Transcript CS 550-395
CS 550-395 Solaris Operating Environment (The story behind the Solaris OS) Arjun Shankar Introduction Solaris is the computer operating system that Sun Microsystems provides for its family of Scalable Processor Architecture (SPARC) based processors as well as for Intel-based processors Features of Solaris: Its availability Its scalability It is built for network computing It includes security features Better by Design —The Solaris Operating Environment SolarisTM Design Principles designed for performance, and reliability; to scale and evolve as business needs change, and to easily support new hardware architectures as they become available not requiring error-prone major re-writes from one release to the next that decrease reliability easily ports to a wide range of platforms — giving users choice in computing infrastructure ranging from single and multiprocessor Intel systems to high-end products like the 64processor Sun Starfire server Designed to Evolve It has a core infrastructure that is constructed using modular, well-defined, stable interfaces that support the addition of new devices, software libraries, and even file systems. The operating environment is built with a small kernel that provides the core set of features required by applications, the CDE windowing system, and their shared libraries. The kernel runs in protected mode and — by keeping its size small. This results in a system that is much more reliable than those which incorporate too many features in the operating system itself Reliability by Design with a small, compact kernel that limits the exposure to errors that can bring a system down. Sun designed the Solaris environment with a clear distinction between the kernel, shared libraries, and applications which further limits the impact of application failures Designed for the Internet The Solaris environment supports the IETF-standard Kerberos for user authentication, resulting in superior security when compared to Windows NT proprietary challenge-response authentication Objects Of Execution Threads and SMPS Solaris employs a set of kernel threads to handle interrupts. As with any kernel thread, an interrupt thread has its own identifier, priority, context and stack. The kernel synchronizes controls among access to interrupt data structures threads using and mutex exclusion primitives, i.e. the normalization techniques for threads are used in handling interrupts Interrupt threads are assigned higher priorities than all other types of kernel threads Fully Preemptable, Multithreaded Kernel A fully symmetric operating system that allows multiple processors to execute simultaneously within the single, memoryresident image of the kernel Because the kernel is multithreaded, it is fully preemptable, ensuring that high priority real-time threads can immediately preempt lower priority threads running in user or kernel mode Extensive use of spin-locks rather than kernel preemption points means that kernel threads typically spin rather than blocking when operating on critical sections of code, thereby improving scalability Solaris's Kernel Design The basic design was further developed by subdividing the kernel-level objects of execution into smaller user-level objects of execution. These user-level objects are unknown to the operating system kernel and thus are not executable on their own. They are usually scheduled by the application programmer or a system library to execute in the context of a kernel-level object of execution The operating systems use a priority-based, time-sliced, preemptive multitasking algorithm to schedule their kernel-level objects. Each kernel-level object may be either interleaved on a single processor or execute in parallel on multiprocessors Solaris's LWPs and Threads A lightweight process (LWP) is Solaris's smallest kernel-level object of execution A Solaris process consists of one or more lightweight processes In Solaris, a thread is the smallest user-level object of execution Solaris's threads are implemented and controlled by a system library One or more threads can be mapped to a lightweight process The library or the application programmer determines the mapping Since the threads execute in the context of a lightweight process, the operating system kernel is unaware of their existence The kernel is only aware of the LWPs that threads execute on Solaris's thread library defines two types of threads according to scheduling a). Bound thread b). Unbound Thread Execution components of the Solaris Operating Environment The relationships of a process and its LWPs and threads in Solaris Solaris Thread Synchronization Primitives Mutual Exclusion Lock Semaphores Readers/ Writes Lock Condition Variables Solaris Memory Management The Least Recently Used Paging Algorithm Priority Paging The Solaris 8 Cyclical Page Cache Higher Page Reclaims - This is considered normal during heavy file system activity Higher Free Memory Values - The amount of free memory will be higher, since the free memory count now includes a large component of the file system cache Zero Scan Rates - Scan rates will be almost zero, unless there is a shortage of system wide available memory Java Applications Development Real-Time Java Implementation The Java 2 SDK is bundled with the Solaris 8 Operating Environment, and provides both essential development tools required for creating applications in the Java language and a high-performance, scalable runtime environment. A full real-time Java implementation will require a real-time Java virtual machine. The on-going Java Community Process is currently defining an open specification for a real-time Java virtual machine Solaris: The Secure Solution Four dimensions of Solaris Security Level 1: Controlling Login Access on Solaris The first level of Solaris security control consists of features and tools that help administrators tightly control who can log in to the system. Password validation •Password qualification Password aging •Shadow password file Disallow old password •Account expiration further login restrictions for Solaris are imposed by: Restricting hours of access Disable login on repeated invalid attempts Autolockscreen and logout Increased controls over root/su privilege Level 2: System Resource Access Control Solaris includes the Automated Security Access Tool Existence of a system EEPROM password which protects an unauthorized individual from booting the system in single user mode Insecure use of the UMASK variable which dictates the default setting for file permissions when a file is created Insecure use of the PATH variable which outlines the order in which directories will be searched for a specified executable command or program System file permission settings Existence of new setuid programs Home directory permissions Level 3: Secure Distributed Services and Developer Platforms The Solaris core operating environment incorporates the ONC+TM family of distributed services which can optionally be configured to run with additional security features enabled. When this is the case, ONC+ consists of the Secure NIS+ distributed naming service, the Secure NFSTM distributed file service, and the Secure Transport Independent Remote Procedure Call (TI-RPC) platform (also known simply as Secure RPC) for building distributed applications and services. Sun also provides the DCE family of services in an unbundled product called DCE for Solaris. Both secure ONC+ and DCE services rely on foundation technology described in this section. Level 4: Controlling Access to the Physical Network it was assumed that sites (and users) connected to the network were largely trustable In addition to potential threats from outsiders, wellintentioned internal users might accidentally expose corporate data or services from within a network to the outside world Sun supports this level of service - Solaris with its unbundled Solstice FireWall-1 and Solstice Sunscreen products Solaris - Ahead Today, Ahead Tomorrow The Solaris Operating Environment was built from day one to be networked, using industry standard protocols that provide the interoperability that is the cornerstone of the Internet. With the most evolvable, scalable, mature, reliable, portable, easily-configured and networked operating environment available, enterprises that wish to maintain their competitive edge today and in the future are choosing the Solaris Operating Environment.