SPARC M12 and S7 CPU comparison using SLOB

Fujitsu SPARC M12 Server

Fujitsu recently announced new SPARC M12 Servers using the SPARC64-XII CPU. This systems hold several performance world records. Check out details at http://www.fujitsu.com/global/products/computing/servers/unix/sparc/key-reports/benchmarks/

But how does this CPU and system scale and how is the performance compared to our own Oracle SPARC S7 Server?

SLOB DB Benchmark

To compare the two systems I setup a SLOB (Silly Little Oracle DB Benchmark) environment.

The SLOB benchmark executes 500'000 SQL select statements. The SGA is 20GB is size to make sure all data is in the Database Cache and no physical I/O is required. This way we measure CPU, Memory, OS and DB Performance.

SLOB results

The 12-core SPARC64-XII scales very well. Using 96 parallel readers we reach 78'000 SLOB LIOPS per second per socket. This is 2x the LIOPS compared to the 8-core SPARC-S7 CPU. 

Calculating the performance down to 1 core, we see a peak of 6500 SLOB LIOPS per second per core on the M12 and 5000 SLOB LIOPS per second per core on the S7. A M12 core outperforms the S7 core by 30%. On the S7 we see better results if only 1 single reader is executed.

Technical details

To make sure we compare oranges with oranges, the same setup was used on both servers.
A Logical Domain was created using 48GB RAM and 1 socket assigned to it.
Solaris 11.3 SRU19 / Oracle DB 12c DATABASE BUNDLE PATCH: 12.1.0.2.170418 (25397136)

We used a SPARC S7-2 (4.267 Ghz) and a SPARC M12-2S (4.25 Ghz).

Is my Server Secure? Use the Solaris 11 Compliance Tool

Security Compliance
IT Security is more important than ever. Make sure your systems are up-to-date.
Don't run Services you don't need. Use strong passwords. Protect your files.

Security Compliance checking helps to detect weak and modified configuration.
Solaris 11.3 contains the 'compliance' tool. Using this tool you can create reports against 3 prepared Security Levels.

1. Oracle Solaris Security Benchmark: Baseline
   Matches basically a Secure By Default Installation

2. Oracle Solaris Security Benchmark: Recommended
   Adds Recommended Checks

3. PCI-DSS
   Payment Card Industry - Data Security Standard
  
The Solaris compliance tool creates easy to understand HTML reports.
It even supports customization for individual machines where individual checks may be enabled or disabled if required.

Use this Blog as an introduction with a few examples. You need to invest more time to reach a completely secure system.

Solaris 11 Compliance Samples
To check against the Solaris Baseline Benchmark run the following command on your system:

# compliance assess -b solaris

Check the HTML report
# compliance report
/var/share/compliance/assessments/solaris.Baseline.2017-05-22,10:32/report.html

The HTML report lists the checks in detail including a description how to fix failed checks. On a newly installed system there may be a few failed checks. If you don't use Kerberos you can disable the services to make sure the checks pass.

# svcadm disable svc:/network/nfs/fedfs-client:default
# svcadm disable svc:/network/rpc/gss:default

Next we check against the Solaris Recommended Profile

# compliance assess -b solaris -p Recommended

# compliance report -f log/var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log# grep fail /var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log | wc -l
      26

To fulfill the Recommended Profile lots of configuration changes would be needed. As a first step we create now an own benchmark, based on the Solaris Baseline, but we add a few additional checks.

If you deploy services, checks like this one may report failed:
OSC-73505 / ssh(1) is the only service binding a listener to non-loopback addresses

On a Solaris Zone I run a Solaris IPS Repository. We create an own tailored benchmark where
this check is disabled.

# compliance tailor -t solaris_jomasoft set benchmark=solaris
# compliance tailor -t solaris_jomasoft set profile=Baseline
# compliance tailor -t solaris_jomasoft exclude OSC-73505  # ssh(1) is the only service binding a listener to non-loopback

Then we add our Password Rules

# compliance tailor -t solaris_jomasoft include OSC-49500  # Passwords require at least 1 upper-case characters
# compliance tailor -t solaris_jomasoft include OSC-47500  # Passwords require at least 1 digits

Change values of existing Checks

# compliance tailor -t solaris_jomasoft value OSCV-46000=8  # Passwords must be at least 8 characters long
# compliance tailor -t solaris_jomasoft value OSCV-48000=1  # Passwords must have at least 1 lower-case characters
# compliance tailor -t solaris_jomasoft value OSCV-49000=1  # Passwords must have at least 1 special characters

Additional Checks

# compliance tailor -t solaris_jomasoft include OSC-93005   # User home directories have appropriate permissions
# compliance tailor -t solaris_jomasoft include OSC-92505   # User home directory ownership is correct

Now we run against our own tailored Benchmark:
# compliance assess -t solaris_jomasoft


A Compliance Report for PCI-DSS is created with
# compliance assess -b pci-dss

To reach PCI-DSS compliance there is some configuration work required.

# compliance report -f log
/var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log
# grep fail /var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log | wc -l
      29

Find all details in the Oracle Solaris 11.3 Compliance Guide (PDF)
https://docs.oracle.com/cd/E53394_01/pdf/E54817.pdf

Run your benchmark regularly to detect changes by Administrators and Applications.

Is there a performance impact when using Solaris ZFS lz4 compression?

Starting with Solaris 11.3 ZFS supports lz4 compression. Lets verify the impact to performance if we enable lz4 compression with 2 concrete sample files.
First a zip file containing Solaris 11 SRU Updates and second a simple text logfile.

We disable the ZFS Cache to see the impact of I/O and compression
# zfs set primarycache=metadata v0123_db/source
# zfs set primarycache=metadata compressed/fs
# zfs set primarycache=metadata uncompressed/fs


Test 1 - zipped file

# time cp p25604852_1100_Solaris86-64_1of4.zip /uncompressed

real    1m27.571s
user    0m0.002s
sys     0m4.361s

-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME             PROPERTY       VALUE  SOURCE
uncompressed/fs  compression    off    inherited from uncompressed
uncompressed/fs  compressratio  1.00x  -
uncompressed/fs  used           1.35G  -


# time cp p25604852_1100_Solaris86-64_1of4.zip /compressed

real    1m27.427s
user    0m0.002s
sys     0m4.408s

-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME           PROPERTY       VALUE  SOURCE
compressed/fs  compression    lz4    inherited from compressed
compressed/fs  compressratio  1.00x  -
compressed/fs  used           1.34G  -

We see the same duration, no performance loss and because the file is zipped
nearly no space savings.



Test 2 - Log file with Text

# time cp framework.log /uncompressed/

real    0m24.608s
user    0m0.001s
sys     0m1.241s

-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME             PROPERTY       VALUE  SOURCE
uncompressed/fs  compression    off    inherited from uncompressed
uncompressed/fs  compressratio  1.00x  -
uncompressed/fs  used           390M   -


# time cp framework.log /compressed/

real    0m24.495s
user    0m0.001s
sys     0m1.260s

-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME           PROPERTY       VALUE  SOURCE
compressed/fs  compression    lz4    inherited from compressed
compressed/fs  compressratio  6.37x  -
compressed/fs  used           61.4M  -

Good compression (6x). We save 330MB of disk space here.
No impact to duration. The SPARC S7 core is fast enough.


And now Read Performance

# time cp /compressed/framework.log /tmp; time cp /uncompressed/framework.log /tmp

real    0m17.415s
user    0m0.001s
sys     0m1.354s

real    0m24.479s
user    0m0.001s
sys     0m1.389s

Better results from compressed filesystem. CPU decompression is faster than doing I/O. Need to read 6x the data from uncompressed zfs filesystem.


Summary
With above samples we don't see negative impact when enabling lz4 compression. If you use compressable text files you save lots of disk space while gaining read performance. We start using lz4 on our ZPOOLs by default now.

SPARC/Solaris Events in February / March 2017

16.02.2017  Oracle SPARC Day, Moscow/Russia

23.02.2017  JomaSoft Webinar: Efficient Virtualization of Oracle Solaris with VDCF, Live/Online

09.03.2017  Oracle SPARC Solaris Tech Day, Munich/Germany

Oracle published a new SPARC/Solaris Roadmap till 2021

Next Solaris 11 Update probably this year.

http://www.oracle.com/us/products/servers-storage/servers/sparc/oracle-sparc/sparc-roadmap-slide-2076743.pdf

Oracle ACEs talking about SPARC and Solaris at UKOUG TECH16 in Birmingham

The UKOUG TECH16 Event is taking place in Birmingham from 5. till 7. December

Full agenda and registration at http://www.tech16.ukoug.org/

Take a look at this 3 Sessions about SPARC and Solaris

Oracle SPARC & Solaris Past, Present, Future
Monday, 05/12/2016 13:10

Philippe Fierens (Oracle ACE)
Co-presenter(s):
Bjoern Rost (Oracle ACE Director)
Marcel Hofstetter (Oracle ACE Associate)


Increase Efficiency of Solaris Operations & Hardware Life Cycle
Monday, 05/12/2016 14:10

Marcel Hofstetter (Oracle ACE Associate)


Oracle SPARC M7 & In-Memory Deep Dive
Wednesday, 07/12/2016 11:30

Kamil Stawiarski (Oracle ACE)


See you in Birmingham!

My Favorite Oracle Solaris Sessions at #doag2016 Conference in Nuremberg

The German Oracle User Group (DOAG) Conference is the largest Oracle Conferene in Europe.
Taking place each Year in Mid November.

Here the links to my favorite Solaris Sessions, Wednesday, 16.11.

11:00 Room Stockholm Oracle Solaris 11 Zonen - Spezialitäten
          Marcel Hofstetter

12:00 Room Budapest Less Known Features of Solaris
          Jörg Möllenkamp

13:00 Room Stockholm Oracle Solaris - The Next Generation
          Joost Pronk & Franz Haberhauer

16:00 RoomStockholm End to End Diagnostics with Oracle Solaris Observability
          Eve Kleinknecht

See you in Nuremberg