Sören Bleikertz
12 Dec 2009

About OpenSolaris Security Updates

I am considering setting up an OpenSolaris 2009.06 server (since Hetzner now provides an OpenSolaris rescue system) for providing iSCSI ZFS volumes via VPN and hosting Xen domUs, but the fact that a stable OpenSolaris installation does not obtain security updates without a Sun support contract is a real show stopper. The basic support contract runs at 324 USD per year, which is quite out of the league for a personal used server. A discussion about this topic can be found here.

An alternative would be to run always the latest developer releases of OpenSolaris, which is not very desired on a server in terms of frequent update cycles and potential problems involved with every cycle. Running Solaris 10 could be an alternative since it also contains ZFS and xVM, but I would have to investigate if it is possible to install it via the OpenSolaris rescue system.

Other alternatives are not suitable for my specific use case. FreeBSD has ZFS support, but does not support iSCSI export of ZFS volumes yet. Furthermore FreeBSD can not be used as a Xen dom0. Linux can be generally used as a Xen dom0 and they have several projects for iSCSI targets, but lacks a filesystem similar to ZFS (since btrfs is still experimental).

Update: Although the FreeBSD wiki entry for ZFS indicates no volume export via iSCSI, because no iSCSI target daemon is available in FreeBSD base, the iscsi-target from ports can be used. I will blog about this more in a later post.