Solaris to enlist military security

Code-named Solaris Next, but expected to follow the current naming pattern and be known as Solaris 10, the future release of the server operating system will contain security features currently only found in Trusted Solaris -- a specialised flavour of the operating system developed in conjunction with, and used by, the US government and armed forces.

Speaking at the company's SunNetwork conference in San Francisco on Wednesday, Mark Tolliver, Sun's chief strategy officer said the company hadn't yet decided on a name for the platform, or pricing, but revealed it would be released in the second half of 2004.

"The next major release of Solaris, Solaris Next, will have key elements of Trusted Solaris rolled into it, including role-based access," he said.

Tolliver added that users will be able to evaluate some of the new features before the product is officially released through Software Express, a scheme launched on Tuesday that allows registered users access to key pieces of Sun software.

Sun is keen to push its close ties with the US military, including the Army and Navy, given recent public-relations setbacks to Windows and Linux. Windows has been dogged by a recent round of virus attacks, while Linux is embroiled in a legal scandal following SCO's lawsuit against IBM.

The company claims that the Navy is a keen user of its SunRay thin client technology because the light-weight terminals -- which do not have the heavy fans or other weighty components associated with PCs -- take up less room on ships.

Sun chief executive Scott McNealy also claimed that the US President's private airliner, Air Force One, is equipped with Java smartcard readers to authenticate personnel. The US Department of Defense (DoD) also uses the cards, which contain a chip encoded with identity information, he said."Isn't a good thing that they are doing multifactor authentication in the DoD, people with their finger on the button?"

The security features found in Trusted Solaris expected to be rolled into Solaris Next include:

• Role-based Access Control (RBAC), which Sun claims ensures that all administrative actions are traceable to one individual instead of just the root account, providing greater accountability.
• Clearance levels for each user and strong audit capabilities that should make all users accountable and all actions traceable, cutting the risk of security violations.
• Increased access control, which allows information to be processed at multiple security levels so users can share files with other users of the same security level.
• Pluggable authentication modules that provide failed-login account locking, trusted-path checking, and machine-generated passwords, without the need to change code.

Wednesday also saw the release of several hardware platforms, complementing the software focus of the first day. Tuesday's announcements included the release of new desktop and middleware packages.

Sun announced the release of the Sun Fire V440 data centre-class server, which the company claims costs 24 percent less than the Dell equivalent, the Sun Fire V250 workgroup server, the Sun Blade 1500 Workstation, and the Sun Fire 60x Grid Rack System. The last is a grid computing system aimed at technical customers in electronic design automation and the petroleum and life sciences markets.

SunNetwork has attracted around 8,500 attendees, according to Sun, and featured an appearance by Monty Python star John Cleese on Wednesday.