Transcript CS 550-395
CS 550-395
Solaris Operating Environment
(The story behind the Solaris OS)
Arjun Shankar
Introduction
Solaris is the computer operating system that Sun Microsystems
provides for its family of Scalable Processor Architecture
(SPARC) based processors as well as for Intel-based processors
Features of Solaris:
Its availability
Its scalability
It is built for network computing
It includes security features
Better by Design —The Solaris
Operating Environment
SolarisTM Design Principles
designed for performance, and reliability; to scale and evolve
as business needs change, and to easily support new
hardware architectures as they become available
not requiring error-prone major re-writes from one release to
the next that decrease reliability
easily ports to a wide range of platforms — giving users
choice in computing infrastructure ranging from single and
multiprocessor Intel systems to high-end products like the 64processor Sun Starfire server
Designed to Evolve
It has a core infrastructure that is constructed using modular,
well-defined, stable interfaces that support the addition of
new devices, software libraries, and even file systems.
The operating environment is built with a small kernel that
provides the core set of features required by applications, the
CDE windowing system, and their shared libraries.
The kernel runs in protected mode and — by keeping its size
small.
This results in a system that is much more reliable than those
which incorporate too many features in the operating system
itself
Reliability by Design
with a small, compact kernel that limits the exposure to errors
that can bring a system down.
Sun designed the Solaris environment with a clear distinction
between the kernel, shared libraries, and applications which
further limits the impact of application failures
Designed for the Internet
The Solaris environment supports the IETF-standard Kerberos
for user authentication, resulting in superior security when
compared to Windows NT proprietary challenge-response
authentication
Objects Of Execution
Threads and SMPS
Solaris employs a set of kernel threads to handle interrupts.
As with any kernel thread, an interrupt thread has its own
identifier, priority, context and stack.
The
kernel
synchronizes
controls
among
access
to
interrupt
data
structures
threads
using
and
mutex
exclusion primitives, i.e. the normalization techniques for
threads are used in handling interrupts
Interrupt threads are assigned higher priorities than all
other types of kernel threads
Fully Preemptable,
Multithreaded Kernel
A fully symmetric operating system that allows multiple
processors to execute simultaneously within the single, memoryresident image of the kernel
Because the kernel is multithreaded, it is fully preemptable,
ensuring that high priority real-time threads can immediately
preempt lower priority threads running in user or kernel mode
Extensive use of spin-locks rather than kernel preemption points
means that kernel threads typically spin rather than blocking
when operating on critical sections of code, thereby improving
scalability
Solaris's Kernel Design
The basic design was further developed by subdividing the
kernel-level objects of execution into smaller user-level objects of
execution.
These user-level objects are unknown to the operating system
kernel and thus are not executable on their own.
They are usually scheduled by the application programmer or a
system library to execute in the context of a kernel-level object of
execution
The operating systems use a priority-based, time-sliced,
preemptive multitasking algorithm to schedule their kernel-level
objects. Each kernel-level object may be either interleaved on a
single processor or execute in parallel on multiprocessors
Solaris's LWPs and Threads
A lightweight process (LWP) is Solaris's smallest kernel-level
object of execution
A Solaris process consists of one or more lightweight processes
In Solaris, a thread is the smallest user-level object of execution
Solaris's threads are implemented and controlled by a system
library
One or more threads can be mapped to a lightweight process
The library or the application programmer determines the
mapping
Since the threads execute in the context of a lightweight process,
the operating system kernel is unaware of their existence
The kernel is only aware of the LWPs that threads execute on
Solaris's thread library defines two types of threads according to
scheduling a). Bound thread b). Unbound Thread
Execution components of the
Solaris Operating Environment
The relationships of a process
and its LWPs and threads in Solaris
Solaris Thread
Synchronization Primitives
Mutual Exclusion Lock
Semaphores
Readers/ Writes Lock
Condition Variables
Solaris Memory Management
The Least Recently Used Paging Algorithm
Priority Paging
The Solaris 8 Cyclical Page Cache
Higher Page Reclaims - This is considered normal during
heavy file system activity
Higher Free Memory Values - The amount of free memory will
be higher, since the free memory count now includes a large
component of the file system cache
Zero Scan Rates - Scan rates will be almost zero, unless there is
a shortage of system wide available memory
Java Applications
Development
Real-Time Java Implementation
The Java 2 SDK is bundled with the Solaris 8 Operating
Environment, and provides both essential development tools
required for creating applications in the Java language and a
high-performance, scalable runtime environment.
A full real-time Java implementation will require a real-time
Java virtual machine. The on-going Java Community Process
is currently defining an open specification for a real-time Java
virtual machine
Solaris: The Secure Solution
Four dimensions of Solaris Security
Level 1: Controlling Login
Access on Solaris
The first level of Solaris security control consists of
features and tools that help administrators tightly
control who can log in to the system.
Password validation
•Password qualification
Password aging
•Shadow password file
Disallow old password
•Account expiration
further login restrictions for Solaris are imposed by:
Restricting hours of access
Disable login on repeated invalid attempts
Autolockscreen and logout
Increased controls over root/su privilege
Level 2: System Resource
Access Control
Solaris includes the Automated Security Access Tool
Existence of a system EEPROM password which protects an
unauthorized individual from booting the system in single
user mode
Insecure use of the UMASK variable which dictates the
default setting for file permissions when a file is created
Insecure use of the PATH variable which outlines the order in
which directories will be searched for a specified executable
command or program
System file permission settings
Existence of new setuid programs
Home directory permissions
Level 3: Secure Distributed
Services and Developer Platforms
The Solaris core operating environment incorporates the ONC+TM
family of distributed services which can optionally be configured
to run with additional security features enabled.
When this is the case, ONC+ consists of the Secure NIS+
distributed naming service, the Secure NFSTM distributed file
service, and the Secure Transport Independent Remote Procedure
Call (TI-RPC) platform (also known simply as Secure RPC) for
building distributed applications and services.
Sun also provides the DCE family of services in an unbundled
product called DCE for Solaris. Both secure ONC+ and DCE
services rely on foundation technology described in this section.
Level 4: Controlling Access
to the Physical Network
it was assumed that sites (and users) connected to the
network were largely trustable
In addition to potential threats from outsiders, wellintentioned internal users might accidentally expose
corporate data or services from within a network to
the outside world
Sun supports this level of service - Solaris with its
unbundled Solstice FireWall-1 and Solstice Sunscreen
products
Solaris - Ahead Today, Ahead
Tomorrow
The Solaris Operating Environment was built from
day one to be networked, using industry standard
protocols that provide the interoperability that is the
cornerstone of the Internet.
With the most evolvable, scalable, mature, reliable,
portable, easily-configured and networked operating
environment available, enterprises that wish to
maintain their competitive edge today and in the
future are choosing the Solaris Operating
Environment.