Book Image

Oracle Solaris 11: First Look

By : Philip P. Brown
Book Image

Oracle Solaris 11: First Look

By: Philip P. Brown

Overview of this book

Oracle Solaris provides innovative, built-in features that deliver breakthrough high availability, advanced security, efficiency, and industry-leading scalability and performance to help businesses grow. "Oracle Solaris 11: First Look" covers the new features and functionality of Oracle Solaris 11 and how these new features and improvements will make it easier to deploy services to the enterprise while improving performance and reducing total cost of ownership.This book starts with coverage of Image Packaging System and the new installation methods. It then moves swiftly to network configuration. The book also includes some security features and improvements.  

Related Content you might be interested in

Current Title:

Small book image
Oracle Solaris 11: First Look
Philip P. Brown
Jan, 2013 | 168 pages
No titles found
Table of Contents (19 chapters)
Oracle Solaris 11: First Look
Oracle Solaris 11: First Look
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
IPS – The Image Packaging System
IPS – The Image Packaging System
The brave new world of IPS
Repositories/repos
Package naming schemes
Overview of package and patch installation
Practical examples of pkg command usage
Dealing with repositories
Package updates and patching
Summary
2
Solaris 11 Installation Methods
Solaris 11 Installation Methods
It's the Oracle of install systems!
Default passwords
Installation from CD-ROM
Overview of how AI install works
Network bootstrap process details
Setting up a local install server with installadm
Common traps and pitfalls
Solaris 11 release version versus support version
Summary
3
Sysadmin Configuration Differences
Sysadmin Configuration Differences
Welcome to the new normal
Host identity: the sysconfig command
Driver configuration: /etc/driver/drv
Network address configuration: ipadm and dladm
Wireless configuration: Stick to the GUI if you can
Miscellaneous differences in system-level configuration
Summary
4
Networking Nuts and Bolts
Networking Nuts and Bolts
Networking re-architected
Orientation to new Solaris 11 networking
Interface naming and IP labels
NWAM – NetWork AutoMagic
IPMP – IP multipathing
Link aggregation
VNIC – Virtual NIC
VLAN tagging
IP tunneling
Bridging
Network resource management
Other changes
Summary
5
NWAM – Networking Auto-reconfiguration
NWAM – Networking Auto-reconfiguration
What is NWAM and how you can use it
Summary
6
ZFS – Now You Can't Ignore It!
ZFS – Now You Can't Ignore It!
ZFS – your future, today
ZFS root – no more UFS
ZFS booting and beadm
ZFS, beadm, and zones
Deduplication now possible
ZFS encryption
ZFS diff between snapshots
Miscellaneous changes and improvements
Summary
7
Zones in Solaris 11
Zones in Solaris 11
Taking things to the next zone
New zone utilities
New zone capabilities
Fast zone creation via clone
Automatic Network Interfaces – the anet resource
Preconfiguring zones
Immutable zones
Summary
8
Security Improvements
Security Improvements
Keeping the horse in the barn
Mandatory auditing
Immutable zones
ProFTPd is the new FTP server
Sudo privileged access tool
Direct root use now blocked by default
Fine-grained RBAC privileges
On-disk encryption
Summary
9
Miscellaneous
Miscellaneous
What's in this chapter anyway?
Virtual consoles, also known as virtual terminals, are back
Fast reboot
CUPS printing
Power management
Notifications triggered by SMF state transitions
Trusted Solaris extras
COMSTAR and iSCSI
Summary
IPS Package Reference
IPS Package Reference
New ACL Permissions and Abbreviations
New ACL Permissions and Abbreviations
Solaris 10 Available Enhancements
Solaris 10 Available Enhancements
ZFS backported enhancements
Other enhancements
Index
Index

ZFS encryption

On-disk encryption of a ZFS filesystem is now possible in Solaris 11 as well as with the latest patch levels of Solaris 10. There is a fair amount of flexibility in the forms available. Key length can be 128-, 192-, or 256-bit AES which, similar to a PGP key is not directly editable. Instead, the admin controls access by use of a passphrase, which is referred to as a wrapping key. The key can be in the following forms:

  • Entered manually

  • Kept in plain-text form in a file

  • Kept in raw form in a file (even an automounted USB stick)

  • PKCS local Solaris keystore (can also leverage hardware crypto devices this way)

  • PKCS remote keystore (accessed via HTTPS)

The first form of directly inputting a key is the easiest to set up but is the most annoying to use on a true production system. The removable media option is good if your organization is big on the physical key style of security.

Keeping the key in a separate file can be more useful than it sounds, if you use zones. It is possible to...

Previous Section
End of Section 7
Next Section