Wednesday, May 2, 2012

Oracle Solaris 11: Session 2: Extreme Engineering - A Technical Update


Online Forum
Oracle Solaris 11:
What's New Since the Launch

April 2012

Abstract:
Oracle released a series of 4 sessions on Oracle Solaris 11: What's New Since the Launch (see Session 1.) After an overview, two Senior Principal Product Engineers for Oracle Solaris discussed a loose description of what Solaris 11 includes and what Solaris 11 Update 1 will include.
  • Faster IPS Packaging
  • New VM API for Java for faster performance with NUMA (non-uniform memory access) systems
  • Better support for FibreChannel and iSCSI in Zones
  • Infiniband and Zone integration
  • Integration of Zones under Exadata
  • IP over InfiniBand for TCP/IP and Zones
  • Virtual NIC Migration in Zones

The presentation by  Dan Price and Bart Smaalders follows:

 
Session II - Oracle Solaris 11: Extreme Engineering - A Technical Update
Dan Price and Bart Smaalders, Senior Principal Product Engineers from Oracle Solaris Engineering discuss Extreme Engineering, from a technical perspective.


Install, Patching, Packaging
- automated all major system administration work



Image Packaging System
- Customers would have different patch methodology
- Network software repository
- Cryptographically verified (secure)
- New comprehensive toolset
- Easy to pilot and automate
- Best practices is now default way

Image Packaging System
- fallback to a patch is merely a reboot


Software Lifecycle Management
- Safe Updates, Fast Reboots
- Support Repository Unit
- Once a month heavily tested patch groups
- Patch testing with all Oracle applications & test suites

Image Packaging System
- Integrated Enterprise-Grade Change Management
- Patching to be a lower-skilled job


Boot Environments Powered by ZFS
- no initial investment
- updates as inactive clone (no interruption)
- defer reboot to best time
- trivial to roll back
- fast reboot
- mirror protection during upgrade
- fully integrated with zones
  Solaris 10 zone integration was difficult
  Solaris 11 zone integration was simplified

Sparse zones were killed in Solaris 11
- Sparse Zones produced 2 different implementations
- Various new features were added to Zones and ZFS in order to simplify Zones in Solaris 11


Security in the Cloud
- Defense in depth
- Multi-tenancy design
- Immutable zones
- Encrypted data per tenant
- Can't compromise changed/swapped OS binaries


Built-in Virtualization
- Near-zero overhead
- Delegated Administration  (i.e. boot, reboot, no uninstall)
- Moved from shared stack to exclusive stack (i.e. vnic)
- Network Isolation, control bandwidth in each zone
- No other operating system offers the options of Solaris


Secure Data for Cloud Tenants
- Encrypted on the wire
- Encrypted on the disk
- Individual users data is encrypted with keys, unlocked on login


Oracle Solaris 11: Catching Up
- Meetings about Solaris 12 happening
- Deep integration, testing happening monthly on all Oracle products
- Support Repository Updates (SRU's) tested across all products
- SRU's being delivered on a monthly basis
- Solaris 11 update once a year with new features


Oracle Solaris: Where We're Going
- Solaris 11 Update 1 targeting end of year
- Updates contain new functionality
- Solaris update info in early October
- Oracle World will be a good place to get new info
- SRU's to contain bug fixes


VM 2.0 - Virtual Memory System for the Next Generation
- Enhance virtual memory system
- Scales to hundreds of terabytes
- No user servicable parts required for ZFS
- Update 1 will deliver some new capabilities
- New API's to be delivered in the future
- JVM's may desire additional capabilities
- Memory systems will be ready when new HW is released

IPS and Zones
- IPS is faster than previous packaging
- IPS will increase in speed in the future

Zones enhances on LUN and app data on another LUN
- Trim down number of steps for zones & data
- Automate through zones framework: provision zone on LUN and take care of all details
- Details include: connect to storage, create zfs pool on storage, provision file system, install zone on storage, know what iSCSI address, connecting iSCSI client to server is automatic
- Migrating zone from another host should be easier
- Integrating up/down stack should be easier, support more over time
- Support FiberChannel and iSCSI in Update 1
- The more the automation, the easier for implementation

Infiniband: Zones on Exadata
- Integrate Zones with Infniband
- Patch: RDFP 3 for Zones coming
- Important for Zones in Exadata
- Native Infiniband Performance for engineered systems with Zones
- IP over Infiniband for TCP/IP in Update 1
- IP over Infiniband with Zones in Update 1

Make Zones Parallel Update in IPS
- Update 1 should offer 2x performance of IPS
- Update zones in parallel in Solaris 11, like now done in Solaris 10
- Systems with 10 or 50 zones can be done in time one goes for coffee
- Very short downtime for customers on patching
- Patching happening on cloned boot environments

Integration with with Java
- Major performance improvement over Java 6
- Java 7 is out; Java 8 is in the works
- No tuning required for JVM or OS
- SPECjbb2005 from build 10 to build 138 2.2x improvement
- Optimum cryptography through Java classes for Solaris Cryptographic Framework
- Hints JVM gives to scheduler
- NUMA API's integrated into JVM (vs older SMP sytsems) for 2x performance
- Large Java development in Oracle and Sun - now merged, consolidating features
- Oracle JRocket did an incredible amount of work in Oracle apps
- Oracle JRocket features being merged into Sun HotSpot
- DTrace JRocket probes being merged into Sun HotSpot

Other Notes
- VNIC migrations

KSplice
- Solaris team meeting with KSplice Team
- Solaris team bringing KSplice technology into OS
- Reboot-less small fixes via KSplice into Solaris
- Allows customer to keep patches "up to date" with year long uptime
- Synergies existing philosophy: DTrace allows data path switching without latency or interruption


Summary
- Oracle integrates & test patches with major software, not customer
- Solaris 11, simplify & automate

No comments:

Post a Comment