A) Webcast 3rd Thursday Tech Talk: Solaris Continuous Innovation: Modernize without the Risk
16. November 2017
Speaker: Scott Lynn
B) DOAG Konferenz und Ausstellung - Yearly Conference, Nuremberg (Germany)
21 - 24 November 2017
Speakers: Thomas Nau, Joost Pronk, Jan Brosowski, Manfred Drozd, Christophe Brune, Malthe Griesel, Elke Freymann, Michael Färber, Marcel Hofstetter
C) Oracle Power of Solaris Sponsored by Fujitsu, Rome (Italy)
28. November 2017
D) Oracle SPARC / Solaris Users Group Summit, Solna (Sweden)
1. December 2017
Speakers: Bill Nesheim, Martin De Jong, Wissam Moussa, Sergey Kalmykov, Niclas Fredsberg, Juha Hellman
E) UKOUG Tech 17 - Yearly Conference, Birmingham (UK)
4-6 December 2017
Speakers: Stefan Hinker, Marcel Hofstetter
F) Oracle Systems Summit 2017 - Mit Sicherheit in die Zukunft!
28.11. München, Germany
Speaker: Thomas Herrguth, Ralf Zenses, Detlef Drewanz, Jörg Meiners, Jan Brosowski
5.12. Köln, Germany
Speaker: Thomas Herrguth, Ralf Zenses, Detlef Drewanz, Jörg Meiners, Jan Brosowski
6.12. Frankfurt, Germany
Speaker: Thomas Herrguth, Ralf Zenses, Detlef Drewanz, Jörg Meiners, Jan Brosowski
14.12. Zürich, Switzerland
Speaker: Stefano Amato, Ralf Zenses, Detlef Drewanz, Jörg Meiners, Jan Brosowski, Marcel Hofstetter
30 October 2017
24 September 2017
New Oracle SPARC M8 CPU and T8/M8 Servers
On September 18th 2017
Oracle announced the Next-Generation SPARC Processor and Servers.
The full webcast is
available at
SPARC M8 CPU
The SPARC M8 chip has
32-cores running at 5.0 GHz, with 8 threads per core a total of 256
threads per processor. The L1 cache with 32KB is double the size of
the previous SPARC M7 chip.
Each of the 32 cores now
includes an Oracle Database Number unit to accelerate Oracle Numbers
arithmetic performance. SHA-3 was added to the many crypto ciphers
supported by the cores.
Performance improvements
compared to the SPARC M7
- Single-Thread 1,5x
- CPU Frequency +21%
- Memory Bandwidth +16%
- Memory Access +6%
- Single-Thread 1,5x
- CPU Frequency +21%
- Memory Bandwidth +16%
- Memory Access +6%
SPARC Servers with the SPARC M8 CPU
There are 5 Servers using
the new SPARC M8 processor: SPARC T8-1, T8-2, T8-4, M8-8 and
SuperCluster M8. The Servers require Solaris 11.3 SRU24 or later.
Solaris 10 1/13 with latest patches is also supported to run inside
Logical Domains.
Oracle Solaris 11.4
The new Solaris 11.4 release is planned for Fall 2018.
Oracle repeated to support Solaris 11 at least to 2034.
The new Solaris 11.4 release is planned for Fall 2018.
Oracle repeated to support Solaris 11 at least to 2034.
SPARC M8 Benchmark Links
Oracle SPARC M8 for SAS - Vertical Scaling for Secure, Rapid, Agile Environments
21 June 2017
SPARC M12 and S7 CPU comparison using SLOB
Fujitsu SPARC M12
Server
Fujitsu recently
announced new SPARC M12 Servers using the SPARC64-XII CPU. This
systems hold several performance world records. Check out details at http://www.fujitsu.com/global/products/computing/servers/unix/sparc/key-reports/benchmarks/
But how
does this CPU and system scale and how is the performance compared to our own Oracle SPARC
S7 Server?
SLOB DB Benchmark
To compare the two systems I setup a SLOB (Silly Little Oracle DB Benchmark) environment.
The SLOB benchmark
executes 500'000 SQL select statements (SLOB Ops). The SGA is 20GB is size to make sure
all data is in the Database Cache and no physical I/O is required. This way we
measure CPU, Memory, OS and DB Performance.
SLOB
results
The 12-core SPARC64-XII scales very well. Using 96 parallel readers we reach 78'000 SLOB OPS per second per socket. This is 2x the SLOB OPS compared to the 8-core SPARC-S7 CPU.
The 12-core SPARC64-XII scales very well. Using 96 parallel readers we reach 78'000 SLOB OPS per second per socket. This is 2x the SLOB OPS compared to the 8-core SPARC-S7 CPU.
Calculating the performance down to 1 core, we see a peak of 6500
SLOB OPS per second per core on the M12 and 5000 SLOB OPS per second per
core on the S7. A M12 core outperforms the S7 core by 30%. On the S7 we see better results if only 1 single reader is executed.
Technical
details
To make sure we compare oranges with oranges,
the same setup was used on both servers.
A Logical Domain was created using 48GB RAM and 1 socket assigned to it.
Solaris 11.3 SRU19 / Oracle DB 12c DATABASE BUNDLE PATCH: 12.1.0.2.170418 (25397136)
A Logical Domain was created using 48GB RAM and 1 socket assigned to it.
Solaris 11.3 SRU19 / Oracle DB 12c DATABASE BUNDLE PATCH: 12.1.0.2.170418 (25397136)
We used a SPARC S7-2 (4.267 Ghz) and a SPARC M12-2S (4.25 Ghz).
22 May 2017
Is my Server Secure? Use the Solaris 11 Compliance Tool
Security Compliance
IT Security is more important than ever. Make sure your systems are up-to-date.
Don't run Services you don't need. Use strong passwords. Protect your files.
Security Compliance checking helps to detect weak and modified configuration.
Solaris 11.3 contains the 'compliance' tool. Using this tool you can create reports against 3 prepared Security Levels.
1. Oracle Solaris Security Benchmark: Baseline
Matches basically a Secure By Default Installation
2. Oracle Solaris Security Benchmark: Recommended
Adds Recommended Checks
3. PCI-DSS
Payment Card Industry - Data Security Standard
The Solaris compliance tool creates easy to understand HTML reports.
It even supports customization for individual machines where individual checks may be enabled or disabled if required.
Use this Blog as an introduction with a few examples. You need to invest more time to reach a completely secure system.
Solaris 11 Compliance Samples
To check against the Solaris Baseline Benchmark run the following command on your system:
# compliance assess -b solaris
Check the HTML report
# compliance report
/var/share/compliance/assessments/solaris.Baseline.2017-05-22,10:32/report.html
The HTML report lists the checks in detail including a description how to fix failed checks. On a newly installed system there may be a few failed checks. If you don't use Kerberos you can disable the services to make sure the checks pass.
# svcadm disable svc:/network/nfs/fedfs-client:default
# svcadm disable svc:/network/rpc/gss:default
Next we check against the Solaris Recommended Profile
# compliance assess -b solaris -p Recommended
# compliance report -f log/var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log# grep fail /var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log | wc -l
26
To fulfill the Recommended Profile lots of configuration changes would be needed. As a first step we create now an own benchmark, based on the Solaris Baseline, but we add a few additional checks.
If you deploy services, checks like this one may report failed:
OSC-73505 / ssh(1) is the only service binding a listener to non-loopback addresses
On a Solaris Zone I run a Solaris IPS Repository. We create an own tailored benchmark where
this check is disabled.
# compliance tailor -t solaris_jomasoft set benchmark=solaris
# compliance tailor -t solaris_jomasoft set profile=Baseline
# compliance tailor -t solaris_jomasoft exclude OSC-73505 # ssh(1) is the only service binding a listener to non-loopback
Then we add our Password Rules
# compliance tailor -t solaris_jomasoft include OSC-49500 # Passwords require at least 1 upper-case characters
# compliance tailor -t solaris_jomasoft include OSC-47500 # Passwords require at least 1 digits
Change values of existing Checks
# compliance tailor -t solaris_jomasoft value OSCV-46000=8 # Passwords must be at least 8 characters long
# compliance tailor -t solaris_jomasoft value OSCV-48000=1 # Passwords must have at least 1 lower-case characters
# compliance tailor -t solaris_jomasoft value OSCV-49000=1 # Passwords must have at least 1 special characters
Additional Checks
# compliance tailor -t solaris_jomasoft include OSC-93005 # User home directories have appropriate permissions
# compliance tailor -t solaris_jomasoft include OSC-92505 # User home directory ownership is correct
Now we run against our own tailored Benchmark:
# compliance assess -t solaris_jomasoft
A Compliance Report for PCI-DSS is created with
# compliance assess -b pci-dss
To reach PCI-DSS compliance there is some configuration work required.
# compliance report -f log
/var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log
# grep fail /var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log | wc -l
29
Find all details in the Oracle Solaris 11.3 Compliance Guide (PDF)
https://docs.oracle.com/cd/E53394_01/pdf/E54817.pdf
Run your benchmark regularly to detect changes by Administrators and Applications.
IT Security is more important than ever. Make sure your systems are up-to-date.
Don't run Services you don't need. Use strong passwords. Protect your files.
Security Compliance checking helps to detect weak and modified configuration.
Solaris 11.3 contains the 'compliance' tool. Using this tool you can create reports against 3 prepared Security Levels.
1. Oracle Solaris Security Benchmark: Baseline
Matches basically a Secure By Default Installation
2. Oracle Solaris Security Benchmark: Recommended
Adds Recommended Checks
3. PCI-DSS
Payment Card Industry - Data Security Standard
The Solaris compliance tool creates easy to understand HTML reports.
It even supports customization for individual machines where individual checks may be enabled or disabled if required.
Use this Blog as an introduction with a few examples. You need to invest more time to reach a completely secure system.
Solaris 11 Compliance Samples
To check against the Solaris Baseline Benchmark run the following command on your system:
# compliance assess -b solaris
Check the HTML report
# compliance report
/var/share/compliance/assessments/solaris.Baseline.2017-05-22,10:32/report.html
The HTML report lists the checks in detail including a description how to fix failed checks. On a newly installed system there may be a few failed checks. If you don't use Kerberos you can disable the services to make sure the checks pass.
# svcadm disable svc:/network/nfs/fedfs-client:default
# svcadm disable svc:/network/rpc/gss:default
Next we check against the Solaris Recommended Profile
# compliance assess -b solaris -p Recommended
# compliance report -f log/var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log# grep fail /var/share/compliance/assessments/solaris.Recommended.2017-05-22,17:18/log | wc -l
26
To fulfill the Recommended Profile lots of configuration changes would be needed. As a first step we create now an own benchmark, based on the Solaris Baseline, but we add a few additional checks.
If you deploy services, checks like this one may report failed:
OSC-73505 / ssh(1) is the only service binding a listener to non-loopback addresses
On a Solaris Zone I run a Solaris IPS Repository. We create an own tailored benchmark where
this check is disabled.
# compliance tailor -t solaris_jomasoft set benchmark=solaris
# compliance tailor -t solaris_jomasoft set profile=Baseline
# compliance tailor -t solaris_jomasoft exclude OSC-73505 # ssh(1) is the only service binding a listener to non-loopback
Then we add our Password Rules
# compliance tailor -t solaris_jomasoft include OSC-49500 # Passwords require at least 1 upper-case characters
# compliance tailor -t solaris_jomasoft include OSC-47500 # Passwords require at least 1 digits
Change values of existing Checks
# compliance tailor -t solaris_jomasoft value OSCV-46000=8 # Passwords must be at least 8 characters long
# compliance tailor -t solaris_jomasoft value OSCV-48000=1 # Passwords must have at least 1 lower-case characters
# compliance tailor -t solaris_jomasoft value OSCV-49000=1 # Passwords must have at least 1 special characters
Additional Checks
# compliance tailor -t solaris_jomasoft include OSC-93005 # User home directories have appropriate permissions
# compliance tailor -t solaris_jomasoft include OSC-92505 # User home directory ownership is correct
Now we run against our own tailored Benchmark:
# compliance assess -t solaris_jomasoft
A Compliance Report for PCI-DSS is created with
# compliance assess -b pci-dss
To reach PCI-DSS compliance there is some configuration work required.
# compliance report -f log
/var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log
# grep fail /var/share/compliance/assessments/pci-dss.Solaris_PCI-DSS.2017-05-22,11:22/log | wc -l
29
Find all details in the Oracle Solaris 11.3 Compliance Guide (PDF)
https://docs.oracle.com/cd/E53394_01/pdf/E54817.pdf
Run your benchmark regularly to detect changes by Administrators and Applications.
07 April 2017
Is there a performance impact when using Solaris ZFS lz4 compression?
Starting with Solaris 11.3 ZFS supports lz4 compression. Lets verify the impact to performance if we enable lz4 compression with 2 concrete sample files.
First a zip file containing Solaris 11 SRU Updates and second a simple text logfile.
We disable the ZFS Cache to see the impact of I/O and compression
# zfs set primarycache=metadata v0123_db/source
# zfs set primarycache=metadata compressed/fs
# zfs set primarycache=metadata uncompressed/fs
Test 1 - zipped file
# time cp p25604852_1100_Solaris86-64_1of4.zip /uncompressed
real 1m27.571s
user 0m0.002s
sys 0m4.361s
-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME PROPERTY VALUE SOURCE
uncompressed/fs compression off inherited from uncompressed
uncompressed/fs compressratio 1.00x -
uncompressed/fs used 1.35G -
# time cp p25604852_1100_Solaris86-64_1of4.zip /compressed
real 1m27.427s
user 0m0.002s
sys 0m4.408s
-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME PROPERTY VALUE SOURCE
compressed/fs compression lz4 inherited from compressed
compressed/fs compressratio 1.00x -
compressed/fs used 1.34G -
We see the same duration, no performance loss and because the file is zipped
nearly no space savings.
Test 2 - Log file with Text
# time cp framework.log /uncompressed/
real 0m24.608s
user 0m0.001s
sys 0m1.241s
-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME PROPERTY VALUE SOURCE
uncompressed/fs compression off inherited from uncompressed
uncompressed/fs compressratio 1.00x -
uncompressed/fs used 390M -
# time cp framework.log /compressed/
real 0m24.495s
user 0m0.001s
sys 0m1.260s
-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME PROPERTY VALUE SOURCE
compressed/fs compression lz4 inherited from compressed
compressed/fs compressratio 6.37x -
compressed/fs used 61.4M -
Good compression (6x). We save 330MB of disk space here.
No impact to duration. The SPARC S7 core is fast enough.
And now Read Performance
# time cp /compressed/framework.log /tmp; time cp /uncompressed/framework.log /tmp
real 0m17.415s
user 0m0.001s
sys 0m1.354s
real 0m24.479s
user 0m0.001s
sys 0m1.389s
Better results from compressed filesystem. CPU decompression is faster than doing I/O. Need to read 6x the data from uncompressed zfs filesystem.
Summary
With above samples we don't see negative impact when enabling lz4 compression. If you use compressable text files you save lots of disk space while gaining read performance. We start using lz4 on our ZPOOLs by default now.
First a zip file containing Solaris 11 SRU Updates and second a simple text logfile.
We disable the ZFS Cache to see the impact of I/O and compression
# zfs set primarycache=metadata v0123_db/source
# zfs set primarycache=metadata compressed/fs
# zfs set primarycache=metadata uncompressed/fs
Test 1 - zipped file
# time cp p25604852_1100_Solaris86-64_1of4.zip /uncompressed
real 1m27.571s
user 0m0.002s
sys 0m4.361s
-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME PROPERTY VALUE SOURCE
uncompressed/fs compression off inherited from uncompressed
uncompressed/fs compressratio 1.00x -
uncompressed/fs used 1.35G -
# time cp p25604852_1100_Solaris86-64_1of4.zip /compressed
real 1m27.427s
user 0m0.002s
sys 0m4.408s
-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME PROPERTY VALUE SOURCE
compressed/fs compression lz4 inherited from compressed
compressed/fs compressratio 1.00x -
compressed/fs used 1.34G -
We see the same duration, no performance loss and because the file is zipped
nearly no space savings.
Test 2 - Log file with Text
# time cp framework.log /uncompressed/
real 0m24.608s
user 0m0.001s
sys 0m1.241s
-bash-4.4$ zfs get compression,compressratio,used uncompressed/fs
NAME PROPERTY VALUE SOURCE
uncompressed/fs compression off inherited from uncompressed
uncompressed/fs compressratio 1.00x -
uncompressed/fs used 390M -
# time cp framework.log /compressed/
real 0m24.495s
user 0m0.001s
sys 0m1.260s
-bash-4.4$ zfs get compression,compressratio,used compressed/fs
NAME PROPERTY VALUE SOURCE
compressed/fs compression lz4 inherited from compressed
compressed/fs compressratio 6.37x -
compressed/fs used 61.4M -
Good compression (6x). We save 330MB of disk space here.
No impact to duration. The SPARC S7 core is fast enough.
And now Read Performance
# time cp /compressed/framework.log /tmp; time cp /uncompressed/framework.log /tmp
real 0m17.415s
user 0m0.001s
sys 0m1.354s
real 0m24.479s
user 0m0.001s
sys 0m1.389s
Better results from compressed filesystem. CPU decompression is faster than doing I/O. Need to read 6x the data from uncompressed zfs filesystem.
Summary
With above samples we don't see negative impact when enabling lz4 compression. If you use compressable text files you save lots of disk space while gaining read performance. We start using lz4 on our ZPOOLs by default now.
04 February 2017
18 January 2017
Oracle published a new SPARC/Solaris Roadmap till 2021
Next Solaris 11 Update probably this year.
http://www.oracle.com/us/products/servers-storage/servers/sparc/oracle-sparc/sparc-roadmap-slide-2076743.pdf
http://www.oracle.com/us/products/servers-storage/servers/sparc/oracle-sparc/sparc-roadmap-slide-2076743.pdf
Subscribe to:
Posts (Atom)