Investigating Solaris Volume Manager (DiskSuite)

SVM supports RAID-0, 1, 5, 0+1 and 1+0. By default, SVM is also restricted by 8 slices per disk restriction as a standard hard disk. However soft partitions can be used to avoid this limit. They are used for very large storage devices. RAID-0 and software partitions do not provide data redundancy. Striped RAID-0 works well for large sequential and random I/O distributions. Mirroring improves read performance but write performance is degraded. RAID-5 write performance is lower, specially for volumes with 20% writes. RAID-5 writes cannot be as fast as RAID-1 which are not as fast as unprotected writes. RAID-1 volumes have better write performance for write-intensive apps than RAID-5. Both striped and RAID-5 distribute data across multiple disks. One create a RAID-1, RAID-5, soft partition or transactional logging volume.

SVM volumes are built from slices or other volumes. Enhanced storage tool within solaris management console presents a view of all existing volumes. Volume is a group of physical slices that appear to the system as one logical device. These logical devices are also called metadevices. Format command cannot be used on volumes. Volume can be expanded by adding slices. UFS file system can be expanded online by using growfs command. UFS FS can't be shrunk. Write access is suspended when growfs command is running. Volume names must begin with letter 'd'. No of volumes can be increased in the file /kernel/drv/md.conf file.

Hot spares can be used for mirrored and RAID-5 volumes.

State database stores state of SVM configuration and state on disk. SVM can't operate without it. One should create multiple copies on different slices. State database can be put on dedicated slices or slices that are part of SVM volumes. In the later case, replica must be created on a slice before adding it in a volume. Replicas can not be created on existing file systems. More than one copy of database can be put on a slice. Min 3 state replicas are recommended. Extra replicas may be required for RAID-1 volume as it is used for syncrhonizing mirrors. System must have more than half of the replicas to boot into multi-user mode. Otherwise delete failed replicas in single user mode by using metadb command. Use metadb -a -c 3 -l 8912 -f c0t0d0s7 to create three initial replicas of 4 MB size. SVM uses a majority consensus algorithm, where it will require atleast half of the replicas to continue running, otherwise system will panic. State database stores configuration and status information of meta devices.

Disk sets are shared disk drives in a separate namespace that contain volumes and hot spares.

SVM doesn't do a good job about logging and alerting error messages. Errors do not always go to syslog. Therefore it is better to implement customized monitoring mechanisms. A cron script to monitor metadb & metastat command output or SVM SNMP agent should be used.

RAID-1 volume consists of RAID-0 volumes, known as sub-mirrors. SVM supports max of three-way mirrors, although two-way mirrors are usually sufficient. Submirror can be taken offline. It is different from detaching a submirror, which serves the logical association. Create RAID-0 submirror before creating a mirror. Submirrors should be of identical sizes. Replicas are used to store dirty region log (DRL) for resynchronization. SMV runs metasync -r during boot to sync sub-mirrors. metainit [volume name] -m [sub mirror] creates initial volume, followed by metattach [volume name] [second mirror]

Transactional volume is used to log a UFS file system. It is better to use UFS logging. It consists of master and logging device. Master device contains UFS file system.

Soft partition divides a logical volume into smaller volumes.

A good tutorial about SVM commands is available at http://www.adminschoice.com/docs/solstice_disksuite.htm.

ProFTPD (Professional FTP Daemon)

* ProFTPD is an Apache inspired open source FTP server. It supports an apache-like single configuration file (proftpd.conf) and supports modular framework using DSO functionality. Base functionality can be enhanced using extra modules, most of which are contributed by third parties. It supports FTPS (FTP over TLS/SSL) and LDAP, SQL and Radius as authentication sources. Logs are compatible with other open source software such as wuFTPD, squid, Apache etc and hence can be analyzed with standard reporting utilities, such as webalizer and AWstats.

* It compiles easily on Linux and similar systems. Configure script supports enabling built-in modules, buffer configurable and other standard options. Installation tasks include creating a PAM authentication file (ftp) in /etc/pam.d, verifying user id and group to run the server and creating server and CA certificates (in case of FTPS support). CA private key, certificate and server private key and CSR (certificate signing request) can be created using standard openssl commands. However server certificates have to be created with a sign.sh script available in standard Apache mod_ssl distribution. New version of openssl requires a mandatory private key passphrase. However for non-interactive service startup, the passphrase can be removed by exporting a clear-text version using the command, 'openssl rsa -in server.key.org -out server.key.new'. There is a configuration bug in proFTPD related to TLSProtocol parameter. It has to be set to SSLv23 instead of TLSv1 in proftpd.conf file, for FTPS to work.

* ProFTPD offers a lot of security options. Denial of service risks are mitigated with limits on max connections, per user and per client limits and failed login attempts limits. It supports chroot and anonymous features out of the box without the need to setup any special directory structure for them. Further restrictions can be defined for individual files and directories. Access control support is provided for users and client source. An apache (.httpaccess) like .ftpaccess file is also supported.