In the zone

GCN Insider | Trends and technologies that affect the way government does IT

It may not be next month, or next year, but Trusted Solaris users will one day have to migrate off of this trusted platform. Sun Microsystems Inc. plans to phase out Trusted Solaris as a separate product line. Instead, all the functionality will be offered as an extension within the standard Solaris operating system.

Moving to the new Solaris might'or might not'require a lot of work, depending on how many of the new security features managers plan to use, noted William Vass, president of Sun Microsystems Federal Inc.

Overall, Sun's move makes sense. Trusted Solaris has always lagged behind the generic Solaris in terms of new features. By folding Trusted Solaris' mandatory access control into the basic Solaris, Sun can keep its most security-conscious users up-to-date with everyone else. Users can then employ this MAC functionality, called Trusted Extensions, on an as-needed basis.

It could take some time before agencies move from Trusted Solaris to Solaris 10, though. The company just submitted the Solaris 10 11/06'the recently released version and the first to come with Trusted Extensions'into evaluation for Common Criteria Certification at Evaluation Assurance Level 4+ for the Controlled Access, Role-Based Access Control and Labeled Security Protection Profiles, Vass noted.

Many of its users in government will stick with Trusted Solaris because it already has the Common Criteria certification. Although agencies are running Solaris as a pilot, 'They're not going to turn it on until [Solaris 10] finishes its certification,' Vass said.

As for upgrading, applications written specifically for Trusted Solaris must be ported to run on Solaris itself.

Sun maintains that generic applications themselves can be moved with no modification. But the MAC-specific stuff could require tweaking. Trusted Extensions broadens label-based access control into a concept called zones, or kernel-defined containers within a computer that have specific rights and restrictions. In some cases, they should require no changes at all. But other old apps might need to be 'zone-aware' about which containers they could operate within, Vass said. Setting these confines could require some planning.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected