Recent Solaris Innovations

StarOffice

StarOffice is a complete office productivity suite, including integrated word processing, spreadsheet, database, presentation, formula rendering, image processing, and web page design applications. A big advantage is the capability to import existing documents from office packages distributed by other vendors (including Microsoft Office products). The interoperability between StarOffice and competing products is also reflected in the cross-platform implementation of the product. In addition to running on Solaris, it is also available for OS/2, Linux, and Microsoft Windows computers. Reflecting its European roots, StarOffice natively supports many different languages, including Dutch, English, French, German, Italian, Portuguese, Spanish, and Swedish.

Creating a new StarBase database is easy: Just select the appropriate option from the menu, and a Database Design Wizard appears. Using a wizard makes creating a database very easy for novice users, and although the StarOffice database is not an industrial strength server, it is perfectly adequate for routine administrative tasks such as creating customer contact and product description tables.

StarOffice has some advantages over competing products. For example, it has the capability to render quite complex formulas through an innovative formula painter. You can simply select the appropriate function and enter the appropriate arguments. In addition, you can combine more than one predicate to form complex expressions. For example, you can construct a combined cubic root and exponential function expression in just a few keystrokes.

StarOffice also has the capability to design and publish web pages as new documents or to export existing documents. In fact, you can create an entire site by using the wizards that are supplied as part of the HTML editing package. The first web site wizard screen demonstrates the wide variety of templates available through the program.

Although StarOffice comes with complete online documentation and help, you can find further information regarding StarOffice at the StarOffice web center ( http://www.sun.com/staroffice ).

Mobile Computing

The Solaris Operating Environment includes a number of enhancements to the common desktop environment (CDE). Personal digital assistant (PDA) support synchronizes data (using PDASync) from most Palm computing devices with the CDE textpad, calendar, mail, and address book. This enables Palm users to transfer data seamlessly between the desktop and the palmtop, previously a feature of traditionally desktop-oriented operating systems. PDASync is based around 3Com s HotSync technology, making synchronization possible with a single click.

Sun has also released the K Java Virtual Machine (KVM), which will allow Java developers on Solaris to easily port their Java 2 applications to mobile computing platforms, including Palm. The KVM forms part of the Java 2 Micro Edition suite, and has a small memory and disk footprint (that is, less than 128K RAM). For further information regarding interoperability between Solaris and mobile computing devices using Java, see the KVM home page at http://java.sun.com/products/kvm/ .

PC Support

Although Solaris 8 was coreleased for SPARC and Intel platforms at the same time, Sun has indicated that Solaris 9 for SPARC will be released on a different schedule than Solaris 9 for Intel. Thus, Intel users may need to wait before they can upgrade from Solaris 8 to Solaris 9. However, PC networks that require a reliable server system for web, database, file, and application serving can make use of proven Solaris reliability and high availability by using Solaris 9 on a SPARC server. In addition, Solaris for Intel provides a cost-effective alternative to SPARC hardware, and can act as a drop-in replacement for other server operating systems that also use Intel hardware. For example, the Samba software running on a Solaris server provides many key networking services to PCs, which are normally provided by NT server systems. These services include the following:

• Primary and backup domain control, enabling centralized sharing of user and resource database for department- sized workgroups

• Security and authentication using security identifiers for generating genuinely unique accounts

• Support for legacy networking protocols, such as NetBIOS, and naming services such as WINS

• NT file and print services

With the reliability and scalability of Solaris providing these basic network services for existing PC networks, many organizations are centralizing their server software around Solaris, because the same server can provide Samba services to PCs while performing other tasks (such as database serving).

There are several good reasons for using Solaris 9 as a server platform for PCs. First, viruses written for a PC platform are both physically and logically ineffective against Solaris, because the compiled code base is different for both operating systems. In addition, even if the same code base was shared (for example, a rogue Java application executed from a remote shell), the Solaris authentication and identification system does not permit unprivileged users to write to system areas, preventing any malicious damage from occurring to the server. Second, Solaris provides packet-filtering technology that prevents network intruders from browsing internal networks, whereas PCs may freely broadcast and exchange information between each other.

One of the most exciting innovations in the new collaborative technology that accompanies Solaris 9 is WebNFS, literally network file serving through the Web. WebNFS provides a standard file system for the World Wide Web, making it easy for users within the same building, or across the globe, to exchange data in a secure way, using industry standard clients. In fact, existing applications can be webified by gaining access to virtual remote file systems, by using an extension of Sun s original NFS system.

Clustering Technology

Increased performance is often gained by the use of hardware redundancy, which can be achieved on a file system-by-file system basis, by using a software solution, such as DiskSuite, or a hardware-based solution, such as an A1000 or T3 RAID appliance. This allows partitions to be actively mirrored so that in the event of a hardware failure, you can rapidly resume service restore missing data.

This approach is fine for single-server systems that do not require close to 100-percent uptime. However, for mission-critical applications, where the integrity of the whole server is at stake, it makes sense to invest in clustering technology. Quite simply, clusters are what the name suggests ”groups of similar servers (or nodes ) that have similar function, and that share responsibility for providing system and application services. Clustering is commonly found in the financial world, where downtime is measured in hundreds of thousands of dollars, and not in minutes. Large organizations need to undertake a cost-benefit analysis to determine whether clustering is an effective technology for their needs. However, Sun has made the transition to clustering easier by integrating the Cluster product with Solaris 9.

Solaris 9 ships with Cluster 3.0, which features a clustered virtual file system, and cluster-wide load balancing. For more information on introducing clustering technology using Sun Cluster 3.0, see Paul Korzeniowski s technical article at http://www.sun.com/clusters/article/ .

lxrun

One of the advantages of Solaris for Intel over its SPARC companion is the greater interoperability between computers based on Intel architectures. This means that there is greater potential for cooperation between Linux, operating on Intel, and Solaris, also operating on Intel. This potential has been realized recently with the efforts of Steve Ginzburg and Solaris engineers , who developed lxrun , which remaps system calls embedded in Linux software binaries to those appropriate for the Solaris environment. This means that Linux binaries can run without recompilation or modification on Solaris. In some ways, lxrun is like the Java Virtual Machine in that Linux applications execute through a layer that separates the application from the operating system. This means that your favorite Linux applications are now directly available through Solaris, including the following:

• KDE

• Gnome

• WordPerfect 7 and 8

• Applix

• Quake 2

• GIMP

For more information on lxrun , see its home page at http://www.ugcs.caltech.edu/~steven/lxrun/ .

Kerberos Version 5

Kerberos is the primary means of network authentication employed by many organizations to centralize authentication services. As a protocol, it is designed to provide strong authentication for client/server applications by using secret-key cryptography. Recall that Kerberos is designed to provide authentication to hosts inside and outside a firewall, as long as the appropriate realms have been created. The protocol requires a certificate granting and validation system based around tickets, which are distributed between clients and the server. A connection request from a client to a server takes a convoluted but secure route from a centralized authentication server before being forwarded to the target server. This ticket authorizes the client to request a specific service from a specific host, generally for a specific time period. A common analogy is a parking ticket machine that grants the drivers of motor vehicles permission to park on a particular street for one or two hours only.

Kerberos version 5 contains many enhancements over Kerberos version 4, including ticket renewal, removing some of the overhead involved in repetitive network requests . In addition, there is a pluggable authentication module, featuring support for RPC. The new version of Kerberos also provides both server- and user-level authentication, with a role-based access control feature that assigns access rights and permissions more stringently, ensuring system integrity. In addition to advances on the software front, Solaris 9 also provides integrated support for Kerberos and Smart card technology using the Open Card Framework (OCF) 1.1. More information concerning Kerberos is available from MIT at http://web.mit.edu/network/kerberos-form.html .

IPv6

IPv6, described in RFC 2471, is the replacement IP protocol for IPv4, which is currently deployed worldwide. The Internet relies on IP for negotiating many transport- related transactions on the Internet, including routing and the Domain Name Service. This means that host information is often stored locally (and inefficiently) at each network node. It is clearly important to establish a protocol that is more general in function, but more centralized for administration, and can deal with the expanding requirements of the Internet.

One of the growing areas of the Internet is obviously the number of hosts that need to be addressed; many subnets are already exhausted, and the situation is likely to get worse . In addition, every IP address needs to be manually allocated to each individual machine on the Internet, which makes the use of addresses within a subnet sparse and less than optimal. Clearly, there is a need for a degree of centralization when organizing IP addresses that can be handled through local administration, and through protocols like Dynamic Host Configuration Protocol (DHCP). However, one of the key improvements of IPv6 over IPv4 is its autoconfiguration capability, which makes it easier to configure entire subnets and to renumber existing hosts. In addition, security is now included at the IP level, making host-to-host authentication more efficient and reliable, even allowing for data encryption.

One way that this is achieved is by authentication header extensions: this allows a target host to determine whether a packet actually originates from a source host. This prevents common attacks, such as IP spoofing and denial of service, and reduces reliance on a third-party firewall by locking in security at the packet level. Tools are also included with Solaris 9 to assist with IPv4 to IPv6 migration.