Sun hardens OpenSolaris for EC2

A bunch of different AMIs for the masses

Security for virtualized datacentres

In the wake of the launch of the OpenSolaris 2009.06 release earlier this month, the open source Solaris project has packaged up a bunch of Amazon Machine Image (AMI) virtual machines based on OpenSolaris so they can be deployed on the ECS compute cloud.

A few days after the release, the project put out a 32-bit AMI image for EC2, as you can see from the blog dedicated to EC2 and Sun software. In this AMI package, ZFS is the default root file system and as is the case in other OpenSolaris AMIs, the package update comment (which updates the kernel and ramdisk) is disabled because Amazon does not, for security reasons, allow for the operating system kernel to be messed with on the EC2 cloud.

Just as OpenSolaris 2009.06 was being readied at the end of May, the OpenSolaris project also announced a security-hardened 32-bit implementation of OpenSolaris 2008.11 (the November release from last year). Sun has been working with the US National Security Agency and Defense Information Systems Agency, along with the Center for Internet Security, to lock down and benchmark the security of the commercial-grade Solaris 10 compiled version of Sun's Unix, and Sun and the CIS have taken the settings developed with Uncle Sam's spook and military IT departments and applied them to OpenSolaris 2008.11 to create the hardened implementation. (The details in the hardened Solaris setup can be found here.)

In recent weeks, the OpenSolaris project has rolled out AMIs for Ruby on Rails 2 for application development, WordPress 2.7 for Web content management, and MediaWiki 1.14 for wikis. In April, Sun put a 64-bit version of OpenSolaris 2008.11 out for EC2, and it seems likely that a 64-bit version of the more recent 2009.06 release is due any day now. The most recent addition to the AMI jukebox for OpenSolaris running on Amazon's EC2 is an OpenESB v3 stack, all licensed under Sun's Common Development and Distribution License (CDDL).

This stack of middleware includes the OpenESB runtime and the JRuby and POJO SE component service engines as well as the necessary binding components, shared libraries, and aspect framework; this AMI also includes the Apache Derby database and the Apache Felix services framework.

All of these OpenSolaris AMIs are now available to customers in the United States and in Europe, who are sequestered from each other even if they might be served from the same physical cloud infrastructure. Amazon doesn't talk about its underlying hardware or virtualization layer, but it is believed to be a home-tweaked implementation of the open source Xen hypervisor running on the bare metal, but possibly running in guest mode atop Linux.

EC2 supports Red Hat Enterprise Linux and its Oracle Enterprise Linux clone and its Fedora development release. Novell's openSUSE development release has also been packaged up for EC2, but not SUSE Linux Enterprise Server 10 or 11 (the latter which was announced in May). Debian, Ubuntu, and Gentoo Linux distros are packaged up as AMIs and supported on EC2, as is Microsoft's Windows Server 2003. There's a bunch of databases, middleware, and other systems programs that are also pre-packaged into AMIs so companies can deploy the code in the cloud.

Sun's own third-generation, utility-style computing offering, called simply the Sun Cloud, was previewed back in March on the same day that the rumors of IBM's attempted acquisition of Sun broke, leading to Oracle's eventual takeover bid for Sun. The status of the Sun Cloud is still up in the air until Oracle closes the deal on July 16, and maybe even after that, too.

While Sun's Project Kenai, a set of APIs for programmatically managing the Xen hypervisors and OpenSolaris instances created by the Sun Cloud, are interesting, Amazon is setting most of the standards in cloud computing these days. That can change quickly, particularly if Oracle ponies up some cash and chases cloud computing in as serious a manner as it has application software and middleware.

Those are some pretty big ifs, of course. And in the meantime, if OpenSolaris sees any play in commercial cloud computing, it will be on EC2. ®

New hybrid storage solutions


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.