free space

Sunday, March 15, 2009

Solaris Containers


One of the most intriguing aspects of the Solaris 10 operating system is the functionality included in the system. The three main items, Solaris Containers, the Service Service Manager, and DTrace have spawned their own communities and discussions and for some these features along are enough to encourage them to switch to the Solaris operating system.

As computer power keeps increasing, the need for such power on an individual machine basis is beginning to decrease. Five or ten years ago it would be common to find an SME (Small to medium Enterprise) supporting a number of different servers, each one dedicated to its own task. Today, if the organization is operating in the same way it's likely the power of some of the machines is being underused. It's no wonder then that virtualization software such as VMware or Microsoft's Virtual Server/VirtualPC has become a popular way of sharing the power of a single machine through multiple virtual servers.

These solutions are fine, but they involve emulating a complete machine with its own operating system and often this means increased licensing costs in addition to the technical overhead of emulating a hardware environment for the sake of running software within a dedicated environment.

Solaris Service Manager


For SVR4-based Unix operating systems the services and applications executed during a normal boot are controlled through a combination of the run-level selected and the scripts located within the /etc/rcX.d directory. For example, when entering run-level 3 (the default), all the scripts in /etc/rc3.d are executed, in numbered order, to start up different services like NFS or Apache.

From an execution perspective the process is time-consuming, and from a technical perspective the system is basic and laced with difficulties. For example, the NFS service relies on the system having configured networking (another script), but it is up to the administrator to ensure that the NFS script runs after the networking script. Getting the order and sequence of the scripts correct is therefore vital. The script model also had problems in that the script would run once at boot time, but a failure during execution would need to be addressed by an administrator.

The Service Management Facility (SMF) addresses these problems through a more extensive method of configuration that allows you specify prerequisites (which implies execution order) and the necessary methods to start, stop and restart services. As an active management facility, rather than script execution process, the SMF becomes an much more integral part of running services within Solaris.

Dynamic Tracing (DTrace)


The DTrace tool is an extension of this original idea, but with a much wider scope and more configurability. There almost 40,000 different probes built into DTrace and you can write a "script" to monitor specific aspects of an execution. In effect, the DTrace tool is like a combination of the original truss and a very flexible debugger. Unlike debugging, DTrace doesn't require any special options to enable tracing the code and this means that you can trace not only your application, but also the internals of the libraries, system calls, and kernel functions called during the execution.

Because DTrace is not tied to the method you use to compile your application, administrators can use DTrace to find out why applications aren't running or why kernel modules aren't loading, without ever needing access to the source code. DTrace is still a relatively new tool and extensions are being provided for other applications, libraries and environments to improve the level of information provided. For example, it is possible to examine the internal workings of Java applications, a boon for Java developers. In recent months we've also seen DTrace functionality added for PHP, Perl, Python, and many others.



OpenSolaris is a completely free and open source version of the Solaris operating system. OpenSolaris is made up of source code for the commercial Solaris operating system and both products will feed each other. The two "versions" of the operating system are based on the same source code, with the major benefit for OpenSolaris users that they have access to the latest source code and bug fixes for Solaris. OpenSolaris is not, in any way, a cut-down or restricted version of the main Solaris operating system, it is just an open source version of that solution.

Sun has formalized the open source approach by making OpenSolaris available as a distribution in the form of the Solaris Express: Community Release, a free version of Solaris, based on the OpenSolaris code and designed to be used to help further develop the OpenSolaris product. The release is available as a set of CDs (four, currently) available for free download as ISOs which you can write and use to install Solaris. Both the SPARC and x86 versions are available and although the current Sun Download Center interface requires you to click for approval before download, technically the license does not require click-approval.

If you prefer, you can download the sources and build them for yourself to create your preferred Solaris operating system. The whole process can take from about an hour to 24 hours depending on your hardware and environment.

Wednesday, March 11, 2009

Linux security benefits in the data center and on the desktop


Linux v2.6 provides support for cryptographic security, with the addition of a cryptographic API used by IPSec. This enables multiple algorithms (e.g., SHA-1, DES, Triple DES, MD4, HMAC, EDE, and Blowfish) to be used for network and storage encryption. Linux's ability to support IPSec protocols for IPv4 and IPv6 is a significant advance. With security abstracted to the protocol level, applications are less vulnerable to a potential exploit. Cryptographically signed modules are not yet a part of Linux, but if the issues about implementing such a feature can be resolved it will prove useful in preventing unsigned modules from being accessed by the kernel.

One of the issues that continues to plague Windows users is buffer overflow. Linux users will appreciate the ability to use the exec-shield patch, which is available with the Linux 2.6 kernel. Exec-shield enables protection against a variety of exploits that attempt to overwrite data structures or insert code within these structures. Since a recompile is not required for the exec-shield patch to work, this makes it easier to implement. Also, the addition of a preemptive kernel, also in v2.6, reduces latency, which is likely to drive the use of Linux not only in the data center, but also for applications that require a deterministic kernel with soft real-time capabilities.

Many Linux users depend on non-open source drivers and other binary modules from hardware manufacturers and systems providers. The problem is that although adding these drivers and modules is often useful, it is not necessarily beneficial to the operation of a Linux system. For example, a non-open source driver or binary module can overwhelm a system call and change the system call table. The Linux v2.6 kernel provides protection against these dangers by placing restrictions on the level of access a non-open source driver or module has to the kernel. This feature promotes stability, but does not place any new restrictions from a security point of view to stop a determined hacker from writing a malicious module.

Networking With Linux Wireless-Tools


Using iwconfig For wireless-tools Configuration

After physically installing your Linux-compatible NIC, you need to configure your NIC's IP and wireless settings before Wireless Tools works.

You can configure your NIC's IP settings as if the NIC were a regular Ethernet device. After you use the ifup command the NIC becomes active, but it will not function correctly as its wireless settings haven't been configured yet.

The most commonly used command in Wireless Tools is iwconfig, which you can use to configure most of the wireless parameters, including the SSID and the wireless mode. For the wireless mode, Managed means that there is a wireless access point (WAP) on the network and Ad-hoc signifies that there is none.

For example, if your wireless NIC is named eth0 and your managed network's ESSID is homenet, then the commands would be.

| ------------------------------------------------------------------------------|

   |                   iwconfig eth0 mode Managed                         |    
| iwconfig eth0 essid homenet |



free counters








console operating system linux solaris solaris10 solari rachel solari sun microsystems linx | Copyright 2009 Tüm Hakları Saklıdır | Blogger Template by GoogleBoy ve anakafa | Sponsored by Noow!