Differences Between Solaris 10 and Solaris 11.4
Abstract:
Sun Microsystems used to migrate between operating systems fairly regularly. A new trend had come to the software development community referred to as Continuous Delivery. Oracle purchased Sun Microsystems. Solaris 10 acquired many new features, the life expectancy was extended significantly, and Solaris 11 was released mid-way through the significantly lengthened support cycle. Instead of releasing Solaris 12, Oracle made the executive decision to roll all features of Solaris 12 into Solaris 11.4.
Solaris 11.4 aka Solaris 12
What are some of the differences between Solaris 10 and Solaris 11.4?
Oracle published a document summarizing the differences, with links to major documents.
Key Differences between Oracle Solaris 10 and Oracle Solaris 11
Upgrading from Oracle Solaris 10 to Oracle Solaris 11 requires a fresh installation of Oracle Solaris 11.
Tools to help you make the transition include the following:
-
Oracle Solaris 10 branded zones. Migrate Oracle Solaris 10 instances to Oracle Solaris 10 zones on Oracle Solaris 11 systems.
-
ZFS shadow migration. Migrate UFS data from an existing file system, either local or NFS, to a new local ZFS file system. Do not mix UFS directories and ZFS file systems in the same file system hierarchy.
You can also remotely mount UFS file systems from an Oracle Solaris 10 system onto an Oracle Solaris 11 system, or use the ufsrestore command on an Oracle Solaris 10 system to restore UFS data (ufsdump) into an Oracle Solaris 11 ZFS file system.
-
ZFS pool import. Export and disconnect storage devices that contain ZFS storage pools on your Oracle Solaris 10 systems and then import them into your Oracle Solaris 11 systems.
-
NFS file sharing. Share files from an Oracle Solaris 10 system to an Oracle Solaris 11 system. Do not mix NFS legacy shared ZFS file systems and ZFS NFS shared file systems. Use only ZFS NFS shared file systems.
For the main Oracle Solaris documentation, see Oracle Solaris Documentation. For additional documentation and examples, select a technology on the Oracle Solaris 11 Technology Spotlights page.
Applications that run on Oracle Solaris 10 should also run on Oracle Solaris 11 if they use only public Oracle Solaris interfaces. Oracle Solaris Preflight Applications Checker 11.3 can determine the Oracle Solaris 11 readiness of an application by analyzing the working application on Oracle Solaris 10. A successful check with this tool strongly indicates that you can run the application without modification on Oracle Solaris 11.
Versions of FOSS and other software are updated. In some cases, a system can have more than one version of a command or tool simultaneously installed. If your application depends on a particular version, use the full path to the executable rather than depend on a link.
See End of Feature Notices for Oracle Solaris 11 for lists of commands and tools that are no longer available in Oracle Solaris 11. In most cases, Oracle Solaris 11 provides alternative commands and tools. The list also includes hardware that does not support newer Oracle Solaris 11 versions.
What’s New in Oracle Solaris 11.1 in Oracle Solaris 11.1 Information Library
Oracle Solaris 11 What’s New in Oracle Solaris 11 Information Library
For a summary of new or updated features in each release, see the following documents:
A graphical desktop is not included by default with some system installations. If you want a graphical desktop, install the group/system/solaris-desktop IPS package.
Installation and Upgrade Changes
The following are key changes from Oracle Solaris 10 to Oracle Solaris 11:
-
Installation and upgrade:
-
Instead of JumpStart, use Automated Installer.
-
Instead of Live Upgrade, use the text installer or Image Packaging System (IPS) pkg commands.
-
Software packages are delivered in package repositories, similar to Linux package repositories.
-
-
Archive and recovery: Instead of Flash Archives, use Unified Archives.
-
System services: More system configuration is done by setting Service Management Facility (SMF) service property values and not by directly editing configuration files. Look for comments in the configuration files and see the documentation for that configuration.
-
root user: By default, root is a role, not a user. Instead of doing privileged tasks as root, create and assign roles targeted to each set of related tasks.
-
Shell: The default shell for the root user is ksh. The default shell for other users is bash. Default user PATH also has changed.
Changes in How to Configure Oracle Solaris Features
More configuration is provided by partial configuration files in the /etc/system.d directory, where customer-specific system configuration files should also be stored. Routinely editing /etc/system should be avoided. In some cases, the partial configuration file is created by an SMF service using service property values that you provide.
For network configuration, Oracle Solaris 11 assigns generic names to each datalink on a system by using the net0, net1, netN naming convention. Configuration is also managed through SMF service property values rather than by directly editing configuration files. In addition, new commands for setting up datalinks and IP interfaces have been introduced to replace the commonly used commands in Oracle Solaris 10, such as ifconfig.
Networking in Oracle Solaris 11 has advanced to provide better network performance, efficient network resource management, higher network availability, and new technologies such as in the area of network virtualization. See the documentation in Administering Oracle Solaris Networks and Administering Network Services in Oracle Solaris.
Changes in User Environment
-
Default login and other shell changes - In Oracle Solaris 11, /bin/sh is the Korn shell (ksh93), and the default interactive shell is the Bourne-again (bash) shell. When used as a login shell, bash retrieves configuration information from the first instance of .bash_profile, .bash_login, or .profile file.
-
The legacy Bourne shell is available as /usr/sunos/bin/sh.
-
The legacy ksh88 is available as /usr/sunos/bin/ksh from the shell/ksh88 package.
-
Korn shell compatibility information is available in /usr/share/doc/ksh/COMPATIBILITY.
-
-
Default user path and PATH environment variable – The default user path is /usr/bin. The default path for the root role is /usr/bin:/usr/sbin. The default PATH environment variable for bash is /usr/bin:/usr/sbin
For more details about user environment in Oracle Solaris 11.4, see About the User Work Environment in Managing User Accounts and User Environments in Oracle Solaris 11.3.
Changes in Security
Security in Oracle Solaris 11 supports industry standards more closely. For an overview of security in Oracle Solaris 11, see Security: An Oracle Solaris Differentiator.
Other enhancements increase hardening, add compliance functionality, and enable remote administration of security:
-
Packet Filter (PF) – Chapter 4, Oracle Solaris Firewall in Securing the Network in Oracle Solaris 11.4
Note - IP Filter is not supported in Oracle Solaris 11.4. -
MIT Kerberos V – Managing Kerberos in Oracle Solaris 11.4
-
OpenSSH – Managing Secure Shell Access in Oracle Solaris 11.4
Note - SunSSH is not supported in Oracle Solaris 11.4. -
Cyrus SASL (libsasl2) – Chapter 2, Using Simple Authentication and Security Layer in Managing Authentication in Oracle Solaris 11.4
-
Trusted Extensions – Supports single-level Trusted Extensions clients, and single-level and multilevel Trusted Extensions servers
Note - Oracle Solaris 11.4 desktop support is limited to the most recent version of the GNOME desktop. The multilevel Trusted Extensions desktop is not supported in Oracle Solaris 11.4.
In Oracle Solaris 11, the following programs are based on the most recent version of the industry or Open Source standard. Each program is enhanced to include the latest security fixes, but also to work seamlessly with Oracle Solaris 11 features, such as privileges, zones, and the Service Management Framework (SMF).
-
Process and file isolation by adding labels such as "Confidential"
-
Friendly audit report interfaces and audit event selection – What’s New in the Audit Service in Oracle Solaris 11.4 in Managing Auditing in Oracle Solaris 11.4
-
Two-factor authentication
-
Centralized compliance reports – Oracle Solaris 11.4 Compliance Guide
-
FIPS 140-2 – Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4
-
Immutable zones, global and non-global – Chapter 10, Configuring and Administering Immutable Zones in Creating and Using Oracle Solaris Zones
-
Security extensions – Protecting Against Malware With Security Extensions in Securing Systems and Attached Devices in Oracle Solaris 11.4
OHMP for simpler management of hardware – Systems Management and Diagnostics Documentation Library (https://docs.oracle.com/cd/F24624_01/index.html)
-
Direct access to user-level cryptographic primitives – Simple and Fast ucrypto Provider in Managing Encryption and Certificates in Oracle Solaris 11.4
The following features ease security administration or provide a safer working environment.
-
Remote administration of smart cards – Chapter 3, Using Smart Cards for Multifactor Authentication in Oracle Solaris in Managing Authentication in Oracle Solaris 11.4
-
Centralized management of compliance reports – Modifying System-Wide Privileges, Authorizations, and Rights Profiles in Securing Users and Processes in Oracle Solaris 11.4
-
SMF management of user accounts – New Feature – Enabling the account-policy Service in Securing Users and Processes in Oracle Solaris 11.4
-
Storing SSH public keys in LDAP – Secure Shell and Remote Public Keys in Managing Secure Shell Access in Oracle Solaris 11.4 and the ssh-ldap-getpubkey(8) man page
Oracle Solaris 11 eases the administration of security-related features in LDAP and on a network by centralizing and enabling remote administration.
No comments:
Post a Comment