Solaris has long been the operating system of choice in highly secure data centers, thanks to several features which SmartOS inherits. SmartOS zones, though they share system resources such as CPU and disk space, simply cannot see each other. Users in a multi-tenant environment are thus protected from each other; your neighbor's security lapse will not affect your zone. Data security is also ensured: no byte of data from one customer is shared with any other customer, now or later, because:
* A zone can only see its own network traffic.
* Disk storage is accessed only via ZFS file systems, never raw devices. Each SmartMachine has its own file system and does not even know of the _existence_ of any other.
* A user has no access to raw memory devices, so can't scan system memory.
Upon deletion of a SmartMachine, the file system is destroyed and there is no device path by which a future customer could access any data left over in that file system. A SmartMachine is protected from DDOS attacks by some of the same features that guarantee that it gets a fair share of system resources: fair share scheduler, caps, process limits, rcapd, swap cap, disk file system limits, quota limits. By capping each zone's resource usage, SmartOS ensures that, even under heavy attack, a zone will not bring down its neighbors.
h3. Reliability
SmartOS is made more reliable by:
* [Fault management|http://hub.opensolaris.org/bin/view/Community+Group+fm/WebHome] (FMA): "fine-grained fault isolation and restart where possible of any component --- hardware or software --- that experiences a problem. To do so, the system must include intelligent, automated, proactive diagnoses of errors that are observed on the system. The diagnosis system is used to trigger targeted automated responses or guided human intervention that mitigates a specific problem or at least prevents it from getting worse."
* The [Service Management Facility|http://en.wikipedia.org/wiki/Service_Management_Facility] (SMF) is "a feature of the [Solaris operating system|http://en.wikipedia.org/wiki/Solaris_(operating_system)] that creates a supported, unified model for services and [service management|http://en.wikipedia.org/wiki/Operating_system_service_management] on each Solaris system".
h2. Joyent-Added Features in SmartOS
Above and beyond what we inherited from Solaris, Joyent has extended SmartOS with some features of particular interest to cloud operators, including [disk I/O Throttling|http://www.youtube.com/watch?v=a6AJxAYmP-M]. A drawback of multi-tenancy in classic Solaris is that, where storage is shared, a single application on a system can monopolize access to local storage by a stream of synchronous I/O requests, effectively blocking the system from servicing I/O requests from other zones and applications, and causing performance slowdowns for other tenants. This new operator-configurable setting throttles I/O from misbehaving zones (by adding a small delay to each read or write), thus ensuring that other zones also get a turn at reading/writing to disk. As with CPU caps, disk I/O throttling only comes into effect when a system is under load from multiple tenants. When a system is relatively quiet, a single tenant can enjoy faster I/O without bothering the neighbors.
The following is a list of the major features added by Joyent to SmartOS
* Support to run as a live image
* Joyent branded zone
** uses a "sparse root" model similar to Solaris 10
* KVM
** also added {{kvmstat}} command
** enhanced {{isainfo}} for vmx/svm
** KVM runs in a branded zone for even more security
* Scalable zone memory capping
** does not use {{rcapd}} \- each zone is managed independently
** doesn't use the expensive RSS calculation, unless necessary
** new {{zonememstat}} command to use instead of {{rcapstat}}
** memory cap is an {{rctl}} now, can be managed with {{prctl}} command
* per-zone ZFS I/O throttle
** also added new {{vfsstat}} command
** also added new {{ziostat}} command
** also added zone priority
* ZFS dump to a RAID-Z pool
* dynamic VNICs which are created/destroyed as zones boot/halt
** enhanced friendly names (in other words, each zone can have a VNIC created by the global zone which is named "net0")
** enhanced {{dladm}} , {{dlstat}} and {{flowadm}} commands with zone support
* zone {{{_}svcs{_}}} command enhancements
** {{\-z}} to look at a zone
** {{\-Z}} to look at all zones
** {{\-L}} to look at log files
** also added {{\-z}} to {{svcadm}} and {{svcprop}}
* CPU bursting
** can define a base level of CPU usage and an upper bound
** can limit how much time a zone can burst
* zone reliability - many kernel fixes for handling error cases preventing zone shutdown
* Better observability - lots of new {{kstats}} for zones, CPU bursting, ZFS I/O, etc.
* {{wall(1)}} zone support
* FSS fixes to prevent process starvation
* {{coreadm}}
** support to limit the number of core dumps
** add %Z corefile name pattern for zonepath
* support for SMF restart rate
* DTrace enhancements
** {{llquantize}}
** {{vmregs\[\]}}
** enablings on defunct providers prevent providers from unregistering
** {{tracemem()}} action takes a dynamic size argument
** {{toupper()}} and {{tolower()}} subroutines
** {{lltostr()}} D subroutine should take an optional base
** sdt probes for {{zvol_read}} and {{zvol_write}}
** bump {{dtrace_helper_actions_max}} to 1024
* improved disassembler support
* new persistent zoneid to improve DTracing across zone reboot
* system-wide crontab support
* per-zone load average
* driver and module updates
** ixgbe updated
** igb updated
** incorporate latest acpica code from Intel
** port open IPMI driver from FreeBSD
* improved mdb support
** mdb api function for iterating object symbols
** {{::ugrep}} and {{::kgrep}} do not work for sizes less than 4
** {{::scalehrtime dcmd}}
** {{::printf}}
** {{::findjsobjects}}
** {{mdb_v8}}
** {{::walk jsframe}} and {{jstack}}
** tab completion
* libumem support for an allocator
* critical IP DCE fixes for systems under heavy IP load
* significantly reduced SMF RSS - important with lots of zones
* perturbable VNICs for testing real-world networking
* {{vmadm}} command and metadata support for zone boot-time customization
* lots of misc. bug fixes