The long wait is over, and Oracle have finally pushed Solaris 11 out of the door. It feels a bit odd to be talking about Oracle releasing a new version of Solaris, but given how long ago Solaris 10 came out, it’s good to see what they’ve been up to.
By now most people should be up to speed with the new features in Solaris 11, like the Automated Installer (AI) and the new IPS packaging system.
ZFS with encryption has been available since Solaris 11 Express was released a year ago. We’ve had a heads-up that support for 32bit x86 CPUs was being dropped, as was support for anything other than T and M class SPARC boxes.
However, there are some extra new features that have come to light with the FCS release:
- Password caching for su – this is an implementation in PAM that’s similar to the ticketing system used in sudo. Darren Moffat has an entry in his blog that details how to enable it.
- root is no longer a user, it’s a role. This been the case since Solaris 11 Express, and in OpenIndiana, but it needs repeating
- Encrypted user home directories, using encrypted ZFS and delegated key management
- SMF layers – basically allowing a way to apply and manage SMF properties and customisations. You can read more on Sean Wilcox’s blog here.
- Many new zone tweaks – Immutable Zones, zone boot environments, and different packages in the global zone and other zones
- Intel AESNI crypto functions have been added to OpenSSL. Previously in Solaris x86, the AESNI functions had been added to the kernel and pkcs11 libraries – now they’re available within OpenSSL as well.
If you can make it to Oracle’s City Office in London next Wednesday, the UK Oracle User Group Solaris SIG (yeah, I know, LOSUG was much less of a mouthful) are having a special Solaris 11 launch event, starting at 2pm and running through the normal meeting in the evening.
You can find more details on the Solaris SIG site here – it promises to be an interesting event that’s well worth attending.
With the dust settling from the unveiling of Solaris 11 Express, it’s time to do a bit of crystal ball work and see what this means for companies deploying Solaris infrastructure.
There are enough new changes here that a lot of people out there are going to get burnt. If you haven’t been keeping up with the OpenSolaris project, or using OpenIndiana, then IPS, AI, and ZFS root are all going to cause you problems. Not to mention /usr/gnu/bin being first in the PATH.
As I’ve said before, IPS and AI still don’t strike me as mature enough to deploy in an enterprise, and I know a lot of people who have spent many years honing Jumpstart who are going to be more than a little cross that there’s no clear migration path to AI.
“Trash it and start again” isn’t a nice upgrade path – the new way of doing things may be cleaner, easier to learn, and make more sense to Linux admins – but it’s a big, fundamental change for Solaris/SPARC shops, and those are the people that pay the bills.
There’s lots of UltraSPARC III and IV kit out there that’s getting towards the end of it’s service life. People are now looking at upgrade paths, and Solaris 11 – and Oracle’s complete offering of tin+OS+support – is going to be the real make-or-break decision point.
The real kicker will be – how soon until Oracle start shipping systems with Solaris 11 installed by default? That will be the real driver that pushed people to deploy Solaris 11 – with no UFS root, no slices, there’s no real reason not to use the pre-installed OS on the tin. Smaller shops with less existing Solaris infrastructure will deploy and think “Hmm, that wasn’t too bad”. Larger shops will find less and less of a reason to put off the migration, especially as the deployed base builds with new kit shipments.
Personally, I’ve been waiting for ZFS encryption for a long, long time – and I’m more than a little suspicious that it’s been held back (in the source as well) until Oracle are suddenly fielding the next commercial Solaris release. I’m sure the Nexenta guys are having similar thoughts.
On the plus side, Solaris 11 Express using the OpenSolaris code base means it makes a lot of sense to deploy it in test environments, and then use OpenIndiana for production. I can see a lot of smaller shops doing this – either having tried out Solaris 11 and then balking at the support costs, or trying OpenIndiana and then seeing there’s not much difference there (apart from the support costs and a few ZFS features).
The real challenge for Oracle here is how well they can make the entire Solaris 11 package work for customers. Higher support costs are fine if you get increased value, but increasingly even larger companies are finding that the support costs are more of a tax – an entry price for playing at the table – rather than a value-add.
OpenIndiana has the potential to be a very big winner here.
There’s some real value in Solaris 11, and some key new features that continue to make it the best operating environment for the enterprise. Are those features – and the support – enough to justify the higher costs compared to OpenIndiana? Is the vertical integration that Oracle are offering enough to justify the higher costs compared to deploying Red Hat on cheaper hardware?
At this stage I’d say it’s still too close to call.
