CHAPTER 2
The Advantages of Developing with OpenSolaris
When people say they want Linux, they want the user environment that the various distributors have built around the Linux kernel. It's the GNU utilities, the GNU Desktop environment, the compiler tool chain, Apache, MySQL, Ruby on Rails, and so on.
—Ian Murdock, now at Sun Microsystems, founder of the Debian Linux distribution
Netscape founder Marc Andreessen somewhat famously remarked in 2006 that "Solaris is a better Linux than Linux." That comment raised a bit of ire from many Linux proponents, but what he was referring to at the time was Solaris 10's excellent reputation for code quality, reliability, performance, and scalability. OpenSolaris inherits those characteristics.
Note Some of the OpenSolaris documents and web sites you'll find on the Internet refer to Solaris 10 information on Sun web sites. Sun is continually updating these sites, and, in most cases, technical details listed for Solaris 10 are applicable to OpenSolaris.
OpenSolaris Qualities
We mentioned in Chapter 1 that Linux distributions are widely used today because they:
- "are free,"
- "are open source,"
- "support commodity platforms,"
- "run high-quality application software," and
- "have vendor support available."
OpenSolaris has all these qualities and more. Let's look at each of these key points.
OpenSolaris Is Free
As with nearly all other community-developed software, OpenSolaris can be legally downloaded, shared and redistributed, and deployed in your projects and IT infrastructure without charge. You can use it to study how it works, and you can fix things you think are broken or enhance it for your own specific purposes and projects. Software vendors and developers may incorporate OpenSolaris code into their products and may charge for them, just as companies like Red Hat, Novell, Sun, and others package and support Linux kernels and other community-developed software. You can get the OpenSolaris sources and binaries at http://opensolaris.com (see Figure 2-1).
Figure 2-1. Where to get OpenSolaris binaries
OpenSolaris Is Open Source
It's really "community developed," remember? We already mentioned that OpenSolaris is distributed under the CDDL license that lets you share, use, integrate, change, and add to the source code, as well as protect your intellectual property investments and patents. This means that you have the same OSI-approved license responsibilities and opportunities with OpenSolaris as you do with Linux distributions. OpenSolaris's Source Code web site at http://opensolaris.org/os/get, shown in Figure 2-2, is the place to go for all code related information; it includes a source code search and browser tool (Figure 2-3) that you can use to find the sections of the code that you need
Figure 2-2. Where to get the OpenSolaris source code
Figure 2-3. The OpenSolaris online source code browser
OpenSolaris Runs on "Commodity" Hardware Platforms
For some reason, one of the best-kept secrets about OpenSolaris is where it can run. Longtime Sun customers might recall the early days of Solaris, which ran only on Sun's SPARC processors. And although Sun had a few early missteps bringing Solaris to the ×86 world (AMD and Intel), since 2004 the code base for Solaris, and now for OpenSolaris, has been essentially the same for ×86 as for SPARC with the exception of platform-specific device drivers. So, OpenSolaris runs on thousands of different AMD and Intel systems and components from hundreds of manufacturers such as IBM, HP, and Dell, not just those made by Sun. Every special feature of Solaris—including DTrace, containers, and ZFS—is available on both processors; OpenSolaris inherits these features too. New versions of OpenSolaris will be available for SPARC systems, although SPARC support has lagged a bit because the boot process for such systems needed to be changed to use ZFS like the ×86 systems do.
If you're not sure whether OpenSolaris will run on your laptop, workstation, or server, you can check out Sun's Hardware Compatibility List at http://www.sun.com/bigadmin/hcl/ (see Figure 2-4).
Figure 2-4. The OpenSolaris Hardware Compatibility List
Sun and Toshiba recently announced that laptops with OpenSolaris preinstalled will be available on certain models; similar plans for other laptops are underway.
There is also a Sun Device Detection Tool that you can run at http://www.sun.com/bigadmin/hcl/hcts/device_detect.jsp to determine whether OpenSolaris can run on your specific system. You can use this tool on AMD and Intel systems running Solaris, Windows, Linux, and even OS X prior to OpenSolaris installation to examine devices on your system and to report whether built-in or downloadable drivers are available for those devices. We'll show you how to use this tool in the next chapter.
OpenSolaris Runs High-Quality Application Software
For many years Solaris has been distributed with both supported and unsupported open source tools such as Apache, Perl, Postgres, Webmin, MySQL, and many others, and it has served as a superb deployment platform for web-based solutions.
Now that Solaris is transforming into OpenSolaris, those same applications, and more, are still available. In fact, some of them have been enhanced by Sun and by the OpenSolaris developer community to include unique features such as DTrace probes specifically for Java, Ruby, Postgres and MySQL, Apache, and Firefox, and the source code for these enhancements has been contributed back to the community.
So, and this is the main point of this book, you can build highly capable applications and web services with OpenSolaris using a familiar programming environment and tools such as GNOME, the enhanced AMP stack, Java, Perl, and many others. You'll learn more about this in Chapter 8.
These are some of the user and developer tools included with OpenSolaris:
| AMP Developer Library | Apache web server | Bash shell |
| CUPS printing system | DTrace Toolkit | Evolution email and calendar client |
| Firefox browser | GlassFish app server | GNOME Compiz window manager |
| GNOME Desktop and tools | GNU gcc compiler and tools |
GNU utilities |
| GIMP graphics tool | HPC developer library | Java compiler and libraries |
| MySQL database | NetBeans IDE | OpenOffice |
| Perl | PHP | Postgres database |
| Python | Ruby | Samba SMB/CIFS server |
| StarOffice | Sun Studio IDE | Thunderbird email client |
| Webminadmin tool | Web stack GUI | XML and XSL tools |
You Can Get a Software Support Subscription for OpenSolaris
The most critical aspect of community-developed software is whether and how you can get immediate support when you deploy it on mission-critical systems. In today's business environment, people wonder how anyone can make money when the software is "free." That doesn't seem to bother successful companies such as Red Hat and Novell; like other open source businesses, they make money through support subscriptions.
Can you get support for OpenSolaris? Certainly! Look here: http://www.sun.com/service/opensolaris/index.jsp. You can get 24/7 production use and escalation support from Sun at prices comparable to those for Linux distributions, as well as lower-tier email support. Currently, each new supported OpenSolaris binary release comes out every 6 months and is supported for 18 months. Longer-term support cycles will emerge as Sun enhances its OpenSolaris support to match what has been available for Solaris.
OK, It's Like Linux. So What?
You might think that the characteristics we just reviewed make OpenSolaris "just like Linux." If they're really the same now, why consider any alternative to Linux? Well, they're not the same. Here are some of the key advantages of OpenSolaris. You'll learn how to exploit these benefits in later chapters.
Scalability
Because OpenSolaris is derived from Solaris 10, it has essentially the same scalability characteristics. Solaris has proven itself to scale nearly linearly to hundreds of processors on traditional SMP systems, on the new generation of CMP/CMT SPARC processors, and on the new multicore processors from Intel (Dual Quad Core Xeon) and AMD (Dual Quad Core Opteron). New virtualization features on Intel's Xeon and AMD's Opteron processors are also supported.
In general, the OpenSolaris kernel, like Solaris, scales and performs more stably under heavy CPU, memory, and I/O loads than on other UNIX kernels or on Linux. Recent SPECjAppServer2004 benchmarks using all open source web stack software on OpenSolaris, and including the GlassFish application server, have produced world-record results.
OpenSolaris is a 64-bit-addressing operating system and takes full advantage of 64-bit processors from Intel, AMD, and SPARC; 32-bit mode and applications are supported as well. This means that you can have up to 2TB of memory on current hardware, and even more as future server hardware and memory modules evolve to support larger memory systems.
Service Management
It's no longer acceptable for production servers to crash because of a hardware or software failure. Because of the 24/7 global use of your systems, there are no more "windows" of time during which you can plan to fix or upgrade servers. So, there must be both hardware and software frameworks that allow you to monitor system services, keep them running in spite of errors or failures, provide intelligible error codes and diagnostics, and allow for configuration of service dependencies. Fortunately, server hardware from nearly all the major equipment vendors has advanced to include component redundancy and "hot swap" capabilities. When fans, power supplies, and even memory boards and CPUs fail, they can usually be replaced without service interruption. But the operating systems on such hardware must be smart enough to provide software fault management as well. That's what the OpenSolaris Service Management Facility (SMF) provides—monitoring, management, and failure recovery for critical software that starts when your system boots such as database startup, secure login and network services, and web service daemons.
The old way of managing these services through ad hoc/etc/rc scripts is insufficient for today's server uptime requirements. SMF helps keep your servers running and helps you quickly determine what's wrong when and if a service fails.
ZFS
The ZFS file system provides a unique advantage for OpenSolaris. It includes data integrity checks, RAID-like features, and storage management services. OpenSolaris boots and updates using ZFS, allowing you to try patches and upgrades and to back them out if necessary. ZFS's 128-bit addressing eliminates traditional UFS size restrictions, supporting "ginormous" file systems and file sizes of thousands of terabytes. ZFS also includes both file system compression and encryption options. It allows both end users and system administrators to take instant and periodic point-in-time snapshots, to roll back to earlier snapshots, and to easily recover lost files. It also makes sharing file systems across different storage architectures very easy since it automatically converts between big-endian and little-endian bit order.
ZFS is one of the "foundation" technologies of OpenSolaris; it supports booting the root file system, safe and easy upgrading and patching using file system snapshots, and an automatic backup/recovery desktop tool called Time Slider, which is similar to Apple OS X's Time Machine.
ZFS recently won InfoWorld's 2008 Storage Technology of the Year Award, and because, again, it's an open source community project, it's now included in FreeBSD and Apple's OS X operating systems. But because of licensing issues, ZFS is not yet generally available for any of the major Linux distributions.
DTrace
If you can't see it, you can't fix it. The OpenSolaris kernel is fully instrumented for full observability, allowing performance tuning and bug tracing from application function calls all the way down the software and hardware stack to hardware interrupts, using one powerful tool. It's nonintrusive, meaning you can't hurt your system while using DTrace, which in turn means it's ideal if you want to use it to diagnose application and operating system issues on your production systems. It's like an MRI for OpenSolaris instead of brain surgery—it won't hurt.
A wide range of developer and performance-monitoring tools are now available to help you use DTrace, including an open source DTrace GUI, the DLight tool integrated with the Sun Studio developer IDE, and hundreds of clever and useful DTrace scripts contributed by OpenSolaris.org members.
DTrace has gotten extraordinary attention from the developer community, has been recognized with the Wall Street Journal's 2006 Innovation Award, and (because it's open source, remember?) it's now integrated with FreeBSD and with Apple's OS X operating system's "Instruments" programming and monitoring tools, so there is now an even larger community of DTrace experts with which to share ideas.
Virtualization
OpenSolaris actually supports several types of virtualization:
- Single-kernel mode: On both SPARC and ×86 systems in the form of containers (zones)
- Multikernel modes: Xen-based guest virtual machine (VMs) on the ×86 processors and soon Logical Domains (LDoms) on Sun's Sun4v UltraSPARC processors
This provides a choice for how you want to deploy and manage virtualization/consolidation efforts. There's even a special form of virtualization in OpenSolaris that lets you run Linux applications in a container without requiring a full Linux kernel. You'll learn more about this in Chapter 7.
Several virtualization software providers—notably VMware, XenSource, Microsoft, and Sun—provide commercial and open source hypervisor software that allow you to run OpenSolaris as a guest operating system on Windows, Linux, OS X, and even on OpenSolaris itself. Installing OpenSolaris as a virtual machine (VM) is an ideal way for you to learn about its features and advantages. We'll review how to install OpenSolaris as a virtual machine in the next chapter.
Security
OpenSolaris includes modern security capabilities such as role-based access control (RBAC) and full configuration of all user and process permissions. Recognizing that very few applications really need to run as root, OpenSolaris enables administrators to configure only the execution and access privileges needed by each program. The OpenSolaris root account is now just another user role all of whose privileges can be explicitly controlled; the operating system checks for these privileges rather than simply inspecting for UID 0 and granting all privileges when running programs as root.
A cryptographic framework and APIs are provided for you to develop applications that communicate with smart cards, biometric devices, crypto accelerator boards, and on-chip crypto stream processors. OpenSolaris also supports digitally signed executables, disabling stack execution, and secure by default installation. Of course, your familiar security tools such as SSH, OpenSSL, IPFilter, VPN support, and sudo are also included. A sudo-like utility, pfexec, is available to allow for delegating administrative tasks and for granting root privileges to other users.
The U.S. government's National Security Agency (NSA) has worked with open source communities to enhance operating system and application security. For example, its SELinux kernel modifications have been integrated with Linux distributions such as Fedora and Red Hat Enterprise Linux. The NSA also started working in March 2008 with both Sun and with OpenSolaris developers to support Flexible Mandatory Access Control (FMAC) and the Flux Advanced Security Kernel (FLASK).
OpenSolaris adds a unique feature called Trusted Extensions, which supports the Trusted Computing feature known as labeled objects; labels define the security sensitivity of files, processes, and devices and specify access rights based on a user's security policy profile. OpenSolaris implements this through the use of labeled containers. Solaris 10 with Solaris Trusted Extensions has achieved the U.S. government's Common Criteria Certification for the Labeled Security Protection Profile (LSPP) at Evaluation Assurance Level (EAL) 4+, the highest commonly recognized global security certification. OpenSolaris inherits Solaris 10's security technologies, which you can use to enhance data privacy and to create safer web services and application environments; Sun plans to submit future versions of OpenSolaris for formal security evaluations.
You'll read more about containers' security features in Chapter 7 and more about how to use the advanced security features of OpenSolaris in Chapter 8.
Summary
OpenSolaris is not "just another open source operating system." Although it is indeed designed to give you all of the tools, behavior, and appearance that you're already familiar with as a "Linux developer," it has distinct advantages that make it a preferred foundation for your web infrastructure projects. Because it descends directly from Sun's very successful and capable Solaris 10 operating system, OpenSolaris gives you a flexible, highly scalable, and secure development environment along with advanced technologies not found in other operating systems. Try it. We think you'll like it!