Solaris 11.4: Eliminating Silent Data Corruption

Solaris 11.4: Eliminating Silent Data Corruption

Abstract:

Storage has been increasing in geometric proportions, for decades. As storage has been increasing, a problem referred to as Silent Data Corruption has been noticed. Forward thinking engineers at Sun Microsystems had created ZFS to manage this risk by having discovery & correction occur passively & automatically upon future reads & writes. Oracle later purchased Sun Microsystems and introduced proactive automated discovery & correction on a monthly basis, as part of Solaris 11.4

The Problem:

Silent Data Corruption has been measured by various industry players dealing with massive quantity of storage.

the fast database at Greenplum, which is a database software company specializing in large-scale data warehousing and analytics, faces silent corruption every 15 minutes.^[9] As another example, a real-life study performed by NetApp on more than 1.5 million HDDs over 41 months found more than 400,000 silent data corruptions, out of which more than 30,000 were not detected by the hardware RAID controller. Another study, performed by CERN over six months and involving about 97 petabytes of data, found that about 128 megabytes of data became permanently corrupted.

 As storage continues to expand, the need to resolve silent corruption became more important.

The Passive Solution:

Jeff Bonwick at Sun Microsystems created ZFS, specifically to address storage as data storage quantities increased. The ZFS File System was not a 32 bit File System, like 30 year old technology, but was engineered to be a 128 bit filesystem, projected to accommodate data into the next 30 years. With such  a massive quantity of data to be retained, Silent Data Corruption was addressed by performing a checksum on the data during the write and verifying it on future reads. If the checksum does not match on the read, then a redundant block of the data on the ZFS File System will be automatically read, and a correction would occur to the formerly read bad block. This feature was very unique to Solaris.

A system administrator can read every block via an operation referred to as a "scrub".

sc25client01/root# zpool list rpool
NAME   SIZE  ALLOC  FREE  CAP  DEDUP  HEALTH  ALTROOT
rpool  416G   296G  120G  71%  1.00x  ONLINE  -

sc25client01/root# zpool scrub rpool 
sc25client01/root#

This scrub will continue in the background until all disks had all of the blocks read. The scrub always reads data at a rate which does not interfere with the operation of the platform or applications.

The Proactive Solution:

With the release of Solaris 11.4, formerly known as Solaris 12, an automated schedule of reading every byte of data in the entire pool is scheduled by default in the storage pool once a month. By reading every block of data once a month, silent data corruption can be rooted out and corrected automatically, which is a very unique feature of Oracle's Solaris!

Under an older OS release (Solaris 11.3 SRU 31),  notice that the property does not exist.

sc25client01/root# uname -a
SunOS sc01client01 5.11 11.3 sun4v sparc sun4v

sc25client01/root# pkg list entire
NAME (PUBLISHER) VERSION                    IFO
entire           0.5.11-0.175.3.31.0.6.0    i--

sc25client01/root# zpool get lastscrub rpool
bad property list: invalid property 'lastscrub'
For more info, run: zpool help get

Under a modern OS release (Solaris 11.4 SRU 13), the last scrub occurred less than a month ago.

sun9781/root# uname -a
SunOS sun1824-cd 5.11 11.4.13.4.0 sun4v sparc sun4v

sun9781/root# pkg list entire
NAME (PUBLISHER) VERSION                    IFO
entire           11.4-11.4.13.0.1.4.0       i--

sun9781/root# zpool get lastscrub rpool
NAME   PROPERTY   VALUE   SOURCE
rpool  lastscrub  Sep_10  local

The last scrub details can be seen through the status option.

sun9781/root# zpool list
NAME   SIZE  ALLOC  FREE  CAP  DEDUP  HEALTH  ALTROOT
rpool  278G  36.9G  241G  13%  1.00x  ONLINE  -

sun9781/root# zpool status
  pool: rpool
 state: ONLINE
status: The pool is formatted using an older on-disk format. The pool can
        still be used, but some features are unavailable.
action: Upgrade the pool using 'zpool upgrade'. Once this is done, the
        pool will no longer be accessible on older software versions.
  scan: scrub repaired 0 in 16m24s with 0 errors on Tue Sep 10 03:42:44 2019

config:
        NAME                       STATE      READ WRITE CKSUM
        rpool                      ONLINE        0     0     0
          mirror-0                 ONLINE        0     0     0
            c0t5000CCA0251CF0F0d0  ONLINE        0     0     0
            c0t5000CCA0251E4BC8d0  ONLINE        0     0     0

errors: No known data errors

The above 278 Gigabyte pool was able to be read in a little over 15 minutes, and checked with no errors to be corrected.

Conclusions:

Network Management is well aware that the more storage that is needed that the more critical the data recovery process becomes. Redundancy through advanced file systems like ZFS under managed services class operating systems like Solaris are a good choice. Solaris 11.4 keeps data healthy, no matter what quantity of physical disks managed or data being retained.

Solaris 10: Extended Support to 2024

Solaris 10: Extended Support to 2024

Solaris 10: Introduction

Oracle Solaris 10 has been an amazing OS update, including ground breaking features like Zones (Solaris Containers), ZFS, Services, Dynamic Tracing (against live production operating systems without impact), and Logical Domains. These features have been emulated by the market (imitation is the finest form of flattery!)

Solaris 10: End of Life

As with all good things, they must come to an end. Sun Microsystems was purchased by Oracle and eventually, the greatest OS known to the industry needed to be updated. Oracle set a retirement date of January 2021. Oracle had indicated an uplift in support costs would be needed, for Solaris 10 systems.

Solaris 10: Extended Support to 2024

No migration tools were ever provided by Oracle to facilitate migration from Solaris 10 to Solaris 11, so migration to Solaris has been slow. Oracle had decided in September 2019 that Extended Support for Solaris 10, without additional financial penalty, would be delayed to 2024!

Creating an SFTP Server

Creating an SFTP Server

Abstract

In the early days of the internet, the file transfer mode of choice was FTP. This had remained the internet standard for many years, until the need for encryption  had become so prevalent. SFTP happens to be one option for delivering files.

Example

A good reference on creating an SFTP server can be see on this web site. This is not isolated to Linux, but can be used under SVR4 & POSIX systems like Solaris, or other Open Sourced based operating systems based upon OpenSolaris or Illumos.

Caveats

Usually if SFTP is all that is desired to be granted, one should not allow standard TTY based logins. One option is to set up a shell using the "nologin" binary. A quick reference on using "nologin" vs other binaries like "false". In early UNIX days, "sync" was sometimes used!

Packaging: OpenSolaris, Solaris 11 & Illumos

Packaging: OpenSolaris, Solaris 11 & Illumos

Packaging under UNIX Systems had traditionally been the SRV4 type of packaging. Under newer Operating Systems, network enabling the packaging had been accomplished, through proprietary extensions. Open Source Communities, like OpenCSW, had created network enablement for SVR4 packages. Illumos had done a similar move, from the OpenSolaris base. This tool is called "pkg".

What is "pkg"

The "pkg" tool is called the Image Packaging Systems. Today, packaging under the direction of Oracle had moved to Python language based packaging, instead of native C based binaries, placing greater levels of external language dependencies on the base OS. SVR4 packaging uses multiple binaries (i.e. pkgadd, pkgrm, pkgproto, etc.), while "pkg" bundles many aspects of packaging into a single executable.

Cheat Sheet & Exercises

A short Image Packaging System cheat-sheet is available from Oracle on the , using "wireshark" as an example. The cheat-sheet can be used for developing other exercises to download & manage other tools like: fping & top

ZombieLoad Vulnerability: SPARC Solaris Immune

[ ZombieLoad Logo, courtesy ZombieLoadAttack.com ]

ZombieLoad Vulnerability: SPARC Solaris Immune

Abstract:

Computing platforms have long had issues with MalWare, dating back to the MS-DOS days. Windows systems had been targeted, due to their ubiquity as well as the ability to install software with no user interaction into the system using pre-bundled keys. For the most part, UNIX Systems have been immune to most malware. A new classification of malware had become apparent, using CPU vulnerabilities, normally related to the Intel processor (leaving SPARC processors immune.) The latest vulnerability is ZomieLoad, affecting Intel processors and non-UNIX platforms such as Linux and Windows.

What is ZombieLoad

A new family of vulnerabilities on the Intel Processor have become apparent in Mid-May 2019. As an aggregate, they are referred to as "Microarchitectural Data Sampling" or MDS vulnerabilities. ZombieLoad is one of these vulnerabilities. Oracle provided a nice list of CVE's with summary details: CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, and CVE-2018-12127

CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) 

CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)

CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)

How does it affect SPARC Solaris?

If you return back t the Oracle provided CVE's above, you will notice the following 2x lines:

Oracle Hardware

•Oracle has determined that Oracle SPARC servers are not affected by these MDS vulnerabilities.

 

Oracle Operating Systems (… Solaris) and Virtualization:

•Oracle has determined that Oracle Solaris on SPARC is not affected by these MDS vulnerabilities.

Conclusions:

If you are fortunate enough to be running SPARC Solaris, you are immune again. If you are not on SPARC Solaris, but on a less secure Intel based Windows or Linux platform - well, you will be needing to supply your operating system vendor's CPU microarchitecture patch and probably reboot. Let's hope you are not having to roll-your-own fix.

NYLUG: Talk on ZFS on Linux

NYLUG: Talk on ZFS on Linux

Abstract:

Older file systems were based upon 32 bit UFS (UNIX File System) technologies, which lasted about 10 years, but started becoming tight with modern storage. Sun had produced a modern file system to last the next 10 years - it was called ZFS. ZFS is a 128 bit file system, created by Sun Microsystems, who was acquired by Oracle Corporation, is the primary active maintainer, and feature record of reference. ZFS was open sourced with OpenSolaris and other Open Source distributions started to use it, including Illumos. Eventually, Linux started to leverage ZFS. This talk is by Paul Zuchowski with a little bit of information regarding ZFS on Linux.

New York Linux User Group:

Paul Zuchowski is a former Sun Microsystems engineer. I became aware of him when he left a comment on a blog that I followed, He recently gave a talk at the NYLUG in April 2019 regarding the current state of ZFS on Linux. Many of the features, which are currently in the Oracle Solaris 11 release of ZFS are being actively worked on, in order to catch up, in the Linux Community.

Conclusions:

While some performance problems engineered by Oracle for Solaris based ZFS features may not even be a sparkle in the Linux community's eye, they are actively trying to find solutions. Hundreds of PB's of storage is currently contained in ZFS on Linux, just with a couple of companies, so clearly ZFS under Linux is mainstream enough for production use.

The Business Plan for Sun Microsystems

[Sun Microsystems Logo]

The Business Plan for Sun Microsystems

Have you ever wondered what the business plan looked like for a tech startup which becomes a multi-billion dollar international corporation?

Well, this is an example Business Plan for Sun Microsystems, from back in 1982!