oracle solaris overview
TRANSCRIPT
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidential– Internal/Restricted/HighlyRestricted
SolarisOverview
MarkusFlierlVicePresidentOracleSolaris
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SafeHarborStatementThefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.
OracleConfidential– InternalHighlyRestricted 3
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
LeverageAcrossthePortfolio
StorageProducts EngineeredSystems ServersOracleCloudSoftwareinSilicon/
Solaris
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SecurityInSilicon:SiliconSecuredMemory
Applications Memory
Pointer“Y”
Pointer“R”GO
Pointer“B”GO
• Protectsdatainmemory• Hidden“color”bitsaddedtopointers (key),andcontent(lock)
• Pointercolor(key)mustmatchcontentcolororprogramisaborted
• Setonmemoryallocation,changedonmemoryfree’
• Protectsagainstaccessoffendofstructure,stalepointer accessandmaliciousattacks
M7Processor
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SiliconSecuredMemoryProtectionFromReadandWriteAttacksACoupleofFamousExamples:Heartbleed&Venom
BufferOver-ReadAttack BufferOver-WriteAttack
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
• MemoryaccessvulnerabilityintheopensourceQuickEmulatorhypervisor(QEMU)
• MaliciouscodeinVMexecutescodeinhypervisorsecuritycontext.
• CodeescapestheguestVMtocontroltheentirehost
• Causedbybufferover-write,allowingdatatobestoredbeyondallocatedmemory
ExampleVenom-TypeVulnerability
7
HostSystem
SalesserverVM
DBserverVM
WebserverVM
VMHypervisor
HostHardware
HackerexploitsVENOMtoescapeVM
VENOMexecutesinstructionsin
hypervisorandgainscontrolofhost
hardware
Venomescape
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
• MemoryaccessvulnerabilityintheopensourceQuickEmulatorhypervisor(QEMU)
• MaliciouscodeinVMexecutescodeinhypervisorsecuritycontext.
• CodeescapestheguestVMtocontroltheentirehost
• Causedbybufferover-write,allowingdatatobestoredbeyondallocatedmemory
PreventsVenom-TypeVulnerability
8
HostSystem
SalesserverVM
DBserverVM
WebserverVM
VMHypervisor
HostHardware
HackerexploitsVENOMtoescapeVM
M7ProcessorwithSSMpreventsQEMUdriverover-writeStop!
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SecureSoftwareMadeSimple– ACaseStudyWeFindBugsForYou
• Largeenterpriseappwithmemoryintensiveprocessing– 4 crossplatformbugstaggedin2days– 180xfasterbugidentification
• Othermemoryvalidationtool:3hours• SSMandDiscovertool:1minute
Integrated.Simple.Fast.
SiliconSecuredMemory
OracleSolarisStudio
+
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
M7QueryAcceleratorEngine
• 32In-SiliconOffloadEngines• Cores/ThreadsOperateSynchronousorAsynchronoustoOffloadEngines
• UserLevelSynchronizationThroughSharedMemory
• HighPerformanceatLowPower
• 3xmoreMemoryBandwidththanx86
Decompress
Unpack/Alignment
Scan,Filter,Join
ResultFormat/Encode
DataInputQueues
LocalSRAM
Decompress
Unpack/Alignment
ResultFormat/Encode
Decompress
Unpack/Alignment
ResultFormat/Encode
Decompress
Unpack/Alignment
ResultFormat/Encode
DataOutputQueuesM7QueryEngine(1of32)
On-ChipNetwork
DataInputQueues
DataOutputQueues
On-ChipNetwork
On-ChipNetwork
On-ChipNetwork
Scan,Filter,Join
Scan,Filter,Join
Scan,Filter,Join
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
MuchFasterEnd-To-EndEncryption
11
M7AdvantageIncreasesonHighestSecurityCiphers
OracleM732cores
IBMPower86cores
IntelX86E5v318cores
AES 128-CBC: PopularforCloud,DB
83GB/s
22GB/s
8GB/s
4XFastervs.X86
11XFastervs.IBMPower
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
MuchFasterEnd-To-EndEncryption
12
M7AdvantageIncreasesonHighestSecurityCiphers
OracleM732cores
IBMPower86cores
IntelX86E5v318cores
4XFastervs.X86
11XFastervs.IBMPower
AES 128-CBC: PopularforCloud,DB
OracleM732cores
IBMPower7+8cores
IntelX86E5v318cores SHA 512-1024:ImportantforBankingOperations
83GB/s
22GB/s
8GB/s
84GB/s
4.7GB/s
1.4GB/s
18XFastervs.X86
60XFastervs.IBMPower
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
QueryAcceleration:NotJustSimplyQueries
• Real-worldEnterpriseanalyticsaccelerated– Hardwareforcommonrangecomparisons– “Howmanybetweenstart-dateandend-date?”
• Thefollowingqueryrunsentirelyinsilicon
• Resultsplaceddirectlyinprocessorcache
13
SQL:SELECTcount(*)…WHERElo_orderdate =d_datekey…ANDlo_partkey =1059538ANDd_year_monthnum BETWEEN201311AND201312;
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
Performance:DecompressionwithinAccelerationEngines• Compressioniskeytoplacingmoredatain-memoryandinstorage
• Speedofdecompressionismostimportantfordatabase– readingtypicallyoutweighswriting
• Performanceofdecompressontoday’sprocessorsisfinefordiskaccess,slowforflash,hugebottleneckforin-memorydatabase
• Solution:Efficientcompressionalgorithmplusaccelerationenginesrunsdecompressatfullin-memorydatabasespeed,>120GB/sec– Equivalentto16decompressionPCIcards,64CPUcores
Process
Decompress
AccelerationEngine
In-MemoryDataStream
14
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
Decompressatmemoryspeed>120GB/secSQLInSilicon:AcceleratingOracleDatabase12c
15
Onestep10X
faster
DecompressMorethanDoubles datasize Read Software
scanRead Write
Write
Read
DAX
Write
Multiplesteps
SQL:SELECTcount(*)…WHERElo_orderdate =d_datekey…ANDlo_partkey =1059538ANDd_year_monthnum BETWEEN201311AND201312;
t
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
WithOracleM7YouCanRunBothAnalyticsandOLTPSoftwareinSiliconEfficiencyforIn-Memory
Analytics OLTP
Running1TBDatabasecompressedinto120GBofmemory
Analytics
OLTP
Analytics
Analytics
AnalyticsOracleT7-1
1chip,32cores
5xLatestGenerationHPDL38010chips,180cores
RHEL
Solaris
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
Image
M7Solaris11.3Database12c
SpeedIncreaseswithDiversityofDataM7+Database12c In-MemoryFasterThanFlash
Faster83XQueries
perHour
In-Memory+SWiS
FlashLUN
3000
2500
2000
1500
1000
500
0
SingleQueryExecutionwithDOP=32
Productcatalogofmajoron-lineretailerwithlargenumberofparts
“Howmanyuniqueproducts instock?”Query:
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
Image
OneBillionRowsFilteredAndFoldedIntoCubeApacheSparkwithSoftware-in-Silicon
Faster6X
WithM7In-memoryAnalyticsAccelerator
WithoutM7In-memoryAnalyticsAccelerator
38seconds
6seconds
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
FullyIntegratedtoLowerLatency,Power,andCostforScale-Out
Sonoma
19
Scale-Up
Scale-OutPCIeGen3Interfaces
DDR4Interfaces
DDR4Interfaces
InfiniBand
M7
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
✓ SecureandCompliant✓ Simple✓ Efficient✓ Open✓ Affordable
YourEnterpriseCloud
OracleSolaris11.3– Security.Speed.Simplicity.
20
YOURAPP
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
OracleSolaris
Immutable Guest
#
Immutable Guest
Firewall
• Lockeddownhypervisorandguests• Stopmalwarebeforeitgetsin• Preventadministratormistakes• Updateandpatchbutunwritablebyusers,applications,orhackers
• Simpleon/offwithreadymadesecuritylevels
21
ProtectsHypervisorandGuestEnvironments
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
EliminatesVulnerabilityDuringLiveMigration
• Encryptionbydefault• Noperformanceimpacthardwarecryptographicoffload
• AccessviaRESTful APIs*
22
OracleSolaris OracleSolaris
SolarisZoneSolarisZoneSolarisZoneSolarisZone
*Availablesoon
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
YOURAPP
Simple,SecureCloudScaleDeploymentandComplianceFromDevelopmenttoProduction
23
Securedeployment
SetCompliancePolicy
ComplianceAudit
CreateyourapplicationVMs
1-stepsecureimagecreation
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SimpleComplianceReporting
24
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.| 25
SecureOpenStack-BasedIaaS• Secureservices
– Minimumprivileges
• DataatRest– ZFSEncryption
• DatainMotion– SecureMigration
• Network– DatalinkProtection
• Application– ReadonlyVM
OracleSolaris OracleSolarisOracleSolaris
Zone Zone
Zone Zone
Zone
Zone
Zone
Zone
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
BenefitsofRunningOpenStack onOracleSolaris
• Engineeredforsecurityandcompliance–Minimalprivilegesforcloudservices– Lockdowninfrastructurewithimmutability
• Assuredreliabilityandscale– Automaticservicerestartandnodedependencies
– Guaranteeddataintegrity
• Seamlessupgrade,instantroll-back
OS.Virtualization.SDN.OpenStack.Complete.
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
OracleOpenStackforOracleSolaris
27
Zones&KernelZones
NovaComputeVirtualization
ElasticVirtualSwitch
NeutronCloudNetworking
ZFSFileSystem
Cinder/SwiftCloudStorage
GlanceImageDeployment
UnifiedArchives
HeatOrchestration
UnifiedArchives
IronicBareMetalDeploymentSPARC/x86
Murano*ApplicationDeploymentOracleDatabaseand
FusionMiddleware
HorizonCloudManagement
*AvailablepostOracleSolaris11.3
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
DevOps fortheEnterprise
28
ContinuousDeploymentContinuousIntegration
• CorrelationofappandHWinteractions,DTrace
• MemoryprotectioninHW• Optimized, remoteIDE
AgileDevelopment
• Richperformancemonitoring tool• Scalable
• Secure
• Multi-levelfault-tolerant
YOURAPP
YOURAPP
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
DevOps fortheEnterprise
AgileDevelopment Continuous Integration Continuous Deployment
MonitoringandMeasurement
29
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
CPU
Full MT-hot kernel, scales to 100s of cores and 1,000s of HW threadsSupport for Critical Threads features in T4 chip5x performance improvement of high-resolution timerMulti-processing and multi-threading support for Oracle DBMulti-CPU binding for NUMA-aware interrupt distributionMulti CPU binding for pools
Memory
Large Page supportOptimized Shared Memory (OSM)NUMA I/O FrameworkFast DB RestartLatency-aware kernel memory allocator (x86, SPARC)Re-architecture of Virtual Memory sub-system (VM 2)Userland Fast-Memory Registration and Shared Protection DomainRead-only access to In-Memory Columnar DataIn-Memory time stampsUp to 20x faster SGA fill times with VM2 and OSM integrationMemory reservation pools
File System Userland file system for DB, Oracle File Server support
I/OSupport for low-latency Infiniband: RDSv3, SDPDirect I/O with concurrent writesNetwork Resource Management for RDSv3, Prioritized flows for TCP/IPIB I/O Resiliency
ExamplesofOptimizationsforOracleDBTheTipoftheIceberg
Key:Solaris11.2NewinSolaris11.3
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
ObservabilityEnhanced observability for segmentation faultsRead-out of libdtrace by Oracle 12cFine-grain IB performance stats for RDSv3 and OFUV
Reliability and AvailabilityDynamic reconfiguration notifications for DB for resources rebalancingFMA callback for bad hardwareAlternative Path Migration (APM) fail-over for RDSv3Hot add and remove of IB HCA
Performance
Improved PGA performance2x faster DB Start and StopKernel lock acceleration for Oracle RACSR-IOV support for OVM SPARCExafusion
Multi-tenancy Zones: Secure isolation, lowest latency virtualization; Kernel ZonesPDBs: Reservation of multiple virtual address spaces
Security Transparent crypto off-load for SPARC and x86; Immutable kernel and global zones
ExamplesofOptimizationsforOracleDBTheTipoftheIceberg
Key:Solaris11.2NewinSolaris11.3
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.|
• SPARCM76.8xfasterthanIBMPower8(6c)perchip– SPARCM7is28%fasterpercorethanPower8
• SPARCM72.8xfasterthanE5v3perchip• SPARCM7is56%fasterpercorethanE5v3
0
1
2
3
4
5
6
Per-Chip
Mtp
mOLTP
SPARCM7vstheCompetition
Power8(6core) x86E5v3 SPARCM7
OracleSPARCM7BeatstheCompetitionWorldRecordOLTPDatabasePerformance
32
6.8xFa
ster
2.8xFa
ster
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
Virtual Memory Management Optimized for Oracle DB
33
12 12 16 29 69 16681 155305
609
1221
3122
0
500
1000
1500
2000
2500
3000
3500
128GB 256GB 512GB 1T 2T 5T
SecondstoFullA
llocation
SGASize
TimetoFullSGAAllocationOracleSolaris11.3,2Mpages RHEL7.0,2mpages
- NewVirtualMemorysystemoptimizedforOracleDB:- Scalableto100sofTBofDBRAM
- FasterSGAallocationandshutdown
- DynamicResizingofSGA
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
OracleOpenStackDatabaseCloud
• Simplifiedsupportthroughend-to-endOracleOpenStack solution:–OracleDB,compute,networkingandstorage
• Enterprise-classDBaaS• Zerooverheadvirtualization• 10xfasterself-provisioningofDBs
34
Solaris Solaris
OracleES-1
OracleZS-3storage
OracleCompute
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
0.731.340.00
0.30
0.26
0.16
0.00
0.47
0.00
0.22
0.28
1.14
0.11
0.45
0.01
1.36
0.00
1.00
2.00
3.00
4.00
5.00
6.00
T7-1 DL580Gen9
Virtualization"performancetax"
3rdPartyAppServer
3rdPartyAppServer
Hw/Virt/OSAcqu.+3-yrSupport
Virtualization3-yearSupport
OS3-yearSupport
Server3-yearSupport
ServerVirtualizationAcquisition
ServerAcquisition
1.40
5.44
USD/crit.jOps*
1.40
5.44
ComparisonofTCAT7-1andHPDL580
*BasedonSPECjbb2015
0.731.340.00
0.30
0.26
0.16
0.00
0.47
0.00
0.22
0.28
1.14
0.11
0.45
0.01
1.36
0.00
1.00
2.00
3.00
4.00
5.00
6.00
T7-1 DL580Gen9
Virtualization"performancetax"
3rdPartyAppServer
3rdPartyAppServer
Hw/Virt/OSAcqu.+3-yrSupport
Virtualization3-yearSupport
OS3-yearSupport
Server3-yearSupport
ServerVirtualizationAcquisition
ServerAcquisition
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
SuperCluster CustomerOverviewDeploymentsbyOriginating/CompetingPlatform
• IBMReplacement• FinancialtradingapplicationandOracleDatabase11gR2
• 3xhigherthroughput• 4xhighertrades• 30x consolidationratio
• X86/LinuxReplacement• OracleE-BusinessSuiteandOracleDatabase11gR2
• 22xsystemconsolidation• 9x fasterdataoperations• Deploymentin 63days
Over 50% of customers are competitive take-outs or new Deployments
26%
18%47%
9%
HP
IBM
SPARC
New
Oracle
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
OracleSolaris11.3– KeyFeatures
• NewrepoforearlyaccesstoFOSS• Zones/KernelZones
• SecurelivemigrationforKernelZones• ZOSSoverNFS• PerformanceandNUMAenhancements• Livereconfigurationof I/O• IBsupport forKernelZones
• OpenStack• AutomatedOpenStack updates• Support forOrchestration(Heat)• Support forBareMetalProvisioning (Ironic)
• RAD– REST,Pythonbinding
• ZFS– LZ4compression• ApplicationDrivenSDN
• PVLANsupport
• SecurityandCompliance• Compliancepolicytailoring• Verifiedboot forkernelzones
• BestforOracle• FasterDBreboots (OSMIntegrationwithVM2)• OVNsupport
OracleConfidential – HighlyRestricted 37
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.|
RequiredBenchmarkDisclosureStatementMustbeinSPARCM7PresentationswithBenchmarkResults
•AdditionalInfo:http://blogs.oracle.com/bestperf•Copyright2015,Oracle&/oritsaffiliates.Allrightsreserved.Oracle&JavaareregisteredtrademarksofOracle&/oritsaffiliates.Other namesmaybetrademarksoftheirrespectiveowners
•SPECandthebenchmarknameSPECjEnterprise areregisteredtrademarksoftheStandardPerformanceEvaluationCorporation.Resultsfromwww.spec.org asof10/25/2015.SPARCT7-1,25,818.85SPECjEnterprise2010EjOPS (unsecure);SPARCT7-1,25,093.06SPECjEnterprise2010EjOPS (secure);OracleServer X5-2,21,504.30SPECjEnterprise2010EjOPS (unsecure);IBMPowerS824,22,543.34SPECjEnterprise2010EjOPS (unsecure);IBMx3650M5,19,282.14SPECjEnterprise2010EjOPS (unsecure).
•SPECandthebenchmarknameSPECvirt_sc areregisteredtrademarksoftheStandardPerformanceEvaluationCorporation.Resultsfromwww.spec.org asof10/25/2015.SPARCT7-2,SPECvirt_sc20133026@168VMs;HPDL580Gen9,SPECvirt_sc20133020@168VMs;Lenovox3850X6;SPECvirt_sc20132655@147VMs;HuaweiFusionServer RH2288HV3,SPECvirt_sc20131616@95VMs;HPProLiantDL360Gen9,SPECvirt_sc20131614@95VMs;IBMPowerS824,SPECvirt_sc20131371@79VMs.
•SPECandthebenchmarknamesSPECfp andSPECint areregisteredtrademarksoftheStandardPerformanceEvaluationCorporation.ResultsasofOctober25,2015fromwww.spec.org andthisreport.1chipresultsSPARC T7-1:1200SPECint_rate2006,1120SPECint_rate_base2006,832SPECfp_rate2006,801SPECfp_rate_base2006;SPARCT5-1B:489SPECint_rate2006,440SPECint_rate_base2006,369SPECfp_rate2006,350SPECfp_rate_base2006;FujitsuSPARCM10-4S:546SPECint_rate2006,479SPECint_rate_base2006,462SPECfp_rate2006,418SPECfp_rate_base2006.IBMPower710Express:289SPECint_rate2006,255SPECint_rate_base2006,248SPECfp_rate2006,229SPECfp_rate_base2006;FujitsuCELSIUSC740:715SPECint_rate2006,693SPECint_rate_base2006;NECExpress5800/R120f-1M:474SPECfp_rate2006,460SPECfp_rate_base2006.
•SPECandthebenchmarknameSPECOMPareregisteredtrademarksoftheStandardPerformanceEvaluationCorporation.Resultsas ofOctober25,2015fromwww.spec.org andthisreport.SPARCT7-4(4chips,128cores,1024threads):27.9SPECompG_peak2012,26.4SPECompG_base2012;HPProLiant DL580Gen9(4chips,72cores,144threads):21.5SPECompG_peak2012,20.4SPECompG_base2012;CiscoUCSC460M7(4chips,72cores,144threads):20.8SPECompG_base2012.
• Two-tierSAPSalesandDistribution(SD)standardapplicationbenchmarks,SAPEnhancementPackage5forSAPERP6.0asof10/23/15:SPARCT7-2(2processors,64cores,512threads)30,800SAPSDusers,2x4.13GHzSPARCM7,1TBmemory,OracleDatabase12c,OracleSolaris11,Cert#2015050.IBMPowerSystemS824(4processors,24cores,192threads)21,212SAPSDusers,4x3.52GHzPOWER8,512GBmemory,DB210.5,AIX7,Cert#201401.DellPowerEdgeR730(2processors,36cores,72threads)16,500SAPSDusers,2x2.3GHzIntelXeonProcessorE5-2699v3256GBmemory,SAPASE16,RHEL7,Cert#2014033.HPProLiant DL380Gen9(2processors,36cores,72threads)16,101SAPSDusers,2x2.3GHzIntelXeonProcessorE5-2699v3256GBmemory, SAPASE16,RHEL6.5,Cert#2014032.SAP,R/3,reg TMofSAPAGinGermanyandothercountries.Moreinfowww.sap.com/benchmark
38
Copyright©2015, Oracleand/oritsaffiliates.Allrightsreserved.| 39