Re: [zfs-discuss] zpool import is this safe to use -f option in this case ?
+1 When I did my stuff (with a major bank) two years ago, my reasoning was that we (Sun, remember them?) had made huge capital out of the always consistent on disk claim, and that we could be expected to stand by and honour that promise. But because this was a big bank, I felt that due dilligence required that I should call up the ultimate authorities (the ZFS architects and implementors) for confirmation that what I was intending was based on rock solid assumptions. Having obtained those assurances, we went ahead and did implemented some impressive, rule changing, business enabling stuff. zfs send | recv is cool technology, but it is not the only show in town. The downsides include: it's slow; that it impacts the performance of the sending system; that there's no easy way to know if continuous sending of incremental changes will be able to keep up with demand; etc LUN snapshots are, by comparison, free at the point of use (no impact on the sending system), and practically instant. And of course, there's nothing to stop both techniques being used together (e.g. take a LUN snapshot, import the pool into another host, and do the zfs send there, where it has no impact on the performance of the live system). And of course, there are independent, experienced, expert people of integrity out there you can always hire to help you implement such schemes safely and wisely. Phil www.harmanholistix.com On 17 Nov 2010, at 00:19, Tim Cook t...@cook.ms wrote: On Wed, Nov 17, 2010 at 10:12 AM, Jim Dunham james.dun...@oracle.com wrote: sridhar, I have done the following (which is required for my case) Created a zpool (smpool) on a device/LUN from an array (IBM 6K) on host1 created a array level snapshot of the device using dscli to another device which is successful. Now I make the snapshot device visible to another host (host2) Even though the array is capable of taking device/LUN snapshots, this is a non-standard mode of operation regarding the use of ZFS. It raises concerns that if one had a problem using a ZFS in this manner, there would be few Oracle or community users of ZFS that could assist. Even if the alleged problem was not related to using ZFS with array based snapshots, usage would always create a level of uncertainty. Instead I would suggest using ZFS send / recv instead. That's what we call FUD. It might be a problem if you use someone else's feature that we duplicate. If Oracle isn't going to support array-based snapshots, come right out and say it. You might as well pack up the cart now though, there isn't an enterprise array on the market that doesn't have snapshots, and you will be the ONLY OS I've ever heard of even suggesting that array-based snapshots aren't allowed. would there be any issues ? Prior to taking the next snapshot, one must be assured that the device/LUN on host2 is returned to the zpool export state. Failure to do this could cause zpool corruption, ZFS I/O failures, or even the possibility of a system panic on host2. Really? And how did you come to that conclusion? OP: Yes, you do need to use a -f. The zpool has a signature that is there when the pool is imported (this is to keep an admin from accidentally importing the pool to two different systems at the same time). The only way to clear it is to do a zpool export before taking the initial snapshot, or doing the -f on import. Jim here is doing a great job of spreading FUD, and none of it is true. What you're doing should absolutely work, just make sure there is no I/O in flight when you take the original snapshot. Either export the pool first (I would recommend this approach), shut the system down, or just make sure you aren't doing any writes when taking the array-based snapshot. --Tim ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Nov 16, 2010, at 2:03 PM, Rthoreau r7h0...@att.net wrote: Darren J Moffat darr...@opensolaris.org writes: On 11/15/10 19:36, David Magda wrote: Using ZFS encryption support can be as easy as this: # zfs create -o encryption=on tank/darren Enter passphrase for 'tank/darren': Enter again: 2. Both CCM and GCM modes of operation are supported: can you recommended which mode should be used when? I'm guessing it's best to accept the default if you're not sure, but what if we want to expand our knowledge? You've preempted my next planned posting ;-) But I'll attempt to give an answer here: 'on' maps to aes-128-ccm, because it is the fastest of the 6 available modes of encryption currently provided. Also I believe it is the current wisdom of cryptographers (which I do not claim to be) that AES 128 is the preferred key length due to recent discoveries about AES 256 that are not know to impact AES 128. Both CCM[1] and GCM[2] are provided so that if one turns out to have flaws hopefully the other will still be available for use safely even though they are roughly similar styles of modes. On systems without hardware/cpu support for Galios multiplication (Intel Westmere and later and SPARC T3 and later) GCM will be slower because the Galios field multiplication has to happen in software without any hardware/cpu assist. However depending on your workload you might not even notice the difference. One reason you may want to select aes-128-gcm rather than aes-128-ccm is that GCM is one of the modes for AES in NSA Suite B[3], but CCM is not. Are there symmetric algorithms other than AES that are of interest ? The wrapping key algorithm currently matches the data encryption key algorithm, is there interest in providing different wrapping key algorithms and configuration properties for selecting which one ? For example doing key wrapping with an RSA keypair/certificate ? [1] http://en.wikipedia.org/wiki/CCM_mode [2] http://en.wikipedia.org/wiki/Galois/Counter_Mode [3] http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography I appreciate all the hard work the ZFS team and yourself have done to making this happen. I think a lot of people are going to give this a try but I noticed that one of the license restrictions was not to run benchmarks without prior permission from Oracle. This is industry standard faire. Sun had similar restrictions. Is Oracle going to post some benchmarks that might give people an idea of the performance using the various key lengths? Or even the performance benefit of using the newer processors with hardware support? Good question... I think a few graphs and testing procedures would be great this might be an opportunity to convince people the benefit of using sparc and Oracle hardware while at the same time giving people a basic idea what it could do for them on their own systems. I would also go as far as saying that some people would not even know how to setup a baseline to get comparative test results while using encryption. I could imagine a lot of people are curious about every aspect of performance and are thinking is ZFS encryption ready for production. Does Oracle support Solaris 11 Express in production systems? I just think that some people might need that little extra nudge that a few graphs and test would provide. If it happens to also come with a few good practices you could save a lot of people some time and heart ache as I am sure people are desirous to see the results. I think people are putting encryption in their apps directly (eg Oracle's Transparent Data Encryption feature) -- richard ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
Does Oracle support Solaris 11 Express in production systems? -- richard Yes, You need Premier support plan from Oracle for that. Afaik, sol11 express is production ready, and is going to be updated to real Solaris 11, and is supported even with non-oracle hardware if you have the money (and certified system). Yours Markus Kovero ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Faster than 1G Ether... ESX to ZFS
Hi all, Let me tell you all that the MC/S *does* make a difference...I had a windows fileserver using an ISCSI connection to a host running snv_134 with an average speed of 20-35 mb/s...After the upgrade to snv_151a (Solaris 11 express) this same fileserver got a performance boost and now has an average speed of 55-60mb/s. Not double performance, but WAY better , specially if we consider that this performance boost was purely software based :) Nice...nice job COMSTAR guys! Bruno On Tue, 16 Nov 2010 19:49:59 -0500, Jim Dunham wrote: On Nov 16, 2010, at 6:37 PM, Ross Walker wrote: On Nov 16, 2010, at 4:04 PM, Tim Cook wrote:AFAIK, esx/i doesn't support L4 hash, so that's a non-starter. For iSCSI one just needs to have a second (third or fourth...) iSCSI session on a different IP to the target and run mpio/mpxio/mpath whatever your OS calls multi-pathing.MC/S (Multiple Connections per Sessions) support was added to the iSCSI Target in COMSTAR, now available in Oracle Solaris 11 Express. - Jim-Ross ___ zfs-discuss mailing list zfs-discuss@opensolaris.org [2] http://mail.opensolaris.org/mailman/listinfo/zfs-discuss -- This message has been scanned for viruses and dangerous content by MAILSCANNER [3], and is believed to be clean. -- Bruno Sousa Links: -- [1] mailto:t...@cook.ms [2] mailto:zfs-discuss@opensolaris.org [3] http://www.mailscanner.info/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] zpool import is this safe to use -f option in this case ?
On Wed, Nov 17, 2010 at 2:56 PM, Jim Dunham james.dun...@oracle.com wrote: Tim, On Wed, Nov 17, 2010 at 10:12 AM, Jim Dunham james.dun...@oracle.comwrote: sridhar, I have done the following (which is required for my case) Created a zpool (smpool) on a device/LUN from an array (IBM 6K) on host1 created a array level snapshot of the device using dscli to another device which is successful. Now I make the snapshot device visible to another host (host2) Even though the array is capable of taking device/LUN snapshots, this is a non-standard mode of operation regarding the use of ZFS. It raises concerns that if one had a problem using a ZFS in this manner, there would be few Oracle or community users of ZFS that could assist. Even if the alleged problem was not related to using ZFS with array based snapshots, usage would always create a level of uncertainty. Instead I would suggest using ZFS send / recv instead. That's what we call FUD. It might be a problem if you use someone else's feature that we duplicate. If Oracle isn't going to support array-based snapshots, come right out and say it. You might as well pack up the cart now though, there isn't an enterprise array on the market that doesn't have snapshots, and you will be the ONLY OS I've ever heard of even suggesting that array-based snapshots aren't allowed. That's not what I said... Non-standard mode of operation is *not* the same thing as not supported. Using ZFS's standard mode of operation based on its built-in support for snapshots is well proven, well document technology. How is using an array based snapshot to create a copy of a filesystem non-standard? Non-standard to who? Array based snapshots were around long-before ZFS was created. It was proven and documented long before ZFS was around as well. Given your history in the industry, I know you aren't so new to this game you didn't already know that, so I'm not really sure what the purpose of proven and documented was, other than to try to insinuate that other technologies are not. would there be any issues ? Prior to taking the next snapshot, one must be assured that the device/LUN on host2 is returned to the zpool export state. Failure to do this could cause zpool corruption, ZFS I/O failures, or even the possibility of a system panic on host2. Really? And how did you come to that conclusion? As prior developer and project lead of host-based snapshot and replication software on Solaris, I have first hand experience using ZFS with snapshots. If while ZFS on node2 is accessing an instance of snapshot data, the array updates the snapshot data, ZFS will see newly created CRCs created by node1. These CRCs will be considered as metadata corruption, and depending on exactly what ZFS was doing at the time the corruption was detected, the software attempt some form of error recovery. The array doesn't update the snapshot data. That's the whole point of the snapshot. It's point-in-time. Either the snapshot exists as it was taken, or it's deleted. What array on the market changes blocks in a snapshot that are being presented out as a live filesystem to a host? I've never heard of any such behavior, and that sort of behavior would be absolutely brain-dead. OP: Yes, you do need to use a -f. The zpool has a signature that is there when the pool is imported (this is to keep an admin from accidentally importing the pool to two different systems at the same time). The only way to clear it is to do a zpool export before taking the initial snapshot, or doing the -f on import. Jim here is doing a great job of spreading FUD, and none of it is true. What you're doing should absolutely work, just make sure there is no I/O in flight when you take the original snapshot. Either export the pool first (I would recommend this approach), shut the system down, or just make sure you aren't doing any writes when taking the array-based snapshot. These last two statements need clarification. ZFS is always on disk consistent, even in the context of using snapshots. Therefore as far as ZFS is concerned, there is no need to assure that there are no I/Os in flight, or that the storage pool is exported, or that the system is shutdown, or that one is doing any writes. Except when it isn't. Which is why zfs import -F was added to ZFS. In theory ZFS doesn't need checkdisk and it didn't need an import -F because it's always consistent on disk. In reality, that's utterly false as well. Although ZFS is always on disk consistent, many applications are not filesystem consistent. To be filesystem consistent, an application by design must issue careful writes and/or synchronized filesystem operations. Not knowing this fact, or lacking this functionality, a system admin will need to deploy some of the work-arounds suggested above. The most important one not listed, is to stop or pause those applications which are know
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Wed, Nov 17, 2010 at 7:34 PM, Richard Elling richard.ell...@gmail.comwrote: On Nov 16, 2010, at 2:03 PM, Rthoreau r7h0...@att.net wrote: I just think that some people might need that little extra nudge that a few graphs and test would provide. If it happens to also come with a few good practices you could save a lot of people some time and heart ache as I am sure people are desirous to see the results. I think people are putting encryption in their apps directly (eg Oracle's Transparent Data Encryption feature) -- richard I know there are far more apps without support for encryption than with it. And given the ever more stringent government regulations in the US, there are plenty of customers chomping at the bit for encryption at the storage array. --Tim ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Nov 17, 2010, at 1:57 AM, Tim Cook t...@cook.ms wrote: On Wed, Nov 17, 2010 at 7:34 PM, Richard Elling richard.ell...@gmail.com wrote: On Nov 16, 2010, at 2:03 PM, Rthoreau r7h0...@att.net wrote: I just think that some people might need that little extra nudge that a few graphs and test would provide. If it happens to also come with a few good practices you could save a lot of people some time and heart ache as I am sure people are desirous to see the results. I think people are putting encryption in their apps directly (eg Oracle's Transparent Data Encryption feature) -- richard I know there are far more apps without support for encryption than with it. And given the ever more stringent government regulations in the US, there are plenty of customers chomping at the bit for encryption at the storage array. I do not disagree. There are many products in the market that seamlessly encrypt data. But, vi has had encryption for almost 30 years, so there is clearly no barrier to app writers. As more development moves to the cloud, encryption comes almost free at the app layer. The only thing left is the legacy apps... -- richard ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On 17/11/2010 10:17, Richard Elling wrote: I know there are far more apps without support for encryption than with it. And given the ever more stringent government regulations in the US, there are plenty of customers chomping at the bit for encryption at the storage array. I do not disagree. There are many products in the market that seamlessly encrypt data. But, vi has had encryption for almost 30 years, so there is clearly no barrier to app writers. As more development moves to the cloud, encryption comes almost free at the app layer. The only thing left is the legacy apps... Encryption at the application layer solves a different set of problems to encryption at the storage layer. Just like the encryption in ZFS solves a different set of problems to full disk encryption in the drive firmware. These sets have overlapping regions and depending on security policies one or more may be the best solution. As always encryption is the easy part it is key management that is hard, because key management enters the real of policy and key management can be hard to scale out to large numbers of apps. There is on one correct solution for where to do encryption just like there is on one correct way to write files onto persistent media. Choice is important and sometimes choosing more than one is the correct thing to do. -- Darren J Moffat ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] zpool import is this safe to use -f option in this case ?
Hi, My understanding is ZFS itself is a great file system by combining fs/vm with the numerous feature added to it. In the similar lines existing fs/vm and array snapshot are still in use and customers is requesting similar kind of support for zfs. So it would be very great help of getting similar interface to match the use cases looking for along with the new features. If a customer is having Solaris 9/10 with UFS /SVM stack, back applications run in the mentioned method ( earlier thread and other threads). If somebody moves from UFS/SVM stack to ZFS, customer expects the backup application should run in the similar configuration (at least for now). To match the requirements, zfs/zpool support is required. Off course down the line I am sure applications starts new methods provided by zfs to support it. Regards, sridhar. -- This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On 11/17/2010 2:33 AM, Darren J Moffat wrote: On 17/11/2010 10:17, Richard Elling wrote: I know there are far more apps without support for encryption than with it. And given the ever more stringent government regulations in the US, there are plenty of customers chomping at the bit for encryption at the storage array. I do not disagree. There are many products in the market that seamlessly encrypt data. But, vi has had encryption for almost 30 years, so there is clearly no barrier to app writers. As more development moves to the cloud, encryption comes almost free at the app layer. The only thing left is the legacy apps... Encryption at the application layer solves a different set of problems to encryption at the storage layer. Just like the encryption in ZFS solves a different set of problems to full disk encryption in the drive firmware. These sets have overlapping regions and depending on security policies one or more may be the best solution. As always encryption is the easy part it is key management that is hard, because key management enters the real of policy and key management can be hard to scale out to large numbers of apps. There is on one correct solution for where to do encryption just like there is on one correct way to write files onto persistent media. Choice is important and sometimes choosing more than one is the correct thing to do. I'm assuming you meant no the two times you wrote on in that second-to-last sentence. :-) Actually, I'm just waiting for Staples to come up with a nice big EASY button so I can solve all my encryption issues at once... wink http://www.staples.com/sbd/cre/marketing/easybutton/index.html -- Erik Trimble Java System Support Mailstop: usca22-123 Phone: x17195 Santa Clara, CA ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On 17/11/2010 11:41, Erik Trimble wrote: There is on one correct solution for where to do encryption just like there is on one correct way to write files onto persistent media. Choice is important and sometimes choosing more than one is the correct thing to do. I'm assuming you meant no the two times you wrote on in that second-to-last sentence. :-) Yes thanks, it should have read: There is no one correct solution for where to do encryption just like there is no one correct way to write files onto persistent media. Choice is important and sometimes choosing more than one is the correct thing to do. -- Darren J Moffat ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Wed, 17 Nov 2010, Markus Kovero wrote: Does Oracle support Solaris 11 Express in production systems? -- richard Yes, You need Premier support plan from Oracle for that. Afaik, sol11 express is production ready, and is going to be updated to real Solaris 11, and is supported even with non-oracle hardware if you have the money (and certified system). Solaris 11 Express may be production ready but is Oracle Premier Support prepared to support it in production? That seems like the vital question to me. As for myself, I will wait a while and observe before assigning my trust. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] New system, Help needed!
Thank you all for your help. Have a nice day! -- This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On 17/11/2010 14:18, Bob Friesenhahn wrote: On Wed, 17 Nov 2010, Markus Kovero wrote: Does Oracle support Solaris 11 Express in production systems? -- richard Yes, You need Premier support plan from Oracle for that. Afaik, sol11 express is production ready, and is going to be updated to real Solaris 11, and is supported even with non-oracle hardware if you have the money (and certified system). Solaris 11 Express may be production ready but is Oracle Premier Support prepared to support it in production? That seems like the vital question to me. As for myself, I will wait a while and observe before assigning my trust. From the FAQ[1] linked from here: http://www.oracle.com/technetwork/server-storage/solaris11/overview/index.html Licensing and Support for Oracle Solaris 11 Express 11-Can I get support for Oracle Solaris 11 Express? Yes. Oracle Solaris 11 Express is covered under the Oracle Premier Support for Operating Systems or Oracle Premier Support for Systems support option for Oracle hardware, and Oracle Solaris Premier Subscription for non-Oracle hardware. Customers must choose either of these support options should they wish to deploy Oracle Solaris 11 Express into a production environment. [1] http://www.oracle.com/technetwork/server-storage/solaris11/overview/faqs-oraclesolaris11express-185609.pdf -- Darren J Moffat ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Wed, Nov 17, 2010 at 2:18 PM, Bob Friesenhahn bfrie...@simple.dallas.tx.us wrote: Solaris 11 Express may be production ready but is Oracle Premier Support prepared to support it in production? Right there on the first page for S11 express on Oracle's web site it says fully tested and supported, and it's reasonably clear that the way to get support is via the existing Premier Support offering. And it's just the same deal as with S10 - you want to use it in production, you need to have a support contract. It's not hard to find this out, just a few seconds to look at the website. -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] zpool import is this safe to use -f option in this case ?
On Tue, November 16, 2010 22:56, Jim Dunham wrote: Although ZFS is always on disk consistent, many applications are not filesystem consistent. To be filesystem consistent, an application by design must issue careful writes and/or synchronized filesystem operations. Not knowing this fact, or lacking this functionality, a system admin will need to deploy some of the work-arounds suggested above. The most important one not listed, is to stop or pause those applications which are know not to be filesystem consistent. Windows has an API that ties into VSS/Shadow Copy where an application can register itself, and so when a back up app is running, it can tell everyone please quiesce, we need to take a snapshot now. Applications can then create check points so that the snapshot will have consistent data, and that snapshot is what is backed up. It'd be useful for ZFS snapshots, but also for things like running in a virtualized environment (VMware, LDoms, etc.) where the hosting platform wants to create a checkpoint for the vDisks. Similarly for LUN snapshots under EMC, NetApp, etc. Currently such a mechanism / API does not exist in Solaris (or any Unix AFAICT): do you know if an RFE has been filed for such a thing? ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On Wed, 17 Nov 2010, Peter Tribble wrote: Solaris 11 Express may be production ready but is Oracle Premier Support prepared to support it in production? Right there on the first page for S11 express on Oracle's web site it says fully tested and supported, and it's reasonably clear that the way to get support is via the existing Premier Support offering. And it's just the same deal as with S10 - you want to use it in production, you need to have a support contract. It's not hard to find this out, just a few seconds to look at the website. I don't think that looking at a web site can illustrate to me that Oracle Premier Support is prepared to support the product in production. The web site only illustrates current intent, not ability. There is indeed a difference. This is the company which is not even prepared to send me a receipt/certificate for my support contract and is in process of transitioning to a radically new support web infrastructure (based on the Adobe Flash browser plugin) and database. So I will wait a quarter or so before trusting that the support function really works. At the moment I distrust my ability to obtain support for even Solaris 10 issues. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
The question that has occurred to me is: I *must* choose one of those support options for how long? I mean if I buy support for a machine for a year and put S11 Express in production on it, then I don't renew the support, am I now violating the license? That's bogus. I could be wrong but I don't think Sun ever did this. As far as I knew when I worked at Sun, I seem to remember that buying a machine gave you a 'right to use' Solaris (even future versions as I understood it) on that machine with out any extra charge. Is there an option to just buy a license outright without paying for support? This is as bad a some application software companies are. license ends app stops running. Actually this is worse since it's not just one app it's the whole OS. At least it doesn't refuse to run or cripple itself like some other OS does. ;) -Kyle Licensing and Support for Oracle Solaris 11 Express 11-Can I get support for Oracle Solaris 11 Express? Yes. Oracle Solaris 11 Express is covered under the Oracle Premier Support for Operating Systems or Oracle Premier Support for Systems support option for Oracle hardware, and Oracle Solaris Premier Subscription for non-Oracle hardware. Customers must choose either of these support options should they wish to deploy Oracle Solaris 11 Express into a production environment. [1] http://www.oracle.com/technetwork/server-storage/solaris11/overview/faqs-oraclesolaris11express-185609.pdf ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
[zfs-discuss] Krzysztof Wianecki wants to stay in touch on LinkedIn
LinkedIn z...@opensolaris, I'd like to add you to my professional network on LinkedIn. - Krzysztof Wianecki Krzysztof Wianecki Unix System Administrator at Federal Reserve Bank of New York Greater New York City Area Confirm that you know Krzysztof Wianecki https://www.linkedin.com/e/gn3nzl-ggmg3ovq-41/isd/1916993470/8t4hMaHV/ -- (c) 2010, LinkedIn Corporation___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Ideas for ghetto file server data reliability?
sl == Sigbjorn Lie sigbj...@nixtra.com writes: sl Do you need registered ECC, or will non-reg ECC do registered means the same thing as buffered. It has nothing to do with registering to some kind of authority---it's a register like the accumulators inside CPU's. The register allows more sticks per channel at the questionably-relevant cost of ``latency.'' Lately, more than two sticks per channel seems to require registers. Your choice of motherboard (and the memory controller implied by that choice) decides whether the memory must be registered or must be unregistered, and I don't know of any motherboards that will take both kinds (though I bet there are some out there, somewhere in history). There are other weird kinds of memory connection besides just registered and unregistered, but everything has higher latency than ``unregistered''. None of this has anything to do with ECC, though it may sometimes seem to since both registers and ECC cost money so tightly cost-constrained systems might tend to have neither, and quantities go down and profit margins get immediately jacked up once you ask for either of the two. hth. :/ pgpwc9fQAUyLZ.pgp Description: PGP signature ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Faster than 1G Ether... ESX to ZFS
On Wed, Nov 17, 2010 at 10:14:10AM +, Bruno Sousa wrote: Hi all, Let me tell you all that the MC/S *does* make a difference...I had a windows fileserver using an ISCSI connection to a host running snv_134 with an average speed of 20-35 mb/s...After the upgrade to snv_151a (Solaris 11 express) this same fileserver got a performance boost and now has an average speed of 55-60mb/s. Not double performance, but WAY better , specially if we consider that this performance boost was purely software based :) Did you verify you're using more connections after the update? Or was is just *other* COMSTAR (and/or kernel) updates making the difference.. -- Pasi Nice...nice job COMSTAR guys! Bruno On Tue, 16 Nov 2010 19:49:59 -0500, Jim Dunham james.dun...@oracle.com wrote: On Nov 16, 2010, at 6:37 PM, Ross Walker wrote: On Nov 16, 2010, at 4:04 PM, Tim Cook [1]...@cook.ms wrote: AFAIK, esx/i doesn't support L4 hash, so that's a non-starter. For iSCSI one just needs to have a second (third or fourth...) iSCSI session on a different IP to the target and run mpio/mpxio/mpath whatever your OS calls multi-pathing. MC/S (Multiple Connections per Sessions) support was added to the iSCSI Target in COMSTAR, now available in Oracle Solaris 11 Express. - Jim -Ross ___ zfs-discuss mailing list [2]zfs-disc...@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss -- This message has been scanned for viruses and dangerous content by [3]MailScanner, and is believed to be clean. -- Bruno Sousa -- This message has been scanned for viruses and dangerous content by [4]MailScanner, and is believed to be clean. References Visible links 1. mailto:t...@cook.ms 2. mailto:zfs-discuss@opensolaris.org 3. http://www.mailscanner.info/ 4. http://www.mailscanner.info/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
djm == Darren J Moffat darr...@opensolaris.org writes: djm http://blogs.sun.com/darren/entry/introducing_zfs_crypto_in_oracle djm http://blogs.sun.com/darren/entry/assued_delete_with_zfs_dataset djm http://blogs.sun.com/darren/entry/compress_encrypt_checksum_deduplicate_with Is there a URL describing the on-disk format and implementation details? djm Encryption at the application layer solves a different set of djm problems to encryption at the storage layer. black-box crypto is snake oil at any level, IMNSHO. Congrats again on finishing your project, but every other disk encryption framework I've seen taken remotely seriously has a detailed paper describing the algorithm, not just a list of features and a configuration guide. It should be a requirement for anything treated as more than a toy. I might have missed yours, or maybe it's coming soon. pgphDwX1ujOx9.pgp Description: PGP signature ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Faster than 1G Ether... ESX to ZFS
On Wed, Nov 17, 2010 at 3:00 PM, Pasi Kärkkäinen pa...@iki.fi wrote: On Wed, Nov 17, 2010 at 10:14:10AM +, Bruno Sousa wrote: Hi all, Let me tell you all that the MC/S *does* make a difference...I had a windows fileserver using an ISCSI connection to a host running snv_134 with an average speed of 20-35 mb/s...After the upgrade to snv_151a (Solaris 11 express) this same fileserver got a performance boost and now has an average speed of 55-60mb/s. Not double performance, but WAY better , specially if we consider that this performance boost was purely software based :) Did you verify you're using more connections after the update? Or was is just *other* COMSTAR (and/or kernel) updates making the difference.. This is true. If someone wasn't utilizing 1Gbps before MC/S then going to MC/S won't give you more, as you weren't using what you had (in fact added latency in MC/S may give you less!). I am going to say that the speed improvement from 134-151a was due to OS and comstar improvements and not the MC/S. -Ross ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
On 11/17/10 12:04 PM, Miles Nordin wrote: djm == Darren J Moffatdarr...@opensolaris.org writes: djm http://blogs.sun.com/darren/entry/introducing_zfs_crypto_in_oracle djm http://blogs.sun.com/darren/entry/assued_delete_with_zfs_dataset djm http://blogs.sun.com/darren/entry/compress_encrypt_checksum_deduplicate_with Is there a URL describing the on-disk format and implementation details? djm Encryption at the application layer solves a different set of djm problems to encryption at the storage layer. black-box crypto is snake oil at any level, IMNSHO. That sentence you quote was part of a theoretical discussion of where encryption should live, not about whether he or anyone else would share implementation details. Congrats again on finishing your project, but every other disk encryption framework I've seen taken remotely seriously has a detailed paper describing the algorithm, not just a list of features and a configuration guide. It should be a requirement for anything treated as more than a toy. I might have missed yours, or maybe it's coming soon. Ugh, we all know that the first rule of crytpo is that any proprietary, closed source, black-box crypto is crap, blah, blah, blah (I am not sure what the point of repeating that tired line is) and I am not one to give Oracle an inch but wtf? They just released this crap, give them a minute - if anything we have seen so far from Oracle shows us is that they are slow to move with external communication about Solaris. ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
[zfs-discuss] WarpDrive SLP-300
http://www.lsi.com/channel/about_channel/whatsnew/warpdrive_slp300/index.html Good stuff for ZFS. Fred ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
[zfs-discuss] ZFS Crypto in Oracle Solaris 11 Express
One reason you may want to select aes-128-gcm rather than aes-128-ccm is that GCM is one of the modes for AES in NSA Suite B[3], but CCM is not. Are there symmetric algorithms other than AES that are of interest ? How might AES-XTS [1] be able to fit into the the ZFS picture? Additionally given the user may wish to trade off compression, dedup, the number of encryptable blocks [2], etc for any particular selectable algorithm. [1] http://en.wikipedia.org/wiki/Disk_encryption_theory#XTS [2] Perhaps handled similar to: http://groups.google.com/group/mailing.freebsd.security/browse_thread/thread/66d84fdbcee78fcf ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
http://www.lsi.com/channel/about_channel/whatsnew/warpdrive_slp300/index.html I think drivers will be the problem. ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
On 18/11/10 01:49 PM, Fred Liu wrote: http://www.lsi.com/channel/about_channel/whatsnew/warpdrive_slp300/index.html Good stuff for ZFS. Looks a bit like the Sun/Oracle Flash Accelerator card, only with a 2nd generation SAS controller - which would probably use the mpt_sas(7d) driver. James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
Yeah, no driver issue. BTW, any new storage-controller-related drivers introduced in snv151a? LSI seems the only one who works very closely with Oracle/Sun. Thanks. Fred -Original Message- From: James C. McPherson [mailto:j...@opensolaris.org] Sent: 星期四, 十一月 18, 2010 12:36 To: Fred Liu Cc: zfs-discuss@opensolaris.org Subject: Re: [zfs-discuss] WarpDrive SLP-300 On 18/11/10 01:49 PM, Fred Liu wrote: http://www.lsi.com/channel/about_channel/whatsnew/warpdrive_slp300/inde x.html Good stuff for ZFS. Looks a bit like the Sun/Oracle Flash Accelerator card, only with a 2nd generation SAS controller - which would probably use the mpt_sas(7d) driver. James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
On 18/11/10 03:05 PM, Fred Liu wrote: Yeah, no driver issue. BTW, any new storage-controller-related drivers introduced in snv151a? LSI seems the only one who works very closely with Oracle/Sun. You would have to have a look at what's in the repo, I'm not allowed to tell you :| James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
Sure. Gotcha! ^:^ -Original Message- From: James C. McPherson [mailto:j...@opensolaris.org] Sent: 星期四, 十一月 18, 2010 13:16 To: Fred Liu Cc: zfs-discuss@opensolaris.org Subject: Re: [zfs-discuss] WarpDrive SLP-300 On 18/11/10 03:05 PM, Fred Liu wrote: Yeah, no driver issue. BTW, any new storage-controller-related drivers introduced in snv151a? LSI seems the only one who works very closely with Oracle/Sun. You would have to have a look at what's in the repo, I'm not allowed to tell you :| James C. McPherson -- Oracle http://www.jmcp.homeunix.com/blog ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] WarpDrive SLP-300
BTW, any new storage-controller-related drivers introduced in snv151a? the 64bit driver in 147 -rwxr-xr-x 1 root sys 401200 Sep 14 08:44 mpt -rwxr-xr-x 1 root sys 398144 Sep 14 09:23 mpt_sas is a different size than 151a -rwxr-xr-x 1 root sys 400936 Nov 15 23:05 /kernel/drv/amd64/mpt -rwxr-xr-x 1 root sys 399952 Nov 15 23:06 /kernel/drv/amd64/mpt_sas and mpt_sas has a new printf: reset was running, this event can not be handled this time Rob ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
