
Xserver Security Options New options enable system administrators to allow only encrypted connections to the Solaris X server. For further information, see Solaris 9 Features for Desktop Users. |
Generic Security Services Application Programming Interface (GSS-API) The Generic Security Services Application Programming Interface (GSS-API) is a security framework that enables applications to protect their transmitted data. The GSS-API provides authentication, integrity, and confidentiality services to applications. The interface permits those applications to be entirely generic with respect to security. The applications do not have to check for the underlying platform, such as the Solaris platform, or security mechanism, such as Kerberos, being used. This means that applications that use the GSS-API can be highly portable. For more information, see the GSS-API Programming Guide. |
Additional Security Software For information about SunScreenTM 3.2, a firewall product, see Additional Software. See also Freeware for information about the Tcp-wrappers 7.6 freeware in the Solaris 9 release. Tcp-wrappers 7.6 are small daemon programs that monitor and filter incoming requests for network services. |
Feature Description |
---|
Write CD File Systems With the cdrw Command The cdrw command enables you to write CD file systems in ISO 9660 format. You can use Rock Ridge or Joliet extensions on CD-R or CD-RW media devices. You can use the cdrw command to do the following:
Go to the following Web site for information on recommended CD-R or CD-RW devices: http://www.sun.com/io_technologies/pci/removable.html See the cdrw(1) man page for information on using this command. |
Improved Removable Media Management Volume management features have been improved in this release to fully support removable media. This improvement means that the following media are mounted and available for reading on insertion:
With Common Desktop Environment (CDE) and Solaris command-line enhancements, you can accomplish the following:
See the System Administration Guide: Basic Administration for information on managing removable media with the command-line interface. See the Solaris Common Desktop Environment: User's Guide for information on managing removable media with CDE's File Manager. |
Feature Description |
---|
SPARC: Sun StorEdge Traffic Manager The Sun StorEdgeTM Traffic Manager feature supports multiple paths for I/O devices such as Fibre Channel-accessible storage. This feature balances the workload across multiple devices. Additionally, the Traffic Manager increases reliability by redirecting requests from a failed interface card or storage device to a card or device that is operational. |
SPARC: Sun Gigaswift Ethernet Driver As of the Solaris 8 7/01 release, the Solaris operating environment includes support for the SunTM Gigaswift 1000Base-T Ethernet driver. This product enhances performance of a 1-Gbyte twisted-pair copper Ethernet link. For further information, see the ce(7D) man page. |
SPARC: USB Devices This release includes support for USB devices such as keyboards, mouse devices, audio devices, mass storage devices, and printers. Sun Microsystems support for USB devices includes the following:
|
SPARC: Using USB Mass Storage Devices Many USB mass storage devices are supported in the Solaris 9 environment. Some non-compliant USB devices might work. Follow the information that is provided in the /kernel/drv/scsa2usb.conf file to see if a particular device can be supported. For more information, see the System Administration Guide: Basic Administration. |
SPARC: Hot-Plugging USB Devices With the cfgadm Command With the cfgadm command, you can hot-plug a USB device from a running system without having to shut down the system. You can also use the cfgadm command to logically hot-plug a USB device without physically removing the device. This scenario is convenient when you need to reset a USB device from a remote location. For more information, see the cfgadm_usb(1M) man page. |
SPARC: USB Printer Support You can use Solaris Print Manager to set up a USB printer that is attached to a system with USB ports. The new logical device names for USB printers are as follows: /dev/printers/[0...N]* Therefore, when you add a USB printer to a printer server, select one of these devices for a USB printer. Select a device under Printer Port on the Add New Attached Printer screen. For more information on using the Solaris Print Manager to set up printers, see the System Administration Guide: Advanced Administration. The USB printer driver in the Solaris 9 release supports all USB printer-class compliant printers. Check the list of recommended PostScriptTM printers in the usbprn(7D) man page. For information and cautions about hot-plugging USB printers, refer to the Notes and Diagnostics sections of the usbprn(7D) man page. |
Reconfiguration Coordination Manager (RCM) Dynamic reconfiguration of system resources enables you to reconfigure system components while the system is still running. This feature has been available with the cfgadm command since the Solaris 8 release. The Reconfiguration Coordination Manager is the framework that manages the dynamic removal of system components. By using RCM, you can register and release system resources in an orderly manner. Previously, you had to release resources from applications manually before you could dynamically remove the resource. Or, you could use the cfgadm command with the -f option to force a reconfiguration operation. This option, however, might leave your applications in an unknown state. Also, the manual release of resources from applications commonly causes errors. You can use the new RCM script feature to write your own scripts to shut down your applications. You can write scripts to cleanly release the devices from your applications during dynamic reconfiguration. The RCM framework launches a script automatically in response to a reconfiguration request, if the request impacts the resources that are registered by the script. See the System Administration Guide: Basic Administration and the rcmscript(4) man page for more information. |
mp Program Enhancement In the mp(1) program enhancement, the mp command is modified to work as an X Print Server client. Configure an X Print Server running in the host machine. Then the mp command can print output in any Print Description Language that the X Print Server supports. The newly introduced options, -D and -P, can be used for making mp work as an X Print Server client. For more information, see "Print Filter Enhancement With" in International Language Environments Guide. |
SPARC: New Dynamic Reconfiguration Error Messages The dynamic reconfiguration software has been enhanced to improve troubleshooting dynamic reconfiguration problems. See the System Administration Guide: Basic Administration and the cfgadm(1M) man page for more information. |