D73488GC10 Student Guide

Transition to Oracle Solaris 11
''
Student Guide
D73488GC10
Edtion 1.0
September 2011
074207
ORACLe
Author Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Dave Giroux Disclaimer
This document contains proprietary information and is protected by copyright and

Technical Contributors other intellectual property laws. You may copy and print this document solely for
and Reviewers your own use in an Oracle training course. The document may not be modified or
altered
Alta Elstad in any way. Except where your use constitutes "fair use" under copyright law, you
Glenn Faden may not use, share, download, upload, copy, print, display, perform, reproduce,
publish, license, post, transmit, or distribute this document in whole or in part
Joel Goodman without the express authorization of Oracle.
Dave Miner
The information contained in this document is subject to change without notice. If
John Powell you find any problems in the document, please report them in writing to: Oracle
University,
Bart Smaalders 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is
not warranted to be error-free.
Editors Restricted Rights Notice
Malavika Jinka
If this documentation is delivered to the United States Government or anyone using
Anwesha Ray the documentation on behalf of the United States Government, the following notice
is applicable:
Graphic Designer U.S. GOVERNMENT RIGHTS

The U.S. Governments rights to use, modify, reproduce, release, perform, display,
Seema M. Bopaiah
or disclose these training materials are restricted by the terms of the applicable
Oracle license agreement and/or the applicable U.S. Government contract.
Publishers Trademark Notice
Syed Ali
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other
Sumesh Koshy names may be trademarks of their respective owners.
BECAUSE THIS IS AN EARLY-ADOPTER COURSE, THIS TRAINING IS FOR

INFORMATIONAL PURPOSES ONLY AND IS INTENDED SOLELY TO
ASSIST YOU IN PLANNING FOR THE IMPLEMENTATION AND UPGRADE
OF THE PRODUCT FEATURES DESCRIBED. IT IS NOT A COMMITMENT TO
DELIVER ANY MATERIAL, CODE, OR FUNCTIONALITY, AND SHOULD
NOT BE RELIED ON IN MAKING PURCHASING DECISIONS. THE
DEVELOPMENT, RELEASE, AND TIMING OF ANY FEATURES OR
FUNCTIONALITY DESCRIBED IN THIS COURSE REMAIN AT THE SOLE
DISCRETION OF ORACLE.
Contents
1 Introduction
Overview 1-2
Course Goals 1-3
- Agenda 1-4
I....
(..)
ct:l Practices 1-5
I....
0 Introductions 1-6
Your Learning Center 1-7
2 Introducing the Oracle Solaris 11 New Features and Enhancements

Objectives 2-2
Agenda 2-3
Oracle Solaris 11 New Features and Enhancements 2-4
Oracle Solaris 11 Features and Enhancements 2-5
Image Packaging System (IPS) 2-7
Operating System Installation 2-8
"0 :::J
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
3
Oracle User Environment Enhancements 2-15
Solaris
11 System Security Enhancements 2-16
Zones Lesson Agenda 2-18
2-9
Comparing Key Features: Then and Now 2-19
Network
Lesson Agenda 2-20
ing
Feature Transitioning Strategy 2-21
s Summary 2-22
Enhanc
ements
2-11 3 Managing Software Packages in Oracle Solaris 11
Storage Objectives 3-2
Enhanc Agenda 3-3
ements What Is IPS? 3-4
2-13
Planning for IPS 3-5
IPS Components 3-7
Agenda 3-10
Local Package Repository 3-11
Creating a Local Repository 3-12
4
Configuring the IPS Clients 3-14
Configuring a Repository Mirror 3-15
Practices 3-1 and 3-2: Overview 3-17
Agenda 3-18
..c Package Management: pkg (1) 3-19
pkg Command Examples: search and info 3-20
pkg Command Examples: install 3-21
pkg Command Examples: list, verify, and contents 3-22
pkg Command Examples: uninstall 3-23
Package Manager 3-24
Managing Packages by Using a Web Browser 3-25
Update Manager 3-26
Agenda 3-28
Publishing a Package in IPS 3-29
Practice 3-5: Overview 3-30
Agenda 3-31
c
0 Boot Environment (BE) 3-32
> The beadm Utility 3-33
>.
c..
0
0 c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
.a
........
Cl)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"0
0
I....
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
beadm e, and destroy 3-37 beadm
Comm Command Examples: mount and unmount 3-38
and
Examp Package Manager BE Features 3-39
les: Practice 3-6: Overview 3-40
Summary 3-41
3-35
beadm
4 Installing the Oracle Solaris 11 Operating System
Comm
and Objectives 4-2
Examp Agenda 4-3
les: Oracle Solaris 11 Installation Options 4-4
create
3-36 Oracle Solaris 11 System Requirements 4-6
beadm Agenda 4-7
Comm Oracle Solaris 11 Text Installer 4-8
and Oracle Solaris 11 Text Installation: Disks 4-11
Examp Oracle Solaris 11 Text Installation: Network 4-12
les: Oracle Solaris 11 Text Install: Users 4-13
activat Oracle Solaris 11 LiveCD 4-14
e, Oracle Solaris 11 LiveCD: Device Driver Utility 4-15
renam Oracle Solaris 11 LiveCD: Partition Editor 4-16
Oracle Solaris 11 LiveCD Installer: Disk 4-17
Oracle Solaris 11 LiveCD Installer: Time Zone 4-18
Oracle Solaris 11 LiveCD Installer: Users 4-19
Agenda 4-21
Oracle Solaris 11 Automated Installation 4-22
I.... How Automated Installation Works 4-24
0
"0 AI Environmental Requirements 4-25
c
ct:l IPS Case: Using Default Manifest 4-27
-
Q)
(..)
IPS Case: Using Custom Manifest 4-29
ct:l
I.... IPS Case: Using an SC Profile 4-31
IPS Case: Multiple AI Services 4-32
Configuring the AI Server 4-33
Setting Up the AI Server 4-34
0 AI Manifests 4-35
4-36
The default.xml File
4-38
The Criteria Manifest
Criteria Manifest: Examples 4-40

System Configuration Profiles 4-41
SC Profile: Example 4-42
Administering the AI SMF Service 4-47
"0
AI Server Configuration Walkthrough 4-48
Q
... ...
)
Agenda 4-52
..
..c Comparing JumpStart to AI 4-53
..c Comparing Rules Keywords and Criteria Directives 4-54
0
I....
c.. Converting a JumpStart Profile to an AI Manifest 4-57
c Agenda 4-60
0
:.;:::::;
::J Distribution Constructor 4-61
..c
........ Distribution Constructor Manifest Files 4-62
rJ)
"0
Building an OS Image 4-63
I....
0 Practice 4-3: Overview 4-64
c Summary 4-65
0
:.;:::::;
(..)
::J
" 0 5 Administering Oracle Solaris 11 Zones
e Objectives 5-2
c.. Q)
I....
Agenda 5-3
"0
Q)
N Oracle Solaris 11 Zones 5-4
New Zones Features 5-5
c
0 Agenda 5-7
.....c. Solaris 10 Zones 5-8
..
::J Migrating Solaris 10 Zones (V2V) 5-10
ct:l
c Migrating Solaris 10 Global Zones (P2V) 5-12
:::J
7
Agenda 5-14
Configuring Non-Global Zones by Using the Automated Installer (AI) 5-15
Specifying a Non-Global Zone in the AI Manifest 5-16
Adding a Non-Global Zone Manifest and Profile 5-17
Agenda 5-18
Monitoring Zone Resource Consumption 5-19
Monitoring Zone Memory Consumption 5-20
Monitoring Zone CPU Consumption 5-21
Total and High Zone Resource Consumption 5-22
Delegating Zone Administration 5-23
Summary 5-24
Practice 5 Overview: Migrating Oracle Solaris 10 Zones to Oracle Solaris 11 5-25
Practice Environment 5-26
6 Oracle Solaris 11 Network Enhancements
Objectives 6-2
Agenda 6-3
Introducing Oracle Solaris 11 Network Enhancements 6-4
Agenda 6-6
Network Auto-Magic (NWAM) 6-7
How NWAM Works 6-9
Interaction with Other Oracle Solaris Technologies 6-10
The netcfg Command 6-12
The netadm Command 6-13
Configuring NWAM 6-14
Agenda 6-17
The ipadm Utility 6-18
dladm Enhancements 6-20
Agenda 6-23
Transitioning to Virtual Networking 6-24
Virtual Network Components 6-26
Building a Simple Virtual Network 6-28
Configuring a Private Virtual Network 6-29
Accessing a Virtual Network Configuration 6-31
Bandwidth Management 6-32
Managing Bandwidth 6-34
Agenda 6-36
IP Multipathing (IPMP) 6-37
IPMP Configurations 6-38
How IPMP Works: Active-Active 6-39
How IPMP Works: Active-Standby 6-43
Configuring IPMP: Active-Active 6-48
Configuring IPMP: Active-Standby 6-49
I Monitoring IPMP 6-50
Agenda 6-54
-
Network Bridging 6-55
Configuring a Network Bridge 6-57
Agenda 6-59
The wireshark Utility 6-60
The dlstat Utility 6-61
dlstat: Examples 6-62
Summary 6-65
7 Oracle Solaris 11 Storage Enhancements

Objectives 7-2
Agenda 7-3
1 .e
Introducing Oracle Solaris 11 Storage Enhancements 7-4
Agenda 7-6
ZFS Shadow Data Migration 7-7
Shadow Migration Considerations 7-8
Configuring ZFS Shadow Data Migration 7-10
Agenda 7-11
Splitting a Mirrored ZFS Storage Pool 7-12
Splitting a ZFS Mirrored Pool: Example 7-13
Agenda 7-14
Identifying ZFS Snapshot Differences 7-15
Identifying ZFS Snapshot Differences: Example 7-16
Agenda 7-17
ZFS Deduplication 7-18
ZFS Deduplication Properties 7-20
ZFS Deduplication: Example 7-21
Agenda 7-22
Common Multiprotocol SCSI Target (COMSTAR) 7-23
COMSTAR Benefits and Limitations 7-24
Configuring COMSTAR 7-26
Summary 7-28
Practice 7 Overview: Oracle Solaris 11 Storage Enhancements 7-29
Oracle Solaris 11 Security Enhancements 8-4

8 Agenda 8-7
Ora Oracle Solaris Cryptographic Framework 8-8
cle
Sol Administrative Command: Examples 8-10
aris User Command: Examples 8-13
11 Agenda 8-15
Sec
urit ZFS Dataset Encryption 8-16
y ZFS Pool Encryption: Example 8-17
Enh
anc ZFS File System Encryption: Example 8-18
em Agenda 8-19
ent
s Basic Audit Reporting Tool (BART)
Objectiv BART: Example 8-21
es Summary 8-23
Agenda Practice 8 Overview: Oracle Solaris 11 Security Enhancements 8-24
8-3
viii
Introduction
1, Oracle and/or its aflfllates. All rights reserved. ORACLE .

Overview
Course goaIs
Agenda
Practices
Introductions
-
I....
0
"0
Your learning center
c
ro
Q)
(..)
ro
I....
Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
Welcome to the Transition to Oracle Safaris 11 course. This is an advanced course that builds
on Oracle Solaris 10 system administration courses. It is focused on the skills and knowledge
required for transitioning from the Oracle Solaris 10 operating environment to the Oracle
Solaris 11 operating environment.
This course highlights the new features delivered with Oracle Solaris 11, including the
Automated Installer (AI), the Image Packing System (IPS), and network virtualization.
Throughout the course, you learn how to transition to the Oracle Solaris 11 operating
environment by performing a series of guided hands-on practices that walk you through the
critical tasks associated with operating system migration activities. These practices include
case studies that illustrate best practices when transitioning from Oracle Solaris 10 to Oracle
Solaris 11.
This course does not address system administration tasks currently supported in Oracle
Solaris 10 (or other) operating systems. Rather, it focuses on the new and enhanced features
found in the Oracle Solaris 11 operating system. It is assumed that you already have the skills
and knowledge necessary for administering Oracle Solaris 10.
Familiarize you with the Oracle Solaris 11 new features
and enhancements:
- Image Packaging System (IPS)
-
I....
0 - Automated Installer (AI)
"0
c (..)
ro -
ro I....
"<""""
"<""""
Q) 0 0
Transition to Oracle Solaris 11 1 -
12
Course Goals
(\J
- Oracle
The goals Solaris
of this containers
course are to:
..c
0 Network
>
c
virtualization
>.
c.. - Security
0
0
"0
Provide you with the skills necessary for a successful
..) ..
Q
transition from Oracle Solaris 10 to Oracle Solaris 11
..
..c
..c ORACLE.
0
I....
c.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c
0
:.;:::::;
Goals
::J
..c Transitioning to a new operating system can be a very daunting task. It involves working with
...... a wide range of complex technologies and procedures, many of which are new to
rJ)
"0
the personnel participating in the project.
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
c
0
....c
..
::J
ro
c
:::
J

13
Agenda
Day 1
Lesson 1: Introduction
Lesson 2: Introducing the Oracle Solaris 11 New Features and
Enhancements
Lesson 3: Managing Software Packages in Oracle Solaris 11
Day2
-
I....
Lesson 3: Managing Software Packages in Oracle Solaris 11
"
Lesson 4: Installing the Oracle Solaris 11 OS
Day 3
Lesson 5: Administering Oracle Solaris 11 Containers
Lesson 6: Oracle Solaris 11 Networking Enhancements
Day4
ORACLE.
Lesson 6: Oracle Solaris 11 Networking Enhancements
Day 5
Lesson 7: Oracle Solaris 11 Storage Enhancements
Lesson 8: Oracle Solaris 11 Security Enhancements
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Practice exercises reinforce critical Solaris 11 OS features.

Each practice contains guided, step-by-step exercises.
Exercises are based on best practices.
-
I....
0
"0 0
c I....
c..
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
> c
>.
c..
0
0
"0 Copyright 2011,
..Q...) Oracle and/or its
. affiliates. All rights
..c reserved.
..c
Practices
Practices are run in a virtual environment.
ORACLE.
c Starting with Lesson 3, each lesson in this course has an associated practice. Within each
0
:.;:::::; practice, you are provided with a virtual environment that contains all the resources needed to
::J
..c install the Oracle Solaris 11 operating system and configure the new features and enhancements.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
" 0
e
c..
Q)
I....
"0
Q)
N
c
0
....c.
.
::J
ro
c
:::J
Introductions
Name
Company affiliation
Title, function, and job responsibility
Experience related to topics presented in this course
-
I....
0
"0
Reasons for enrolling in this course
c
ro Expectations from this course
Q)
(..)
ro
I....
ORACLE.
..Q...).
K
0 - Restrooms
"0
- Break rooms and designated smoking areas
- Local cafeterias and restaurants
Emergency evacuation procedures

ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights
Introducing the Oracle Solaris 11

-
I....
0
"0
c New Features and Enhancements
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives
After completing this lesson, you should be able to:
Describe the Oracle Solaris 11 operating system
List new features and enhancements of Oracle Solaris 11
Describe the new operating system installation features
Describe the new software updating features
- Describe the new Oracle Solaris zone features

I....
0
"0
c
ro Describe the new networking features and enhancements
Q)
(..) Describe the new storage enhancements
ro
Describe the new user environment enhancements

0
I....
Describe the new system security enhancements '

-
"<""""
"<""""
0

(\J
Compare the features of Oracle Solaris 10 and Oracle

..c
> c
0 Solaris 11 .,..
>. 0
c..
0 ....c..
0 ::J
ro
"0 c
..)Q.. :::J
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
Transition to Oracle Solaris 11 2 - 2
Describe a strategy for transitioning from Oracle Solaris 10
to Oracle Solaris 11 -c:>. "'
ORACLE.
c..
This lesson introduces you to the new features and enhancements found in the Oracle Solaris
11 operating system. The lesson begins with a description of Oracle Solaris 11 and continues
with a high-level description of each new feature and enhancement.
Next, the lesson provides a comparison of the features found in Oracle Solaris 10 with those
of Oracle Solaris 11. This is followed by a description of a strategy for transitioning from
Oracle Solaris 10 to Oracle Solaris 11.

Features Comparison
Strategy for Transitioning to Oracle Solaris 11
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 New Features
and Enhancements
Oracle Solaris 11:
Builds on the proven technologies of Oracle Solaris 10
Provides access to the latest Oracle Solaris 11 technology
Has been tested and optimized for Oracle hardware and
-
I....
0
"0 software
c
ro
Q)
Offers state-of-the-art reliability, availability, and
(..)
ro serviceability
I....
:::J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Is an integrated component of Oracle's Exadata and
Exalogic systems
ORACLE.
Oracle Solaris is the industry-leading operating system for the enterprise. Oracle Solaris 11
raises the bar for the innovation introduced in Oracle Solaris 10 with a unique feature set that
few other operating systems can offer. Oracle Solaris 11 has been tested and optimized for
Oracle hardware and software and is an integral part of Oracle's combined hardware and
software portfolio.
Oracle Solaris 11 provides customers with the latest access to Oracle Solaris 11 technology,
allowing developers, architects, and administrators to test and deploy applications within large
data centers, which greatly simplifies their day-to-day operations. Oracle Solaris 11 is
characterized by the reliability, availability, and serviceability that you expect from a leading
enterprise operating system.
Oracle Solaris 11 provides new optimizations and features designed to deliver proven
scalability and reliability as an integrated component of Oracle's Exadata and Exalogic
systems.
Oracle Solaris 11 Features and Enhancements
New operating system installation features

New software packages updating feature
Oracle Solaris 10 zone features
New networking features and enhancements
-
I....
0
"0
Storage enhancements
c
ro User environment enhancements
Q)
(..)
ro
System security enhancements
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Oracle Solaris 11 expands support for Oracle Solaris 10 storage technologies. The ZFS file
system includes a number of enhancements, including ZFS as the root file system,
Ora number of installation choices. This includes a completely hands-free automated network
cle installation experience, a graphical LiveCD installer, and an interactive text-based installation
Sol for systems without a graphical display.
aris
11 Oracle Solaris 11 introduces the Image Packaging System (IPS). IPS is the next-generation
intr packaging system that provides safe system updates and upgrades.
odu
ces Oracle Solaris 11 enhances its virtualization solution with Oracle Solaris 10 zones (also
a known as solarislO branded zones). Oracle Solaris 10 zones provide a seamless method
new for migrating to Oracle Solaris 11. Additional features such as delegated zone administration,
,
mo boot environment (BE) for zones, and enhanced zone monitoring are also included.
der Oracle Solaris 11 brings significant enhancements to networking. Features such as virtual
n networks, Network Auto-Magic (NWAM), and improved IP multipathing (IPMP) provide
soft enhanced security, availability, and management.
war
e
inst
alla
tion
arc
hite
ctur
e,
offe
ring
a
deduplication, and ZFS snapshot differences. Additional enhancements include Common
Multiprotocol SCSI Target (COMSTAR) technology and Common Internet File System (CIFS)
support for seamless file sharing with Windows environments.
Oracle Solaris 11 includes GNOME 2.30, an intuitive, easy-to-use desktop environment, and
the Firefox 3.6.10 web browser, among a variety of other software included in the network
package repository. GNU (not UNIX) commands and a default bash shell environment are
also available.
Oracle Solaris 11 continues to optimize security controls. This release supplies a number of
security-related enhancements: root as a role, encrypted ZFS datasets, Trusted Platform
Module (TPM) support, and enhancements to Oracle Solaris Trusted Extensions.
"
Image Packaging System (IPS)
Completely redesigned software packaging system

Comprehensive delivery framework for software life cycle:
Software installation
Software updates
-
I....
0
"0
Operating system upgrades
c Removal of software packages
ro
Q)
(..) Intelligent package management
ro
I....
0
I....
c..
ORACLE.
Oracle Solaris 11 provides a completely redesigned software packaging model: the Image
Packaging System (IPS). IPS is a comprehensive delivery framework that spans the complete
software life cycle, addressing software installation, updates, operating system upgrades, and
the removal of software packages.
In contrast to the SVR4 packaging model used in earlier Oracle Solaris releases, IPS
eliminates the need for patching. Relying on the use of network repositories of software
packages, IPS dramatically changes how an administrator updates system and application
software. IPS packages can be installed into nonglobal zones in addition to the global zone.
Operating System Installation
Unattended installation
'* C Oracle Solaris 11 Automated Installer (AI)
l)
:t=
ct:l
- Network installation
1l - Installation manifest
-
I....
0 - Client profiles
"0
c
ct:l
Interactive installation
Q)
(..)
Oracle Solaris 11 LiveCD installation
ct:l
I....
- Suited for desktops and notebooks
0
-
"<"""" - GUI interface
"<""""
0
(\J Interactive text install
..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
N
c c
0 0
:.;:::::;
::J ....c..
..c ::J
......
Cl)
ct:l
c
:::J
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
Ora Unattended installation:An improved "hands-off' automated installation process that
cle goes beyond Oracle Solaris JumpStart functionality in Oracle Solaris 10 and earlier
Sol
aris releases
11 Interactive installation:Interactive installation using a text-based user interface
offe (because most servers use a text-based console for installation), and interactive
rs installation for x86 desktop and notebook systems using the Oracle Solaris 11 LiveCD
a
nu forx86
mb
er
of
inst
alla
tion
opti
ons
:
New boot environment for zones
Zone resource monitoring
Delegated administration
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c Oracle Solaris 11 includes significant enhancements to zone administration and monitoring,

0
:.;:::::; helping administrators more efficiently manage consolidated and virtualized workloads.
::J
For users running applications either in zones or on bare metal on Oracle Solaris 10 systems,
virtual-to-virtual (v2v) and physical-to-virtual (p2v) tools are provided to help this transition to
an Oracle Solaris 10 zone running in Oracle Solaris 11. An Oracle Solaris 10 zone can have a
shared IP stack with the global zone or an exclusive IP stack. Oracle Solaris 10 Zones
provide a proven and fully supported option for quick adoption of Oracle Solaris 11, allowing
administrators to benefit immediately from all the new features available while providing an
easy application migration path.
Another enhancement to zone technology is that the distinction in Oracle Solaris 10 between
whole root and sparse root is irrelevant. In Oracle Solaris 10, sparse root zones conserve disk
space and permit fast zone creation by sharing a single instance of key file systems among
multiple zones. In Oracle Solaris 11, the root file system is ZFS and zone creation leverages
ZFS clones for similar space and time savings. When a new boot environment is created by
cloning an existing one, the base boot environment's zones are also cloned into the new boot
environment. As a result, you no longer have to choose between different zone types.

Oracle Solaris 11 greatly enhances your ability to monitor zone resource consumption with
the introduction of zones tat. With zones tat you can observe memory and CPU
I
utilization, utilization of resource control limits, total utilization, and per-zone utilization
breakdowns over specified time periods.
With Oracle Solaris 11, you can delegate specific zone administration tasks to different
administrators using Role-Based Access Control (RBAC). With delegated administration
standard, users are identified with the permissions to log in, manage, or clone that zone.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Networking Features and Enhancements
Network virtualization
Network Auto-Magic (NWAM)
Improved IP multipathing (IPMP)
New sockets architecture
(\
J
Load balancing
..c
0 Bridging and tunneling
>
c The ipadm command
>.
c..
0
ORACLE.
Copyright
laris 11 introduces built-in network virtualization and resource management, providing more
and/or
rights effective sharing of network resources and enhancing the ability to consolidate server
workloads.
In Oracle Solaris 11, Network Auto-Magic (NWAM) automates network configuration and
O connection. NWAM enables users to automatically discover and connect to networks
r depending on their network conditions and profiles. NWAM is the default network
a configuration behavior on all installations of Oracle Solaris 11.
c
l In Oracle Solaris 11, IP multipathing (IPMP) has been redesigned to enhance the
e administrative model and improve monitoring. An IPMP group (which has a set of associated
IP addresses that are dynamically bound to a set of underlying physical interfaces) is
S represented by an IPMP interface. AliiP administrative tasks take effect on the IPMP group
o simply by referencing the IPMP interface. The new ipmpstat utility provides visibility to the
IPMP subsystem.

Network sockets implementation has been improved and no longer uses the STREAMS
module. This not only means performance improvements but also a new, simplified developer
interface for adding new socket types. The architecture also keeps an eye on network traffic
volume, allowing it to shift from interrupt driven to polling mode, which is much more efficient
when dealing with high network traffic volumes.
Oracle Solaris 11 includes an integrated L3/L41oad balancer. This addition includes stateless
Direct Server Return (DSR) and Network Address Translation (NAT) operation modes on a
variety of load-balancing algorithms, a command-line, and configuration API to configure
various features as well as view statistics and other configuration details.
Ethernet bridging is supported in Oracle Solaris 11 with the addition of the Spanning Tree and
Transport Interconnect of Lots of Links (TRILL) protocols. Also, IP tunneling functionality has
been reimplemented, delivering a generic LAN driver (iptun) that implements IP tunnel links
on which IP interfaces can be plumbed and managed using the dladm utility.
In addition to the important network features, Oracle Solaris 11 introduces the ipadm , '(\'3-
S
command. The ipadm command provides a set of subcommands that can be used to \f\ 1
manage interfaces, addresses, and TCP/IP protocol properties. Over time, the ipadm
command will replace traditional network management commands such as ifconfig.
Storage Enhancements
'
ZFS enhancements
C Default file system
Deduplication
ZFS snapshot differences (zfs diff)
- ZFS shadow migration

..
COMSTAR
CIFS support
ORACLE.
ZFS is the default root file system in Oracle Solaris 11. UFS is still available for non-root file
systems. Oracle Solaris 11 has added ZFS deduplication, which detects and removes
redundant data from ZFS file systems. If a ZFS file system has the dedup property enabled,
duplicate data blocks are removed synchronously. As a result, the file system stores only
unique data. Support for listing the differences between ZFS snapshots (zfs diff) has
been added with Oracle Solaris 11. Also, now you can use the shadow migration feature to
migrate data from an old file system to a new one while simultaneously allowing access and
modification of the new file system during the migration process.
COMSTAR (Common Multiprotocol SCSI Target) technology, introduced in Oracle Solaris 11,
allows network file sharing, similar to NFS and CIFS, but for raw block-device access via
iSCSI or SAN. This technology enables any Oracle Solaris 11 host to become a SCSI target,
allowing it to be accessed over a storage network by a variety of initiator hosts. COMSTAR
supplies a software framework that makes it possible for all SCSI device types to connect to a
transport protocol and provide network device access. In this way, virtual machines can share
image files or access to a database.

control (allowing a ClFS server to restrict access to specific clients according to IP
addresses), access control lists (ACLs) on shares, and client-side caching of offline files with
synchronization on reconnect.
-
I....
User Environment Enhancements
Enhanced desktop environment

Time Slider snapshot management
Command-line familiarity
CUPS printing
-
I....
0
"0
c For desktop users, Oracle Solaris 11 offers a state-of-the-art GNOME desktop. The desktop
ro includes the innovative Time Slider tool. Integrated with the File Browser, Time Slider
Q)
(..)
supports file and directory recovery, which is made possible through native snapshot and
ro
I.... clone capabilities in ZFS. A user can click in Time Slider to snapshot a home directory and
0 later revert to it if necessary.
"<""""
-
"<"""" There are other changes in Oracle Solaris 11 that affect the user experience. The default user
path places /usr /gnu/bin before /usr /bin, giving users a familiar GNU-like environment
by default. The bash shell is now the default interactive shell, and ksh93 replaces ksh as the
default system shell.
The Common UNIX Printing System (CUPS) has been selected as the default print service on
Oracle Solaris 11, replacing the LP print service. CUPS support includes a web and graphical
interface to manage your printing environment. A system that is running CUPS becomes a
host that can accept print requests from client systems, process those requests, and then
send them to the appropriate printer.
System Security Enhancements
Secure by default
Root treated as a role
Robust data encryption
Driver support for Trusted Platform Module (TPM)
-
I....
0
ro Oracle Solaris 11 provides a fully secure-by-default environment. With automatic secure by
default, network services are disabled by default, or set to listen for local system
communications only.
In Oracle Solaris 11, root is treated as a role rather than a user. During system installation, an
initial user is defined. After an initial user login, a user with the appropriate privileges can
subsequently assume the role of root by using su or by performing administrative tasks after
authentication using sudo or pfexec. pfexec is a new feature that allows you to directly
assign a rights profile or more roles directly to a user account.
Oracle Solaris 11 supports a robust mechanism for your data protection by implementing on
disk encryption/decryption support and key management for ZFS datasets. In the event of
theft or in the case of untrusted paths to networked storage, encrypted ZFS datasets can help
to safeguard data and prevent unauthorized access. The kernel implements raw
encryption/decryption functions that are applied to all data and file system metadata.
Oracle Solaris 11 includes driver support for Trusted Platform Module (TPM) hardware. TPM
devices are often embedded in systems to securely store certificates or encryption keys that
help to perform platform authentication and/or attestation. Attestation is a process that
determines whether a server is trustworthy and has not been breached.
Oracle Solaris 11 enhances Oracle Solaris Trusted Extensions by introducing labeled IPsec
and labeled ZFS datasets. Additionally, Trusted Extensions now enables per-label and per
user credentials, allowing administrators to require a unique password for each label. This
password is in addition to the session login password, thus allowing administrators to set a
per-zone encryption key for each label of every user's home directory
-
I....
-
...
0
ORACLE.
Comparing Key Features: Then and Now
Feature Oracle Solaris 10 Oracle Solaris 11
Packaging model SVR4 packaging Image Packaging System

(IPS)
Maintaining system SVR4 Patching Image Packaging System
software (IPS)
- OS installation Interactive: Install DVD Interactive: Install CD

I....
0
"0 Automated: Oracle and package
c
ro Solaris JumpStart repositories
Q) Automated: Automated
(..)
ro Installer and package
I....
0 repositories
Building a customized Blueprints for custom Distribution Constructor to
distribution image DVDs create ISO and virtual
machine images
'
Virtual Networking N/A Network virtualization and
resource management
User environment Ksh and SVR4 commands Bash, GNU and SVR4
commands
.. O
This table shows the major changes made to some of the key features of Oracle Solaris 10 in
Oracle Solaris 11.

Lesson Agenda
Oracle Solaris 11 Features and Enhancements

Features Comparison
Strategy for Transitioning to Oracle Solaris 11
-
I....
Solaris is binary compatible across hardware architectures.
Source code is compatible across different

machine architectures.
Migration path for ZFS and UFS file systems
Multiple migration paths for transitioning applications:
Applications can run directly on Oracle Solaris 11. .
Applications can run in Oracle Solaris
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights
reserved.
Administrators can prepare for transitioning to Solaris 11 by having a sound
: understanding of
the key features in Oracle Solaris 10, including Oracle Solaris Zones and ZFS
(especially to support root file systems). Oracle Solaris 11 builds upon these
features, so having a solid working knowledge of them can help to prepare for a
transition.
Oracle continues the Solaris commitment to binary compatibility across
hardware architectures. This simplifies migrations between major Oracle Solaris
releases and allows applications to take advantage of performance gains from
Oracle's newest SPARC and x86 hardware systems. Oracle guarantees source
code compatibility across different machine architectures, allowing software
providers to simply recompile applications across hardware architectures.
Oracle Solaris 11 supports a migration path for ZFS and UFS file systems using
the ZFS shadow migration feature. You can migrate data from an old file system
to a new file system while simultaneously allowing access and modification of
the new file system during the migration process.
Oracle offers multiple migration paths for transitioning applications to Oracle
Solaris 11. Applications can run directly on Oracle Solaris 11 in global or non-global
zones. The release also supports Oracle Solaris 10 zones hosted within an Oracle
Solaris 11 global zone. Just as Oracle Solaris 8 and 9 branded zones helped to
transition applications to Oracle Solaris 10, Oracle Solaris 10 branded zones in
Oracle Solaris 11 enable a more gradual, step-by-step approach to an OS
migration.
Identify the new Oracle Solaris 11 features and
enhancements
Identify the key differences between Oracle Solaris 10 and
-
I....
0 the Oracle Solaris 11 features
Strategically prepare to transition to Oracle Solaris 11
ro
Objectives
Managing Software Packages

in Oracle Solaris 11
ORACLE'
Agenda
After completing the

Introducing thisImage
lesson,Packaging
you should be able
System to:
(IPS)
Describe the Image Packaging System (IPS)
Plan for moving to IPS
Configure a local package repository
-
I...
.
0
"0
Configure network client systems to use IPS
c
ro
Q
Search for software packages by using IPS
)
(..) Install software packages by using IPS
ro
0
I...
.
.
-
0
(\J Update the OS image by using IPS
Publish a software package by using IPS
..c
> c
0
Manage boot environments _,
>.
c.. ORACLE.
0
0
"0
..) Q...
.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c
0 This lesson introduces you to the new Oracle Solaris 11 software packaging feature: Image
ro Packaging System (IPS). The lesson begins with a description of IPS and later compares IPS
to package management in the Oracle Solaris 10 operating system.
Next, the lesson shows you how to configure and work with the IPS features. This is followed
by a description of the method of publishing your own packages in IPS and creating IPS
images.
Configuring a Local IPS Repository
Managing Software Packages by Using IPS
Publishing a Software Package in IPS
-
I....
0
Managing Boot Environments

What Is IPS?
ORACLE.
E mPr"a.r.t...cEnvtronment
U ve
...'o. n
QonedPraduct:lon
ZFS BOOT ENVIRONMENTS
ORACLE SOLARIS
IMAGE PACKAGING SYSTEM
ORACLe
Copyright 2011, Oracle and/or Hs affiliates.All rights reserved.
The Image Packaging System (IPS) is a framework that provides for software lifecycle
management. such as installation. upgrade. and removal of packages. IPS also allows users
to create their own software packages. create and manage package repositories. and copy
and mirror existing package repositories
With IPS. you can pertorm the following tasks
Create and manage images
Search the IPS packages on your system and in IPS repositories
Copy, mirror. create. and administer package repositories
Create and publish IPS packages to a package repository
Republish the content of an existing package in a package repository
0
-
I....

Planning for IPS
SPARC and x86 architectures
Or
ac Web-based or local package repository
le Repository mirroring
So
lar Client access to IPS server
is
11
20
10
11
or
lat
er
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J

..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::; ::J " 0 c.. Q)
::J
..c I....
"0
e
......
rJ)
Q)
N
"0 c
I.... 0
0 ....c..
c
ro
::J
0
:.;:::::; c
(..) :::J

What Is IPS?
To 2010_11 (or later) operating system. IPS is not compatible with Oracle Solaris 10 (or earlier)
use operating systems. IPS is compatible with both SPARC (sun4v and sun4u) and x86 (32 and
IPS
64 bit)-based systems.
for
soft A key component of IPS is the package repository. A package repository is a location where
war software packages are stored and from where packages are retrieved by clients systems.
e
pac
kag
e
ma
nag
em
ent,
you
mu
st
be
run
nin
g
the
Ora
cle
Sol
aris
11

An important feature of IPS is that it enables users to mirror the package repository to another
server. IPS can retrieve content from mirrored servers. A mirror provides a complete copy of a
repository's catalog of packages. Using a nearby mirror can speed up system updates,
distribution construction, zone creation, and other packaging-intensive operations.
Providing the appropriate network infrastructure that allows client systems to access the IPS
server is crucial to making the IPS package scheme work. Clients rely heavily on network
services, such as DNS, for finding their way to the package repository.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J

IPS Components
en
Q
..) ...
..
-
tE
ro
en
-
Package
Server
!.....
0 Payload
""0
c
ro
................................................t ....................
Q)
(...)
0 .
Client
't""""
't""""
cu- pkg (1)
0 Desktop- Package Manager
N Web Browser
@
.......
..c
0)
c
0..
0
0
""0
Q )
.. .... . ORACLE"
:0 ::::J
. ro
c
=>
.
ec
0..
c
0
:;:::;
::::J
..0
c
.......
.!:!2
""0
!.....
0
c
u
0
::::J
" e
"0
0..
""0
Q)
N
c
0
c
.... ..
.
Fault Management Resource Identifier (FMRI): The FMRI includes descriptive
information about the package, such as the package name, version information, and
Copyright
s made up of key components. Each component has a role to play. These components
and/or
rights include:
Package: A package in IPS is a collection of actions defined by a set of key-value pairs

that represent metadata such as classification, descriptions, or other attributes such as
I path and alias. The key-value pair could also represent a data payload. These actions
P can represent items such as files found in a file system or installable objects, such as
S drivers, services, groups, and users. Each IPS package is represented by a Fault
Management Resource Identifier (FMRI). FMRis are used with the pkg ( 1)
i command to indicate which packages to perform operations on.
::J " 0 c.. Q)

I....
"0
e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....

"0
Q )
... ... .
.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
IPS Components
date. For 01104T230706Z consists of the following information: Scheme:
example, pkg
the FMRI,
pkg://solaris Publisher: solaris
/developer/ Category:developer Package
apptrace@0 Name: apptrace Component
.5.11,5.11-
Version: 0.5.11
.151
Build Version: 5.11
.
0 Branch Version: 0.151.0.1
. Timestamp (when the package was published): 20101104T230706Z
1 Repository: A repository is a location where clients publish and retrieve packages. The
location is described by a uniform resource identifier (URI) such as
:
http://pkg.oracle.com/solaris/release. A repository is also called a depot server. A repository
2 contains packages from a single publisher (for example, Solaris). A publisher can publish to
0 multiple repositories. A repository has an origin and zero or more mirrors. The repository
1 origin is the location of a package repository that contains both package metadata (package
manifests and catalogs) and package content (package files). A mirror is a location of a
package repository that contains only package content.
Catalog:A catalog consists of all the packages in an IPS package repository. The
packages in a catalog are associated with a specific publisher.
Manifest: A manifest describes the components and attributes that make up a package.
Mirror: A mirror provides a subset of the data that origins provide. Mirrors can be used
only for downloading package files. Package metadata is downloaded from the origin.
IPS clients access the origin to obtain a publisher's catalog, even when the clients
download package content from a mirror.
Client package management utilities:
pkg (1): A command-line command that can be used to create and manage
images, search package data, and perform software installation, upgrade, and
removal
Package Manager: The Package Manager application provides a graphical user
interface (GUI) for IPS. It also provides a subset of the functionality offered by the
command-line commands provided with IPS.
Web browser: A web browser can be used to search for and install software
packages from an IPS repository.
Agenda can maintain multiple boot
installed into that image. System administrators
environments in their systems, and each boot environment can have different software
versions installed.
Introducing the Image Packaging System (IPS)
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Boot environment (not shown): A boot environment is a boatable instance of an
Oracle Solaris 11 operating system image plus any other application software packages
:::J
-
I....
0
"0 c ro Managing Boot Environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J " 0 c..

Q)
I....
e
"0
Q)
N
c
0
....c..
::J
ro
c
:::J
Local Package
Creating a LocalRepository
Repository
1. Default package packages:

Obtain software repository:
http://pkg.oracle.com/solaris/release/
Reasons for creating a local repository:
Default repository not available to clients
-
I....
"0
0 Performance
c
ro Security
Q)
ro
(..) Replication
I....
"0
Q
)
..
..c
..c
0
I....
c..
c IPS manages software in units of packages. An IPS package is a collection of directories,

0
:.;:::::; files, links, drivers, dependencies, groups, users, and license information in a defined format.
::J
..c This collection represents the installable objects of a package. Packages have attributes such
........
rJ)
as package name and description. When you install or upgrade to the Oracle Solaris 11
"0 release, the system initially has one publisher configured: the Solaris publisher. The default
I....
0 publisher has the following repository origin: http://pkg.oracle.com/solaris/release/.
c
0
:.;:::::;
You can create your own local package repository. Having a local package repository is
(..)
::J
necessary when your network clients do not have access to the web-based default repository.
" Other reasons you might want to have a local copy of a package repository include:
0
e Performance:Having a local package repository allows clients access to packages at
c.. local network speeds.
Q)
I.... Security: You might not want your client systems to have access to the Internet.
"0
Q)
N
c
o Replication:
:::J You want to ensure that an installation that you perform next year is
-
. .
sc
ro
c
ex
actl
y
the
sa
me
as
the
inst
alla
tio
n
yo
u
per
for
m
tod
ay.
Download ISO image.
Copy from the default package repository.
2. Create a ZFS file system for the repository.
-
I....
0
"0
3. Copy the packages to the repository.
c
ro 4. Set the appropriate pkg. repotd properties.
Q)
(..)
ro
I....
5. Set the preferred publisher.
0 6. Refresh the repository catalog.
-
"<""""
"<""""
0
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
..Q) ...
.
..c
..c When you create a local repository, you must perform these steps:
0
I....
c..
c
0
:.;:::::; 0
::J :.;:::::;
..c (..)
......
rJ)
::J " 0 c.. Q)
"0
I....
0 "0
I.... e
Q)
c
N
1. Obtain softwareCreating
packages:When a Local
creating aRepository
local package repository, you must first
c download the Oracle Solaris 11 repository image from:
0
....c. http://www.oracle.com/technetworklserver-storage/solaris1 1/downloads/index.html
. The repository image provides you with a complete archive of software packages to
::J
ro 1.
allowObtain software
you to set up a localpackages:
network IPS repository that client systems can connect to.
c
:::J The repository image is provided in two parts that must be concatenated. You use the
following command-line instructions to successfully create a full ISO image that can be
burned to a dual-layer DVD or directly mounted using the lofiadm command. You
download parts A and B of the repository ISO by clicking these links:
Download Part A SPARC, x86 (2GB)
Download Part B SPARC, x86 (2GB)
The following commands are used to concatenate parts A and B:
$ unzip sol-11-exp-201011-repo-full-iso-a.zip
$ unzip sol-11-exp-201011-repo-full-iso-b.zip
$ cat sol-11-exp-201011-repo-full.iso-a sol-11-exp-201011-repo
full.iso-b > sol-11-exp-201011-repo-full.iso
Alternatively, you can copy the packages directory from the default image repository.
2. Create a ZFS file system for the repository: A good practice is to store the repository
in a separate ZFS file system with compression enabled.
3. Copy the packages to the repository: If you copy from an ISO image, use the rsync
command. If you copy directly from another repository, use the pkgrecv command.
- Note that when copying from another repository, you should have already obtained a
I....
0
"0 key and certificate and installed them on your system.
c
ct:l
Q)
4. Set the appropriate pkg.depotd properties: Make sure that the pkg/inst_root '3-S
(..) and pkg/readonly properties are set appropriately.
ct:l
I....
5. Set the preferred publisher: The default preferred publisher for Oracle Solaris 11
0
systems is Solaris and the default origin for that publisher is
http://pkg.oracle.com/solaris/release. If you want your clients to get packages from your
local repository, you must reset the origin for the Solaris publisher as shown in the next
slide.
6. Refresh the repository catalog:Be sure to use the pkgrepo refresh command
to update the repository catalogs and any new packages found in the repository.
Configuring the IPS Clients
Set the local IPS publisher.
oracle@sllx-desktop:-# pkg publisher

PUBLISHER TYPE STATUS URI
-
I.... Solaris (preferred) origin online
0
http://pkg.oracle.com/solaris/release/ oracle@sllx-desktop:-# pkg set-
"0
c publisher -G \ http://pkg.oracle.com/solaris/release/ -g \
ct:l http://sllx-servl.mydomain.com/ solaris
Q)
(..)
oracle@sllx-desktop:-# pkg publisher
ct:l PUBLISHER TYPE STATUS URI
I....
0 solaris (preferred) origin online http://sllx-servl.mydomain.com/
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
For local IPS publisher as shown in the example in the slide.
clie
nt
sys
tem
s to
acc
ess
a
loc
al
rep
osit
ory,
you
mu
st
set
the
pref
err
ed
pub
lish
er
to
the
svc:/application/pkg/server> setprop start/exec= astring: \
"/usr/lib/pkg.depotd --mirror -p %{pkg/port} -d
To configure a repository mirror:

1. Import the SMF service manifest.
2. Prepare a location on your mirror server.
3. Create the appropriate directory structures.
-
I....
0
4. Deploy a second instance of the packaging server to run
"0
c as a read-only mirror.
ro
Q)
ro
(..) 5. Refresh the mirror.
I....
0
"<""""
- 6. Enable the mirror.
"<""""
0
(\J 7. Mount the file system that contains your repository with the
..c
no at me attribute.
0
c
>
8. Add a mirror to the configuration.
>.
c..
0
0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
ORACLE.
"0
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Configuring a Repository Mirror
A mirror can speed up system updates, distribution construction, zone creation, and other
mirr packaging-intensive operations.
or
pro The following example demonstrates how to configure a repository mirror:
vid # svccfg import /var/svc/manifest/application/pkg-server.xml
es
a # mkdir /export/pkg
co # /usr/lib/pkg.depotd -d /export/pkg -p 8009
mpl
ete # svccfg -s pkg/server
cop svc:/application/pkg/server> add mirror
y of
a svc:/application/pkg/server> select mirror
rep svc:/application/pkg/server> addpg pkg application
osit
ory' svc:/application/pkg/server> addpg start method
s
cat
alo
g of
pac
kag
es.
Usi
ng
a
nea
rby
%{pkg/inst_root}\
-t %{pkg/socket_timeout} -s % {pkg/threads} --proxy- \
base=%{pkg/proxy_base} --log-access=%{pkg/log_access} -log \
errors=%{pkg/log_errors}"
svc:/application/pkg/server> setprop pkg/inst root = astring: \
"/export/pkg"
svc:/application/pkg/server> setprop pkg/threads count: 50
svc:/application/pkg/server> setprop
-
I.... exit
0
"0 # svcadm refresh pkg/server:mirror
c
ct:l # svcadm enable pkg/server:mirror
Q)
(..) :::J
ct:l
I....
"0
.. ..Q
)
.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
.a
c
. .
...rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
...c.
. ::J
ct:l
c
# # pkg set-publisher -m http://sllx-serv2.com solaris
zfs
set
ati
me=
off
fil
esy
ste
m_n
ame
In Practice 3-1, you do the following:
- Create a ZFS file system for the package repository.
Copy the package repository from an ISO image to local
storage.
- Configure the IPS service with the new repository location.

I....
0
"0
c - Update the repository catalog.
ro
Q)
(..)
- Test the new repository.
ro
0
I....
In Practice 3-2, you configure a network client to access
"<""""
- the local IPS repository.
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Agenda

-
I....
0
"0
c Managing Boot Environments
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Package Management Task IPS Command Solaris 10 Equivalent
Install package. pkg install pkgadd -a
Display package state and pkg list pkginfo

version information.
I....
Verify package installation. pkg verify pkgchk -v

ro
Display package information. pkg info pkginfo -v
ro
(..)
I....
Display the contents of a pkg contents pkgchk -l
.
0
package.
Search for a package. pkg search pkgchk -l -p
Uninstall a package. pkg uninstall pkgrm
Install package updates. pkg update N/A
"0
ORACLE.
Q
)
..
..c
..c
0
I....
c..
c The pkg command is used to interact with the Image Packaging System. With a valid
0
:.;:::::; configuration, pkg can be invoked to create locations for packages to be installed (as what
::J
..c are called "images") and manage packages in those images.
........
rJ) The table in this slide shows which pkg commands are used to perform common package
"0
I....
management tasks. It compares these commands to equivalent commands used in Oracle
0 Solaris 10.
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
pkg Command Examples: search and info
oracle@s11x-desktop:-# pkg search apptrace

INDEX ACTION VALUE PACKAGE
pkg.description set Apptrace processor specific shared objects
pkg:/developer/apptrace/platform@0.5.11-0.171.0.1
oracle@s11x-desktop:-# pkg info -r apptrace
-
I....
Name: developer/apptrace
0 summary: Apptrace Utility
"0 Description: Apptrace utility for application tracing, including
c
ct:l shared
Q) objects
(..)
ct:l Category: Development/System
I....
state: Installed
0 Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.151.0.1
Packaging Date: November 4, 2010 11:07:06 PM
Size: 122.41 kB
FMRI: pkg://solaris/developer/apptrace@0.5.11,5.11-0.171
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
Thi information.
s
slid The -r option retrieves the information data from the repositories of the image's configured
e publishers.
sho
ws
exa
mpl
es
of
sea
rchi
ng
for
a
pac
kag
e
(ap
ptr
ac
e)
and
dis
pla
yin
g
pac
kag
e
pkg Command Examples: install
oracle@s11x-desktop:-# pkg install -nv apptrace
Packages to install: 1
Create boot environment: No
Rebuild boot archive: No
Changed fmris:
None - >
pkg://solaris/developer/apptrace@0.5.11,5.110.171:20101104T230706Z
Services:
-
I.... None
0
"0
c oracle@s11x-desktop:-# pkg install apptrace
ct:l creating plan...
Q)
Packages to install: 1
(..)
create boot environment: No
ct:l
I....
DOWNLOAD PKGS FILES XFER (MB)
0 Completed 1/1 4/4 0.1/0.1
PHASE A CTIONS
Install Phas 19/19
PHASE ITEMS
Package state Update Phase 1/1
Image State Update Phase 2/2
-0:. "' ORACLE'

"0
Q
... ...
)
.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Thi and a real package installation.
s
slid
e
sho
ws
exa
mpl
es
of
perf
orm
ing
a
pac
kag
e
(ap
ptr
ac
e)
inst
alla
tion
dry-
run
(-
nv)

pkg Command Examples:
list, verify, and contents
oracles11x-desktop:-# pkg list apptrace
NAME (PUBLISHER) VERSION STATE UFOXI
developer/apptrace 0.5.11-0.171 I installed
oracles11x-desktop:-# pkg verify -v apptrace
-
I.... Verifying: PACKAGE STATUS
0 pkg://solaris/developer/apptrace OK
"0
c
ct:l oracles11x-desktop:-# pkg contents apptrace
Q)
PATH
(..)
ct:l usr
I....
usr/bin
0
usr/bin/apptrace
usr/lib
usr/lib/abi
usr/lib/abi/amd64
usr/lib/abi/amd64/apptrace.so.1
usr/lib/abi/apptrace.so.1
oracles11x-desktop:-#
"0
Q
... ... ORACLE'
) Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
Thi status, and displaying the contents of a package.
s
slid
e
sho
ws
exa
mpl
es
of
listi
ng
an
inst
alle
d
pac
kag
e
(ap
ptr
ac
e),
veri
fyin
g
pac
kag
e
pkg Command Examples: uninstall
oracles11x-desktop:-# pkg uninstall apptrace

Packages to remove: 1
Create boot environment: No
PHASE ACTIONS
Removal Phase 17/17
-
I....
0 PHASE ITEMS
"0
c Package State Update Phase 1/1
ct:l
Q)
Package Cache Update Phase 1/1
(..) Image State Update Phase 2/2
ct:l
I....
"0
Q
... ... Copyright
)
.. 2011,
..c Oracle
..c and/or its
0 affiliates.
I....
c.. All rights
c reserved.
0
:.;:::::;
::J
..c
........ This slide
rJ)
"0 shows an
I....
0
example of
c uninstalling a
0 package
:.;:::::;
(..)
::J (apptrace).
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J

O
R
A
CL
E'
Transition to Oracle Solaris 11 3-

24
Package Manager
.E1Afllllications Places System
a
D. Package Manager
' =[SJ-'_FriMat 18. 1:02PM
Biif3
file dit lliew fackage 11e1p
Updates 9 Rerresh iJlnstaii/Vpdate Remove arch (Ctr -F) IQ.

PuEfisher. [lsolaris Vieyr. [ A AllPackages
:I
All Cat09ories
arne -
T Status 1Summary
--- - .
:]
v Applications 0 activation activationjavaBeans Activation framework(JAF)

Accessories 0 ant jakarta ANT
Configuration and PrererE 0 antlr-2 ANTLR.(AN)other (T)ool ror (L)anguage (R)ecognition
Games 0 apache-dtrace OTrace plug n ror Apache Web Server V2.2
Graphics and Imaging 0 apptrace Apptrace Utility
Internet 0 authen-pam iil Authen-PAM PERL module
Office .D_autacaof
" "' a NU-.a1JtocooLutili
Panels and Applets i General IFiles ro.;;-ndNotices 1versionsl
Plug-ni s and F.urtimes
Soond and Video
System Ut lit es
Universal Access
Desktop (GNOME)
v . .. 0
c
. C++

.._
\: ' """'\ - l
'
Total: 211 Selected: 0
1!1/1 Terminal Tennlnal l Package Manag
l .r .....-
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c The Package Manager provides most package and publisher operations and some boot
0
:o=; environment (BE) operations. If you are new to the 0racle Solaris 11 and IPS technologies,
::J
..0 use the Package Manager to quickly download and install packages.
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Managing Packages by Using a Web Browser
fij SolllX -O,.,sktop [Running] - Or.KlVM Virtua lBox = J i...a.i

Ma(;h i ne Dev ic Help
lm. Applicatiol'\5 Places System- Jgf!]ll) Mo
a package repository - Mozilla Firefox

Eile f.dit Y:iew Hi tory .ook mar ks roo I s .t!elp
. fSJel a 1 I
(/) http://s ll x - serv l.m ydomain. ca m ten/ ind ex . s Go ogle
Q)
........
htm ;;-. I ift:'
ro Most Vi sit ed .,. u O ra c l e ... I
Uned Stales jE Iish
tE i;. packa ge repository .1 0

ro
(/) Search Statistics
:t:
-
Packages
I....
0
package repository
"'0
c Iili
ro About
IC-ag
Publisher s ol aris
Q) This reposito ry serves a copy of the Oracle So laris 11 E xp res s 2010.11 Pac kage rep
Packages 394-1
ository
(.)
J [ S e ar c h J Advilnna
Last Up date d 00:04:3
0 L_
Surd
Browse Packages
"r"
I
Release and Branch [ 0 _ 5 .11- 0 .151.0 .1 : [ Brows e ]
0 Se lect a re lease from th e li s t ab ove to see all o f the packages availab le for
-
........
..c
0)
c
>. '
a.. " ,c:;.o '
,,
0 /!?Qf (l) i2)RJohtCtrl
0 -
_..
"'0
Q) ORACLE"
:t:
..0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
.
ec
a..
c c
0 0
........ c
..... ...
:::J :::J ro c
:9:.
I . ::J
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
Update Manager
IPS browser, you can search for and install packages, and view the contents of a package
allo manifest.
ws
you
to
acc
ess
the
pac
kag
e
rep
osit
ory
by
usi
ng
a
we
b
bro
wse
r.
Wit
ha
we
b
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
-
I....
I....
0 0
"0
c
c 0
ro :.;:::::;
(..)
Q)
(..)
ro ::J " 0 c.. Q)
I....
0 I.... e
-
"<""""
"0
Q)
N
"<""""
0 c
(\J 0
....c..
ro
..c
::J
0 c
> c :::J
>.
c..
0
0
"0
..) Q...
.
..c
..c
0
I....

Managing Packages by Using a Web Browser
Updates all installed packages to the newest version
Can be invoked in one of the following three ways:
In the Package Manager GUI, click the Updates button or
select the Package> Updates menu option.
pm-launch with packagemanager sub-command:
- $ /usr/lib/pm-launch packagemanager -
update -all
pkg CLI command:
- # pkg update
ORACLE.
Another important feature of IPS is the Update Manager. Update Manager updates all installed
packages to the newest version allowed by the constraints imposed on the system by installed
packages and publisher configuration.
The Update Manager feature can be invoked in one of the three following ways:
In the Package Manager GUI, click the Updates button or select the Package> Updates
menu option.
Use pm-launch with the packagemanager sub-command:
$ /usr/lib/pm-launch packagemanager -update -all
Use the pkg CLI command:
# pkg update
If the system created a new boot environment (BE) for the update, you edit the default BE
name. Click the Restart Now button to restart your system immediately or the Restart Later
button to restart your system at a later time. You must restart to boot into the new BE. The new
BE will become your default boot environment. Your current BE will be available as an alternate
boot choice.

Agenda
In Practice 3-3, you watch demonstrations showing how to

update an image by using:
- The pkg update command
- Package Manager
-
I....
"0
0 In Practice 3-4, you manage software packages by using:
c
ro - The pkg utility
Q)
(..)
ro
The Package Manager GUI
I....
0 - A web browser
"<""""
"<""""
-
.
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Practices 3-3 and 3-4: Overview
-
I....
0
"0 c ro Managing Boot Environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
"0
I....
0
c
0
:.;:::::;
(..)
::J " 0 c.. Q)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Practice 3-5: Overview
To publish a package in IPS:

1. Enable package repository modification.
2. Use the pkgsend command to publish packages.
3. Open a package publication transaction.
-
I....
0
"0
c
4. Export the PKG TRANS ID variable.
ro
Q) 5. Use pkgs end to add the package actions.
6. Close the transaction.
(..)
ro
I....
0 7. Disable package repository modification.

-
"<""""
"<""""
0
.-.:.
(\J
..c
0
>
c
>.
c..
0
0 ..Q...).
"0 ORACLE.
..c
0
I....
c..
c You can create several different types of IPS packages. The package is then published to the
0
:.;:::::; repository by using the pkgsend command. You must perform the steps shown in the slide to
::J
..c publish a package in IPS.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Publishing a Package in IPS
In this practice, you create and publish a new software

package.
During this practice, you:
-
I....
0 - Create a software package
"0
c
ro - Publish the new software package
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
ORACLE.
..c
0
I....
c..
c In this practice, you work with the IPS package publishing feature. During this practice, you
0
:.;:::::; create a simple software package and deploy it by using IPS.
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Boot Environment (BE)

-
I....
0
"0
c Managing Boot Environments
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
A boot environment (BE) is a boatable instance of an
Oracle Solaris 11 operating system image.
Multiple boot environments can be maintained on a
system.
- BEs can have different software versions installed.

I....
0
"0
c
ro BEs make updating software a low-risk operation.
Q)
(..) BE management utilities include:
ro
I....
0 The beadm command

-
"<""""
"<""""
0
Package Manager GUI
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
"0
..Q) ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
A image plus any other application software packages installed into that image.
boo
t System administrators can maintain multiple boot environments on their systems, and each
env boot environment can have different software versions installed.
iron With multiple boot environments, the process of updating software becomes a low-risk
me
nt operation because system administrators can create backup boot environments before
(BE making any software updates to their system. If needed, they have the option of booting a
) is backup boot environment.
a
boa Upon the initial installation of Oracle Solaris 11 onto a system, a boot environment is created.
tabl Use the beadm utility or the Package Manager to administer additional boot environments on
e your system.
inst
anc
e of
an
Ora
cle
Sol
aris
11
ope
rati
ng
sys
tem
The beadm Utility
Primary BE management tool

Enables you to:
:::J
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
The beadm utility enables you to perform the following tasks:
Create Activate an existing, inactive boot environment

new Mount and unmount a boot environment .
environm
ent Destroy boot environments and snapshots '(
Rename boot environments Display boot
Create environment information
snapshot ORACLE.
of Copyright 2011, Oracle and/or its affiliates. All rights reserved.
existing
bootThe beadm utility is the primary BE management tool. The beadm utility aggregates all
environm
datasets in a boot environment and performs actions on the entire boot environment at once.
ent You no longer need to perform ZFS commands to modify each dataset individually. It
manages the dataset structures within boot environments. For example, when the beadm
Create
bootutility clones a boot environment that has shared datasets, the utility automatically recognizes
and manages those shared datasets for the new boot environment.
environm
ent The beadm utility enables you to perform administrative tasks on your boot environments.
These tasks can be performed without upgrading your system. It automatically manages and
based
a updates the GRUB menu for x86 systems, or the boot menu for SPARC systems. For
example, when you use the beadm utility to create a new boot environment, that environment
snapshot
is automatically added to the GRUB menu or boot menu.
Create a new boot environment based on the active boot environment.
Create a new boot environment based on an inactive boot environment.
Create a snapshot of an existing boot environment.
Create a new boot environment based on an existing snapshot.
Create a new boot environment and add a custom title to the x86 GRUB menu or the
SPARC boot menu.
Activate an existing, inactive boot environment.
Mount a boot environment.
-
I....
Unmount a boot environment.
0
"0
Destroy a boot environment.
c
ct:l Destroy a snapshot of a boot environment.
Q)
(.)
Rename an existing, inactive boot environment.
ct:l
I....
Display information about your boot environment snapshots and datasets.
0
0
(\J
..c
The beadm Utility
Primary BE management tool

Enables you to:
0 >
c
>.
c..
0
0
"0
Q )
... ... ..
..c
I....
0
c
0
:.;:::::;
(.)
::J " 0 c.. Q)
"0
I.... e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
BE Active Mountpoint Space Policy Created
------- -------------
solaris NR I 3.82G static 2011-03-04 22:14
- solaris-1 41.02M static 2011-03-18 14:13

I....
0 solaris-2 60.0K static 2011-03-20 10:59
"0
c
ct:l oracle@s11x-desktop:-# beadm list -a solaris
Q) BE/Dataset/Snapshot Active Mountpoint Space Policy Created
(..) ------ -------
ct:l solaris
I....
0 rpool/ROOT/solaris NR I 3.67G static 2011-03-04 22:14

rpool/ROOT/solaris2011... - 35.78M static 2011-03-18 14:13
rpool/ROOT/solaris@2011... - 43.0K static 2011-03-20 10:59
rpool/ROOT/solaris@backup 42.0K static 2011-03-20 11:03
rpool/ROOT/solarisinstall - 115.97M static 2011-03-04 22:33
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
beadm Command Examples: list
oracle@s11x-desktop:-# beadm list

Thi N means that the boot environment is currently active, and R means that it will be the boot
s environment that will be active on reboot as well.
slid
e
sho
ws
exa
mpl
es
of
listi
ng
boo
t
env
iron
me
nts
and
ass
oci
ate
d
sna
psh
ots.
beadm Command Examples: create
oraclesllx-desktop:# beadm create solaris-2

oraclesllx-desktop:# beadm create solaris-2backup
oraclesllx-desktop:# beadm create -e solaris-2backup solaris-3
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c This slide shows examples of creating a new boot environment and a clone.
0
.....c...
:..c ::J
ct:l
c
s :::J
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
The second command creates a snapshot of the new boot environment.
The third command creates a boot environment clone from a snapshot.
The
first
co
mm
and
cre
ate
sa
new
boo
t
env
iron
me
nt.
beadm Command Examples:
activate, rename, and destroy
oraclesllx-desktop:# beadm activate solaris-3

oraclesllx-desktop:# beadm rename solaris-2 solaris-
old oraclesllx-desktop:# beadm destroy solaris
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c This slide shows examples of activating, renaming, and destroying boot environments.
-
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J

beadm Command Examples: mount and unmount
oracles11x-desktop:# beadm mount solaris-1 /solaris-1

oracles11x-desktop:# beadm unmount solaris-1
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c This slide shows examples of mounting and unmounting inactive boot environments.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Package Manager BE Features
Manage Boot Environments f3
Delete,rename and activate boot environments
Active on Reboot oelete I
8
solaris-1 03/18/1114:13 69.00 kB 0 0
# Currently active boot environment
QK
!:!
epl
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c The Package Manager is a graphical user interface that enables you to install, update, and
0
:o=; manage packages on your installed system. If you use the Package Manager to update all the
::J
..0 packages on your system, a clone of the active boot environment is created. This clone
c
1i) enables you to, if necessary, boot into the boot environment state that existed before the
"0 update process vvas started.
'-
0 You can use the Package Manager to manage your boot environments as follovvs:
c
0
:o=; You can delete old and unused boot environments to make the disk space available.
()
::J You can change the default boot environment on your system.
"0
0 You can activate a boot environment.
'-
0.
Q)
'-

39
In this practice, you manage boot environments.

- Display boot environments
- Create boot environments
-
I....
0
"0
- Select boot environments
c
ro - Remove boot environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Summary
In this lesson, you should have learned how to:

Describe the Image Packaging System (IPS)
ORACLE.
..Q...).
......
Plan for moving to IPS
Configure a local package repository
-
I....
0
"0
c Configure network client systems to use IPS
ro
Q) Search for software packages by using IPS
Install software packages by using IPS
(..)
ro
I....
0
-
"<""""
Remove software packages by using IPS
"<""""
0
(\J Update the OS image by using IPS
Publish a software package by using IPS
..c
0
> c Manage boot environments _,
>.
c..
0
0

Objectives
"0
.
Objectives

Describe Oracle Solaris 11 installation options
Plan for an Oracle Solaris 11 installation
Describe an Oracle Solaris 11 LiveCD installation
- Describe an Oracle Solaris 11 Text installation
I....
"0
c
ro Describe an Oracle Solaris 11 Automated installation
Q)
(..)
Configure an AI server
ro

0 Configure an AI client \
I....
Install Oracle Solaris 11 by using
"<""""
- Compare a JumpStart OS installation to an AI OS
"<""""
0
(\J installation
..c
0
c
>
Convert a JumpStart configuration to an AI configuration
>.
c..
0
0 Describe the distribution constructor
"0 ORACLE.
..) Q...
. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
..c
0
I....
c..
c This lesson introduces you to the new Oracle Solaris 11 operating system installation
0
:.;:::::; methods. You explore both interactive and automated installations. Next, you compare and
::J
..c convert Oracle Solaris 10 JumpStart installation to Oracle Solaris 11 installation. The lesson
......
rJ) also shows you how to configure and work with automated installation features. Finally, you
"0 are introduced to the distribution constructor.
I....
Transition to Oracle Solaris 11 4-2

Options
Performing Interactive Installations of the Oracle Solaris 11
Operating System
- Configuring an AI Server and Clients

I....
0
"0
c
ro Comparing and Converting J umpStart to AI
Q)
(..)
ro Working with the Distribution Constructor
I....
0
-
"<""""
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 Installation Options
Oracle Solaris 11 Text installation

Oracle Solaris 11 LiveCD installation
Oracle Solaris 11 Automated installation
Installation images can be downloaded from:
-
I....
0
"0
c http://www.oracle.com/technetwork/server
ro
Q)
storage/solaris11/downloads
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..)Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c Oracle Solaris 11 can be installed in the following three ways:
0
:.;:::::; :::J
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
The Oracle Solaris 11 ISO images can be downloaded from
http://www. oracle .com/technetwo rklse rver -storage/solaris11/downloads.
x86- or SPARC-based systems. This method is used for systems that do not have a
graphic display. It contains software packages normally found in server environments.
Ora Oracle Solaris 11 LiveCD: You use the Oracle Solaris 11 LiveCD install for x86-based
cle
Sol systems. This method is used for systems that have a graphic display. It contains
ari software packages normally found in workstations and notebooks environments.
s Oracle Solaris 11 Automated installation:The Oracle Solaris 11 Automated
11 installation provides a "hands-free" network installation for multiple client systems,
Tex allowing administrators to create and manage customized installation profiles for
t different systems.
ins
tall
ati
on:
You
use
the
Ora
cle
Sol
aris
11
Tex
t
inst
alla
tion
for
All installation downloads are in an ISO image format that can be burned to a CD or a DVD, or
used directly within Oracle VM Server or other virtualization software.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 System Requirements
Hardware Requirement
Disk space Disk space: Recommended size is 7
GB. A minimum of 3GB is required.
Memory The minimum requirement is 512MB.
- Recommended size is 768MB.

I....
0
"0
c Architectures SPARC* and x86 (64 bits only)
ro
Q)
*Supported on sun4v- and M-Series
(..) sun4u based systems with OBP (Open
ro
I.... Boot PROM) level 4.17 or higher .
0
"0
Q
)
..
..c
..c
0
I....
c..
c This slide shows the hardware requirements needed for installing Oracle Solaris 11.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Agenda
Introducing Oracle Solaris 11 Operating System Installation

Options
Operating System

I....
0
"0
c
Q)
ro
(..)
Working with the Distribution Constructor
I....
0
"0
ORACLE.
..Q...).
K
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
"0
Q ORACLE.
)
. reserved.
:0
..c.
0
'-
0.
c When starting the Oracle Solaris 11 Text installer, you are provided with a menu of keyboard
2::J layouts as shown in this slide. The default is US English.
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Oracle Solaris 11 Text Installer
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
..)Q..
..
..c
..c
0
I....
c..
c This screen provides language options. The default is English.
0
:..c
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 Text Installer
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
Oracle Solaris 11 Text Installation: Disks
The and changing the terminal type. The default is "Install Oracle Solaris" (option 1).
inst
alla
tion
me
nu
pro
vid
es
you
with
opti
ons
suc
h
as
inst
allin
g
add
itio
nal
dev
ice
driv
ers
Transition to Oracle Solaris 11 4- 11

Disks
Where should Oracle Solaris be installed?

Reco ended size: 5.4GB Mini usize: 3.4GB
Type Size(GB) Boot Device Manufacturer Notes
TA 1&.0 c7d0 unknown
A partition table was not found. The following is
proposed. Pri ary Size(GB> Logical
Size(GB> Solaris2 1&.0

Unused o.o
Unused o.o
Unused o.o
_ FZ_Cont i nue F3_Back F&_Hel p F9_Quit
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c During the Oracle Solaris 11 Text installation, you must choose the disk on which to install the
0
:o=; OS.
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Oracle Solaris 11 Text Install: Users
Network
Enter a name for this computer that identifies it on the network. It

must be at least two characters. It can contain letters, numbers, and
minus signs (-).
Computer Name: llx-servl
Select how the wired ethernet network connection is
configured. Automatleally Automatically configure the
connection
None Do not configure the network at this time
FZ_Continue F3_Back F6_Hel p F9_Quit
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c You are required to assign a name to the install system. This is the netvvork hostname. Also,
0
:o=; you must decide how the installation system network is to be configured:
::J
..0
c Automatically: This option uses the Network Auto-Magic (NWAM) feature. NWAM is a
1i) daemon that takes care of the connection to the netvvork. As the name suggests, the
"0 netvvork connection should work auto-magically, which means that most of the time, you
'-
0 do not need to care about your connection.
c
0
:o=;
None: This option disables NWAM. When selecting this option, you must configure the
()
::J network manually.
"0
0
'-
0.
Q)
'-
Users
Define a root password for the s stem and user account for ourself.
S stem Root Password

Root password: ********
Confirm password: ********
Create a user account
Your real name: oracle

Username: oracle
User password: ********
onf i r m password: ********
Esc-Z_Conti nue Esc-3_Back Esc-&_Help Esc-9_Quit
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.

In installation, the Text installer helps you to set up the root pass\NOrd and initial user account.
0r You use the initial user account to log in to the system. After initial user login, a user with the
acl appropriate privileges can subsequently assume the role of root using su or perform
e
Sol administrative tasks after authentication using sudo or pf exec.
aris
11,
root
is
con
figu
red
by
def
auIt
as
a
role
rath
er
tha
na
use
r.
Dur
ing
sys
tem

Oracle Solaris 11 LiveCD
(/)
Q)
........
ro
tE
ro
(/)
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
Oracle Solaris 11 LiveCD: Device Driver Utility
The through the process of configuring the system for the OS installation. The LiveCD then installs
Ora a software payload that includes a full desktop operating environment. The LiveCD also
cle
Sol provides additional utilities, such as the Device Driver Utility and partition editor, to help
aris ensure successful installations.
11
Liv
eC
D
for
x86
pro
vid
es
a
GUI
-
bas
ed
inte
ract
ive
inst
alla
tion
that
ste
ps
:t:
-
I....
0
AppleCompulerlnc. Keylargo/lntrepidUSB
"'0
c lnteiCorporation82801FB/FBM/FIIJI'Wfl'RW(ICH6Family)U582EHCIContrc ehci
ro ln.noTek Systemberatung GmbH Virtua16oK Graphics Adapter

Systi!IT!keyboard
Q) StandardLPTprinterport
MkrosoftPS/2-styleMouse
(.)
0
"r"
"r"
=----- Q oco.w.. J
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
..0
.
.
ec
a..
c The Device Driver Utility helps you to detect whether Oracle Solaris 11 can be installed on
0
........ your x86 system. When started, it runs a quick device compatibility check on your system. If a
:::J
:9:. device driver problem is detected, it provides the tools for installing the appropriate device
I .
... .... .
.
driver packages from a file, web, or IPS repository.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
c
..... .
..
:::J
ro
c
::J

Oracle Solaris 11 LiveCD: Partition Editor
(/)
Q)
........
ro
tE
ro
(/)
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
The begin the OS installation. Note that GParted is usually used only if you are attempting to set
GP up a disk to boot multiple operating systems.
arte
d
Par
titio
n
Edit
or
allo
ws
you
to
cus
tom
ize
the
inst
alla
tion
disk
lay
out
bef
ore
you
Oracle Solaris 11 LiveCD Installer: Disk
a ...J Oracle Solarts Installer raem
ORACl..E
SOlAAI$
Disk Reconvnended sae:10GB MlfW1"UT\: 4.8GB

--
L J
Welcome Where should Oracle Solaris be Installed?
Disk
T1me Zone
locale
Users I ! The entire disk will be erased I

Installation Orade Solaris can be installed on the whole disk or on a partition on the disk.
0 Use the hole disk
-
I.... Finish
outition the disk
0 ! The followlf'IQ partitiOn is proposed The emt1ng partitiOn table camotread.
"0 There must be one Solaris pattition. It wil be the target for tt'Ms installation.
c Partition l'IPe Size (GB) Avail
ct:l [Solaris2 16.0 [!) 16.0
Q)
Ur...: 0.0
(..)
ct:l 'u"""'
- J 0.0 0.0
I.... Unus< 0.0 0.0
0
"
8:)1!
e.(\ -
I QUI ]I l!elp
I \d\c;"(\'(\v:.., I! u I
"'
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates_ All rights reserved. ORACLE .
)
..
..c
..c
0
I....
c..
c An Oracle Solaris 11 LiveCD installer helps you choose the target installation disk or partition.
-
0
:;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Oracle Solaris 11 LiveCD Installer: Time Zone
ORACLE"
SOLARIS
oracle solarls Installer 913
Welcome
Disk Time Zone, Date and Time

(/) Select a city near you on the map or set your time zone below,then set the date and time.
Q) Time Zone
........
ro Locale
tE
Users
ro Installation
(/) Finish
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
Qate:
"r"
0 Iime: 1 24 Hou r ':J
N
@
........
..c r.fext
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
..0
.
.
ec
a..
c 0
c
0 ..... ...
........ :::J ro c
:::J
::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
The interface. Simply click the city nearest to your installation location.
Ora
cle
Sol
aris
11
Liv
eC
D
inst
alle
r
pro
vid
es
a
poi
nt-
and
-
clic
k
tim
e
zon
e
con
figu
rati
on

Oracle Solaris 11 LiveCD Installer: Users
i3l Oracle Solaris Installer el 1
ORACLE'
SOLARI$
Welcome
Users
(/) Disk
Q)
........ Time Z one
ro Locale
Create a user account lor yourself. It will have administrative privileges.
tE
.Your real name: Ecle
J
ro Users
J..og-in name: cle
J
(/)
:t: Inst allat ion yser password:
l!! J
l!!
-
0
I.... Fi n i s h Confirm password: j Re-enter to check for t yping errors.
"'0 Enter a computer name for this system.

c
ro omputer name: x-desktop
Q)
(.) J
0
"r"
"r"
0
N
,('\(}''
@
........
..c
0) c
c ..... ...
>. :::J ro c
a.. ::J
0
0
"'0
Q)
:t:
..0
.
.
e
c
a..
c
0
........
:::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
IQuit Copyright 2011, Oracle and/or its affiliates. All rights reserved.
II
I As we saw with the Text installer, in Oracle Solaris 11 root is configured by default as a role
I+ rather than a user. As with the Text installer, during system installation, the LiveCD installer
helps you set up the root password and initial user account. You use the initial user account to
log in to the system. After initial user login, a user with the appropriate privileges can
O
subsequently assume the role of root using su or perform administrative tasks after
R
A authentication using sudo or pfexec. Note that the root password will be the same as the
C user account password entered here.
L In addition to the initial user configuration, the Users dialog box allows you to set the
E hostname for your system. The network configuration method is automatically set to NWAM.
"
In Practice 4-1, you install Oracle Solaris 11 using the

Text installer.
In Practice 4-2, you install Oracle Solaris 11 using the
LiveCD installer.
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
In system. _
the
se
pra
ctic
es,
you
perf
orm
inte
ract
ive
inst
alla
tion
s
of
the
Ora
cle
Sol
aris
11
ope
rati
ng

Agenda

Options
Operating System

I....
0
"0
c
Q)
(..)
ro Working with the Distribution Constructor
I....
0
-
"<""""
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 Automated Installation
AI Server
Install Service
(/)
Q)
........
ro Manifests
tE
ro
(/)
:t:
00...0
- ( Boot Image )
I....
0
"'0
c
ro DHCP IPS
Q)
Server [ Install Service Repository
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0 Automated Installations Over the Network
"'0 ORACLE"
Q)
:t:
.
.
ec
a..
c c
..... ...
0 :::J ro c
........
:::J ::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0

The one or more SPARC and x86 systems over a network. The installations can differ in
aut architecture, packages installed, disk capacity, network configuration, and other parameters.
om
ate Automated installation can be run in a "serverless" mode where the client boots from the ISO
d and uses a manifest that is either located on the media or obtained from a network location
inst
alle that you have access to. Client access to an IPS original repository and DHCP service are
r is required.
use
d to
aut
om
ate
the
inst
alla
tion
of
the
Ora
cle
Sol
aris
11
OS
on

An automated installation over the network to a client system, as shown in the slide, performs
the following core steps:
1. A client system boots and gets IP information from the DHCP server.
2. The client contacts an install service on the AI server and accesses the boot image and
the AI manifest containing the installation specifications.
3. The client is installed with the operating system, pulling packages from the IPS original
repository specified in the AI manifest.
........
ro
!i=
ro
1l
-
I....
0
How Automated Installation Works
Client uses HTIP to

Boot client from download install
network programs from AI
(/)
Q) image
........
ro
User examines logs
tE and error messages
ro Client contacts Client identifies
(/) DHCP server,gets install services and and determines
:t:
-
IP address.and chooses matching course of action
I....
0 boot program service
"'0
c
ro Client contacts
'
Q)
(.)
Client gets boot installservice and
program and loads it gets installation User can examine
logs and reboot
0 manifest manually
"r"
"r"
0
N Automated installer
Client downloads
@ installs client from
........ boot archive and
IPS repository
..c loadskemel
0) specified in
c manifest and
>.
a..
0
0
"'0 ORACLE"
Q)
:t:
.
.
ec
a..
c "'0
Q)
0 N
........ c
:::J
0
:9:.
I .
c
..... ...
.. .... .
.
. :::J ro c
-"'0 ::J
I....
0
c
u
0
:::J
" '
0
e
a..

Ass customized the installation specifications for the installation services to suit your needs. Now,
um you are ready to install the Oracle Solaris 11 OS to client systems on the network. You need
e
that only to boot the client, and the process runs to completion without further input from you.
you This flowchart illustrates how a client system is installed. The client browses for available
hav installation services, seeking a service where the installation criteria in the service's manifest
e
set file match the characteristics of the client system. When a match is found, the installation is
up performed on the client system, using a boot image and manifest specifications provided by
an the installation service.
inst
alla
tion
ser
ver
with
one
or
mor
e
inst
all
ser
vice
s.
You
've

The network
Client access to AI service and IPS repository
AI service storage location
Manifests and system configuration profiles
-
I....
0
"0
c Custom manifest and profile storage location
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
AI Environmental Requirements
To install service on an install server. AI uses DHCP to provide the IP address, subnet mask,
use router, DNS server, and the location of the install server to the client machine to be installed.
AI The DHCP server and AI install server can be the same machine or two different machines.
to
inst The client machines you want to install must be able to access an Oracle Solaris Image
all Packaging System (IPS) software package repository. The IPS package repository can be on
clie
the install server, on another server on the local network, or on the Internet. An AI install
nt
sys service is associated with a SPARC or x86 network boot image (net image), one or more
tem installation instruction files (AI manifests), and zero or more system configuration instruction
s files (SC profiles). The net image is not a complete installation. Client machines must access
ove an IPS package repository to complete their installations. The AI manifest specifies one or
r
the more IPS package repositories where the client retrieves the packages needed to complete
net the installation. The AI manifest also includes the names of additional packages to install and
wor information such as target device and partition information. You can also specify instructions
k, for configuring the client.
you
mu
st
set
up
DH
CP
and
als
o
an
AI
....c..
::J
ct:l
c
:::J
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
AI AI service, store the service in a standard directory.
doe If two client machines have different architectures or need to be installed with different
s
versions of the Oracle Solaris 11 OS, you create two AI install services and associate each
not
sup install service with a different net image. If two client machines need to be installed with the
port same version of the Oracle Solaris 11 OS but need to be installed differently in other ways,
stor you create two AI manifests for the AI install service. The different AI manifests can specify
ing different packages to install or a different slice as the install target. If client systems need to
the have different configurations applied, create multiple SC profiles for the install service. The
AI different system configuration (SC) profiles can specify different network or locale setup or
ser unique hostname and IP address.
vice AI stores the default manifest files in .. /auto_install/manifest. Custom manifests and
in a
profiles should never be stored inside the AI service directory structure.
ded
icat
ed
ZF
S
file
syst
em.
Wh
en
cre
atin
g
the
IPS Case: Using Default Manifest
Install Server IPS Software

Static IP Address, Default Route Package Repository
svc:/networkldnslmulticast pkg.oracle.com
AIService Components
L AI
from SeNioe
,_, installadm Package ) 'r
r+[ Client
I
'------
DHCP Server
Default Client
Direct Client to Install Server r,
Provisioning Manifest
'-- NW e'0'--
ORACLE'
The minimum you have to do to use AI is create one install service. In this minimal scenario.
all clients have the same architecture and are installed with the same version ofthe Oracle
Solaris OS. The installations use the default AI manifest. which specifies the most recent
version of the OS available from the default IPS package repository on the Internet.
1. Make sure the install server has a static IP address and default route.
2. Install the installation tools package, install/installadm.
3. Run the installadm create- service command.
4. Make sure the clients can access a DHCP server.
5. Make sure the necessary information is available in the DHCP configuration to boot the
service.
6. Make sure the clients can access an IPS software package repository To use the
default IPS package repository, the clients must be able to access the Internet.
7. Network boot the client.
2. Because the install server has only one install service, the client uses that service if the
architecture matches.
3. Because the install service has only one AI manifest, the client uses that default AI
manifest, installing software packages from the IPS package repository over the network.
........
Transition to Oracle Solaris 11 4 -27

When you network boot the client, the following steps are performed:
1. The client gets the install server address from the DHCP server.
ro 4. When the client boots after installation, an interactive tool prompts for system
!i= configuration information because no system configuration profile is provided.
ro
1l
-
I....
0
"0 c ro
Q)
(..)
ro
I....
0
(\J
..c
0 >
c
>.
c..
0
0
"0
Q )
... ... ..
..c
I....
0
c
0
:.;:::::;
(..)
::J " 0 c..

Q)
I....
e
"0
Q)
N
c
0
.....c...
::J
ro
c
:::J

IPS Case: Using Custom Manifest
Install Server Local IPS Software

Static IP Address, Default Route Package Repository
svc:/networkldnslmulticast
AIService Components from

installadrn Package ,,
[
r.[ Client
AIInstall Service
Custom Default Client . of'
Provisioning Manifest DHCP Server

Direct Client to Install Server
'l
ORACLe
To specify installation parameters such as a local IPS publisher. the target disk for installation.
partition or mirror configuration. or additional software packages to install. provide a
customized AI manifest. Perform the following steps before you boot the client. in addition to
the minimum required steps
1. Create a new AI manifest. or write a script that dynamically creates a custom AI
manifest at client installation time.
2. Run the installadm create-manifest command to add the new manifest or
script to the install service. Specify criteria for the client to select this manifest or script,
or use the - d option to make this manifest or script the default manifest specification for
this service.
2. Since the install server has only one install service, the client uses that service if the
3. The client is directed to the correct provisioning manifest by criteria specified to create-
manifest. If no criteria match, the client uses the default manifest for this service.
4. The client is provisioned according to the selected manifest.
5. When the client boots after installation, an interactive tool prompts for system
configuration information because no system configuration profile is provided.
When you network boot the client, the following steps are performed:
IPS Case: Using an SC Profile
Install Server IPS Software

Static IP Address,Default Package Repository
Route pkg.oracle.com
svc:/networkldns/multicast
AIService Components from

installadm Package
-
( AI nstall Service
l -=: Client
Default Client
Provisioning Manifest
,..._
DHCP Server
Configuration Profile Direct Client to Install Server
-
ORACLe
Copyright 2011. Oracle and/or Hs affiliates.All rights reserved.
To specify system'configuration parameters such as time zone. user accounts. and networking,
provide a Service Management Facility (SMF) system configuration profile (SC profile)
Perform the following steps before you boot the client. in addition to the minimum required
steps
1. Create an SC profile using the sysconf ig create- profile utility
2. Run the installadm create- profile command to validate the profile. add the
profile to the install service. and specify criteria to select which clients should use this SC
profile
When you network boot the client. the following steps are performed
2. Since the install server has only one install service. the client uses that service if the
3. Since the install service has only one AI manifest. the client uses that default AI manifest.
installing software packages from the IPS package repository over the network.
4. The client is directed to the correct system configuration profile by criteria specified to
create-profile
5. The client is configured according to the selected configuration profile If no configuration
profile is selected because the criteria do not match. the interactive configuration tool
starts.
IPS Case: Multiple AI Services
Install Server LocalIPS Software

Static IP Address,Default Route Package Repository
svc:/networkldnslmulticast pkg.orac e.com
AIService Components
--+l +
Client
from nstalladm Package
J
AIInstall Service for
Oracle Solaris 11 version m Client
l
AIInstall Service for
,
t -:>'0'-'
Oracle Solaris 11 version n DHCP Server
Direct Client to Install Server
): '
Copyright 2011. Oracle and/or Hs affiliates.All rights reserved.
ORACLe
To install differentversions of the Oracle Solaris 11 OS. create additional AI install. Perform
the following steps before you boot the client. in addition to the minimum required steps
1. Run the installadm create- service command and specify a different net image
2. Run the installadm create-client command to direct the client to this new
install service.
3. Create custom manifests and SC profiles (if required) and associate them with the
appropriate AI service.
When you network boot the client. the following steps are performed
2. The client is directed to this new install service by create-client.
3. The client is provisioned according to the default provisioning manifest for this service.
4. When the client boots after installation. an interactive tool prompts for system
configuration infonnation because no system configuration profile is provided
Configuring the AI Server
Set up the AI service:

- Installation images
- DHCP server
Set up or remove clients.
- Add or delete manifest files.

I....
0
"0
c
ro Add or delete system configuration profiles.
Q)
(..)
ro Enable or disable install services.
I....
0
-
Administer install services by using the AI SMF service.
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ..Q...).
"0 ORACLE.
..c
0
I....
c..
c This slide provides an overview of the tasks you must perform when configuring your AI
0
:.;:::::; server.
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Setting Up the AI Server
Enable DNS multicast on the AI server:

- svcadm enable svc:/network/dns/multicast:default
Install the installadm package:
pkg list installadm
- pkg list: no packages matching 'installadm'
-
I.... installed
0
"0
- pkg install installadm
c
ro Create the AI service by using installadm create-
Q)
ro
(..) service:
I....
0 c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
installa -s /export/images/sol-11-exp-201011-ai-x86.iso \
dm -d /rpool/ai/x86 clients
create-
service Add AI clients by using installadm create-client:
-n installadm create-client -e 08:00:27:85:C7:D6 \
clients
\ -n x86 clients
-i
_
192.168. ORACLE.
0.100 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
-c
Setting up the AI server involves the four key tasks shown in the slide.
Note that create-service automatically enables the AI service in SMF.
Also note that create-client is needed only if more than one service for a particular
architecture (Spare or x86) is provided on the AI server. When there is only one, they will all
use that service by default and do not need to be specifically configured with create
client.
AI Manifests
Default manifest
'*
C l
Custom manifest
Criteria manifest
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
)
..
..c
..c
0
I....
c..
c AI manifests are XML files used to specify multiple sets of installation and system
0
:.;:::::; configuration instructions for each install service.
::J
..c AI has three types of manifests:
........
Cl)
Default manifest: A default manifest is an installation manifest that has no criteria
"0
I.... associated with it. The default manifest is used by clients when no other installation
0
c manifest's criteria match the client.
0
:.;:::::;
(..)
Custom manifest: To perform different installations on different clients by using the
::J same install image, you need to provide customized AI manifests for that install service.
" Clients that do not match the criteria specific to any custom manifest are installed using
0
e the instructions in the default manifest.
c..
Q)
I....
"0 Criteria manifest: The criteria manifest allows you to associate client-specific
installation instructions with AI services. When the client matches the criteria that have
c
o been specified for a criteria manifest, the client uses the associated manifest.
.....c...
::J
ro
c
:::J
The default .xml File
<!DOCTYPE auto install SYSTEM

"file:///usr/share/install/ai.dtd">
<auto install>
<ai instance name="default">
<target>
- <logical>
I....
0
"0 <zpool name="rpool" is root="true">
c
ct:l <filesystem name="export" mountpoint="/export"/>
Q)
(..) <filesystem name="export/home"/>
ct:l
I.... <be name="solaris"/>
0 </zpool>
</logical>
</target>
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
The You can change the AI defaults by copying the default.xml file to a new file and editing the
de new file as desired. You can then apply the new manifest by using the installadm add
fa
ult manifest -f command, as in this example:
.x installadm create-manifest -f new manifest -n AI service name
ml
ma The <target> element is used to configure the disk drive used for the OS installation.
nife
st
file
pro
vid
es
a
gen
eric
con
figu
rati
on
app
lica
ble
to
mo
st
clie
nts.
The default .xml File
<software type= 11 IPS11 >

<source>
<publisher name= 11 solaris11 >
<origin
name= http://pkg.oracle.com/solaris/release 11 />
11
</publisher>
- </source>
I....
0
"0 <software data action= 11 install 11 >
c
ct:l <name>pkg:/entire</name>
Q)
(..) <name>pkg:/group/system/solaris-large-server</name>
ct:l
I.... </software_data>
0 </software>
</ai_instance>
</auto install>
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c This slide shows the IPS and packages sections of the default manifest file. The
0
:.;:::::; <software> element defines the location of the IPS origin and which software packages to
::J
..c install and uninstall. The entire package is recommended so that the system will be
........
rJ)
updated coherently when patching or upgrading in the future. The solaris-large- server
"0 package is suitable for a server installation.
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
The Criteria Manifest
Associates client-specific installation instructions with AI

serv1ces
Uses an AI manifest selection algorithm
Uses multiple non-overlapping criteria
- Can be added using the

I....
0
"0
c installadm create-manifest command:
ro
Q)
(..)
installadm create-manifest
ro
I.... -f /export/manifests/manifest_x86.xml
0
"<""""
- -n sll-x86 \
"<""""
0
(\J ::J
-c
ro
..c
c
:::J
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
/ ORACLE.
export/mani Copyright 2011, Oracle and/or its affiliates. All rights reserved.
fests/crite
ria
The criteria manifest allows you to associate client-specific installation instructions with AI
x86.xml
services. When the client matches the criteria that have been specified for a criteria manifest,
the client uses that manifest.
An AI manifest is selected for a client according to the following algorithm:
If custom manifests are defined for this install service but the client does not match
criteria for any custom manifest, the client uses the default manifest.
If the client matches criteria that have been specified for a custom manifest, the client
uses the associated manifest.
mac
ipv4
platform
arch
cpu
mem
For example, if one criteria specification matches the client's MAC address and another
criteria specification matches the same client's IP address, the manifest associated with the
-
I....
0 MAC address criteria specification is used, because mac is higher priority for selection than
"0
c ipv4.
ct:l You use the installadm create-manifest command to add a criteria manifest to a service,
Q) as in this example:
(..)
ct:l pfexec installadm create-manifest -m
I....
0 /export/manifests/manifest_x86.xml -n sll-x86 \
-C /export/manifests/criteria_x86.xml
In this case, when a client meets the criteria identified in the criteria_x86.xml criteria file,
rJ)
"0
the manifest_x86.xml will be applied
I....
0
to that client.
c
0
:.;:::::;
(..)
"0
Q
... ... ::J " 0 c.. Q)
e
)
..
..c "0
I....
..c Q)
0 N
I....
c.. c
0
c .....c...
0 ::J
:.;:::::;
::J ct:l
..c c
:::J
........

Criteria Manifest: Examples
arch criteria manifest file:
<ai criteria manifest>
(/)
Q) <ai criteria name="arch">
+r- <Value>i86pc</value>
o' </ai_criteria>
i: </ai_criteria_manifest>
ro
(/) mac criteria manifest file:
.._
-
0
"'0 <ai criteria name="mac">
c
ro <Value>O:l4:4F:20:53:94</value>
Q) </ai_criteria>
u
r.. </ai_criteria_manifest>
_o ipv4 criteria manifest file:
0
....-
....-- <ai_criteria name="ipv4">
0
N <Value>l92.168.0.114</value>

..c
</ai_criteria>
0)
</ai_criteria_manifest>
;::
>.
0..
0 ORACLE"
u
"'0 Copyright 2011, Oracle and/or its affiliates.All rights reserved.
Q)
..0
..c
0.._ This slide shows examples of arch, mac, and ipv4 criteria files.
0..
c
0
.._
0
c
0
u::J
"'0
0.._
0..
Q..
_)
"'0
Q)
N
;::
0
..c
+-'
::J
ro
c
::::>
System Configuration Profiles
SC profiles specify client configuration.

SC profiles set SMF properties for appropriate SMF
serv1ces.
SC profiles are applied during the first client boot after
-
I....
0 installation.
"0
c
ro AI clients have multiple SC profiles.
Q)
(..)
ro If no SC profile is specified, the interactive system
I....
0 configuration tool is used at first client boot.

-
sc profiles are created using
"<""""
"<""""
0 :::J
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
sys SC Profile: Example
ORACLE.
con
fig The System configuration profiles (SC profiles) specify client system configuration as a set of
configuration parameters in the form of a Service Management Facility (SMF) profile. The SC
creprofile sets SMF properties for appropriate SMF services.
ateSC profiles are applied during the first boot of the system after AI installation. SMF services
responsible for particular configuration areas process SMF properties and configure the
- system accordingly.
proEach client can use any number of SC profiles. For example, a client might be assigned one
profile that provides only the hostname and IP address for that client. The same client and
filemany other clients might be assigned other profiles that set more broadly applicable property
values. If no SC profile is provided for a particular client, the interactive configuration tool is
utility
started on that client.
. The SC profiles can be created using the sysconfig create-profile utility or using a
text editor.

<!DOCTYPE service bundle SYSTEM
"/usr/share/lib/xml/dtd/service bundle.dtd.1">
<service_bundle type="pro!ile" name=syscon!ig">
<service version="1" type="service name="system/config-user">
<instance enabled="true" name="default">
<property_group type="application name="root_account">
<propval type=astring name="login" value="root"/>
<propval type=astring name="password"
-
I....
value="$5$bypT4oRp$Dsy3JOFhJNBXqlxDtCJjlqk3k3ZHAg8cb98bPLs3ki9"/>
0 <propval type=astring name="type value=role"/>
"0 </property_group>
c <property_group type="application name="user_account">
ct:l
Q) <propval type=astring name="login" value="oracle1"/>
(..) <propval type=astring name="password"
ct:l
I.... value="$5$LuaMBnZg$m2YIULH2KoMJeTim2ahxm08rsKEmMQxYtKSKHMKwFr6"/>
0 <propval type=astring name="type value="normal"/>
<propval type=astring name="description" value="Oracle"/>
<propval type=count" name="gid" value="10"/>
<propval type=astring name="shell" value="/usr/bin/bash"/>
<propval type=astring name="roles" value="root"/>
<propval type=astring name="pro!iles value="System
Administrator"/>
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
The initial standard user and root role.
SC
prof
ile
is
use
d to
con
figu
re
clie
nt
syst
em
s.
Thi
s
slid
e
sho
ws
entr
ies
for
con
figu
ring
the
SC Profile: Example
I....
<propval type="astring name="sudoers value="ALL=(ALL) ALL"/>
0 </property_group>
</instance>
</service>
<service version="1" type="service name="system/timezone">
-
<instance enabled="true" name="de!ault">
<property_group type="application name="timezone">
<propval type="astring" name="localtime" value="US/Mountain"/>
</property_group>
</instance>
</service>
<service version="1" type="service name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="con!ig">
<propval type="astring" name="nodename" value="sl1-client3"/>
</property_group>
</instance>
</service>
. ORACLE'
This slide shows the entries for setting up the time zone and node hostname.
<service version="l" type="service name="system/keymap">

<property_group type="system" name="keymap">
<propval type="astring name="layout value="US-English"/>
</property_group>
</instance>
</service>
- <service version="l" type="service name="system/console-login">

<property_group type="application" name="ttymon">
<propval type="astring" name=terminal type" value="sun-color"/>
</property_group>
</service>
<service version="l" type="service name="network/physical">
<property_group type="application" name="netc!g">
<propval type="astring name="active_ncp value="De!aultFixed"/>
</property_group>
</instance>
</service>
I.. ORACLE'
. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
This slide shows entries for setting up the system keymap, terminal type, and network type.
<service version="l" type="service" name="network/install">
<instance enabled="true" name="default">
<property_group type="application" name="install ipv4_interface">
<propval type="astring name="address type value=static"/>
<propval type="net_address_v4" name="static_address"
value="l92.168.0.140/24"/>
<propval type="astring name="name value="net0/v4"/>
</property_group>
-
<property group type="application" name="install_ipv6 interface">
0 <propval type="astring" name="stateful" value="yes"/>
<propval type="astring name="stateless value="yes"/>
<propval type="astring" name="address_type" value="addrconf"/>
<propval type="astring" name="name value="net0/v6"/>
</property_group>
</instance>
</service>
<service version="l" type="service name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
ORACLE'
c This slide shows entries for configuring an IP address and the name-service switch.
-
0
:..cs
<service version="1" type="service name="network/dns/client">
<property_group type="application" name="con!ig">
<property type="net_address name="nameserver">
<net address list>
<value_node value="192.168.0.100"/>
</net_address list>
</property>
<propval type=astring" name="domain value="mydomain.com"/>
-
0 <property type="astring name="search">
<astring list>
<value_node value="mydomain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="de!ault"/>
</service>
</service_bundle>
(
I....
c.. ORACLE'
c This slide shows entries for configuring
-
Administering the AI SMF Service
Enable the AI SMF service:
-
Q)
svcadm enable svc:/system/install/server:default
Disable the AI SMF service:

svcadm disable svc:/system/install/server:default
ORACLE"
Copyright 2011, Oracle and/or its affiliates.All rights reserved.
This slide shows how to enable and disable the AI SMF service.

AI Server Configuration Walkthrough
roots11-serv1:-# mkdir -p /export/ai/custom_ai

roots11-serv1:-# installadm create-service -n custom ai \
-s /opt/ora/course_files/sol-11-dev-171-ai-xB6.iso \
-i 192.168.0.130 -c 5 -d /export/ai/custom_ai
I....
0 roots11-serv1:-# installadm create-client -e \

OB:00:27:BS:C7:DB -n custom ai
.
Copyright 2011, Oracle and/or its affiliates. All rights reserve
This slide begins a step-by-step walkthrough for configuring an AI service. This walkthrough
includes:
Creating the AI service
Adding a client to the AI service
Creating a custom manifest
Creating a criteria manifest
Adding manifests to the AI service
Creating an SC profile
Adding the profile to the AI service
Validating the SC profile
In this slide, you create a new AI service named custom_ai in the
/export/AI/custom_ai directory. The AI image used in this service is sol-11-dev-
171-ai-x86. iso (Oracle Solaris 11 Build 171). Next, you add client
08:00:27:85:C7:D8 to the custom ai AI service.
rootsll-servl:-# vi /var/tmp/manifests/custom_manifest.xml
<!DOCTYPE auto install SYSTEM
0 "file:///usr/share/install/ai.dtd">
<auto install>
<ai instance name="custom ai" auto reboot="true">
<target>
- <logical>
<zpool name="rpool" is_root="true">
<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
<be name="solaris"/>
</zpool>
</logical>
</target>
<software type="IPS">
<source>
<publisher name="solaris">
<origin name="http://sll-servl.mydomain.com"/>
</publisher>
</source>
..
Now that the custom_ai service exists, you create a custom manifest file named
custom-manifest.xml. Here, you set the image name to custom-ai. This results in a
manifest name (identifier) that is used to manage the manifest. Next, the target element
configures the client default boot disk using Oracle Solaris 11 standard conventions. Then,
you set the IPS publisher to a local origin (http://s11-serv1.mydomain.com).
<software data action="install">
<name>pkg:/entire</name>
-
<name>pkg:/group/system/solaris-large-server</name>
0 </software_data>
</software>
</ai_instance>
</auto install>
rootsll-servl:-# vi /var/tmp/manifests/criteria_custom_ai.xml
<ai criteria name="mac">
<value>
OB:00:27:B5:C7:DB
</value>
</ai criteria>
</ai_criteria_manifest>
ORACLE'
I....
This slide continues the custom_mainfest edit. Here, you identify which software packages
:.
e are to be loaded on the client system from the IPS server.
After the custom manifest build is completed, you create a criteria manifest for the client
system. In this case, you use the client's MAC address as the criteria.
rootsll-servl:-# installadm add-manifest -n custom ai \
-f /var/tmp/manifests/custom_manifest.xml \
-C /var/tmp/manifests/criteria_custom_ai.xml
rootsll-servl:-# sysconfig create-profile \
- -o /var/tmp/manifests/client_profile.xml
I....
0
"0 rootsll-servl:-# installadm create-profile -n custom_ai \
c
ct:l -f /var/tmp/manifests/client_profile.xml -p client_profile \
Q) -C /var/tmp/manifests/criteria_custom_ai.xml
(..)
ct:l
I....
rootsll-servl:-# installadm validate -n custom ai \
0 -p client_profile
.
Now that the custom manifest and criteria manifest are built, you associate them with the
custom ai AI service using the installadm add-manifest command.

Next, you use the sysconfig create-profile utility to create a system configuration
profile named client _profile for the AI client. The sysconfig create-profile
utility starts the interactive system configuration tool, which guides you through the SC profile
design.
After the SC profile is completed, you use the installadm create-profile command to
associate the new SC profile with the custom_ai AI service and the client criteria manifest.
Finally, you validate the SC profile. If the SC profile passes validation checks, the AI service is
completed and available.
Agenda

Options
Operating System
I.... Configuring an AI Server and Clients
o
Working with the Distribution Constructor
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Task JumpStart AI
Set up an install Use the Use the installadm
server. setup_install serve create-service
-
r command. command.
- Add clients to the Use the Use the installadm

I....
I.... installation. add-install- client create-client

0 command. command.
Specify installation Use profile files. Use AI manifest files. ,,
instructions. <
Specify client Use rules files to Use the installadm

customization. associate set-criteria command.
clients with profile files.
Specify Use finish scripts and Use sc-profile files.
"0 post-installation sysidcfg files.
Q
... client configuration.Copyright 2011, Oracle and/or its affiliates_ All rights reserved_
-'1:, 'l\
o..
0
I....
c..
This table in the slide compares the methods used to accomplish JumpStart tasks and AI
........
rJ)
:.;:::::;
tasks. -
ro
Comparing Rules Keywords
and Criteria Directives
: rt Rules File AI Criteria File Directives
Any For client systems that do not match any selection

criteria, the AI install service provides a default AI
- manifest.
I....
0
"0
c arch spare Command option: - c cpu=spare
ro Criteria file:
Q)
(..)
<ai_criteria name="cpu">
ro
I.... <value>sparc</value>
0 </ai_criteria> <_ l.
karch i86pc Command option: - c arch=i86pc

Criteria file:
<ai-criteria name="arch">
<value>i86pc</value>
</ai_criteria>
ORACLE.
Q
... ...
)
..
..c
..c
0
I....
c..
c This table compares Oracle Solaris 10 JumpStart rules file keywords to Oracle Solaris 11 AI
0
:.;:::::;
::J
..c criteria file directives.
.
ro
JKumpStdart Rules File AI Criteria File Directives

eywor
hostaddress xx.xx.xx.xx Command option: -c ipv4=xx.xx.xx.xx
Criteria file:
<ai_criteria name="ipv4">
-
I....
0 <value>xx.xx.xx.xx</value>
"0
c </ai criteria>
ro
Q) network xx.xx.xx.xx Use ipv4 with a range.
(..) Command option: -c ipv4=xx.xx.xx.xx
ro
I....
yy.yy.yy.yy
0
Criteria file:
<ai_criteria name="ipv4">
<range>xx.xx.xx.xx yy.yy.yy.yy</range>
</ai_criteria>
hostname xxxxxx To uniquely identify a host in AI, use either the IP

address or the MAC address.
I
Copyright 2011, Oracle
. and/or its affiliates. All
rights reserved
This table continues the comparison of Oracle Solaris 10 JumpStart rules file keywords to
Oracle Solaris 11 AI criteria file directives.

JKumpStdart Rules File AI Criteria File Directives

eywor
memsize xxxx Command option: -c mem=xxxx
Criteria file:
- <ai criteria name="mem">

I....
0
<value>xxxx</value>
c </ai criteria>
ro
Q)
model 123-xyz Use ipv4 with a range.
ro
I....
Command option: -c platform=123-xyz
0 Criteria file:
<ai criteria name="platform">
<range>123-xyz</range>
</ai_criteria>
.
Copyright 2011, Oracle and/or its affiliates. All rights reserved. OR
This table continues the comparison of Oracle Solaris 10 JumpStart rules file keywords to
.
Oracle Solaris 11 AI criteria file directives.

JumpStart
Rules File AI Manifest Directives
Keyword
boot device <target>
cotOdOsO <target_device>
update <disk>
<disk_name name="cOtOdO" name_type="ctd"/>
-
I....
0 <slice name="O" lS root="true" force="true"/>
"0
c </disk>
ro </target_device>
Q)
(..)
</target>
ro
I....
.
0 bootenv A boot environment is automatically created on
the Oracle Solaris OS.
<software_data action="install" type="IPS"> t."
cluster
<name>pkg:/entire</name>
SUNWCXall
<name>pkg:/group/system/solaris-desktop</name>
</software_data>
,.. - f
ro This table shows how to convert Oracle Solaris 10 JumpStart rules file keywords to Oracle
Solaris 11 AI manifest directives.
Conve rting a JumpStart Profile to an AI Manifest
:rtR ules File

fdisk cot3d0 solaris maxfree
AI Manifest Directives
<target>
<target_device>
<disk>
<disk name name="c0t3d0"
name_type="ctd"/>
-
<partition name="l"
0 part_type="SOLARIS">
</disk>
ro
Q) </target_device>
</target
ro
I....
0 filesys AI creates ZFS file systems, not UFS file systems.
geo Geographic regions for language support are specified

through pkg group packages.
locale Locale support is specified through pkg group
ro
This table shows how to convert Oracle Solaris 10 JumpStart rules file keywords to Oracle

Converting a JumpStart Profile to an AI Manifest
JKumpStdart Rules File AI Manifest Directives

eywor
package 123xyz add <software name="IPS">
<software data action="install"
type="IPS">
- <name>pkg:/entire</name>
<name>pkg:/babel install</name>
<name>pkg:/xxxxxx/123xyz</name>
</software_data>
I....
</software>
0 <software data action="uninstall"
package 123xyz delete
type="IPS">
<name>pkg:/xxxxxx/123xyz</name>
</software_data> .

r This table shows how to convert Oracle Solaris 10 JumpStart rules file keywords to Oracle
Agenda

Options
Operating System

I....
0
"0
c
ro Converting JumpStart to AI
Q)
(..)
"0
Distribution Constructor
Is used to build custom Oracle Solaris images

Builds an ISO image or Virtual Machine
Allows customized versions of the following Oracle Solaris
11 image types:
-
I....
0 x86 or SPARC Oracle Solaris text installer
Oracle Solaris x86 LiveCD image
x86 or SPARC ISO image for Automated Installations
- x86 Oracle Solaris Virtual Machine
The distribution-constructor package contains:
"<""""
"<""""
The distro const command-line utility
Manifest files
.. You use the distribution constructor to build custom Oracle Solaris images. These images can
be used to install the Oracle Solaris software on individual systems, multiple systems, or
Virtual Machines (VMs) that run the Oracle Solaris 11 operating system. The distribution
constructor takes an XML manifest file as input and builds an ISO image or Virtual Machine
image that is based on the parameters specified in the manifest file.
Using the distribution constructor, you can build customized versions of the following types of
Oracle Solaris 11 images:
x86 or SPARC Oracle Solaris Text installer image
Oracle Solaris x86 LiveCD image
x86 or SPARC ISO image for Automated Installations
x86 Oracle Solaris Virtual Machine
The distribution constructor is distributed in the distribution-constructor package. The
distribution-constructor package contains the dis tro_cons t command-1 ine
utility for building custom Oracle Solaris images and Virtual Machine images. It also
contains default manifest files that are used to describe the various image types.

Distribution Constructor Manifest Files
Manifest File Manifest Type Description
text mode x86.xml
- -
x86 Text installer ISO image Used to create an ISO image that
you can boot to initiate a Text
installation of the Oracle Solaris
OS on x86 machines
text_mode_sparc.xml SPARC Text installer ISO image Used to create an ISO image that
you can boot to initiate a Text
-
I....
installation of the Oracle Solaris
0 OS on SPARC machines
all_lang_slim_cd_x86.xml x86 LiveCD ISO image Used to create an ISO image
comparable to the Oracle Solaris
LiveCD
ai_sparc_image.xml SPARC AI ISO image Used to create a SPARC AI ISO
image for automated installations of
the Oracle Solaris OS to SPARC
clients
ai_x86_image.xml x86 AliSO image Used to create an x86 AliSO
image for automated installations of
the Oracle Solaris OS to x86
clients
vmc_image.xml x86 Virtual Machine Used to create a Virtual Machine
image
"
This table lists the default manifest files shipped with the distribution-constructor package.
After you install the distribution-constructor package, you can locate these manifest files in the
/usr /share/ distro_const/ image_ type directory.
The distribution-constructor package also contains additional "finalizer" scripts that can be
used to make installation customizations based on the type of image that you are building.
The manifest files point to the finalizer scripts, and the finalizer scripts transform the generic
image into a media-specific distribution. You can create your own finalizer scripts. If you do
create new scripts, edit the manifest files to point to these new scripts.
Note: See the Oracle Safaris 11 Distribution Constructor Guide for more information about
creating custom finalizer scripts.
Building an OS Image
The build process can be performed in one step:

distro const build manifest
Checkpointing is enabled by default. Checkpointing
can be disabled by
The build process can be setting
- - stopped and resumed at a
specific checkpoint (step):
distro const build -p step
manifest
distro const build -r step
manifest
I....
Building an OS image can be done in one step by using the distro_const command
ro without options. You use the options provided in the distro_const command to stop and
restart the build process at various stages in the image-generation process, in order to check
and debug your selection of files, packages, and scripts for the image that is being built. This
process of stopping and restarting during the build process is called checkpointing.
Checkpointing supports the process of developing and debugging images. You can start
building an image, pause at any stage you want and examine the contents of the image, and
then resume building the image. Checkpointing is optional. The checkpointing feature is
enabled by default in the manifest file. A ZFS dataset, or a mount point that correlates to a
ZFS dataset, must be specified as the build area.
Checkpointing allows you to stop and resume at a specific checkpoint (step).
Example:
distro_const build -p step manifest
distro_const build -r step manifest
Alternatively, you can disable checkpointing in the manifest file by setting the
checkpoint_enable parameter to false.
Checkpointing should not be disabled, because it makes debugging problems very difficult.

This practice covers the following topics:

Installing Oracle Solaris 11 network clients by using the
Automated Installer (AI)
Verifying that the system meets AI requirements
-

Configuring the AI server
Deploying the OS to network clients
ro ORAC
Summary

Describe Oracle Solaris 11 installation options
Plan for an Oracle Solaris 11 installation
Describe an Oracle Solaris 11 LiveCD installation
-
(.

Describe an Oracle Solaris 11 Text installation
Describe an Oracle Solaris 11 Automated installation
Configure an AI server
..
.
Configure an AI client
Install Oracle Solaris 11 by using AI
Compare a JumpStart OS installation to an AI OS
installation
Convert a JumpStart configuration to an AI configuration
0
Describe the distribution constructor 0
ro In this lesson, you were presented with the Oracle Solaris 11 installation options. You were
shown how to install the operating system using the interactive options (text installer and
LiveCD) as well as automated installation. You then spent some time looking at how to
configure an AI server and client. You also had the opportunity to compare a JumpStart OS
installation to an AI OS installation and see how to perform the conversion. Finally, you were
introduced to the distribution constructor and shown how to build an OS image.

Administering Oracle Solaris 11 Zones
ORACLE'
Objectives

Describe the new zone features and enhancements
Configure a Solaris 10 zone
Perform a virtual-to-virtual migration of zones present in
-
.
"
the source system (V2V)
Migrate a physical Solaris 10 system to a Solaris 10 zone
(P2V)
Configure a non-global zone by using AI
Monitor zone resource consumption
Copyright
Describe how to delegate zone administration 2011, Oracle
and/or its
affiliates. All
rights
reserved.
This lesson introduces you to the new Oracle Solaris 11 zones features and enhancements.
ro You learn how to configure a Solaris 10 zone in Oracle Solaris 11 and migrate Solaris 10
zones from Oracle Solaris 10. Finally, you monitor zone resource consumption and delegate
zone administration.

Agenda
Introducing Oracle Solaris 11 Zones

Migrating Solaris 10 Zones
Configuring Zones by Using AI
- Monitoring Zone Resource Consumption

I....
ORACLE.
K
Oracle Solaris 11 Zones
BEFORE CONSOLIDATION
Host 1 Host3
100 Mbps 100Mbps 100Mbps
AFTER CONSOUDATION
SOLARIS
ZONE3
600Mb
PhysicalNIC Port
ORAC
Copyright 2011, Oracle and/or its affiliates.All rights reserved.
Oracle Solaris Zones is a built-in OS virtualization with a long and distinguished pedigree.
One of the most highly adopted, highly used, mature virtualization technologies, Oracle
SolarisZones was first introduced as a core part of Oracle Solaris 10. As of Oracle Solaris 11,
Oracle Solaris Zones becomes even more central to both the application and the end user.
Enhancements and new features include:
Integration into the new packaging system (IPS)
Support for Oracle Solaris 10 Zones
Integration with the new Oracle Solaris 11 network stack architecture
Improved observability
Increased control over administration
Tight integration with ZFS
New Zones Features
Zones Feature Description

Solaris 10 zones Solaris 10 zones host Solaris 10 user
environments inside zones on Oracle
Solaris 11.
Boot environments for zones Boot environments are integrated with
- Oracle Solaris Zones.

I....
0
"0
c IPS integration Oracle Solaris Zones have been
ro integrated with the new IPS package
Q)
(..)
management tools in Oracle Solaris 11.
ro
I.... Zone resource monitoring Oracle Solaris 11 features a robust zones
0 resource monitoring utility, zonestat.
Delegated administration Delegate common zone administration
tasks for specific zones to different
administrators by using Role-Based
Access Control (RBAC).
"0
Q
)
..
..c
..c
0 This slide shows the new Oracle Solaris 11 Zones features.
I....
c..
c
0
:.;:::::;
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
Boot Environments for Zones
Ora Solaris 11. They are meant to help maintainers of Solaris 10 systems consolidate their
cle production environments onto systems running Oracle Solaris 11. Workloads running within
Sol
aris Solaris 10 zones can take advantage of the performance improvements made to the Oracle
10 Solaris 11 kernel and use some of the innovative technologies available only on Oracle
Zo Solaris 11 (such as virtualized NICs). The Solaris 10 zones support x86 and SPARC Solaris
nes 10 10/09 (or later released Oracle Solaris 10 update) zones. Note that it is possible to use an
host
Sol earlier update release if you first install the kernel patch 141444-09 (SPARC) or 141445-09
aris (x86/x64), or later version.
10
(S1
0)
use
r
env
iron
me
nts
insi
de
zon
es
on
Ora
cle
Boot environments are integrated with Oracle Solaris Zones. Zone root file systems use Zone
Boot Environment (ZBE) datasets. When a new boot environment is created by cloning an
existing one, the base boot environment's zones are also cloned into the new boot
environment.
IPS Integration
Oracle Solaris Zones have been integrated with the new IPS package management tools in
Oracle Solaris 11. Zones require an active network connection for their creation and must be
manually updated (by using zoneadm attach -u) to stay in sync with the global zone.
Sparse root zones are not supported in Oracle Solaris 11.
- Zone Resource Monitoring

I....
0
"0 Oracle Solaris 11 features a robust zones resource monitoring utility, zones tat. The
c
ct:l zones tat utility greatly enhances the observation of system resources consumed by Oracle '>S
Q
0 SolarisZones. You can observe memory and CPU utilization, utilization of resource control
limits, and total utilization and per-zone utilization breakdowns over specified time periods.
Delegated Administration
With Oracle Solaris 11, you can delegate common zone administration tasks for specific
zones to different administrators by using Role-Based Access Control (RBAC). With
delegated administration, for each zone, a user or set of users may be identified with the
permissions to log in, manage, or clone that zone. These specific authorizations will be
interpreted by the appropriate commands running in the global zone to allow access at the
correct authorization level to the correct user.
::J

Agenda

Monitoring Zone Resource Consumption
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
ro
- Oracle Solaris 10 10/09 or later
Supported on sun4v, sun4u, and x86 architectures
Supports 32-bit and 64-bit applications
-
I....
0
"0
c
Virtual-to-virtual (V2V)
ro
Q) Physical-to-virtual (P2V)
(..)
ro 0
I....
0 "0
- ..Q...).
"<""""
"<""""
..c Supports
0
(\J
..c
0 only ZFS
I....
..c
c..
c
0 0
>c :.;:::::;
Limitations
>.
c..
0
Solaris 10 Zones
solarislO Branded Zones
A complete runtime environment for Oracle Solaris 10
Copyright
and/or
reserve
ORACLE.
::J
..c The Solaris 10 zone is a complete runtime environment for Oracle Solaris 10 applications on
...... SPARC and x86 machines running the Oracle Solaris 10 10/09 operating system or later. You
rJ)
"0
must install the s10 patch before you create the archive that will be used to install the zone.
I....
0
The Solaris 10 zones are supported on all sun4v, sun4u, and x86 architecture machines that
c the Oracle Solaris 11 release has defined as supported platforms. The brand supports the
0
:.;:::::; execution of 32-bit and 64-bit Oracle Solaris 10 applications. The brand includes the tools
(..)
::J required to install an Oracle Solaris 10 system image into a zone.
"
0
e You cannot install a Solaris 10 zone directly from Oracle Solaris 10 media. A physical-to
virtual (P2V) capability is used to directly migrate an existing system to a zone on a target
c.. system. The brand also supports the tools used to migrate an Oracle Solaris 10 zone to a
Q)
I....
"0
Solaris 10 zone. The virtual-to-virtual (V2V) process for migrating an Oracle Solaris 10 zone
Q)
N into a Solaris 10 zone supports the same archive formats as P2V. The solarislO brand
supports the whole root zone model. All of the required Oracle Solaris 10 software and any
c additional packages are installed into the private file systems of the zone.
0
....c
..
::J
ro
c
:::J
The zone must reside on its own ZFS dataset; only ZFS is supported. The ZFS dataset will be
created automatically when the zone is installed or attached. If a ZFS dataset cannot be
created, the zone will not install or attach. Note that the parent directory of the zone path must
also be a ZFS dataset or the file system creation will fail. Any script or program that executes
in an Oracle Solaris 10 zone should also work in a Solaris 10 zone.
A 1dev1sound device cannot be configured into the Solaris 10 zone.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
2. CreateMigrating
an archive ofSolaris 10 10
the Solaris Zones (V2V)
zone to be migrated.
3. Prepare the Oracle Solaris 11 target system.
4.
1. Migrate the
Assess Solaris 10. 10 zone to be migrated.
Solaris
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
> c
>.
c..
0
0 ORACLE.
..) Q...
.
..c
..c
0
I....
c..
c There are four key tasks to migrating an Oracle Solaris 10 zone to Oracle Solaris 11:
0
:..c 1. Assess the Solaris 10 zone to be migrated. An existing Oracle Solaris 10 10/09 system
(or later released Solaris 10 update) can be directly migrated into a Solaris 10 zone on
s an Oracle Solaris 11 system. Depending on the services performed by the original
...... system, you might need to manually customize the zone after it has been installed. For
rJ)
"0
example, the privileges assigned to the zone might need to be modified or the network
I.... interface is different. It is critical that you examine the source system and collect the
0
c following information:
0
:.;:::::;
(..)
Hostname Host
::J
ID Domain
"
0
e name
c.. Root password
Q)
I....
Running applications
"0
Q)
N Networking
c
0
....c.
.
::J
ro
c
:::J
Storage
Zone configuration
2. Create an archive of the Solaris 10 zone to be migrated. You have a variety of methods
available for creating the archive. The installer can accept the following archive formats:
flar image
epic archives
gzip compressed epic archives
bzip2 compressed epic archives
pax archives created with the -x xustar (XUSTAR) format
-
I....
ufsdump level zero (full) backups
0
"0
After you have created an archive, you must provide a method (such as NFS) of
c transporting it to the target system.
ct:l
Q) 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the Solaris 10
(..)
ct:l
I....
zone, you must first prepare the target system. This normally involves:
0 Configuring the client side of the image transport
Installing the SUNWs1Obrand packag
Configuring the Solaris 10 zone
4. Migrate the Solaris 10 zone. After performing the previous task, use the zoneadm at
tach subcommand to migrate the Solaris 10 zone. Finally, after completing the
migration, you can perform the post-migration configuration based on the information
that you gathered when assessing the source system.
I....
0
c
0
:.;:::::;
(..)
::J
ec...
"0
Q)
I....
"0
Q)
N
c
0
....c..
::J
ct:l
c
:::J

Migrating Solaris 10 Global Zones (P2V)
1. Assess the global zone to be migrated.

2. Create an archive of the global zone to be migrated.
3. Prepare the Oracle Solaris 11 target system.
4. Migrate the Solaris 10 global zone.
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
c ....c..
0 ::J
: ro
..c
c
:::J
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
2. Create an archive of the global zone to be migrated. You have a variety of methods
flar image
The 1. Assess the global zone to be migrated. An existing Oracle Solaris 10 10/09 system (or
re later released Solaris 10 update) can be directly migrated into a Solaris 10 zone on an
are
four Oracle Solaris 11 system. Depending on the services performed by the original system,
key you might need to manually customize the zone after it has been installed. For example,
task the privileges assigned to the zone might need to be modified or the network interface is
s to different. It is critical that you examine the source system and collect the following
mig information:
rati
ng Hostname
an Host ID
Ora
cle Domain name
Sol Root password
aris
10 Running applications
glo Networking
bal
zon Storage
e to
Ora
cle
Sol
aris
11:
cpio archives
gzip compressed cpio
archives bzip2 compressed
cpio archives
pax archives created with the -x xustar (XUSTAR)
format ufsdump level zero (full) backups
-
I...
After you have created an archive, you must provide a method (such as NFS) of
.
0 transporting it to the target system.
"0
c 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the global
ct:l zone, you must first prepare the target system. This normally involves:
Q)
(..)
ct:l
Configuring the client side of the image
I....
0 transport Installing the SUNWs1Obrand

package Configuring the Solaris 10 zone
4. Migrate the Solaris 10 global zone. After performing the previous task, use the
zoneadm
at tach subcommand to migrate the Solaris 10 global zone. Finally, after completing
the migration, you can perform the post-migration configuration based on the
information that you gathered when assessing the source system.
Migrating Solaris 10 Global Zones (P2V)
1. Assess the global zone to be migrated.
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
.
c
2. Create an archive of the global zone to be migrated. You have a variety of methods
flar image
.
.
.
:
:
J
c
t
:
l
c
:
:
:
J
Agenda

-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
by Using the Automated Installer (AI)
AI supports non-global zone installation.
AI manifest
The configuration element
The zone's self-assembly SMF service
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
..)Q..
.. ...,
..c
..c
0
Configuring Non-Global Zones by Using AI
I....
c..
c
0
:.;:::::;
::J
..c c
:::J
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Ora
cle Non-global zones are installed and configured on the first reboot after the global zone is
Sol installed. When a system is installed by using AI, non-global zones can be installed on that
aris system by using the configuration element in the AI manifest.
11
sup When the system first boots after the global zone installation, the zone's self-assembly SMF
port service (svc: I system/ zones- install: default) configures and installs each non
s global zone defined in the global zone AI manifest.
non
-
glo
bal
zon
e
inst
alla
tion
by
usi
ng
the
Aut
om
ate
d
Inst
alle
r
(AI)
.
</soft ware>
<configuration type= 11 zone 11 name="zone5" source="http://sll
ss.mydomain.com/zone configs/zone5.cfg11 />
</ai_instance>
-
I....
</auto install>
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Specifying a Non-Global Zone in the AI Manifest
Thi highlighted. You use the configuration element in the AI manifest for the client system to
s specify non-global zones. Use the name attribute of the configuration element to specify
exa
mpl the name of the zone. Use the source attribute to specify the location of the configuration file
e for the zone. The zone configuration file must be in zonec fg export format. AI copies this
sho configuration file onto the installed client system to be used to configure the zone. The source
ws location can be any http:// or file:// location that the client can access during installation.
an
exc
erpt
fro
m
an
AI
ma
nife
st
file.
The
co
nfi
gu
rat
io
n
ele
me
nt
is
Adding a Non-Global Zone Manifest and Profile
# installadm create-manifest -n custom ai -f /manifests/zone_ai \

-c zonename=uzoneS"
# installadm create-profile -n custom_ai \
-f /manifests/zoneS_profile.xml -p zoneS_profile \
-c zonename=uzoneS"
# installadm list -c -m -p -n custom ai
Service Name Client Address Arch Image Path
-
I....
0
"0 custom ai 08:00:27:8S:C7:D9 i386 /export/ai/custom_ai
c
ct:l
Q)
(..) Manifest Status Criteria
ct:l
I....
0 custom ai mac = 08:00:27:8S:C7:D9

zone ai zonename = zoneS
Profile Criteria
client4_profile mac = 08:00:27:8S:C7:D9

zoneS_profile zonename = zoneS
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c ct:l
0
c
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
Thi AI service named custom ai.
s
slid
e
sho
ws
an
exa
mpl
e
of
add
ing
a
non
-
glo
bal
zon
e
ma
nife
st
and
a
prof
ile
to
an
exi
stin
g
Agenda

-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
The zones tat utility monitors zone resources:

CPU consumption
Memory consumption
Resource control utilization
-
I....
0
"0
c The utility can print:
ro
Q) A series of reports at specified intervals
(..)
ro
I.... One or more summary rep
0 The utility runs as a service in the global zone.
"0
Q
)
..
..c
..c
0
I....
c..
c The zones tat utility reports on the CPU, memory, and resource control utilization of the
0
:.;:::::; currently running zones. Each zone's utilization is reported as a percentage of both system
::J
..c resources and the zone's configured limits.
........
rJ) The zones tat utility prints a series of reports at specified intervals. It can print one or more
"0 summary reports. When run from within a zone, only processor sets visible to that zone are
I....
0 reported. The zone output will include all of the memory resources and the limits resource.
c
0 The zones tat service in the global zone must be online to use the zones tat service in
:.;:::::;
(..)
::J the zone. The zones tat service in each zone reads system configuration and utilization
" data from the zones tat service in the global zone. The zonestatd system daemon is
0
e started during system boot. The daemon monitors the utilization of system resources by zones
c.. as well as zone and system configuration information, such as psrset processor sets, pool
Q)
I.... processor sets, and resource control settings. There are no configurable components.
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Monitoring Zone Memory Consumption
oracles11x-desktop:# zonestat -z global -r physical-memory 5

Collecting data for first interval...
Interval: 1, Duration: 0:00:05
PHYSICAL-MEMORY SYSTEM MEMORY
mem default 767M
ZONE USED PCT CAP %CAP
- [total]
I....
0 631M 82.2%
"0 [system] 215M 28.1%
c global 14.9M 1.94%
ct:l
Q) zone1 123M 15.8%
(..) zone2 137M 18.3%
ct:l
I....
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
.....c.
..
::J
ct:l
c
In shows a summary of utilization every five seconds.
the
slid
e
you
see
a
zo
nes
ta
t
utili
ty
rep
ort
on
zon
e
me
mor
y
con
su
mpt
ion.
Thi
s
exa
mpl
e

Monitoring Zone CPU Consumption
oracles11x-desktop:# zonestat -r detault-pset 1 1m

Interval: 8, Duration: 0:00:08
PROCESSOR SET TYPE ONLINE/CPUS MIN/MAX
pset_detault detault-pset 1/1 1/1
ZONE USED PCT CAP %CAP SHRS %SHR %SHRU
[total] 0.11
-
11.0%
I....
0 [system] 0.03 3.11%
"0 Global 0.06 6.01%
c zone1 0.01 1.11%
ct:l
Q) zone2 0.00 0.82%
(..)
ct:l
I....
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
.....c.
..
::J
In This example shows a report on the default processor set (pset) once a second for one
the minute.
slid
e
you
see
a
zo
ne
s
ta
t
utili
ty
rep
ort
on
zon
e
CP
U
(pr
oce
sso
r
set
s)
con
su
mp
tion
.
Total and High Zone Resource Consumption
o oracle@sllx-desktop:-# zonestat -q -R total.high lOs lm lm

Report: Total Usage
Start: Sat Apr 2 11:24:35 MDT 2011
End: Sat Apr 2 11:25:35 MDT 2011
Intervals: 6. Duration: 0:01:00
SUMMARY Cpus/Online: 1/1 Physical: 767M Virtual: 2000M
-
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
I.... ZONE USED \PART \CAP \SHRU USED PCT \CAP USED PCT \CAP
0 [total) 0.05 5.14\ - 635M 82.8% 882M 44.0%
"0 [systQID) 0.02 2.28% - 213M 27.8% 324M 16.2%
c -
,0s
global 0.02 2.31\ 15.1M 1.97% 355M 17.7%
ct:l zonel 0.00 0.47% - 122M 15.9% 194M 9.20%
Q) zone2 0.00 0.06% - 0 0.00% 17.6M 0.99% II
(..)
ct:l Report: High Usage
I....
Start: Sat Apr 2 11:24:35 MDT 2011
0 End: Sat Apr 2 11:25:35 MDT 2011
Intervals: 6. Duration:
0:01:00
SUMMARY Cpus/Online: 1/1 Physical: 767M Virtual: 2000M
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
ZONE USED \PART \CAP \SHRU
[total) 0.06 6.53% - USED
636M
PCT
92.9%
\CAP USED
982M
PCT
44.1\
\CAP
[system) 0.02 2.42% - 213M 27.9% 325M 16.2%
global 0.03 3.64%- 15.1M 1.97% 355M 17.7%
zonel 0.00 0.67% - 122M 15.9% 194M 9.20%
zone2 0.00 0.09% - 0 0.00% 17.6M 0.99%
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l

Delegating Zone Administration
You example, the zones tat utility silently monitors at 10-second intervals for one minute, and
can then produces a report on the total and high utilizations.
use
the
zo
nes
tat
utilit
y to
rep
ort
tota
l
and
hig
h
zon
e
res
our
ce
utili
zati
on.
In
this
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
-
0
I.... :.;:::::;
0 (..)
"0
c
ro ::J " 0 c.. Q)
Q)
(..)
"0
I.... e
ro
I.... Q)
N
0 c
0
.....c...
::J
ro
c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
Total and High Zone Resource Consumption
sers.
D The auth property
e login (solaris.zone.login)
l manage (solaris.zone.manage)
e
clone (solaris.zone.clonefrom)
g
a The admin zone property
t zonecfg:zonel> add admin
e
zonecfg:zonel:admin> set user=oracle
z zonecfg:zonel:admin> set auths=login,manage
o
zonecfg:zonel:admin> e
n
e
s
a ORACLE.
d
m
i With Oracle Solaris 11, you can delegate common zone administration tasks for specific
n zones to different administrators by using Role-Based Access Control (RBAC). With
i delegated administration, for each zone, a user or set of users may be identified with the
s permissions to log in, manage, or clone that zone. These specific authorizations associated
t with the auth property are interpreted by the appropriate commands running in the global
r zone to allow access at the correct authorization level to the correct user.
a The admin zone property defines the username and the authorizations for that user for a
ti given zone (as shown in the example in the slide).
o
n
t
o
d
if
f
e
r
e
n
t
u

Practice 5 Overview: Migrating
Oracle Solaris 10 Zones to Oracle Solaris 11
This
In thispractice
lesson,covers the following
you should topics:how to:
have learned
Describe the new zone features and enhancements
Configure a Solaris 10 zone
Perform a virtual-to-virtual migration of Solaris 10 zones
-
I....
0
"0 present in the source system 0f2V)
c
ro
Q)
Migrate a physical Solaris 10 system to a Solaris 10 zone
(..)
ro
I....
(P2V) '
0 Configure a non-global zone by using AI
"<""""
-
"<""""
0 Monitor zone resource consumption
(\J
Describe how to delegate zone administration
..c l
0
> c
>.
c..
0
0 ORACLE.
"0
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Summary
In also shown the tasks involved in migrating Oracle Solaris 10 zones to Oracle Solaris 11. You
this learned that non-global zones can be installed by using the AI service. Finally, you learned
les how to monitor zone resource consumption and delegate zone administration.
son
,
you
wer
e
pre
sen
ted
wit
h
the
ne
w
Ora
cle
Sol
aris
11
zon
es
feat
ure
s.
You
wer
e
Migrating Oracle Solaris 10 zones to Oracle Solaris 11
(V2V)
Migrating Oracle Solaris 10 global zones to Oracle Solaris
-
I....
0 11 (P2V)
"0
c
ro Monitoring zone resource utilization
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J

..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
Practice 5 Overview: Migrating
......
"0
rJ) Oracle Solaris 10 Zones to Oracle Solaris 11
I....
0
c This practice covers the following topics:
0
:.;:::::;
(..)
::J " 0 c.. Q)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Practice Environment
q Orade VM VirtuaiBor Manager
File Md1ne Help
-
10 :Jetall; j liD Sto..-1"'1>

New Settngs Show Ols:ard SATACmtraler
SollO- erl
3ATAPorD; 3oi11X-Desktop-d:;U.vm<k (Nomoi, 1&.00 GJ)

RIIrDJ
SATA Port 1(CD,OVD); er.>ty
e SolllX-Super-Server
Audio
R<.fflng
-
Host )rtver:
W1ndowsec:tsoJld
0
I.... SolllX-Seoverl Controler: ICH C97
@Powered Off
"0
c e
SolllX-[}esj[top
R""""9' Adapter 1: :ntel P'l.0/1000 MTOesktop (Internal netwo<k, 'intnet')
ct:l
Q) ty uSB
(..)
ct:l
0
I....
a Shared Folders
Shared Folders:I
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
0
c
0 .....c...
:.;:::::; ::J
::J ct:l
..c c
........ :::J
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
Re "Installing the Oracle Solaris 11 Operating System" that your practice environment is based
call on the Oracle VM VirtualBox virtualization software_
fro
m The following four virtual machines (VMs) play an important role in this lesson's practice:
the Soi11X-SuperServer: This VM provides network services such as DNS and NFS used
les
son by the VMs in the practice.
s Soi11X -Server1: This is the IPS server used to install the SUNWs1Obrand package_
title
d Sol10- Server1: This is the source system for the zone migration practice_
"Ma Soi11X- Desktop: This is the target system for the zone migration practice.
nag
ing
Sof
twa
re
Pac
kag
es
in
Ora
cle
Sol
aris
11"
and
Objectives
Oracle Solaris 11 Network Enhancements

-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Agenda
After completing Oracle

Introducing this lesson, you11should
Solaris be Enhancements
Network able to:
Describe
Managingthe new network features and enhancements
NWAM
List the new and enhanced network management utilities
Configure Network Auto-Magic (NWAM)
-
I....
0
"0
c Configure IPMP
ro
Q) Configure network virtualization
(..)
ro
I.... Configure a network bridge
0
-
"<""""
List new network monitoring utilities
"<""""
0
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
"0
.
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
c
Objectives
Thi You will learn how to set up and manage NWAM, configure a virtual network, configure a
s network bridge, and configure network link aggregation.
les
son
intr
odu
ces
you
to
the
ne
w
Ora
cle
Sol
aris
11
net
wor
k
feat
ure
s
and
enh
anc
em
ent
s.
New and Enhanced Network Utilities
Configuring Network Virtualization
-
I...
.
0
"0
Configuring Network Bridges
c
ro
Q
New Network Monitoring Utilities
)
(..)
ro
I...
.
0
-
"<"""
"
"<"""
"
0
(\J

..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Agenda

Introducing Oracle Solaris 11 Network Enhancements
K Managing NWAM

.
.
.
.
.
.r
J
)
"
0
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
c
Objectives
.
.
:
ro
:
J
c
:
:
:
J

Network Auto-Magic (NWAM): NWAM simplifies and automates network configuration
on Oracle Solaris 11. Using NWAM, users can automatically discover and connect to
Network management and observability

Network virtualization
Network bridging
-
I....
0
"0
c Enhanced IPMP
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
33
Introducing Oracle Solaris 11 Network
Enhancements
The and interoperability of network interfaces and features. A new GLDv3 network driver
net framework has been added to provide support for Virtual LANs (VLANs), bridging, and link
wor
kin aggregation. The GLDv3 framework also provides the ability to support MAC layers other than
g Ethernet.
sta Here are the key network enhancements:
ck
has Network management and observability: Oracle Solaris 11 adds a variety of robust
bee new network utilities. For network management, the ipadm utility command provides a
n set of subcommands that can be used to manage interfaces (interface creation and
red deletion, modifying interface properties, and displaying interface configuration), manage
esi
gne addresses (address creation and deletion, modifying address properties, and displaying
d address configuration), and manage TCPIIP protocol properties (modifying and
to displaying them). For network observability, the new wireshark and dlstat utilities
unif have been added. wireshark is a powerful network protocol analyzer that allows you
y,
to capture and interactively browse the traffic running on a computer network. By using
sim
plify dlstat, you can generate reports containing runtime statistics about the network data
, links.
and
enh
anc
e
the
obs
erv
abil
ity
networks depending on their network conditions and profiles (that is, whether the
users are connected through an Ethernet cable or connected wirelessly). NWAM is
the default behavior on all installations of Oracle Solaris 11.
Network virtualization: Network virtualization takes server virtualization to the
next level with the ability to virtualize entire network topologies of servers, routers,
switches, and firewalls, all running on a single platform and requiring no additional
investment in networking hardware. Using the basic building blocks of Virtual
Network Interface Controllers (VNICs), virtual switches and interconnects, Virtual
LANs (VLANs), and routing and firewall functionality, network virtualization can be
- used for a variety of purposes: from prototyping, to developing and testing, to

I....
0
"0 network service deployment.
c
ct:l Bridging: Bridging is a general layer two (L2 or data link) technology that is
Q)
(..)
used to connect separate L2 subnetworks, allowing communication between
ct:l attached nodes as if only a single subnetwork were in use. Basic Ethernet
I....
bridging support has been added to Oracle Solaris 11 by using the Spanning
0 Tree Protocol (STP, IEEE 802.1D-1998) and TRILL protocol. (\

Network Auto-Magic (NWAM): NWAM simplifies and automates network configuration
on Oracle Solaris 11. Using NWAM, users can automatically discover and connect to
Enhanced IPMP: The following features differentiate the current IPMP

implementation from the previous implementation:
An IPMP group is represented as an IPMP IP interface. This interface is
treated just like any other interface on the IP layer of the networking stack.
AIIIP administrative tasks, routing tables, Address Resolution Protocol
(ARP) tables, firewall rules, and other IP-related procedures work with an
"0
IPMP group by referring to the IPMP interface.
Q
... ..
)
The system becomes responsible for the distribution of data addresses
. ..
..c among underlying active interfaces. In the previous IPMP implementation,
..c the administrator initially determines the binding of data addresses to
0
I....
c..
corresponding interfaces when the IPMP group is created. In the current
c implementation, when the IPMP group is created, data addresses belong to
0
:.;:::::; the IPMP interface as an address pool. The kernel then automatically and
::J
..c randomly binds the data addresses to the underlying active interfaces of the
........
rJ)
group.
"0
I....
The ipmpstat tool is introduced as the principal tool to obtain information
0 about IPMP groups. This command provides information about all aspects of
c the IPMP configuration, such as the underlying IP interfaces of the group,
0
:.;:::::;
(..) test and data addresses, types of failure detection being used, and the
::J
"
interfaces that have failed.
0
e The IPMP interface can be assigned a customized name to identify the IPMP
c.. group more easily within your network setup.
Q)
I....
"0
Q)
N
c
0
.....c
...
::J
ct:l
c
:::J

35
Agenda
Introducing the Oracle Solaris 11 Network Enhancements

Managing NWAM
New and Enhanced Network Utilities
-
I....
"0
0
c
ro New Network Monitoring Utilities
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
NWAM automatically configures Ethernet and Wi-Fi

connections.
The primary focus of NWAM is mobility.
NWAM automatically manages network configuration by
- storing information in the form of profiles on the system.

I....
0
"0
c
ro You use the netcfg command to create and customize
Q)
(..)
ro new profiles.
0
I....
NWAM configuration components consist of:
-
"<""""
"<"""" Network Configuration Profiles (NCPs)
0
(\J
Location profile
..c
0
Network Configuration Units (NCUs)
>c
External Network Modifiers (ENMs)
>.
c.. Known WLANs
0
0
"0 ORACLE.
..) Q... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
The automatically addressing basic Ethernet and Wi-Fi configurations, such as connecting to your
Net wired or wireless network at startup and displaying notifications about the status of your
wor
k currently active network connection from the desktop. With its primary focus on mobility,
Aut NWAM is capable of dynamically changing a system's configuration in response to different
o- network events or at a user's request.
Ma
gic You use NWAM to set up user-defined profiles that enable you to connect to networks in a
(N variety of settings, such as in the office, at home, or at your local coffee shop. NWAM is an
WA essential tool if you have a laptop and system that require frequent changes in network
M) environments.
feat
ure NWAM automatically manages network configuration by storing information in the form of
sim profiles on the system. NWAM then determines which profile should be activated, depending
plifi on current network conditions (that is, whether a system is connected through a wired
es Ethernet cable or a wireless connection on a laptop), and subsequently activates that profile.
bas
ic The use of profiles is a primary component of NWAM.
net
wor
k
con
figu
rati
on
by
profiles.
The profile and configuration object types are:
Network Configuration Profiles (NCPs): An NCP specifies the configuration of
network links and interfaces. This profile is one of the primary profile types that compose
the NWAM configuration. The second primary profile type is the Location profile. The
default NCPs are Automatic, No Net, and Automatic Location. These are created by the
system.
Location Profile: The Location profile specifies the systemwide network configuration.
The name services, domain, the IP Filter, and IPsec configuration are examples. The
-
I....
0 information consists of a set of properties that defines the systemwide network
"0
c configuration. There are both system-defined and user-defined locations.
ct:l
Q) Network Configuration Units (NCUs): NCUs are the individual configuration objects
(..)
ct:l (or profiles) that contain all of the properties that make up an NCP. The NCP is
0
I....
essentially a container that stores the NCUs that define it. Each NCU correlates to an
individual link or interface in the system.
External Network Modifiers (ENMs): ENMs are profiles that are used to manage
applications that are external to NWAM, such as a VPN application. These applications
can modify and create a network configuration. The nwamd daemon activates or
deactivates an ENM, depending on the conditions that are specified as part of the ENM.
Known Wireless Local Area Networks (WLANs): Known WLANs are configuration
objects that NWAM uses to monitor and store information about wireless networks that
"0
are known to your system. NWAM maintains a list of all such wireless networks and then
Q
... ...
)
refers to this list to determine the order in which connections to available wireless
.. networks are attempted.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
How NWAM Works
One NCP and one Location profile must be active.

At boot time, nwamd performs these steps:
1. Consults the profile repository for the currently active NCP
2. Proceeds until one or more IP addresses have been
- configured
I....
0
"0
c 3. Checks the conditions of the Location profiles
ro
Q) 4. Activates
engine the Location profile that is specified by the policy
(..)
ro
I.... 5. Configures the network, or networks, accordingly
0
-
"<""""
"<"""" c
0 :::J
(\J

..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
1. As an event handler, nwamd detects each event as it
occurs.
W 2. As a profile daemon, nwamd consults the active profile.
h 3. Depending on the change, nwamd might reconfigure the
e network, or networks, accordingly.
n ORACLE.
a '
n
At all times, one NCP and one Location profile must be active on the system. During a system
boot, the profile daemon (nwamd) performs the first set of steps presented in the slide.
e
When an event triggers a change in the network configuration, the NWAM daemon (nwamd)
v functions in various roles and performs the operations presented in the second set of steps
e presented in the slide.
n The following are some of the event triggers:
t Connecting or disconnecting an Ethernet cable
t Connecting or disconnecting a WLAN card
r Booting a system when a wired interface, a wireless interface, or both are available
i
Resuming from suspend when a wired interface, a wireless interface, or both are
g available (if supported)
g Acquiring or losing a DHCP lease
e
r
s
c
h
a
n
g
e
:
Interaction with Other
Oracle Solaris Technologies
IP Multipathing (IPMP)
Virtualization
Oracle VM Server for SPARC
VirtualBox
-
I....
0
"0
Solaris zones
c
ro Virtual networks
Q)
(..)
ro Bridging
I....
0 Service Management Facility (SMF)

"<""""
-
"<""""
0 Networking utilities
(\J
..c
0
> c
>.
c..
0
0 ORACLE.
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Service Management Facility (SMF): At any given time, either the
network/physical:default service or the network/physical:nwam service
Co IP Multipathing (IPMP): Before configuring your network by using IPMP, you must
nsi disable the network/physical:nwam SMF service.
der
the Oracle VM Server for SPARC and VirtualBox: NWAM is supported in both Oracle
foll Solaris hosts and guests. NWAM manages only the interfaces that belong to the
owi specified virtual machines and does not interfere with other virtual machines.
ng
wh Solaris zones: NWAM works in global zones or in an exclusive stack non-global zone.
en NWAM does not work in a shared stack non-global zone.
usi Virtual networks: NWAM currently does not manage VNICs and etherstubs.
ng
NW Bridging:NWAM implementation does not actively support network configurations that
AM use the bridging technology. You do not need to disable the
with network/physical:nwam service before using this technology on your system.
oth
er
Ora
cle
Sol
aris
tec
hno
logi
es:
must be enabled on your system. If the network/physical:default service is
enabled, the traditional network configuration is used. If the
network/physical:nwam service is enabled, the traditional configuration files are
ignored, and NWAM manages the network configuration according to the policy that is
specified by the profiles that are enabled on the system.
Networking utilities: When the network/physical:nwam service is enabled, you
can still use command-line networking utilities (such as dlstat, dladm, and
ipadm) to monitor the components of your current network configuration.
-
I....
0
"
0
c
c
t
:
l
Q
)
(
.
)
c
t
:
l
I
.
.
.
.
0
(
\
J

.
.
c
0
c
>
>
.
c
.
.
0
0
"
0
..Q
...)
.
.
.
c
I
.
.
.
.
0
c
0
:.;:
:::
:;
(
.
)
::
J
"
e
0
c.
.
Q)
I
.
.
.
.
"
0
Q
)
c
0
...
.
c
..
:
:
J
c
t
Service Management Facility (SMF): At any given time, either the
network/physical:default service or the network/physical:nwam service
:
l
c
:
:
:
J
The netcfg Command
netcfg Description
Subcommand
Create Create an in-memory profile of specific type.
Select Open an existing profile.
Walkprop Walk each property associated with the current profile. For each property, the name
and current value are displayed, and a prompt is given to allow the user to change
the current value.
-
I....
0 set prop-name=valuel Set the current (in-memory) value of the specified property. If performed in
"0 noninteractive mode, the change is also committed to persistent storage.
c
ro List List all profiles, property-value pairs, and resources that exist at the current or
Q) specified scope.
(..)
ro
I....
verify Verify that the current in-memory object has a valid configuration.
0 commit '- -
Commit the current in-memory profile to persistent storage
y
end End the current profile specification, and pop up to the next higher scope.
exit Exit the netcfg session. The current profile is verified and committed before
ending.
destroy Remove all of the specified profile from memory and persistent storage.
"0 ORACLE.
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved
)
..
..c
..c
0
I....
c..
c The netcfg command is used to create and modify NWAM profiles. Using the netcfg
0
:.;:::::; command, you can perform the following tasks:
::J
..c Create or destroy a user-defined profile.
........
rJ)
Open an existing profile for viewing and/or editing.
"0
I....
0 List all of the profiles that exist on a system and their property values.
c List all of the property values and resources for a specified profile.
0
:.;:::::;
(..) Display each property that is associated with a profile.
::J
" Set or modify one or all of the properties of a specified profile.
0
e Export the current configuration for a user-defined profile to standard output or a file.
c.. Delete any changes that were made to a profile and revert to the previous configuration
Q)
I....
for that profile.
"0
Q)
N
c
o Verify that a profile has a valid configuration.
..c
:5 This slide shows the netc fg subcommands.
ro
c
:::J
The netadm Command
netadm
Description
Subcommand
enable Enable the specified profile. If the profile name is not unique, the profile type must
be specified to identify the profile to be enabled.
disable Disable the specified profile. If the profile name is not unique, the profile type must
be specified to identify the profile to be disabled.
-
I....
0 list List all available profiles and their current state. If a specific profile is specified by
"0 name, list only the current state of that profile.
c
ro show-events Listen for stream of events from the NWAM daemon and display them.
.\
Q)
(..)
ro
I....
scan-wifi Initiate a wireless scan on link linkname.
0 select-wifi Select a wireless network to connectto from scan results on link linkname. Prompts
for selection, Wi-Fi key, and so forth, if necessary.
help Display a usage message with short descriptions for each subcommand.
"0
ORACLE.
Q
... .... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
.
..c
..c
0
I....
c..
c The netadm command is used to administer NWAM profiles and interact with the NWAM
0
:.;:::::; daemon.
::J
..c
c The subcommands supported by the netadm command are shown in this slide .
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
:::J
Configuring NWAM
Enable NWAM.
# svcadm disable network/physical:default
# svcadm enable network/physical:nwam
View current NWAM NCPs, NCUs, and locations.
- # netadm list
I...
0
"0
c Create an NCP and NCU.
ro
Q)
(..) # netcfg
ro
I...
0 netcfg> create ncp oracle_profile

netcfg:ncp:oracle_profile> create ncu phys netO
Enable an NWAM profile. .J
# netadm enable -p loc classroom

# netadm enable -p ncp oracle_profile
"0
ORACLE.
..Q...).
..c
0
I...
c..
c Here are the tasks involved in configuring NWAM:
0
:.;:::::;
::J
Enable NWAM: The NWAM service must be enabled before you can configure it. If the
..c NWAM service is not currently enabled, first disable standard network configuration, and
......
rJ) then enable NWAM.
"0
I...
Example:
0
c # svcadm disable network/physical:default
0 # svcadm enable network/physical:nwam
:.;:::::;
(..)
::J View current NWAM profiles: You can display information on the NCP, NCU, and
"
0
e location profiles currently configured on the system.
# netadm list
c..
Q)
I...
Create an NCP and NCU: Using the netadm utility, you can create custom NCPs.
"0
Q)
NCPs have associated NCUs, which describe the network interface configuration.
N
# netcfg
c netcfg> create ncp oracle_profile
0
....c netcfg:ncp:oracle_profile> create ncu phys netO
..
::J
ro
c
:::J

Example:
To enable the classroom location, use:
# netadm enable -p loc classroom
To enable the oracle_profile ncp, use:
# netadm enable -p ncp oracle_profile
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
In this practice, you configure and manage NWAM.
- Enable NWAM
- Create and deploy an NWAM profile
-
I....
"0
0
- Disable NWAM
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Agenda

Managing NWAM
New and Enhanced Network Management Utilities
-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
The ipadm command has been introduced to eventually replace the i fconfig command for
interface configuration. The command also replaces the ndd command to configure protocol
ipadm Subcommand Description

create -if , dele te -if , show -if Create or delete an IP interface that handles both 1Pv4 and 1Pv6 packets.
show -if displays IP interface information.
enabl e -if , disable -if Enable or disable the given interface by reading the configuration from the
persistent store.
set-ifprop, reset -if prop, set- i fprop modifies an interface property to the value specified by the
show- i fprop user. reset - if prop resets an interface property to its default value. show-
i f prop displays the current value of an interface property.
- create - addr, de let e - Create or delete an IPv4 or IPv6 address on the interface address object. The
I....
0 addr, show-addr address type can be specified as static, DHCP, or auto-configured in the case
"0
c of 1Pv6. show- addr shows IP address information.
ro
Q) up-addr, down-addr Mark an IP address as up or down.
(..)
ro
I....
refresh - addr If the address is of the type "static," DAD (Duplicate Address Detection) will be
restarted (if necessary) on the address identified by the address object. If the
0 address is of the type "dhcp," the lease duration
obtained on the address will be extended by the DHCP client daemon.
enabl e - addr, disab le- addr Create, delete, and show a virtual switch between the VNICs.
set-prop, reset - prop, show - set - prop sets the protocol property to a specificvalue. reset -prop resets
prop a protocol property to its default value. show - prop displays the current value
of a protocol property.
set-addrprop, reset-addrprop, set - addrprop modifies the value of a property on an address object.
show-addrprop reset- addrprop resets an address property to its default value. show -
addrprop displays the current value of an address property.
"0
ORACLE'
Q
)
.
..c
..c
0
I....
c..
c Advances in Oracle Solaris have surpassed the capabilities of traditional tools to efficiently
0
:.;:::::; administer various aspects of network configuration. The ifconfig command, for example,
::J
..c has been the customary tool to configure network interfaces. However, this command does
c
........
rJ)
not implement persistent configuration settings. Over time, ifconfig has undergone
"0 enhancements for added capabilities in network administration. However, as a consequence,
I....
0 the command has become complex and confusing to use. Another issue with interface
c configuration and administration is the absence of simple tools to administer TCP/IP Internet
0
:.;:::::;
(..) protocol properties or tunables. The ndd command has been the prescribed customization
::J
tool for this purpose. However, like the i fconfig command, ndd does not implement
"
e persistent configuration settings. Previously, persistent settings could be simulated for a
network scenario by editing the boot scripts. With the introduction of the Service Management
0
c.. Facility (SMF), using such workarounds can become risky because of the complexities of
Q)
I....
managing SMF dependencies, particularly in the light of upgrades to the Oracle Solaris
"0
Q) installation.
N
c
0
.....c..
.
::J
ro
c
:::J
The ipadm Utility
properties. As a tool for configuring interfaces, the ipadm command offers the following
advantages:
It manages IP interfaces and IP addresses more efficiently by being the tool uniquely
designed for IP interface administration, unlike the i fconfig command that is used for
purposes other than interface configuration.
It provides an option to implement persistent interface and address configuration
settings.
-
I....
As a tool to set protocol properties, the ipadm command provides the following benefits:
0
"0 It can set temporary or persistent protocol properties for IP, Address Resolution Protocol
c (ARP), Stream Control Transmission Protocol (SCTP), and Internet Control Messaging
ct:l
Q) Protocol (ICMP), as well as upper-layer protocols, such as TCP and User Datagram
(..)
ct:l Protocol (UDP).
I....
0 It provides information about each TCP/IP parameter, such as a property's current and
default setting, as well as the range of possible settings. Thus, debugging information is
more easily obtained.
The ipadm command also follows a consistent command syntax and, therefore, is
easier to use.
The slide shows the subcommands currently supported by the ipadm utility.
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
dladm Subcommand Description
rename -link Give a link a meaningful name.
delete -phys Delete the persistent configuration of a link associated with physical
hardware that has been removed from the system.
show-phys Show the physical device and attributes of all physical links.
-
create-vlan, delete-vlan, Create, delete, and show a tagged VLAN link with an ID of vid over
I....
0 show-vlan Ethernet link ether-link.
"0
c scan-wifi, show-wifi, connect- Scan for, show, connectto, and disconnect from one or more Wi-Fi
ro wifi, disconnect-wifi networks.
Q)
(..) show-ether Show state information for all physical Ethernet links.
ro
I....
0 create-secobj, delete -secobj, Create, delete, and show a secure object in the specified class to be
show-secobj used as a WEP or WPA key in connecting to an encrypted network.
create-vnic, delete-vnic, Create, delete, and show a VNIC over the specified link.
show-vnic
create -etherstub, delete- Create, delete, and show a virtual switch betiNeen the VNICs.
etherstub, show-etherstub
show-ib Display InfiniBand (IB) link information.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
Q
... ....
)
.
..c
..c
0
I....
c..
c The dladm command is used to configure data links. This slide shows the new capabilities of
0
:.;:::::; the dladm utility.
::J
..c
c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
:::J
dladm Enhancements
dladm Subcommand Description
create - iptun, mod ify- Create, delete, modify, and show an IP tunnel.
iptun, remove-iptu n, show-
iptu n
create - br idge, modify - br Create, delete, modify, and show a layer two bridge.
idge, remove-bridge , show-
bridge
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
ORACLE.
Q
)
.
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
Th the dladm utility.
e
dla
dm
co
mm
and
is
use
d to
con
figu
re
dat
a
link
s.
Thi
s
slid
e
sho
ws
the
ne
w
cap
abil
itie
s
of
In this practice, you explore the new capabilities of the

ipadm and dladm utilities.
- Manage data links by using dladm
-
I....
0 - Manage IP configuration by using ipadm
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Agenda

Managing NWAM
-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Transitioning to Virtual Networking
Network
(/)
Q) Physical Link 1
........
ro
tE
ro Network Network
(/)
:t:
-
I....
0 Etherstub
"'0
c
ro
Q)
(.)
Router ------
0
"r"
"r"
0
N
@
........
..c
0)
c Oracle Solaris 11
>.
a..
0
0
"'0 ORACLE"
Q)
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
Today's IT organizations face the costly management of server sprawl (shown on the left in
the slide diagram). This includes the hardware, maintenance, and personnel resources
Net network resources into a single administrative unit. The goal of network virtualization is to
wor provide systems and users with efficient, controlled, and secure sharing of the networking
k
virt resources. The end product of network virtualization is the virtual network.
uali Virtual networks are classified into two broad types: external and internal. External virtual
zati networks consist of several local networks that are administered by software as a single
on
is entity. The building blocks of classic external virtual networks are switch hardware and VLAN
the software technology.
pro
ces
s of
co
mbi
nin
g
har
dw
are
net
wor
k
res
our
ces
and
soft
war
e
needed to manage, operate, and administer those servers on a daily basis. Oracle's network
virtualization solution allows enterprises to enable workload isolation and granular resource
control for all of the system's computing and 1/0 resources. Using virtual infrastructure (shown
on the right in the slide diagram) to consolidate physical systems in the data center,
enterprises can experience the following:
Lower total cost of ownership of servers
Higher server utilization
Increased operational efficiency
-
I....
Tighter security
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Virtual Network Components
Components Description
Solaris zone A Solaris zone is the combination of system resource controls
and the boundary separation provided by zones.
Virtual NIC (VNIC) A VNIC is a virtual network device with the same data link
functionality as physical interface.
I....
Virtual switch The virtual switch provides the same connectivity between
VNICs on a virtual network that switch hardware provides for
c the systems connected to a switch's ports.
Q)
Etherstub An etherstub is a pseudo-network interface that provides an
(..) unmanaged virtual Ethernet switch for virtual interfaces.
ro
Flows A flow is a stream of packets all having the same
0 characteristics, such as the port number or destination
address.
Physical network interface A physical network interface (phys) is an interface controlled
by a hardware driver.
"0
Q
)
..
..c
..c
0
I....
c..
c This table shows the key components that make up a virtual network.
0
:..cs
........ c
rJ)
:::J
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
boundary separation provided by zones. Zones act as completely isolated virtual servers
within a single operating system instance. The Solaris zone is the basic server building
Sol block of a virtual network.
ari
Virtual NIC (VNIC): A VNIC is a virtual network device with the same data link
s
functionality as physical interface. You configure VNICs on top of a physical interface or
zon
e: etherstub. You configure VNICs as you configure any physical port, using the same
A commands with the same syntax.
Sol Virtualswitch: The virtual switch provides the same connectivity between VNICs on a
aris virtual network that switch hardware provides for the systems connected to a switch's
zon ports. Each VNIC is implicitly connected to a virtual switch that corresponds to the
e is physical interface. You create VNICs on top of a physical NIC or an etherstub.
the
co
mbi
nati
on
of
syst
em
res
our
ce
con
trol
s
and
the
Etherstub: An etherstub is a pseudo-network interface that provides an unmanaged
virtual Ethernet switch for virtual interfaces. You use etherstubs to isolate the virtual
network from the rest of the virtual networks in the system as well as from the external
network to which the system is connected. Network traffic originating from virtual links
connected to the etherstub is directed to other virtual interfaces connected to the same
etherstub.
Flows: A flow is a stream of packets all having the same characteristics, such as the
port number or destination address. These flows are managed by transport, service, or
virtual machine, including zones. Flows cannot exceed the amount of bandwidth that is
guaranteed to the application or to the customer's purchased share.
.....c...
-
::J
I.... ct:l
0 c
"0 :::J
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
hysical network interface: A physical network interface (phys) is an interface
controlled by a hardware driver. You need at least one physical network interface.
P
Building a Simple Virtual Network
Global Zone
Zone 1 Zone2
-
I....
0
"0
c
ro
Q)
(..)
ro
I.... Network
0
oracle@s11x-serv1:-# dladm create-vnic -1 netO vnic1

oracle@s11x-serv1:-# dladm create-vnic -1 netO vnic2
"0
Q
)
..
..c
..c
0
I....
c..
c This slide shows a simple virtual network with two Solaris zones. Whenever you create two or
0
:.;:::::; more VNICs on the same physical port, a virtual switch will be created at the MAC layer. The
::J
..c effect of the creation of the virtual switch is that traffic between Zone 1 and Zone 2 is switched
........
rJ)
at the MAC layer. It is not necessary to stop using the physical NIC (neto) to be switched by
"0 some external piece of hardware. As long as the VNICs share the same physical NIC and are
I....
0 on the same VLAN, this MAC layer virtual switch can be employed.
c
0
:.;:::::;
This slide shows you how to create two VNICs on the physical interface.
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Configuring a Private Virtual Network
Global Zone
Zone3 Zone4
-
StubO
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
192.168.0 Network
oracle@s11x-serv1:-# dladm create-etherstub stubO

oracle@s11x-serv1:-# dladm create-vnic -1 stubO vnicO
oracle@s11x-serv1:-# dladm create-vnic -1 stubO vnic1
oracle@s11x-serv1:-# dladm create-vnic -1 stubO vnic2
"0
Q
)
..
..c
..c
0
I....
c..
::J
c
ro
0 c
:.;:::::;
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
Thi network consists of the following:
s
slid GLDv3 network interface netO: This interface connects the global zone to the public
e network.
sho Etherstub stubO: You use etherstubs to isolate the virtual network from the rest of the
ws virtual networks in the system as well as the external network to which the system is
a
sim connected. You cannot use an etherstub just by itself. Instead, you use VNICs with an
ple etherstub to create the private or isolated virtual networks. You can create as many
isol etherstubs as you require. You can also create as many VNICs over each etherstub as
ate required.
d
priv
ate
virt
ual
net
wor
k
with
two
Sol
aris
zon
es.
Thi
s
virt
ual
Three VNICs: vnico is created over etherstub stubO. This interface can be configured
in the global zone to provide a route between the private virtual network (192.168.1.0)
and the public network. Technologies, such as IP forwarding, IP filtering, and Network
Address Translation (NAT), can be used to customize the relationship between the
private and public networks. VNICs vnicl and vnic2 are also created over etherstub
stubo and are used to attach the non-global zones to stubo.
Two exclusive IP zones: The two exclusive IP zones each have a VNIC assigned.
vnicl is assigned to Zone 3, and vnic2 is assigned to Zone 4.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J

Accessing a Virtual Network Configuration
oracle@s11x-serv1:-# dladm show- OVER

link
LINK CLASS MTU STATE BRIDGE
netO phys 1500 up
net1 phys 1500 unknown
net2 phys 1500 unknown
-
I.... net3 phys 1500 unknown
0 StubO etherstub 9000 unknown
vnicO
vnic1 vnic 9000 up stubO
"0 vnic 9000 up stubO
c vnic2
ct:l vnic 9000 up stubO
Q) oracle@s11x-serv1:-# dladm show-vnic MACADDRTYPE VID

(..) LINK OVER SPEED MACADDRESS random 0
ct:l
I.... vnicO stubO 0 2:8:20:70:dO:f8 random 0
0 vnic1 stubO 0 2:8:20:80:65:0 random 0
vnic2 stubO 0 2:8:20:1f:c5:bd
oracle@s11x-serv1:-# dladm show-etherstub
LINK
stubO
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c .....c...
0 ::J
:.;:::::; ct:l
::J c
.a :::J
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
Thi command (dladm show-link) shows you how to list all the link configured in your system.
s This includes VNICs and etherstubs. The next command (dladm show-vnic) shows you
slid
e how to list the VNIC links. The last command (dladm show-ethers tub) shows you how to
sho list the etherstubs.
ws
use
ful
co
mm
and
s
for
acc
essi
ng
you
r
virt
ual
net
wor
k
con
figu
rati
on.
The
first
Bandwidth Management
Enables assignment of a portion of the available bandwidth

of a NIC
The allocated portion of bandwidth is known as a share.
The limit is the maximum allocation of bandwidth that the
- share can consume.

I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
You can prioritize among the various shares allotted to consumers. You can give highest
priority to critical traffic, such as heartbeat packets for a cluster, and lower priority for less
Ba to a consumer, such as an application or customer. You can control bandwidth on a per
nd application, per-port, per-protocol, and per-address basis. Bandwidth management ensures
wid
th efficient use of the large amount of bandwidth available from the new GLDv3 network
ma interfaces. Resource control features enable you to implement a series of controls on an
nag interface's available bandwidth.
em
ent The allocated portion of bandwidth is known as a share. By setting up shares, you can allocate
ena enough bandwidth for applications that cannot function properly without a certain amount of
ble bandwidth. For example, streaming media and Voice-over IP consume a great deal of
s bandwidth. You can use the resource control features to guarantee that these two applications
you have enough bandwidth to successfully run. You can also set a limit on the
to
ass share. The limit is the maximum allocation of bandwidth that the share can consume. Using
ign limits, you can contain noncritical services from taking away bandwidth from critical services.
a
por
tion
of
the
ava
ilab
le
ban
dwi
dth
of a
NI
C

critical applications.
You can control bandwidth usage through the management of flows (by using the flowadm
command) and link utilization (by using the dladm command).
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Managing Bandwidth
Global Zone
StubO
-
I....
"0
0
Priority = Low
c
ro
Q) 192.168.0 Network
(..)
ro
I....
0
oracle@sllx-servl:-# flowadm add-flow -1 vnic2 -a transport=TCP \
-p maxbw=lOOM,priority=low vnic2-throttle oracle@sllx-
servl:-# flowadm show-flow
FLOW LINK IPADDR PROTO LPORT RPORT DSFLD
vnic2-throttle vnic2 -- tcp
oracle@sllx-servl:-#flowadm show-flowprop vnic2-throttle
FLOW PROPERTY VALUE DEFAULT POSSIBLE
vnic2- maxbw 100 lOOM
throttle priority low low
vnic2-throttle
"0
ORACLE.
Q Copyright 2011, Oracle and/or its affiliates. All rights reserved.
... ...
)
..
..c
..c This slide shows you how to restrict flows and lower priority on a VNIC.
0
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
.....c.
..
::J
ro
c
In command. This flow (vnic2- throttle) restricts vnic2 bandwidth to 100 Mbits/s and sets
this the link priority to low.
exa
mpl
e,
a
flo
w
na
me
d
vn
ic
2-
th
ro
ttl
e
is
cre
ate
d
by
usi
ng
the
flo
wa
dm

PracticeAgenda
6-3: Overview
In this practice,
Introducing you explore
the Oracle Oracle
Solaris Solaris Enhancements
11 Network 11 network
virtualization.
- Configure two zones on a private virtual network
-
I...
0 - Configure the virtual network for public access
"0
c
ro - Secure the virtual network behind a firewall
Q)
(..) Control network traffic flow
ro
I...
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
......
rJ)
"0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ro
c
-
:::J
I....
0
"0 c ro
Q)
(..)
ro
I....
0
-
"<""
"" Managing NWAM
"<""
""
0
(\
J

..
c
0
Configuring IPMP
>
c Configuring Network Bridges
>
.
c.
.
0
New Network Monitoring Utilities "'
0
"
0
ORACLE.
..Q...).
K
r
J
)
"
0
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
Agenda
c
.
.
:
ro
:
J
c
:
:
:
J
Network Infrastructure
;------------------------------------
I
I
I
I
I
-- :I
-- Database
I
Server
Oracle- Web -IPMP
DB Service
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c In production environments, it is important to eliminate any single point of faiIure. IP

0
:o=; multipathing (IPMP) provides a mechanism for building redundant netvvork interfaces to guard
::J
..0 against faiIures with network interfaces, cables, switches, or other netvvorking hardware. In
c
1i) addition to eliminating any single point of faiIure, the IPMP load spreading feature increases
"0 the machine's bandvvidth by spreading the outbound load among all the cards in the same
'-
0 IPMP group.
c
0
:o=;
With IPMP, you can assign tvvo or more NICs to a failovergroup. Each interface is assigned a
()
::J
static test IP address, vvhich is used by Solaris to verify the operational state of the interface.
"0
0
These IP links wiII be used to periodically send an Internet Control Message Protocol (ICMP)
'-
0. echo request to a target system and Iisten for the response. If no response occurs vvithin a
Q)
'- given number of tries, the link is marked as failed. IPMP will fail over all application IP
addresses currently configured on that physical interface to another physical interface vvithin
the IPMP group. In this way, network outages due to failed netvvork hardware are eliminated.
group.
IPMP group configurations:
Active-active configuration
-
I....
0
IPMP Configurations
A
c
Two or more physical interfaces are assigned to an IPMP
t
i
v
e
-
s
t
a
n
d
b
y
c
o
n
f
i
g
u
r
a
t
i
o
n"0
c ro "<""""
ro I.... "<""""
0
Q) 0 (\J
(..) -

..c
0
>c
>.
c..
0
0
"0
..Q) ...
.
..c
..c
0
I....
c..
ORACLE.
c An IPMP configuration typically consists of two or more physical interfaces on the same
0
:.;:::::; system that are attached to the same LAN. These interfaces can belong to an IPMP group in
::J
..c either of the following configurations:
......
rJ) Active-active configuration: In this configuration, all underlying interfaces are active. An
"0
I....
active interface is an IP interface that is currently available for use by the IPMP group. By
0 default, an underlying interface becomes active when you configure the interface to become
c
0
:.;:::::;
part of an IPMP group.
(..)
::J Active-standby configuration: In this configuration, at least one interface is administratively
" configured as a reserve. The reserve interface is called the standby interface. Although idle,
0
e the standby IP interface is monitored by the multipathing daemon to track the interface's
c.. availability, depending on how the interface is configured. If link-failure notification is
Q)
I.... supported by the interface, link-based failure detection is used. If the interface is configured
"0
Q) with a test address, probe-based failure detection is also used. If an active interface fails, the
N
standby interface is automatically deployed as needed. You can configure as many standby
c interfaces as you want for an IPMP group.
0
....c.
.
::J
ro
c
:::J
This slide shows a two-interface IPMP group ipmpO with an active-active configuration.
LOCI!Ar'II Nttwork
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO link1_ipmp0
(192.168.0.142) (192.168.0.143)
Fllltd
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c This slide shovvs an IPMP active-active configuration. In this configuration, all underlying
0
:o=; interfaces are active. No underlying interfaces are reserved for replacement in the event of an
::J
..0 active interface failure.
c
1i) IPMP failure detection can be link-based, probe-based, or both to determine the availability of
"0
'- a specific underlying IP interface in the group. If IPMP determines that an underlying interface
0 has failed, that interface is flagged as failed and is no longer usable. The data IP address that
c
0
:o=;
vvas associated with the failed interface is then redistributed to another functioning interface in
() the group. If available, a standby interface is also deployed to maintain the original number of
::J
"0 active interfaces.
0
'-
0.
Q)
'-

I....
How IPMP Works: Active-Active
"0
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)

This slide shows a two-interface IPMP group ipmpO with an active-active configuration.
Two data addresses are assigned to the group: 192.168.10.112 and 192.168.10.113.
Two underlying interfaces are configured as active interfaces and are assigned flexible
link names: linkO_ipmpO and link1_ipmp0.
Probe-based failure detection is used, and thus the active interfaces are configured with test
addresses, as follows:
linkO_ipmpO: 192.168.0.142
link1_ipmp0: 192.168.0.143
The Active and Failed areas in the diagram indicate only the status of underlying interfaces,
and not physical locations. No physical movement of interfaces or addresses, and no transfer
of IP interfaces, occurs within this IPMP implementation. The areas serve to show only how
an underlying interface changes status as a result of either failure or repair.

LOCII Artl Network
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO linlk1_ipmp0
(192.168.0.142) (192..168.0.143)
'
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.

Her interface is flagged as Failed and is no longer usable. The data IP address that was
e, associated with the failed interface is then redistributed to the remaining functioning interface
IPM
P in the group. The IPMP group has been reduced to one active interface and thus a single
det point-of-failure.
erm
ines
that
an
und
erlyi
ng
inte
rfac
e l
ink
O
_ip
mp
O
has
faile
d.
The
fail
ed

How IPMP Works: Active-Active
LOCII ANI Network
ipmpO
192.168.0.112 192.168.0.113
lirnkO_ipmpO link1_ipmp0
(192.168.0.142)
(19,2..168.0.143)
"0
Q ORACLE.
)
. reserved.
:0
..c.
0
'-
0.
c IPMP continues to probe the failed underlying interface (l inkO _ipmpo) to determine if it has
2 been repaired. When IPMP determines that an underlying interface has been repaired, it flags
.5
the interface as Active. The data IP address that was associated with the failed interface is
w then redistributed to the repaired interface.
c
"0
'-
0
c
0
:o=;
()
=:)
"0
0
'-
0.
Q)
'-
How IPMP Works: Active-Standby
LocalArta Nllltwork
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO link1_ipmpo
(192.168.0.142) (192.168.0.143)
OMht
Standby
link2_ipmp0
(192.168.0.144)
"0
Q ORACLE"
)
.
:0
..c.
0
'-
0.
0.
c Q)
0 '-
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-

IP and standby interfaces when the group was created.
MP
mai IPMP failure detection can be link-based, probe-based, or both to determine the availability of
ntai a specific underlying IP interface in the group. If IPMP determines that an underlying interface
ns has failed, that interface is flagged as Failed and is no longer usable. The data IP address
net that vvas associated with the failed interface is then redistributed to another functioning
vvo
interface in the group. If available, a standby interface is also deployed to maintain the original
rk
ava number of active interfaces.
ilab
iIity
by
atte
mpt
ing
to
pre
ser
ve
the
orig
inal
nu
mb
er
of
acti
ve

This slide shows a three-interface IPMP group ipmpO with an active-standby configuration.
Two data addresses are assigned to the group: 192.168.10.112 and 192.168.10.113.
Two underlying interfaces are configured as active interfaces and are assigned flexible
link names: linkO_ipmpO and linkl_ipmpO.
The group has one standby interface, also with a flexible link name: link2_ipmpO.
Probe-based failure detection is used, and thus the active and standby interfaces are
configured with test addresses, as follows:
linkO ipmpO: 192.168.0.142
linkl ipmpO: 192.168.0.143
link2 ipmpO: 192.168.0.144
I....
=a The Active, Offline, Reserve, and Failed areas in the figures indicate only the status of
underlying interfaces, and not physical locations. No physical movement of interfaces or
w addresses, and no transfer of IP interfaces, occurs within this IPMP implementation. The areas
serve to show only how an underlying interface changes status as a result of either
failure or repair
0
0
(\J
,\ '3.(\
..c
0
> c
>.
c..
0
0
e
......
rJ)
"""0
I....
0
c
0
:.;:::::;
(.)
::J
"" "
e
0 c..
Q)
I....
"""0
Q)
N
c
0
....c..
::J
ro
Local Area Nletwork
ipmpO
192.168.0.112 192.168.0.113
link.O_ipmpO link2_ipmp0 link.1_ipmp0

(192.168.0.142) (192.168.0.144) (192.168.0.143)
"0
Q ORACLE"
)
.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.

Her interface is flagged as Failed and is no longer usable. The data IP address that was
e, associated with the failed interface is then redistributed to another functioning interface in the
IPM
group. The available standby interface l ink2_ipmpO is moved to an active state to maintain
P
det the original number of active interfaces.
erm
ine
s
that
an
und
erly
ing
inte
rfac
e l
ink
O
_ip
mp
O
has
fail
ed.
The
fail
ed

LocalAreaNetwork
ipm pO
192.168.0.112 192.168.0.113
link.O_ipmpO link2_ipmp0 link.1_ipmp0

(192.168.0.142) (192.168.0.144) (192.168.0.143
I )
"0
Q ORACLE"
)
.
:0
..c.
0
'-
0.
c IPMP continues to probe the failed underlying interface (l inkO _ipmpo) to determine if it has
0
:o=; been repaired. When IPMP determines that an underlying interface has been repaired, it flags
::J
..0 the interface as Active and the standby interface (l ink2_ipmpO) is moved back to a standby
c
1i) state. The data IP address that was associated with the failed interface is then redistributed to
"0 the repaired interface.
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
LocalArea Nletwork
ipmpO
192.168.0.112 192.168.0.113
link.O_ipmpO link.2_ipmp0 link1 1pmpO

(192.168.0.142) (192.168.0.144) 192 11)
Fllltcl : ,, otniiW
I link1_ipmp0
.---.;:;.;:&tl=by:2..-_--.,{< (192.168.0.143)
link2_ip
(192.168.0.144)
-- -
"0
Q ORACLE'
)
.
:0
..c.
0
'-
0.
c In the case where the administratorofflines an underlying interface (l inkl_ipmpO in the

2 example in the slide), IPMP flags the interface as Offline and it is no longer usable. The data
.5
c
IP address that was associated with the failed interface is then redistributed to another
1i5 functioning interface in the group. The available standby interface l i nk2 _ i pmpO is moved to
-o an active state to maintain the original number of active interfaces.
'-
0
c
0
:o=;
()
=:)
"0
0
'-
0.

Q)
'-

Configuring IPMP: Active-Active
roots11-serv1:-# dladm rename-link netO linkO_ipmpO

roots11-serv1:-# dladm rename-link net1 link1_ipmp0
ro roots11-serv1:-# ipadm create-ip linkO_ipmpO
roots11-serv1:-# ipadm create-ip link1_ipmp0
ro roots11-serv1:-# ipadm create-ipmp ipmpO
roots11-serv1:-# ipadm add-ipmp -i linkO_ipmpO \
- -i link1_ipmp0 ipmpO
I....
0
"0
c
ro roots11-serv1:-# ipadm create-addr -T static \
Q)
-a 192.168.0.112/24 ipmp0/v4add1
(..)
ro
I....
roots11-serv1:-# ipadm create-addr -T static \
0 -a 192.168.0.113/24 ipmp0/v4add2

-a 192.168.0.142/24 linkO_ipmpO/test
-a 192.168.0.143/24 link1_ipmp0/test
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c This slide shows you the steps to configure an active-active IPMP configuration with flexible
0
:.;:::::; data link names as shown in the diagram in the earlier slide titled "How IPMP Works: Active
::J
.a Active." Here, you rename the data links neto and netl to linkO_ipmpO and
........
rJ)
linkl_ipmpO, respectively. Before these data links can be used by IPMP, you must create
"0 an IP interface for each one.
I....
0 Now you are ready to create the IPMP group. This involves two steps. You first create the
c
0 IPMP group(ipmpo in this example), and then you add the underlying interfaces
:.;:::::;
(..) (linkO_ipmpO and linkl_ipmpo)to the group.
::J
" Next, assign the data IP addresses to the IPMP interface(ipmpo)in the form of IP address
0
e objects(ipmpO/v4addl and ipmpO/v4add2).
c.. Finally, assign the test IP addresses to each underlying interface in the form of IP address
Q)
I....
objects(linkO_ipmpO/test and linkl_ipmpO/test).
Configuring IPMP: Active-Standby
roots11-serv1:-# dladm rename-link netO linkO_ipmpO
roots11-serv1:-# ipadm create-ip linkO_ipmpO
roots11-serv1:-# ipadm create-ipmp ipmpO
-
I....
roots11-serv1:-# ipadm add-ipmp -i linkO_ipmpO \
0 -i link1_ipmp0 -i link2_ipmp0 ipmpO
"0 roots11-serv1:-# ipadm set-ifprop -p standby=on -m ip link2_ipmp0
c
ct:l roots11-serv1:-# ipadm create-addr -T static \
Q)
(..)
-a 192.168.0.112/24 ipmp0/v4add1
ct:l
I....
0 -a 192.168.0.113/24 ipmp0/v4add2
-a 192.168.0.142/24 linkO_ipmpO/test
-a 192.168.0.143/24 link1_ipmp0/test
-a 192.168.0.144/24 link2_ipmp0/test
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Monitoring IPMP
Thi data link names as shown in the diagram in the earlier slide titled "How IPMP Works: Active
s Active." The steps are similar to those shown on the previous slide.
slid
e Here, you rename the data linksnetO, netl,and net2 to linkO_ipmpO, linkl_ipmpO,
sho and link2_ipmpO, respectively. You then create an IP interface for each one.
ws
you Now you create the IPMP group. This involves two steps. You first create the IPMP group
the (ipmpO in this example), and then you add the underlying interfaces (linkO_ipmpO,
ste linkl_ipmpO, and link2_ipmpo) to the group.
ps
to Once the IMP group is created, you set the standby property in one of the underlying
con interfaces (link2_ipmpO in this example) to on.
figu Next, assign the data IP addresses to the IPMP interface (ipmpo) in the form of IP address
re
an objects (ipmpO /v4addal nd ipmpO /v4add2).
acti Finally, assign the test IP addresses to each underlying interface in the form of IP address
ve- objects (linkO_ipmpO/test, linkl_ipmpO/test, and link2_ipmp0).
sta
ndb
y
IP
MP
con
figu
rati
on
wit
h
flex
ible
roots11-serv1:-# ipmpstat -g
GROUP GROUPNAME STATE FDT INTERFACES
ipmpO ipmpO degraded 10.00s link2_ipmp0 link1_ipmp0 [linkO_ipmpO]
roots11-serv1:-# ipmpstat -i
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
-
link2_ipmpO yes ipmpO -s----- up ok ok
I....
0 link1_ipmpO yes ipmpO --mbM-- up ok ok
linkO_ipmpO no ipmpO ------- up failed failed
"0
c
ct:l
Q)
(..) roots11-serv1:-# ipmpstat -an
ct:l ADDRESS STATE GROUP INBOUND
I....
0 OUTBOUND
down ipmpO link1_ipmp0 link2_ipmp0
192.168.0.11 up ipmpO link1_ipmp0 link2_ipmp0
3 up ipmpO link2_ipmp0 link1_ipmp0
192.168.0.11
2

Configuring IPMP: Active-Standby
"0 ORACLE'
Q
... . Copyright 2011, Oracle and/or its affiliates. All rights
)
.. .. reserved.
..
c
..c
0
I....
c..
c You use the ipmpstat command to monitor IPMP group activity and health.
0
:.;:::::;
::J This slide shows three examples of ipmpstat usage. The examples that you see
..c here are taken from an IPMP active-standby configuration created by the procedure
........
rJ) shown in the previous slide. Here, one of the underlying interfaces has failed.
"0
I.... The first example (ipmpstat -g) displays information about the IPMP group. The
0
c IPMP group is named ipmpO. It has three underlying interfaces: linkO_ipmpO,
0 linkl_impmO, and link2_ipmpO. Note that the state of the IPMP group is
:.;:::::;
(..)
::J degraded and the underlying interface linkO_ipmpo has brackets around it (boxed)
" indicating that it has failed.
0
e The second example (ipmpstat -i) displays information about the IP interfaces. Here,
c.. link2 ipmpO is in the Active state and linkO ipmpO is in the Failed state.
Q)
I....
"0
Q)
c
0
.....c
...
::J
ct:l
c
:::
J

i = Unusable due to being INACTIVE
s =Masked STANDBY Monitoring IPMP
m = Nominated to send/receive IPv4 multicast for its IPMP group
b = Nominated to send/receive 1Pv4 broadcast for its IPMP group
M = Nominated to send/receive IPv6 multicast for its IPMP group
d = Unusable due to being down
H = Unusable due to being brought OFFLINE by in. mpathd (IPMP daemon) because
of a duplicate hardware address
-
I...
The third example (ipmpstat -an) displays information about the IPMP data addresses. IP
0 address 192.168.0.112 is currently assigned to the standby interface (link2_ipmpo) and
""0
c 192.168.0.113 is assigned to linkl_ipmpO for all INBOUND data traffic.
ct:l
Q) OUTBOUND data traffic is spread across both active interfaces for each IP address.
(.)
ct:l
I...
0
(\J
..c
0
> c
>.
c..
0
0
""0
..) Q...
.
..c
I...
0
c
0
:.;:::::;
(.)
::J
" "
e
0 c..
Q)
I...
""0
Q)
N
c
0
....c.
.
::J
ct:l
c
:::J
roots11-serv1:-# ipmpstat -pn
TIME INTERFACE PROBE NETRTT RTT RTTAVG TARGET
0.06s link2_ipmpO i163 0.26ms 0.49ms 0.33ms 192.168.0.100
0.49s linkO_ipmpO i161 192.168.0.100
-
I.... -0.49s linkO_ipmpO i160 192.168.0.100
0
"0
2.52s link2_ipmpO
c.. i165 0.23ms 0.39ms 0.34ms 192.168.0.100
c 2.74s link1_ipmpO i163 0.24ms 0.38ms 0.32ms 192.168.0.100
ct:l
Q) 3.69s link1_ipmpO i164 0.25ms 0.45ms 0.34ms 192.168.0.100
(..) 2.31s linkO_ipmpO i162 192.168.0.100
ct:l
I....
"0 O
Q
... ...
) Copyright 2011,
R
.. Oracle and/or its A
..c affiliates. All CL
..c rights reserved.
0 E'
I....
c This example (ipmpstat -pn) displays information about the IPMP probe. For IPMP
0
:.;:::::; probing to work correctly, the IPMP group must be connected to the local area network and at
::J
..c least one other host (the probe target) must also be connected to the same network.
........
rJ) Here, interfaces link2_ipmpO (standby) and linkl_ipmpO are actively probing target
"0
I....
192.168.0.100. Interface linkO_ipmpO probing is failing.
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Agenda
In this practice, you explore IP network multipathing

(IPMP).
- Create an IPMP active-active configuration
-
I....
0 - Create an IPMP active-standby configuration
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Managing NWAM
-
I....
"0
0
Configuring IPMP
c
ro
Q)

(..)
ro
I....
New Network Monitoring Utilities
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
'0
....rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Unlike STP and RSTP, TRILL does not shut down physical links to prevent loops. Instead,
TRILL computes the shortest-path information for each TRILL node in the network and uses
Bridging is used to connect separate network segments.

Bridging simplifies network administration.
Bridges use a packet-forwarding mechanism.
Bridging supports Spanning Tree Protocol (STP) and
-
I....
0
"0
c
TRILL.
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Network Bridging
Net bridge, the attached network segments communicate as if they were a single network
wor segment. Bridging is implemented at the data link layer (L2) of the networking stack to
k connect subnetworks together.
brid
ges Using a bridge configuration simplifies the administration of the various nodes in the network
are by connecting them to a single network. By connecting these segments through a bridge, all
use
the nodes share a single broadcast network. Thus, each node can reach the others by using
d
to network protocols such as IP rather than by using routers to forward traffic across network
con segments. If you do not use a bridge, you must configure IP routing to permit the forwarding of
nec IP traffic between nodes.
t
sep To forward packets to their destinations, bridges must listen in promiscuous mode on every
ara link that is attached to the bridge. Listening in promiscuous mode causes bridges to become
te vulnerable to the occurrences of forwarding loops, in which packets circle forever at full line
net rate. To prevent this, bridging uses the Spanning Tree Protocol (STP) to prevent network
wor
k loops that would render the subnetworks unusable. In addition to STP, Oracle Solaris 11
seg supports Transparent Interconnect of Lots of Links (TRILL) protocol.
me
nts.
Wh
en
con
nec
ted
by
a
that information to forward packets to individual destinations. As a result, TRILL enables the
system to leave all links in use at all times.
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
oracles11x-serv1:-# dladm create-bridge -1 natO -1
net3 tonowhere oracles11x-serv1:-# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
Tonowhere stp 32768/8:0:27:15:2:19 32768
32768/8:0:27:15:2:19 oracles11x-serv1:-# dladm
-
show-bridge -1 tonowhere
I.... LINK STATE UPTIME DESROOT
0
natO forwarding 90
"0
c 32768/8:0:27:15:2:19 net3 discarding 90
ct:l 32768/8:0:27:15:2:19 oracles11x-serv1:-#
Q) dladm remove-bridge -1 natO -1 net3 tonowhere
(..) oracles11x-serv1:-# dladm delete-bridge tonowhere
ct:l '(\
ORACLE'
c This slide shows you how to create, display, and remove a network bridge.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
In Practice 6-5, you create a bridge between two network

interfaces.
In Practice 6-6, you create a link aggregation.
-
I...
0
"0
c
ro
Q)
(..)
ro
I...
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

......
rJ)
"0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
New Network Utilities
Managing NWAM
-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
The wireshark Utility
"0
Q ORACLE"
)
. reserved.
:0
..c.
0
'-
0.
c Wireshark is a network protocol analyzer. You can use it to capture and interactively brovvse
0
:o=; the traffic running on a computer network. Because of its rich and powerful feature set, system
::J
..0 administrators, security experts, developers, and educators around the world use it regularly.
c
1i) It is freely available as open source and is released under the GNU General Public License
"0 version 2.
'-
0
With Wireshark you can:
c
0
:o=; Capture live packet data from a network interface
()
::J Display packets with very detailed protocol information
"0
0 Open and save captured packet data
'-
0.
Q)
'- Import and export packet data from and to many other capture programs
Filter packets by using many criteria
Search for packets by using many criteria
Colorize packet display based on filters
View various statistics
This slide shows the Wireshark packet analyzer interface.
Reports runtime statistics about data links.
dlstat allows you to:
- Examine all links and reports statistics
- Examine a specific link and reports statistics
-
I....
"0
0
- Examine physical network devices and reports statistics
c
ro - Examine link aggregations and reports statistics
Q)
(..)
ro Specify a sampling interval
I....
0
-
"<""""
"<""""
0
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
..Q) ...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
The dlstat Utility
The descending order of link utilization. The slide lists what you can do using dlstat.
dl
st
at
co
mm
and
rep
orts
runt
ime
stat
istic
s
abo
ut
dat
a
link
s.
The
out
put
is
sort
ed
in
the

dlstat: Examples
oracles11x-serv1: # dlstat
LINK IPKTS RBYTES OPKTS OBYTES
vnicO 222 9.42K 1.50K 118.00K
vnic1 1.10K 82.73K 168 7.15K
vnic2 1.10K 82.73K 168 7.15K
speedway08.95K 713.56K 17.69K 20.80M
oracles11x-serv1: # dlstat show-phys
- LINK TYPE INDEX PKTS BYTES

I....
0
"0
netO rx 0 5.25K 464.55K
c net1 rx 0 1.32K 93.89K

ct:l net2 rx 0 1.32K 93.89K
Q) 1.32K 93.89K
net3 rxI 0
(..)
ct:l speedwayO rx 0 5.25K 464.55K
I....
speedwayO rx 1 1.32K 93.89K
0
speedwayO tx 0 4.86K 3.46M
speedwayO tx 1 885
831.00K speedwayO tx 2 1.79K
1.88M speedwayO tx ORACLE'
3 10.21K 14.64M
"0
Q
... ...
)
..
..c
..c ::J " 0 c.. Q)
0
I....
c..
I....
"0
e
c Q)
0 N
:.;:::::; c
::J Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.a
........
rJ)
"0
I.... The slide shows examples of dlstat usage.
0
c In the first example, running dlstat without subcommands displays a summary of statistics
0
:.;:::::;
(..)
for all the links. The report shows incoming traffic (IPKTS and RBYTES) and outgoing traffic
(OPKTS and OBYTES).
In the second example, the show-phys subcommand reports network traffic statistics for
each physical network device. The INDEX field identifies the ring queue associated with a
d vice. The report includes statistics for data received (rx) and data transmitted (tx). Note
e that if your link aggregations (speedwayo) are present, they are also displayed.
oraeles11x-serv1: # dlstat show-link
LINKTYPE ID INDEX PKTS BYTES
vnieO rx local 114 4.84K
vnieO rx beast 112 4.75K
vnieO rx SW 0 0
vnieO tx beast 1.01K 79.68K
-
I.... vnieO tx SW 514 40.38K
0
speedwayO rx hw 0 5.22K 458.88K
"0
c speedwayO rx hw 1 1.28K 87.51K
ct:l
Q)
(..)
ct:l
I....
0 oraeles11x-serv1: # dlstat show-aggr

LINK PORT IPKTS RBYTES OPKTS OBYTES
speedwayO 9.26K 751.05K 17.78K 20.82M
speedwayO netO 5.28K 466.74K 4.89K 3.46M
speedwayO net1 1.33K 94.77K 885 831.OOK
speedwayO net2 1.33K 94.77K 1.79K 1.88M
speedwayO net3 1.33K 94.77K 10.22K 14.64M
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
.....c.
..
::J
ct:l
dlstat: Examples
The output, the ID field indicates whether hardware rings are exclusively assigned (indicated by
sh hw) or shared (indicated by sw) among clients. rx rings are shared if other clients, such as
ow VNICs, are configured over the link as well. In the example shown in the slide, sharing is
-
lin indicated by the vnicO swvalue in the ID column.
k The show- aggr subcommand reports incoming and outgoing network traffic statistics for
sub
co aggregated links. The PORT field indicates the devices that make up the link aggregation.
mm
and
rep
orts
net
wor
k
traff
ic
stat
istic
s
for
eac
h
net
wor
k
link.
In
the

In this practice, you use new Oracle Solaris 11 utilities to

monitor the network.
- Install and explore the wire shark utility
-
I....
0 - Install and explore the dl stat utility
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Summary

Describe the new network features and enhancements
List the new and enhanced network management utilities
Configure Network Auto-Magic (NWAM)
-
I....
0
"0
c Configure IPMP
ro
Q) Configure network virtualization
(..)
ro
I.... Configure a network bridge
0
"<""""
- List the new network monitoring utilities
"<""""
0
(\J
..c
0
>
c
>.
c..
0
ORACLE.
..c
0
I....
c..
c In this lesson, you were presented with the new Oracle Solaris 11 network features. You were
0
:.;:::::; also shown the tasks involved in managing NWAM and configuring virtual networks. Finally,
::J
..c you learned how to configure a network bridge.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Cl)
2
-
I...
"0
c
ct:l
Q)
(..)
ct:l
I...
0
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives
Oracle Solaris 11 Storage Enhancements

-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Agenda
After completing the

Introducing thisOracle
lesson,Solaris
you should be able
11 Storage to:
Enhancements
Describe the new storage features and enhancements
Split a mirrored ZFS storage pool
Identify ZFS snapshot differences
-
I....
0
"0
c Configure ZFS deduplication
ro
Q) Configure COMSTAR
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Migrating UFS and ZFS File Systems
Splitting a Mirrored ZFS Storage Pool
Identifying ZFS Snapshot Differences
-
I....
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
ZFS deduplication: Deduplication is the process of eliminating duplicate copies of data.
ZFS deduplication saves space and unnecessary 1/0, which can lower storage costs
:::J
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Introducing Oracle Solaris 11
Storage Enhancements
You can migrate UFS and ZFS file systems.

Z You can split a mirrored ZFS storage pool.
F You can determine ZFS snapshot differences.
S
You can use deduplication in ZFS to save storage space.
i COMSTARs for iSER, SRP, and FCoE are now supported. '
s
t There is greater Microsoft interoperability with fully
h integrated CIFS support.
e l'-le(\ .... o. \O
d ORACLE.
e Copyright 2011, Oracle and/or its affiliates. All rights reserved.
f
a A number of important storage features and enhancements have been introduced with the
u release of the Oracle Solaris 11 operating system. These features and enhancements
lt include:
r ZFS default root file system: ZFS is the default root file system for the Oracle Solaris
o 11 operating system. With a ZFS root pool, you do not have to worry about calculating
slice sizes for 1, lvar, 1export, and so on only to find out you did not create them with
o enough space (or with too much). With ZFS, they consume only as much space as they
t need. ZFS reduces complexity by eliminating the need for multiple volume management
fi tools. Another benefit to having a ZFS root pool is that you can mirror your root file
l system with very little effort.
e Migrating UFS and ZFS file systems: You can use the ZFS Shadow Migration
s feature to migrate data from old UFS and ZFS file systems to new file systems
y while simultaneously allowing access and modification of the new file systems
s during the migration process.
t Splitting mirrored ZFS storage pools: A mirrored ZFS storage pool can be
quickly cloned as a backup pool.
e
ZFS snapshot differences: A very useful feature has been implemented for ZFS in
m Oracle Solaris 11, which allows you to list all file changes between two snapshots of a
. ZFS file system.
0
"0
c
ct:l
Q)
(..) ct:l I....
-
I....
ZFS deduplication: Deduplication is the process of eliminating duplicate copies of data.
ZFS deduplication saves space and unnecessary 1/0, which can lower storage costs
and improve performance. ZFS deduplication automatically avoids writing the same
data twice on your drive by detecting duplicate data blocks and keeping track of the
multiple places where the same block is needed.
COMSTAR targets for iSER, SRP, and FCoE: COMSTAR (Common Multiprotocol
SCSI Target) is the software framework that enables the ability to turn any Oracle
Solaris host into a target device that can be accessed over a storage network. The
COMSTAR framework makes it possible for all SCSI device types (tape, disk, and
"0
Q the like) to connect to a transport (such as Fibre Channel) with concurrent access to
... ...
)
.. all logical unit numbers (LUN) and a single point of management. Support for a
..c number of protocols has been added: iSCSI Extensions for RDMA (iSER) and SCSI
RDMA
Protocol (SRP) for hosts that include an lnfiniBand Host Channel Adapter, iSCSI, and
Fibre Channel over Ethernet (FCoE). Oracle Solaris DTrace probes have also been
0
s
added to COMSTAR in the SCSI Target Mode Framework (STMF) and SCSI Block ) "'
I....
0 Device (SBD).
c
0 Greater Microsoft interoperabilitywith fully integrated CIFS: Oracle Solaris 11
:.;:::::;
(..) includes fully integrated ClFS. The Common Internet File System (CIFS), also known
::J
as SMB, is the standard for Microsoft file-sharing services. The Oracle Solaris CIFS
ec...
"0
service provides file sharing and MS-RPC administration services required for
Q)
I.... Windows-like behavior for interoperabilitywith CIFS clients, including many new
"0
Q)
features such as
N host-based access control, which allows a CIFS server to restrict access to specific
c clients by IP address, ACLs (access control lists) on shares, and synchronization of
0 client-side offline file caching during reconnection. Microsoft ACLs are also supported
.....c. in ZFS.
..
::J
ct:l
c
:::J
Agenda
Introducing the Oracle Solaris 11 Storage Enhancements

-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
ZFS Shadow Data Migration
Used for migrating data from one system to another

Supported file system types:
- A local or remote ZFS file system to a target ZFS file system
- A local or remote UFS file system to a target ZFS file system
- Shadow migration method:

I....
0
"0
c c
ro :::J
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Create Data from source file system is copied to the shadow file
an system.
ZFS
system.
Set
shadow
property ORACLE.
on Copyright 2011, Oracle and/or its affiliates. All rights reserved.
empty
ZFSA common task for administrators is to migrate data from one system to another. In the most
system
abstract sense, this problem encompasses a large number of use cases, from replicating data
to between servers to keeping user data on laptops in sync with servers. The ZFS Shadow Data
to Migration feature in Oracle Solaris 11 OS provides a simple-to-use solution for moving data
quickly and safely between systems.
system
to You can use the shadow migration feature to migrate file systems as follows:
A local or remote ZFS file system to a target ZFS file system
migrated.
A local or remote UFS file system to a target ZFS file system
ZFS Shadow Data Migration uses a simple method that pulls the data to be migrated:
Create an empty ZFS file system.
Set the shadow property on an empty ZFS file system, which is the target (or shadow)
file system, to point to the file system to be migrated.
Data from the file system to be migrated is copied over to the shadow file system.
You can use the shadows tat command to monitor a file system migration, which
provides the following data:
Source file system must be set to read-only.

The target file system must be completely empty.
Migration continues across reboots.
Determine whether UID, GID, and ACL information is to be
- migrated.
I....
0
"0
c
ro Be patient.
Q)
(..)
ro
Use the shadows tat command to monitor shadow
I....
0 migration activity.
-
"<""""
"<""""
0
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
"0
.
..c
..c
0 ZFS Shadow Data Migration
I....
c..
c
0
:.;:::::;
::J
..c c
:::J
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
Shadow Migration Considerations
Wh The file system to be migrated must be set to read-only. If the file system is not set to
en read-only, in-progress changes might not be migrated.
pla
nni The target file system must be completely empty.
ng If the system is rebooted during a migration, the migration continues after the system is
you booted.
r
sha Access to directory content that is not completely migrated or access to file content that
do is not completely migrated is blocked until the entire content is migrated.
w
mig If you want the UlD, GID, and ACL information to be migrated to the shadow file system
rati during an NFS migration, make sure that the name service information is accessible
on between the local and remote systems. You might consider copying a subset of the file
con system data to be migrated for a test migration to see that all the information is migrated
figu
properly before completing a large migration of data over NFS.
rati
on, Migrating file system data over NFS can be slow, depending on your network
con bandwidth. Be patient.
sid
er
the
foll
owi
ng:
The BYTES XFRD column identifies how many bytes have been transferred to the
shadow file system.
The BYTES LEFT column fluctuates continuously until the migration is almost
complete. ZFS does not identify how much data needs to be migrated at the
beginning of the migration because this process might be too time-consuming.
Consider using the BYTES XFRD and the ELAPSED TIME information to estimate
the length of the migration process.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J

..c
0
>
c
>.
c..
0
0
"0
Q
... ..
)
. ..
..c
You can use the shadows tat command to monitor a file system migration, which
provides the following data:
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c
...
::J
ct:l
c
:::J
Configuring ZFS Shadow Data Migration
roots11-source:-# share -F nfs -o ro /export/UFS_data
root@s11-source:-# share -F nfs -o ro /export/ZFS_data
roots11-target:-# pkg install shadow-migration
root@s11-target:-# svcadm enable shadowd
roots11-target:-# zfs create -o \
shadow=nfs://s11-source/export/UFS_data \
-
I.... rpool/export/shadow_UFS_data
0
"0
roots11-target:-# zfs create -o \
c shadow=nfs://s11-source/export/ZFS_data \
ct:l
Q) rpool/export/shadow_ZFS_data
(..)
ct:l
I....
root@s11-target:- # shadowstat
0 EST
BYTES BYTES ELAPSED
DATASET XFRD LEFT ERRORS TIME
rpool/export/UFS_shadow 85.7M 77.75M 00:05:11
rpool/export/ZFS_shadow - 00:05:12
No migrations in progress
,.........
"0 ORACLE'
Q
...) ...
..
..c
0
I....
c..
c Splitting a ZFS Mirrored Pool: Example
0
:.;:::::;
::J The slide shows an example of setting up ZFS shadow data migration on a remote host
..c containing the file system to be migrated and the target host containing the shadow file
........
rJ) system.
"0
I....
0
Here, two remote file systems (one UFS, one ZFS) are exported as read-only NFS file
c systems.
0
:.;:::::; On the target host, you must first install the shadow-migration software package. After the
(..)
::J
package is installed, enable the shadowd service.
"
e Finally, create an empty ZFS file system for each exported file system on the remote host. On
0 each ZFS shadow file system, set the shadow option to
c..
Q)
I....
nfs://remote_system/exported_file_system.
"0
Q) Run the shadows tat command on the target host to monitor shadow migration activity.
N
c
0
.....c.
..
::J
ct:l
c
:::J
Agenda

-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Use the zpool split command to split a mirrored ZFS

storage pool.
Splitting detaches a disk from a mirrored pool to create a
new pool.
- :::J
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
new pool contents are identical to the original mirror
pool.
T
By default, zpool split detaches the last disk.
h
e
accessible.
ORACLE.
A mirrored ZFS storage pool can be quickly cloned as a backup pool by using the zpool
split command. Currently, this feature cannot be used to split a mirrored root pool.
You use the zpool split command to detach disks from a mirrored ZFS storage pool to
create a new pool with one of the detached disks. The new pool will have identical contents to
the original mirrored ZFS storage pool. By default, a zpool split operation on a mirrored
pool detaches the last disk for the newly created pool. After the split operation, the new pool
must be imported to be accessible.
Splitting a ZFS Mirrored Pool: Example
oraclesllx-servl: # zpool create newpool mirror c7t2d0 c7t3d0
oraclesllx-servl: # zpool split -n newpool newpooll
would create newpooll' with the following layout:
newpooll
c7t3d0
oraclesllx-servl: # zpool split newpool newpooll
oraclesllx-servl: # zpool import newpooll
oraclesllx-servl: # zpool status
-
I.... pool: newpool
0 state: ONLINE
"0 scan: none requested
c
ct:l config:
Q)
NAME STATE READ WRITE CKSUM
(..)
ct:l newpool ONLINE 0 0 0
I....
0 c7t2d0 ONLINE 0 0 0
pool: newpooll
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
newpooll ONLINE 0 0 0
c7t3d0 ONLINE 0 0 0
"0
Q
- ... ORACLE'
... ...
) Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
The In this example, you create a mirrored pool (newpool). Then you run the zpool split -n
slid command to perform a "dry run" on the spilt operation. Next, you split the mirror to create the
e
sho newpooll pool. Finally, you import the newpooll pool and check ZFS pool status. The
ws status shows that the newpool and newpooll pools each contain one disk from the original
an mirrored ZFS pool.
exa
mpl
e of
split
ting
a
ZF
S
mirr
ore
d
stor
age
poo
l.
Agenda

Migrating UFS and ZFS file systems
-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
-
I....
0
"0 c ro
You can determine ZFS snapshot differences by using the

z The z f s di f f command gives a high-level
f description of the differences between a snapshot
s
d and a descendent dataset.
if The type of change is described along with the name of
f
co
m
m
a
n
d.
Q ro
)
(.

.)
I.. "0
..
I....
0 0
"<""
- c
"" 0
"<"" :.;:::::;
"" (..)
0
(\
J
::J " 0 c.. Q)
.. "0
I.... e
c Q)
0 N
> c
0
c ....c..
>
. ::J
ro
c.
. c
0 :::J
0
"
0
..Q)
... .
..
c
..
c
0
I...
.
c.
.
c
0
:.;::::
:;
::
J
..
c
.....
. rJ
)

15
Agenda

+ M indicates that the file was modified in the
indicates
that later dataset. R indicates that the file was
file renamed in the later dataset.
added
the
dataset. ORACLE.
-
indicate
In Oracle Solaris 11, you can determine ZFS snapshot differences by using the
s zfs diff command. The z fs diff command gives a high-level description of
file the differences between a snapshot and a descendent dataset. The descendent
can be either a snapshot of the dataset or the current dataset.
removed
For each file that has undergone a change between the original snapshot and
in the descendent, the type of change is described along with the name of the file.
laterIn the case of a rename, both the old and new names are shown. The type of
change follows any timestamp displayed and is described with a single character
dataset.
(as listed in the slide).

Agenda

oracles11x-serv1:# zfs snapshot newpool/mydatabefore
oracles11x-serv1:# touch /newpool/mydata/newfile
oracles11x-serv1:# zfs snapshot newpool/mydataafter
oracles11x-serv1:# zfs list -r -t snapshot -o name,creation
-
I....
NAME newpool/mydatabefore CREATION
0 newpool/mydataafter Mon Apr 6 14:54 2011
"0
c rpool/ROOT/solarisinstall Mon Apr 6 14:59 2011
ct:l
Q) Fri Mar 4 22:33 2011
(..)
ct:l oracles11x-serv1:# zfs diff newpool/mydatabefore newpool/mydataafter

I....
0 M /newpool/mydata/
+ /newpool/mydata/newfile
oracles11x-serv1: #
"0
Q ORACLE'
)
..
..c
..c
0 This slide shows an example of identifying ZFS snapshot differences.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Identifying ZFS Snapshot Differences:
Example
I e example, you take a before snapshot of the newpool/mydata ZFS file system. Then you
n create a new file (newfile) in /newpool/mydata. You take another snapshot (after) of
the same ZFS file system and list the snapshots based on name and creation date. Finally, you
t compare the before and after snapshots to determine the differences. Note that in the zfs
h diff command output, M indicates that /newpool/mydata/was modified and+ indicates
that a file (/newpool/mydata/newfile) was added to the later dataset.
-
I....
0
"0 c ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J

..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J " 0 c.. Q)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Here are some applications that typically benefit from ZFS deduplication:
and eliminating them

Significantly shrinks storage requirements and improves
bandwidth efficiency
-
I....
0
Enables data deduplication at the level of files, blocks, or
"0
c
ro bytes
Q)
(..)
ro Is synchronous
I....
0 Benefits these applications:

"<""""
-
"<""""
0 Backup to disk storage
(\J
Mail servers
..c
0 File servers
>
c
>.
c..
0
0 ORACLE.
"0
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
ZFS Deduplication
Is the process of identifying redundancies within a data set

De them. Eliminating redundant data can significantly shrink storage requirements and improve
dup bandwidth efficiency. Because primary storage has become cheaper over time, enterprises
lica
tion typically store many versions of the same information so that new work can reuse old work.
is Some operations, such as backup, store extremely redundant information. Deduplication
the lowers storage costs because fewer disks are needed, and shortens backup/recovery times
pro because there can be far less data to transfer.
ces
s In Oracle Solaris 11, ZFS deduplication automatically avoids writing the same data twice on
of your drive by detecting duplicate data blocks and keeping track of the multiple places where
ide the same block is needed. With ZFS deduplication, data can be deduplicated at the level of
ntif files, blocks, or bytes. ZFS deduplication is synchronous. It instantly removes redundant data
yin
g during writes, without the need for background deduplication processes.
red
un
da
nci
es
wit
hin
a
dat
a
set
and
eli
mi
nat
ing
Backup to disk storage: On systems with many users, backing up user files to disk
storage has a potential for multiple copies of the same data, such as applications,
system files, documents, images, and videos.
Mail servers: Mail servers are classic examples of data duplication. When a user sends
a mail attachment to a mailing list on the network, the mail server maintains a copy of
the same attachment for each recipient. Only one copy of the attachment is really
necessary.
File servers: When users collaborate on projects, the chances are good that they will
end up storing many documents multiple times.
-
I.... Virtualization storage: Server virtualization, such as Solaris zones, is another area with
0
much duplicate data. Multiple installations of the same virtualized operating system
"0
c share the same kernel, libraries, system files, and applications.
ct:l
Q) :::J
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Wh stored only once.
en
you
run
the
se
typ
es
of
app
licat
ion
s
on
ded
upli
cati
on-
ena
ble
d
ZF
S
file
syst
em
s,
dat
a is
One new ZFS file system property: dedup
Two new ZFS pool properties
dedupratio
dedupditto
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
... ... Copyright
)
.. 2011, Oracle
..c and/or its
..c affiliates. All
0 rights reserved.
I....
c..
ORACLE.
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
ZFS Deduplication Properties
To ZFS has one new ZFS file system property to support deduplication, dedup. You use the
sup deduplication (dedup) property to remove redundant data from your ZFS file systems. If a file
port
the system has the dedup property enabled, duplicate data blocks are removed synchronously.
ded The result is that only unique data is stored and common components are shared between
upli files. When dedup is enabled, the dedup checksum algorithm overrides the checksum
cati property. Setting the value to verify is equivalent to specifying sha2 56 for the checksum
on property. If the property is set to verify and two blocks have the same signature, ZFS does a
feat
ure, byte-for-byte comparison with the existing block to ensure that the contents are identical.
Ora ZFS has two new ZFS pool properties to support deduplication: dedupratio and
cle dedupditto. The dedupratio property is a read-only value used as a multiplier that
Sol
aris indicates the deduplication ratio achieved for a ZFS pool. The dedupdi t to property sets
11 a deduplication copy threshold. If the reference count for a deduped block goes above this
add threshold, another ditto copy of the block is stored automatically.
s
ne By telling ZFS to store an additional copy after a specific number of references, you build in
w some redundancy just in case the original block gets checksum errors.
pro
pert
ies
to
ZF
S.
ZFS Deduplication: Example
oracle@sllx-servl:-zpool list
NAMB SIZB ALLOC FRBB CAP DBDUP HEALTH ALTROOT
Newpool l.07G l69K l.07G 0% l.OOx ONLINE
Newpooll l.07G l30K l.07G 0% l.OOx ONLINE
Rpool l5.9G 4.l2G ll.SG 25% l.OOx ONLINE
oracle@sllx-servl:-zpool get all newpoollgrep dedup
Newpool dedupditto 0 default
0 newpool dedupratio l.OOx
oracle@sllx-servl:-zfs get all newpool/mydatalgrep dedup
-
I....
newpool/mydata dedup off default
"0 oracle@sllx-servl:-zfs set dedupon newpool/mydata
c oracle@sllx-servl:-zfs get all newpool/mydatalgrep
ct:l
Q) dedup newpool/mydata dedup on local
(..)
ct:l
oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dirl
I.... oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dir2
0 oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dir3
oracle@sllx-servl:-zpool list
NAMB SIZB ALLOC FRBB CAP DBDUP HEALTH ALTROOT
Newpool l.07G 302M 794M 27% 3.00x ONLINE
Newpooll l.07G l30K l.07G 0% l.OOx ONLINE
Rpool l5.9G 4.l2G ll.SG 25% l.OOx ONLINE
oracle@sllx-servl:- zpool get all newpoollgrep dedup
Newpool dedupditto 0 default
Newpool dedupratio 3.00x
. . ,. ,........-..
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c ct:l
0
c
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
In enabled. The properties show that deduplication is currently disabled. Next, you enable
this deduplication. You copy the same file to the three different directories in the file system that
exa
mpl has deduplication enabled. Finally, you recheck the ZFS properties and find that the deduped
e, file system has a deduplication factor of3.
you
che
ck
the
ZF
S
pro
pert
ies
to
det
erm
ine
wh
eth
er
ded
upli
cati
on
has
bee
n
Agenda

-
I....
"0
0
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Common Multiprotocol SCSI Target (COMSTAR)
Initiator Hosts
- Storage Network
ORACLe
Common Multiprotocol SCSI Target (COMSTAR)

Common Multiprotocol SCSI Target. or COMSTAR. is a software framework that provides
support for the iSCSI protocol. iSCSI is an lntemet Protocol (IP}-based storage networking
standard for linking data storage subsystems. By carrying SCSI commands over IP networks.
the iSCSI protocol enables you to mount disk devices from across the network onto your local
system On your local system. you can use the devices like block devices.
COMSTAR enables you to convert any Oracle Solalis 11 host into a SCSI target device that
can be accessed over a storage network by initiatorhosts by using a SCSI Target Mode
Framework (STMF) to manage target storage devices. STMF provides the following
components:
Port providers (or plug-ins): Implement protocols. such as Fibre Channel (FC) and
iSCSI.
Logicalunit providers: Emulate various SCSI devices. such as disk and tape devices.
The management library (l1bstmf):Provides the COMSTAR management intertace
COMSTAR Benefits and Limitations
Benefits:
The iSCSI protocol runs across existing Ethernet networks.
Existing Fibre Channel devices can be connected to clients
without the cost of Fibre Channel HBAs.
- Systems with dedicated arrays can export replicated storage.

I....
0
"0
c There is no upper limit on the maximum number of
ro
Q)
(..)
configured iSCSI target devices. .
ro
I.... You can connect to Fibre Channel or SAN environments.
0
-
"<""""
"<""""
Limitations: .
0
(\J Does not support iSCSI devices that use SLP.

..c . iSCSI targets cannot be configured as dump devices.
0
>c Transferring large amounts of data over your existing
>. network can affect performance.
0
c..
0
- ...
ORACLE.
"0
.. ) ...
Q Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c Benefits of using Solaris iSCSI targets and initiators include the following:
0
:.;:::::; :::J
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
c
You can use any supported network interface card (NIC), Ethernet hub, or
Ethernet switch.
The
One IP port can handle multiple iSCSI target devices.
iSC
SI You can use existing infrastructure and management tools for IP networks.
prot Existing Fibre Channel devices can be connected to clients without the cost of Fibre
oco Channel HBAs.
l
run Systems with dedicated arrays can now export replicated storage with ZFS or UFS file
s systems.
acr There is no upper limit on the maximum number of configured iSCSI target devices.
oss
The protocol can be used to connect to Fibre Channel or iSCSI Storage Area Network
exis
ting (SAN) environments with the appropriate hardware.
Eth
ern
et
net
wor
ks.

Current limitations or restrictions on using the Solaris iSCSI initiator software include the
following:
Support for iSCSI devices that use service locator protocol (SLP) is not currently
available.
iSCSI targets cannot be configured as dump devices.
Transferring large amounts of data over your existing network can adversely affect
performance.
........
ro
!i=
ro
1l
-
I....
0
"0
c
ro
Q)
(.)
ro
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Configuring COMSTAR
Install the storage-server software package.

Create an iSCSI LUN.
Enable the stmf service.
Identify a disk volume to serve as the SCSI target.
Run the stmfadm utility to create a LUN.
- Make the LUN viewable to the initiators.

I....
0
"0
c Create the iSCSI target.
ro
Q) - Enable the target service. '
(..)
ro - Run the tadm utility to create an iSCSI target. .
0
I....
Configure an iSCSI initiator. 0
-
....c..
"<""""
"<""""
0 ::J
ro
(\J
c
..c
:::J
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:..c
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0

Configure an iSCSI initiator: This task is performed on the initiator client host. This
task involves:
Enable
initiator
service.
..e\\'<. Access the iSCSI disk.
. Ae. Use the format utility to identify the iSCSI LUN information.
Configur
e the - Create a ZFS file system on the iSCSI LUN.
target ORACLE.
device Copyright 2011, Oracle and/or its affiliates. All rights reserved.
discover
y
method.
Tasks required for configuring COMSTAR:
Reconfig
ure Install the storage-server software package: This package contains all the software
I dev required to configure SCSI targets. The storage-server software package is installed on
namespathe system that provides the storage devices.
ce Create an iSCSILUN: This task is performed on the system that provides the disk
recogniz volumes. The disk volume provided by the server is referred to as the target. When the
e the
iSCSI LUN is associated with an iSCSI target, it can be accessed by an iSCSI initiator. This
task involves:
dis
Enabling the stmf service
Identifying a disk volume to serve as the SCSI target
Running the stmfadm utility to create a LUN
Making the LUN viewable to the initiators
Create the iSCSI target: This task is performed on the system that provides the disk
volumes. This task involves:
Enabling the target service
Running the tadm utility to create an iSCSI target
Enabling initiator service
Configuring the target device discovery method
Reconfiguring the 1dev namespace to recognize the iSCSI disk
Access the iSCSI disk: This task is performed on the initiator client host. This task
involves:
Using the format utility to identify the iSCSI LUN information
Creating a ZFS file system on the iSCSI LUN
-
I....
0
"0
c
ct:l
Q)
(.) ct:l I....
0
0
(\J

Configuring COMSTAR
Install the storage-server software package.
..c
0 >
c
>.
c..
0
0
"0
Q )
... ... ..
..c
I....
0
c
0
:.;:::::;
(.)
::J " 0 c.. Q)
"0
I.... e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J

Practice 7 Overview:
Oracle Solaris 11 Storage Enhancements
Describe the new storage features and enhancements
Split a mirrored ZFS storage pool
Identify ZFS snapshot differences
-
I....
0
"0
Configure ZFS deduplication
c
ro Configure COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
J
Splitting a mirrored ZFS storage pool
Identifying ZFS snapshot differences
-
I....
0
"0
Configuring ZFS deduplication
c
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Cl)
2
-
I...
"0
c
ct:l
Q)
(..)
ct:l
I...
0
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 Security Enhancements
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives

Describe the new security features and enhancements
Explore the Oracle Solaris cryptographic framework
Encrypt ZFS data
-
I....
"0
0
Use the Basic Audit Reporting Tool (BART) to audit
c
ro system files
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Agenda
Oracle Solaris Cryptographic

11 Security Enhancements
Framework
-
I....
0
ZFS Dataset Encryption
Basic Audit Reporting Tool (BART)
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

Secure by Default
Root account as a role
RBAC kernel enhancements
Oracle Solaris Cryptographic Framework
-
I....
"0
0
ZFS dataset encryption
c
ro Basic Auditing Reporting Tool (BART)
Q)
(..)
ro
I.... Labeled IPsec
0
-
"<""""
Trusted Extension enhancements
"<""""
0
(\J

..c
0
>c
>.
c..
0
0 ORACLE.
"0
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N

c
0
....c
..
::J
ro
A release of the Oracle Solaris 11 operating system, including the following:
nu
mb Secure by Default: Oracle Solaris 11 provides a fully Secure by Default environment.
er Oracle Solaris Secure by Default reduces the attack surface of the Oracle Solaris OS by
of disabling as many network services as possible while still leaving a useful system. In
imp this way, the number of exposed network services is dramatically reduced. With
orta automatic Secure by Default, network services are disabled by default or set to listen for
nt
sec local system communications only.
urit Root account as a role: Oracle Solaris 11 implements a role for root. The root as a role
y option was first delivered in Solaris 8 (1998). What is different in Oracle Solaris 11 is that
feat
ure this option is enabled by default during installation. The advantage of root as a role is
s that it ensures that administrative actions done by the root account are attributable to a
and real (unique) person. Because you must have at least one user who is authorized to
enh assume the root role, a standard user account (which can assume that role) is
anc automatically created during the installation process. If you do not want this feature, you
em
ent can revert to Solaris 10 behavior by running the following command:
s # rolemod -K type=normal root
hav
e
bee
n
intr
odu
ced
with
the
RBAC kernel enhancements: In Oracle Solaris 11, an in-kernel pfexec
implementation is used to execute administrative commands requiring a higher privilege
level. Unlike in Solaris 10, in Oracle Solaris 11 the pfexec program is no longer a
privileged program, so it cannot pass any privileges to other programs. Instead, it sets a
process execution mode flag that specifies that all subsequent executions are subject to
the RBAC policy specified in rights profiles. You use the usermod -P command to
Cl) delegate administrative privileges to trusted users.
Q
...) ... Unlike in Solaris 10, the process privileges of setuid-to-root binaries are also specified
..
ro by using RBAC. A new rights profile, Forced Privileges, specifies the required privilege
!i= set for these applications, instead of granting all privileges. This significantly reduces the
ro potential to be an attack vector against the system.
1l Oracle Solaris 11 adds new privileges: file read, file write, and net access. These
-
I....
0 privileges restrict read, write, and outbound network access. Additionally, a new rights
"0
c profile, Stop, removes default authorizations and execution rights from specific users
ro
Q)
facilitating the creation of restricted execution environments.
(..)
ro
I.... Oracle Solaris Cryptographic Framework: Cryptography is the science of encrypting
0 and decrypting data. Cryptographic services provide authentication and encryption
"<""""
"<"""" mechanisms to applications and users. Central to the Oracle Solaris Cryptographic
0
(\J Framework is the pktool command. The pktool command allows you to manage the
..c
certificates and keys on multiple keystores including PKCS#11 tokens, Netscape
0 >
Security Services (NSS) tokens, and standard file-based keystores for OpenSSL. Oracle
c Solaris Cryptographic Framework now supports the NSA Suite B algorithms.
>.
c..
0 ZFS Dataset Encryption: When using ZFS dataset encryption, the ZFS dataset at rest
0 is encrypted, and can only be mounted by a user who can supply the cryptographic key
"0
Q ) that is associated with the ZFS dataset. When the file system is mounted, it is no longer
... ... ..
..c cryptographically protected. Instead, normal Solaris access controls (ACLs, permission
..c bits, containment) apply. Encryption can be specified at the pool or dataset level (per
0
I....
c.. mount point), and each dataset can have a unique encryption key. This is in contrast to
c systems that do whole-disk.
0 c
:.;:::::;
::J :::J
.a
........
Cl)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"0
0
I....
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
ic Audit Reporting Tool: The Basic Audit Reporting Tool (BART) enables you to
comprehensively validate systems by performing file-level checks of one or more
B systems over time. Changes in a BART manifest across systems, or for one system over
a time, can validate the integrity of your systems. BART provides manifest creation,
s manifest comparison, and rules for scripting reports.
Labeled IPsec: When labeled processes in a multilevel secure operating system, such
as Oracle Solaris Trusted Extensions, communicate across system boundaries, their
network traffic needs to be labeled and protected. Traditionally, this requirement is met
by using a physically separate network infrastructure to ensure that data belonging to
different labeled domains stays in separate physical infrastructures. Labeled IPsec/IKE,
which is new in Oracle Solaris 11, enables customers to reuse the same physical
network infrastructure for labeled communications by transferring labeled data within
separate labeled IPsec security associations, removing the need for a redundant and
expensive physical network infrastructure.
Trusted Extension enhancements: To enable greater flexibility and security, Trusted
Extensions now enables per-label and per-user credentials allowing administrators to
-
I....
0 require a unique password for each label. This password is in addition to the session
""0
c login password, thereby allowing administrators to set a per-zone encryption key for
ct:l
Q)
each label of every user's home directory. Trusted Extensions has now also added
(.) support to explicitly set security labels on ZFS datasets, ensuring that ZFS file systems
0
ct:l
I....
" label cannot be mounted on a zone of a different label, and thus
for a specific security
cannot inadvertently upgrade or downgrade the classification of dat
0
(\J
..c
0
>
c
>.
c..
0
0
""0
Q
... ...
)
..
..c
e
........
rJ)
""0
I....
0
c
0
:.;:::::;
(.)
::J
" "
e
0 c..
Q)
I....
""0
Q)
N
c
0
.....c...
::J
ct:l
c
:::J

Agenda

-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Cryptography is the science of encrypting and decrypting

data.
Oracle Solaris Cryptographic Framework command scope:
Administrator commands
-
I....
0 User commands
"0
c
ro Binary signatures for third-party software
Q)
(..)
ro
.
I....
0
"<""""
-
"<""""
0
(\J
0 ..Q...)
"0 ORACLE.
..c
0
I....
c..
c Cryptographic services provide authentication and encryption mechanisms to applications
0
:.;:::::; and users.
::J
..c Administrator commands: The framework provides commands for administrators, for
......
rJ) users, and for developers who supply providers. The cryptoadm command administers
"0
I....
a running cryptographic framework. The command is part of the CryptoManagement
0 rights profile. This profile can be assigned to a role for secure administration of the
c cryptographic framework. The cryptoadm command allows you to:
0
:.;:::::;
(..)
::J Display cryptographic provider information
" Disable or enable provider mechanisms
0
e Disable or enable the metaslot
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
-
I....
User commands: The Oracle Solaris Cryptographic Framework provides user-level
0 commands to check the integrity of files, to encrypt files, and to decrypt files.
"0
c - digest command: Computes a message digest for one or more files or for stdin.
ct:l
Q) A digest is useful for verifying the integrity of a file. SHA1 and MD5 are examples of
(.)
ct:l digest functions.
I....
0 - mac command: Computes a message authentication code (MAC) for one or more files
or for stdin. A MAC associates data with an authenticated message. A MAC enables a
receiver to verify that the message came from the sender and that the message has not
been tampered with. The sha1_mac and md5_hmac mechanisms can compute a MAC.
- encrypt command: Encrypts files or stdin with a symmetric cipher. The encrypt
-1 command lists the algorithms that are available. Mechanisms that are listed under a
user-levellibrary are available to the encrypt command. The framework providesAES,
DES, 3DES (Triple-DES), and ARCFOUR mechanisms for user encryption.
"0 - decrypt command: Decrypts files or stdin that were encrypted with the
Q )
... ... encrypt command. The decrypt command uses the identicalkey and
..
..c mechanism that were used to encrypt the original file.
..c - pktool command: Allows you to manage the certificates and keys on multiple
0
I....
c.. keystores, including PKCS#11 tokens, Netscape Security Services (NSS) tokens, and
c standard file-based keystore for OpenSSL.
0
:.;:::::;
::J Binary signatures for third-party software: The elf sign command provides a means to
.a sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this
........
rJ)
command is run by the developerofa provider. The elfsigncommand has subcommands
"0
I.... to request a certificate from Oracle and to sign binaries. Another subcommand verifies the
0
c signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework.
0 Signing one or more providers requires the certificate from Oracle and the private key that
:.;:::::;
(.)
::J was used to request the certificate.
" 0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
Administrative Command: Examples
oraclesllx-servl:-# cryptoadm list
User-level providers:
Provider: /usr/lib/security/$ISA/pkcsll_kernel.so
Provider: /usr/lib/security/
$ISA/pkcsll_softtoken.so Provider:
-
/usr/lib/security/$ISA/pkcsll_tpm.so
I....
0
"0 Kernel software providers:
c des aes
ct:l
Q) arefour
(..) blowfish
ct:l
I.... ecc
0 shal
sha2
md4
mdS
rsa
swrand
Kernel hardware providers:
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
10
The system. Providers are cryptographic services that consumers use. Because providers plug in
cry to the framework, they are also called "plugins." The cryptoadm list command separates
pto
ad
the providers into three categories: user-level providers, kernel software providers, and kernel
m hardware providers.
li
st
co
mm
and
dis
pla
ys
a
list
of
the
pro
vid
ers
curr
entl
y
inst
alle
d
in
the

Administrative Command: Examples
oracle@sllx-servl:-# cryptoadm list metaslot
System-wide Meta Slot Configuration:
status: enabled
Sensitive Token Object Automatic Migrate: enabled
Persistent object store slot: sun crypto Softtoken
Persistent object store token: sun Software PKCS#ll softtoken
oracle@sllx-servl:-# cryptoadm list -m provider=aes
- aes:
I....
0
"0 CKM_AES_ECB,CKM_AES_CBC,CKM_AES_CTR,CKM_AES_CCM,CKM_AES_GCM,CKM_AES_GMAC
c oracle@sllx-servl:-# cryptoadm list -p
ct:l
Q) provider=aes aes: all mechanisms are enabled.
(..) oracle@sllx-servl:-# cryptoadm disable provider=aes
ct:l
I.... mechanism=CKM AES GMAC
0 oracle@sllx-servl:-# cryptoadm list -p provider=aes
aes: all mechanisms are enabled, except CKM_AES_GMAC.
oracle@sllx-servl:-# cryptoadm enable provider=aes
mechanism=CKM AES GMAC
oracle@sllx-servl:-# cryptoadm list -p provider=aes
aes: all mechanisms are enabled.
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
The metaslot. A metaslot is a single slot that presents a union of the capabilities of other slots that
cry are loaded in the framework. The metaslot eases the work of dealing with all of the
pto
capabilities of the providers that are available through the framework. When an application
ad
m that uses the metaslot requests an operation, the metaslot figures out which actual slot should
li perform the operation. Metaslot capabilities are configurable, but configuration is not required.
st The metaslot is on by default.
m
eta The cryptoadm list -m command displays a list of mechanisms that can be used with the
slo installed providers or metaslot.
ts
co A mechanism is the application of a mode of an algorithm for a particular purpose.
mm Cryptographic algorithms are established, recursive computational procedures that encrypt or
and hash input. Encryption algorithms can be symmetric or asymmetric. Symmetric algorithms use
dis the same key for encryption and decryption. Asymmetric algorithms, which are used in public
pla key cryptography, require two keys. Hashing functions are also algorithms. If a provider is
ys
the specified, display the name of the specified provider and the mechanism list that can be used
sys with that provider. If the metaslot keyword is specified, display the list of mechanisms that can
tem be used with the metaslot.
wid
e
con
figu
rati
on
for
a
The cryptoadm list -p command displays the mechanism policy (that is, which
mechanisms are available and which are not) for the installed providers.
The cryptoadm disable and cryptoadm enable commands allow you to disable or
enable provider mechanisms.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
12
:::J

13
User Command: Examples
oracle@s11x-serv1:-# digest -1
sha1
md5
sha256
sha384
Sha512
oracle@s11x-serv1:-# digest -a sha1 /etc/release
-
I.... E64eb9c537f90f6cbaOcfd1e6b39fe9dd33cf552
0 oracle@s11x-serv1:-# mac -1
"0 Algorithm Keysize: Min Max (bits)
c
ct:l
Q)
(..)
des mac 64 64
ct:l sha1 hmac 8 512
I....
0 md5 hmac 8 512

sha256 hmac 8 512
sha384 hmac 8 1024
sha512 hmac 8 1024
oracle@s11x-serv1:-# mac -v -k mykey -a sha1_hmac /etc/release
sha1 hmac (/etc/release) = 913ced311df10f1708d9848641ca8992f4718057
"0
Q
... ... Copyright
)
.. 2011,
..c Oracle
..c and/or its
0 affiliates.
I....
c.. All rights
c reserved.
0
:.;:::::;
::J
..c
........ This slide
rJ)
"0
shows digest
I.... and mac
0
c command
0 usage.
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
O
R
A
CL
E'
User Command: Examples
oracles11x-serv1:-# pktool setpin

Enter token passphrase: changeme
create new passphrase: cangetin
Re-enter new passphrase: cangetin
Passphrase changed.
oracles11x-serv1:-# pktool genkey label=myaeskey keytype=aes keylen=256
Enter PIN for sun Software PKCS#11 softtoken:
-
I.... cangetin oracles11x-serv1:-# pktool list objtype=key
0 Enter PIN for sun Software PKCS#11 softtoken: cangetin
"0
c Found 1 symmetric keys.
ct:l Key #1 - AES: myaeskey (256 bits)
Q)
(..)
oracles11x-serv1:-# cat /newpool/mydata/newfile
ct:l This is a test.
I....
0 oracles11x-serv1 :-# encrypt -a aes -K myaeskey -i newfile -o newfile

Enter PIN for sun Software PKCS#11 softtoken :
cangetin oracles11x-serv1:-# cat
/newpool/mydata/newfile
A-AGAY -AGA _ZtA-AGAY -AGA<<A-AGAY -AGAY fAA-AGA6A-AtAY -AGAyAA-AG
oracles11x-serv1:-# decrypt -a aes -K myaeskey -i newfile -o
newfile oracles11x-serv1:-# cat /newpool/mydata/newfile
This is a test.
"0
Q ORACLE'
)
..
..c
..c
0
I.... This slide shows pktool, encrypt, and decrypt command usage.
c..
c
0
:.;:::::; c
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
subcommand changes the passphrase used to authenticate a user to the softtoken object
store. setpin prompts you for the old passphrase. If the old passphrase matches, pktool
The prompts for the new passphrase twice. If the two entries of the new passphrase match, it will
pk become the current passphrase for the token. The default passphrase is changeme.
to
ol The pktool genkey command generates a symmetric key in the specified keystore. The
co genkey subcommand prompts the user to enter a PIN for a token-based keystore.
mm Next, the slide display shows the contents of the /nevvpool/mydata/newfile text file. The
and encrypt command is used with the new key to encrypt this file. The next command shows
allo that the file is now encrypted. Finally, the file is decrypted by using the same key.
ws
use
rs
to
ma
nag
e
the
soft
tok
en
obj
ect
stor
e.
The
set
pi
n

15
Agenda

-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K

......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Encrypted dataset support has been added to ZFS to

protect against:
Theft of physical storage
Man-in-the-middle attacks on the SAN
- Dataset-level secured deletion

I....
0
"0
c
ro Data is encrypted at the dataset level.
Q)
(..)
ro
Benefits of ZFS encryption include the following:
I....
0 ZFS encryption is integrated with the ZFS command set.

-
You can use your existing storage pools.
"<""""
"<""""
0
(\J
ZFS encryption is inheritable to descendent file systems.
..c
0
Data is encrypted by using AES.
>
c ZFS encryption uses the Oracle Solaris Cryptographic
>.
c..
0
0
Framework. .
"0
..) Q... ORACLE.
.
..c
..c
0
I....
c..
c Benefits of ZFS encryption include the following:
0
:.;:::::; :::J
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
16
encryption operations, such as key changes and rekey, are performed online.
You can use your existing storage pools as long as they are upgraded. You have the
ZF
flexibility of encrypting specific file systems.
S
enc ZFS encryption is inheritable to descendent file systems. Key management can be
rypt delegated through ZFS-delegated administration.
ion Data is encrypted by using AES (Advanced Encryption Standard) with key lengths of
is 128,192, and 256 in the CCM and GCM operation modes.
inte
grat ZFS encryption uses the Oracle Solaris Cryptographic Framework, which automatically
ed gives it access to any available hardware acceleration or optimized software
with implementations of the encryption algorithms.
the
ZF
S
co
mm
and
set.
Lik
e
oth
er
ZF
S
ope
rati
ons
,

17
ZFS Pool Encryption: Example
oracle@sllx-servl:-# zpool create -0 encryption=on encryptedpool \

c7t4dO c7t5dO
Enter passphrase for 'encryptedpool': cangetin
Enter again: cangetin
oracle@sllx-servl:-# zfs create encryptedpool/mysecrets
-
I.... oracle@sllx-servl:-# zfs get encryption encryptedpool/mysecrets
0 NAME PROPERTY VALU SOURCE
"0
c encryptedpool/mysecrets encryption on local
ct:l oracle@sllx-servl:-# zfs get keysource encryptedpool/mysecrets NAME
Q)
(..)
PROPERTY VALUE SOURCE
ct:l encryptedpool/mysecrets keysource passphrase,prompt inherited from
I....
0 encryptedpool
"0
Q ORACLE'
)
..
..c
..c
0 This slide shows an example of encrypting a ZFS pool.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
In ample, first we create a ZFS pool named encryptedpool with the encryption property
thi set to on. Then we create a ZFS file system named mysecrets in the encrypted pool.
s The keysource property of the mysecrets file system shows that encryption
ex (passphrase prompt) was inherited from the encrypted ZFS pool.
I
ZFS File System Encryption: Example
oracle@sllx-servl:-# pktool genkey keystore=file \

outkey=/myzfskey keytype=aes keylen=256
Enter PIN for sun Software PKCS#ll softtoken: cangetin
oracle@sllx-servl:-# zfs create -o encryption=aes-256-ccm \
-o keysource=raw,file:///myzfskey newpool/mysecretdata
-
I....
0 oracle@sllx-servl:-# zfs get keysource newpool/mysecretdata
"0 NAME PROPERTY VALUE SOURCE
c newpool/mysecretdata encryption aes-256-ccm local
ct:l
Q) oracle@sllx-servl:-# zfs get keysource newpool/mysecretdata
(..) NAME PROPERTY VALUE SOURCE
ct:l
I.... newpool/mysecretdata keysource raw,file:///myzfskey local
0
"0
Q ORACLE'
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
18
Thi In this example, first we generate a keystore file named /myf skey. Then we create a ZFS file
s system named mysecretdata with the /myfskey keystore file. The keysource property of
slid the mysecretdata file system shows that the encryption key source comes from the
e
sho /myf skey keystore file.
ws
an
exa
mpl
e
of
enc
rypt
ing
a
ZF
S
file
sys
tem
wit
hin
a
poo
l.

19
Agenda

-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
BART:
Is a tool that performs a file-level check of the software
contents of a system
Enables you to determine what file-level changes have
-
I....
0 occurred on a system
"0
c Compares changes to a known baseline
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
BA allows you to quickly, easily, and reliably gather information about the components of the
RT software stack that is installed on deployed systems. Using BART can greatly reduce the
is a
tool costs of administering a network of systems by simplifying time-consuming administrative
that tasks.
per BART enables you to determine what file-level changes have occurred on a system, relative
for
ms to a known baseline. You use BART to create a baseline or control manifest from a fully
a installed and configured system. You can then compare this baseline with a snapshot of the
filesystem at a later time, generating a report that lists file-level changes that have occurred on
lev the system since it was installed.
el
che
ck
of
the
soft
war
e
con
tent
s
of a
sys
tem
.
BA
RT

BART: Example
oracle@s11x-serv1:/var/tmp# vi bartrules
IGNORE all
/export/home/oracle
CHECK all
oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
bart-'hostname'-'date '+%d%m%Y-%H:%M:%S''
-
I.... oracle@s11x-serv1:/var/tmp# ls bart*
0 bart-s11x-serv1-12042011-17:04:35 bartrules
"0
c oracle@s11x-serv1:/var/tmp# touch /export/home/oracle/newfile
ct:l oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
Q)
(..)
ct:l oracle@s11x-serv1:/var/tmp# ls bart*
I....
bart-s11x-serv1-12042011-17:08:34
oracle@s11x-serv1:/var/tmp# bart compare \
bart-s11x-serv1-12042011-17:04:35 \
bart-s11x-serv1-12042011-17:08:34
/export/home/oracle:
size control:38 test:39
/export/home/oracle/newfile:
add
"0 ORACLE'
Q
)
..
..c
..c
0 The slide shows an example of using BART.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
In create a BART rules file. In this case, BART ignores all file changes on the system except for
thi the file changes in the /export/home/oracle directory. Then you run the BART report by
s using the BART rules file to create a comparison baseline. In a bart compare report, the
ex baseline is indicated by the "control" field.
am Next, a new file is created in the I export/home/ oracle directory and a second BART
ple report is generated. The second BART report is used to compare against the baseline report
,
created earlier. In a bart compare report, the BART report to be compared against the
firs
baseline is indicated by the "test" field.
t
yo Finally, bart compare is run by using the baseline (control) and test BART report. The
u results show that I export/home/ oracle directory size was changed and
/export/home/oracle/newfile was added.
BART: Example
oracle@s11x-serv1:/var/tmp# vi /export/home/oracle/newfile
This is a test.
oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
oracle@s11x-serv1:/var/tmp# ls bart*
-
bart-s11x-serv1-12042011-17:04:35 bart-s11x-serv1-12042011-17:11:50
I....
"0 oracle@s11x-serv1:/var/tmp# bart compare bart-s11x-serv1-12042011-
c 17:08:34 bart-s11x-serv1-12042011-17:11:50
ct:l
Q) /export/home/oracle/newfile:
(..) size control:O test:16
ct:l
I.... mtime control:4da4db66 test:4da4dc11
0 contents control:d41d8cd98fOOb204e9800998ecf8427e
test:02bcabffffd16feOfc250f08cad95eOc
"0 ORACLE'
Q
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Ne BART report is run. Using the second BART report, a new baseline is run against the third
xt, BART report. The results show that in the "test" report, I export/home/ oracle/newfile
a has grown by 16 bytes. The modified timestamp and file contents have changed.
text
me
ssa
ge
is
add
ed
to
the
Ie
xp
ort
/h
o
me
/
or
ac
le/
ne
wf
ile
file
and
a
thir
d

Summary

Describe the new security features and enhancements
Explore the Oracle Solaris cryptographic framework
Encrypt ZFS data
-
I....
0
"0
Use the Basic Audit Reporting Tool (BART) to audit
c
ro system files
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
K
......
Practice 8 Overview:
Managing encryption keys
Configuring a ZFS encrypted pool
Configuring a ZFS encrypted file system
-
I....
0
"0
c Exploring the Basic Audit Reporting Tool
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.).

K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J

D73488GC10 Student Guide

Uploaded by

Copyright:

Available Formats

You might also like

D73488GC10 Student Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D73488GC10 Student Guide

Uploaded by

Copyright:

Available Formats

Transition to Oracle Solaris 11

This document contains proprietary information and is protected by copyright and

Graphic Designer U.S. GOVERNMENT RIGHTS

BECAUSE THIS IS AN EARLY-ADOPTER COURSE, THIS TRAINING IS FOR

2 Introducing the Oracle Solaris 11 New Features and Enhancements

Criteria Manifest: Examples 4-40

7 Oracle Solaris 11 Storage Enhancements

Oracle Solaris 11 Security Enhancements 8-4

1, Oracle and/or its aflfllates. All rights reserved. ORACLE .

Transition to Oracle Solaris 11 1 -

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Practice exercises reinforce critical Solaris 11 OS features.

Practices are run in a virtual environment.

Introducing the Oracle Solaris 11

- Describe the new Oracle Solaris zone features

Describe the new user environment enhancements

Describe the new system security enhancements '

Compare the features of Oracle Solaris 10 and Oracle

Transition to Oracle Solaris 11 2 - 3

New operating system installation features

Completely redesigned software packaging system

c Oracle Solaris 11 includes significant enhancements to zone administration and monitoring,

Transition to Oracle Solaris 11 2 - 12

Transition to Oracle Solaris 11 2 - 11

- ZFS shadow migration

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Transition to Oracle Solaris 11 2 - 13

Enhanced desktop environment

Packaging model SVR4 packaging Image Packaging System

- OS installation Interactive: Install DVD Interactive: Install CD

Transition to Oracle Solaris 11 2 - 19

Oracle Solaris 11 Features and Enhancements

Solaris is binary compatible across hardware architectures.

Source code is compatible across different

Managing Software Packages

After completing the

Transition to Oracle Solaris 11 3 - 23

Copyright 2011, Oracle and/or Hs affiliates.All rights reserved.

Transition to Oracle Solaris 11 3 - 4

Transition to Oracle Solaris 11 3 - 5

Transition to Oracle Solaris 11 3 - 6

Transition to Oracle Solaris 11 3 - 8

Package: A package in IPS is a collection of actions defined by a set of key-value pairs

::J " 0 c.. Q)

Introducing the Image Packaging System (IPS)

::J " 0 c..

1. Default package packages:

c IPS manages software in units of packages. An IPS package is a collection of directories,

Set the local IPS publisher.

oracle@sllx-desktop:-# pkg publisher

0 solaris (preferred) origin online http://sllx-servl.mydomain.com/

To configure a repository mirror:

- Configure the IPS service with the new repository location.

Introducing the Image Packaging System (IPS)

Display package state and pkg list pkginfo

Verify package installation. pkg verify pkgchk -v

Uninstall a package. pkg uninstall pkgrm

Install package updates. pkg update N/A

oracle@s11x-desktop:-# pkg search apptrace