In the zone
GCN Insider | Trends and technologies that affect the way government does IT
- By Joab Jackson
- Feb 20, 2007
It may not be next month, or next year, but Trusted Solaris users will one day have to migrate off of this trusted platform. Sun Microsystems Inc. plans to phase out Trusted Solaris as a separate product line. Instead, all the functionality will be offered as an extension within the standard Solaris operating system.
Moving to the new Solaris might'or might not'require a lot of work, depending on how many of the new security features managers plan to use, noted William Vass, president of Sun Microsystems Federal Inc.
Overall, Sun's move makes sense. Trusted Solaris has always lagged behind the generic Solaris in terms of new features. By folding Trusted Solaris' mandatory access control into the basic Solaris, Sun can keep its most security-conscious users up-to-date with everyone else. Users can then employ this MAC functionality, called Trusted Extensions, on an as-needed basis.
It could take some time before agencies move from Trusted Solaris to Solaris 10, though. The company just submitted the Solaris 10 11/06'the recently released version and the first to come with Trusted Extensions'into evaluation for Common Criteria Certification at Evaluation Assurance Level 4+ for the Controlled Access, Role-Based Access Control and Labeled Security Protection Profiles, Vass noted.
Many of its users in government will stick with Trusted Solaris because it already has the Common Criteria certification. Although agencies are running Solaris as a pilot, 'They're not going to turn it on until [Solaris 10] finishes its certification,' Vass said.
As for upgrading, applications written specifically for Trusted Solaris must be ported to run on Solaris itself.
Sun maintains that generic applications themselves can be moved with no modification. But the MAC-specific stuff could require tweaking. Trusted Extensions broadens label-based access control into a concept called zones, or kernel-defined containers within a computer that have specific rights and restrictions. In some cases, they should require no changes at all. But other old apps might need to be 'zone-aware' about which containers they could operate within, Vass said. Setting these confines could require some planning.
Joab Jackson is the senior technology editor for Government Computer News.