Sun hardens OpenSolaris for EC2

A bunch of different AMIs for the masses

3 Big data security analytics techniques

In the wake of the launch of the OpenSolaris 2009.06 release earlier this month, the open source Solaris project has packaged up a bunch of Amazon Machine Image (AMI) virtual machines based on OpenSolaris so they can be deployed on the ECS compute cloud.

A few days after the release, the project put out a 32-bit AMI image for EC2, as you can see from the blog dedicated to EC2 and Sun software. In this AMI package, ZFS is the default root file system and as is the case in other OpenSolaris AMIs, the package update comment (which updates the kernel and ramdisk) is disabled because Amazon does not, for security reasons, allow for the operating system kernel to be messed with on the EC2 cloud.

Just as OpenSolaris 2009.06 was being readied at the end of May, the OpenSolaris project also announced a security-hardened 32-bit implementation of OpenSolaris 2008.11 (the November release from last year). Sun has been working with the US National Security Agency and Defense Information Systems Agency, along with the Center for Internet Security, to lock down and benchmark the security of the commercial-grade Solaris 10 compiled version of Sun's Unix, and Sun and the CIS have taken the settings developed with Uncle Sam's spook and military IT departments and applied them to OpenSolaris 2008.11 to create the hardened implementation. (The details in the hardened Solaris setup can be found here.)

In recent weeks, the OpenSolaris project has rolled out AMIs for Ruby on Rails 2 for application development, WordPress 2.7 for Web content management, and MediaWiki 1.14 for wikis. In April, Sun put a 64-bit version of OpenSolaris 2008.11 out for EC2, and it seems likely that a 64-bit version of the more recent 2009.06 release is due any day now. The most recent addition to the AMI jukebox for OpenSolaris running on Amazon's EC2 is an OpenESB v3 stack, all licensed under Sun's Common Development and Distribution License (CDDL).

This stack of middleware includes the OpenESB runtime and the JRuby and POJO SE component service engines as well as the necessary binding components, shared libraries, and aspect framework; this AMI also includes the Apache Derby database and the Apache Felix services framework.

All of these OpenSolaris AMIs are now available to customers in the United States and in Europe, who are sequestered from each other even if they might be served from the same physical cloud infrastructure. Amazon doesn't talk about its underlying hardware or virtualization layer, but it is believed to be a home-tweaked implementation of the open source Xen hypervisor running on the bare metal, but possibly running in guest mode atop Linux.

EC2 supports Red Hat Enterprise Linux and its Oracle Enterprise Linux clone and its Fedora development release. Novell's openSUSE development release has also been packaged up for EC2, but not SUSE Linux Enterprise Server 10 or 11 (the latter which was announced in May). Debian, Ubuntu, and Gentoo Linux distros are packaged up as AMIs and supported on EC2, as is Microsoft's Windows Server 2003. There's a bunch of databases, middleware, and other systems programs that are also pre-packaged into AMIs so companies can deploy the code in the cloud.

Sun's own third-generation, utility-style computing offering, called simply the Sun Cloud, was previewed back in March on the same day that the rumors of IBM's attempted acquisition of Sun broke, leading to Oracle's eventual takeover bid for Sun. The status of the Sun Cloud is still up in the air until Oracle closes the deal on July 16, and maybe even after that, too.

While Sun's Project Kenai, a set of APIs for programmatically managing the Xen hypervisors and OpenSolaris instances created by the Sun Cloud, are interesting, Amazon is setting most of the standards in cloud computing these days. That can change quickly, particularly if Oracle ponies up some cash and chases cloud computing in as serious a manner as it has application software and middleware.

Those are some pretty big ifs, of course. And in the meantime, if OpenSolaris sees any play in commercial cloud computing, it will be on EC2. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Brit boffins use TARDIS to re-route data flows through time and space
'Traffic Assignment and Retiming Dynamics with Inherent Stability' algo can save ISPs big bucks
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.