CERTguide Solaris 9 SA2 Study Guide
What is the relationship between SunONE and Solaris?
"The Solaris[tm] 9 Operating Environment redefines the operating system to a services platform by combining traditional OS functionality, application services, and identity management. The Solaris 9 OE delivers the security, manageability and performance that IT professionals need to increase service levels and decrease costs and risks; it's the rock-solid foundation for solutions based on the Sun[tm] ONE software architecture. Customers can take full advantage of UltraSPARC® processor-based systems, from smaller departmental servers to massive SunPlex[tm] clusters with hundreds of CPUs. Designed for multiprocessing and 64-bit computing, Solaris software scales to handle heavy traffic, huge data sets, and compute-intensive problems."
http://wwws.sun.com/software/solaris/index.html
In fact, it is said by Sun that Solaris 9 redefines the operating system to a services platform with the integration of:
n Sun ONE Application Server
n Sun ONE Directory Server
n Security and Web Services
What is SA2?
You need to complete both SA1 and SA2 in order to earn the Administrator certification. If you want to earn the Network Admin title, you must pass the Network Admin exam as well.
What does the SA2 exam cover?
n Describe network basics
n Manage virtual file systems and core dumps
n Manage Storage Volumes
n Control access and configure system messaging
n Set up naming services
n Perform Advanced Installation Procedures
Does the SunONE Directory service matter?
For the exam, no. However, it is good for you to know what it is, since it is now fully integrated into Solaris.
"The Sun[tm] ONE Directory Server (formerly iPlanet Directory Server) is a software product that provides a central repository for storing and managing identity profiles, access privileges and application and network resource information. Information stored in the Sun ONE Directory Server can be used for the authentication and authorization of users to enable secure access to enterprise and Internet services and applications. The software helps improve security and protection of key corporate information assets by ensuring appropriate access control policies are enforced across all communities, applications, and services on a global basis." http://wwws.sun.com/software/products/directory_srvr/home_directory.html
Network basics
For this objective you need to know the basic network topology and the basics on IP networking. Nothing in-depth. Know IP V4, DNS, ARP, Ethernet and DHCP and you will do fine. In fact, be prepared to see very stupid questions:
"A local-area network (LAN) architecture developed by Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet uses a bus or star topology and supports data transfer rates of 10 Mbps. The Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers. Ethernet uses the CSMA/CD access method to handle simultaneous demands. It is one of the most widely implemented LAN standards. A newer version of Ethernet, called 100Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps. And the newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000 megabits) per second."
http://www.webopedia.com/TERM/E/Ethernet.html
If you want to learn more on Ethernet, visit the following tutorial links:
n http://www.lantronix.com/learning/tutorials/index.html
n http://www.ethermanage.com/ethernet/ethernet.html
Also, learn OSI. You will see some basic questions related to it.
"Short for Open System Interconnection, an ISO standard for worldwide communications that defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer, over the channel to the next station and back up the hierarchy."
http://www.webopedia.com/TERM/O/OSI.html
OSI Layers at a glance:
|
Application |
|
|
Presentation |
This layer provides independence from differences in data representation. |
|
Session |
This layer establishes, manages and terminates connections between applications. |
|
Transport |
This layer provides transparent transfer of data between end systems. |
|
Network |
This layer provides routing and switching. |
|
Data Link |
Data packets are encoded and decoded into bits in here. Also contains the sub-layers of MAC and LLC. |
|
Physical |
This layer conveys bit stream at the electrical level. |
A detail breakdown of the 7 layers is available at http://webopedia.internet.com/quick_ref/OSI_Layers.html
Installation methods
Solaris Web Start Installation Program
n can be run with a graphical user interface or with a command -line interface
n guides you step-by-step
n can install with the default option or can use the customize option to install only the software you want
n not the most efficient method when you have to install or upgrade several systems
Solaris suninstall Program
n run with a command-line interface
n guides you step-by-step
n only installs the Solaris operating environment software
n does not know of third-party applications or network downloadable software
n not the most efficient installation method for installing several systems
Custom JumpStart Installation Method
n command-line interface
n automatically install or upgrade several systems based on profiles that you create
n can incorporate shell scripts to include preinstallation and postinstallation tasks
n might be the most efficient way for you to install many systems.
n how does JumpStart work? According to Sun:
"First, the system administrator must create a rules file and a profile for each group of systems. The rules file is a text file that contains a rule for each group of systems or single systems on which you want to install the Solaris software. Each rule distinguishes a group of systems that are based on one or more system attributes. Each rule also links each group to a profile. A profile is a text file that defines how the Solaris software is to be installed on each system in the group. Both the rules file and profile must be located in a JumpStart directory... After you validate the rules file and the profiles, you can begin a custom JumpStart installation. The JumpStart program reads the rules.ok file. Then, the JumpStart program searches for the first rule with defined system attributes that match the system on which the JumpStart program is attempting to install the Solaris software. If a match occurs, the JumpStart program uses the profile that is specified in the rule to install the Solaris software on the system." http://docs.sun.com/db?q=jumpstart&p=/doc/806-5205/6je7vd5tc&a=view
Web Start Flash Installation
n allows you to install many systems based on a configuration that you install on a master system
n after you install and configure the master system, you create a Web Start Flash archive from the master system
n can efficiently install many systems with the same software and configuration
n much faster than when you install each of the individual Solaris packages.
n note that after you create a Web Start Flash archive, you cannot change the archive
Managing dumps
Coreadm
n You use the coreadm command to enable or disable setuid programs to produce core files for all system processes or on a per-process basis.
n If the global setuid option is enabled, a global core file path allows all setuid programs on a system to produce core files. By default it is disabled.
n If the per-process setuid option is enable, a per-process core file path allows specific setuid processes to produce core files. By default it is disabled.
n you use the proc tools to manipulate features of the /proc file system.
n /usr/proc/bin/pstack, pmap, pldd, pflags, and pcred can be applied to core files by specifying the name of the core file on the command line
When gathering system data for a crashed Solaris system, Sun suggested that you follow the task lists below:
1. Is a system crash dump available?
2. Identify the operating system release and appropriate software application release levels.
3. Identify system hardware.
4. Include prtdiag output for sun4u systems. Include Explorer output for other systems.
5. Are patches installed? If so, include showrev -p output.
6. Is the problem reproducible?
7. Does the system have any third-party drivers?
8. What was the system doing before it crashed?
9. Were there any unusual console messages right before the system crashed?
10. Did you add any parameters to the /etc/system file?
11. Did the problem start recently?
Dumpadm
n use the dumpadm command to manage system crash dump information - configure crash dumps of the operating system
n configuration parameters include the dump content, dump device, and the directory in which crash dump files are saved.
n dump data is stored in compressed format on the dump device
n system crash dump files that are generated by the savecore command are saved by default.
n the savecore -L command enables you to get a crash dump of the live running Solaris system
System Messaging
n error logging daemon is syslogd
n it automatically records various system warnings and errors in message files
n by default system messages are displayed on the system console and are stored in the /var/adm directory - most recent messages are in /var/adm/messages file (and in messages.*), and the oldest are in the messages.3 file - this directory can consume lots of disk space
Storage Volume
RAID 0 volumes
n composed of slices or soft partitions
n enable you to expand disk storage capacity
n can be used either directly or as the building blocks for RAID 1 (mirror) volumes, transactional volumes, and soft partitions.
n three kinds of RAID 0 volumes:
u Striped volumes (or stripes)
u Concatenated volumes (or concatenations)
u Concatenated striped volumes (or concatenated stripes)
Concatenated volume
n data is organized serially and adjacently across components
n one big logical storage unit
n allows you to get more storage capacity by combining the capacities of several components
n can add more components to the concatenation as the demand for storage grows
n can dynamically expand storage capacity and file system sizes online
n can expand any active and mounted UFS file system without having to bring down the system
n total capacity of a concatenation is equal to the total size of all the components in the concatenation
RAID 1 volume
n known as mirror
n a volume that maintains identical copies of the data in RAID 0 volumes
n need at least twice as much disk space as the amount of data you have to mirror.
n can increase the amount of time it takes for write requests to be written to disk.
Submirrors
n RAID 0 volumes that are mirrored are called submirrors
n each mirror can consist of up to three submirrors
n a third submirror enables you to make online backups without losing data redundancy while one submirror is offline for the backup
n submirrors can be attached or detached from a mirror at any time
n at least one submirror must remain attached at all times.
RAID 5
n similar to striping but with parity data distributed across all components
n if a component fails, the data on the failed component can be rebuilt from the distributed data and parity information on the other components
n uses storage capacity equivalent to one component in the volume to store redundant information (parity) about user data stored on the remainder of the RAID 5 volume's components
n increases data availability with a minimum of cost in terms of hardware
n incurs a moderate penalty for write operations
Remember, Solaris Volumes are best to be managed by the Volume Manager VM. See what Sun says about VM…
“Solaris Volume Manager uses virtual disks to manage physical disks and their associated data. In Solaris Volume Manager, a virtual disk is called a volume… A volume is functionally identical to a physical disk in the view of an application or a file system (such as UFS). Solaris Volume Manager converts I/O requests directed at a volume into I/O requests to the underlying member disks.” http://docs.sun.com/db?p=/doc/806-6111/6jf2ve3ej&a=view
Name Service
“NIS was developed independently of DNS and has a slightly different focus. Whereas DNS focuses on making communication simpler by using machine names instead of numerical IP addresses, NIS focuses on making network administration more manageable by providing centralized control over a variety of network information. NIS stores information not only about machine names and addresses, but also about users, the network itself, and network services. This collection of network information is referred to as the NIS namespace.”
http://docs.sun.com/db?p=/doc/806-4077/6jd6blbcd&a=view
NIS
n uses a client-server arrangement
n NIS servers provide services to NIS clients
n principal servers are called master servers
n for reliability, master servers have backup slave servers
n Both master and slave servers use the NIS information retrieval software
n Both master and slave servers store NIS maps.
|
NIS Daemons (extracted from Sun’s online documentation) |
|
|
Daemon |
Function |
|
ypserv |
Server process |
|
ypbind |
Binding process |
|
ypxfr |
High speed map transfer |
|
rpc.yppasswdd |
NIS password update daemon |
|
rpc.ypupdated |
Modifies other maps such as publickey |
n default set of NIS maps are provided - NIS can also use whatever maps you create or add
n default maps for a NIS domain are located in each server's /var/yp/domainname directory.
|
NIS Utilities (extracted from Sun’s online documentation) |
|
|
Utility |
Function |
|
makedbm |
Creates dbm file for an NIS map |
|
ypcat |
Lists data in a map |
|
ypinit |
Builds and installs an NIS database and initializes NIS client's ypservers list. |
|
yppmatch |
Finds a specific entry in a map |
|
yppoll |
Gets a map order number from a server |
|
yppush |
Propagates data from NIS master to NIS slave server |
|
ypset |
Sets binding to a particular server |
|
ypwhich |
Lists name of the NIS server and nickname translation table |
|
ypxfr |
Transfers data from master to slave NIS server |
n NIS clients get information from an NIS server through the binding process
n the binding process can work in one of two modes: server-list or broadcast.
n Server-list - ypbind queries the /var/yp/binding/domain/ypservers list for the names of all of the NIS servers in the domain and binds only to servers in this file
n Broadcast - ypbind process can use an RPC broadcast to initiate a binding - there must be at least one server, either master or slave, on the same subnet as the client.
Reference Readings
The Practice of System and Network Administration
by Thomas A. Limoncelli, Christine Hogan (Paperback)
UNIX System Administration Handbook (3rd Edition)
by Evi Nemeth, et al (Paperback - August 2000)
by Hal Stern, et al (Paperback)
by Mark G. Sobell (Paperback - June 1999)
SolarisTM Solutions for System Administrators: Time-Saving Tips, Techniques, and Workarounds
by Sandra Henry-Stocker, Evan R. Marks (Paperback)
Boot Disk Management: A Guide for the Solaris Operating Environment
by David Deeths, John S. Howard (Paperback)
Solaris 9: The Complete Reference
by Paul A. Watters (Paperback)
This study guide is developed by Michael Yu Chak Tin. He can be reached at Michael@examreview.net.