May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Sun BluePrints Rescue Project

News Books Recommended Links Operating
Internals Networking Resource
Security Best Security Blueprints PAM Incident Response RBAC SSH NTP Security Linux Security
Booting and Recovery Architecture Oracle Cluster Sun ONE  Humor Random Findings Etc

Sun Blueprint program was at least partially a reaction to IBM Red Books program but it never managed to get to the same level. In this sense it's funny that they call them blue. Still some of blueprints are honest attempt to help Sun administrators and represent great values. Still a lot of them are typical corporate junk.

That's typical for IBM too (some Redbooks and red papers are written in obscure jargon and there is a strong suspicion that they were written to hide information not to inform the readers and that IBM famous note "this page is intentionally left blank" has some subtle meaning indeed ;-) and is probably a side effect of the size of the company.

As Sun put it:

Articles are maintained in this archive for the benefit and historical reference of our readers. Details of the recommendations set forth in these articles may not reflect Sun's latest hardware and software releases.

Caution, careful analysis and common sense should be exercised when applying these Sun BluePrints articles to newer products and software releases.

We will try to connect and preserver some of them "for the benefit and historical reference of our readers".  It looks like this page is one of the few on the Web that contain more or less sizable list of Sun blueprints published. 

Unfortunately Oracle did not preserve this part of Sun legacy and links below try to provide some information about selected blueprints that still are available.

Top Visited
Past week
Past month


Old News ;-)

[Aug 14, 2011] The Solaris Fingerprint Database - A Security Tool for Solaris Operating Environment Files -by Vasanthan Dasan, Alex Noordergraaf, and Lou Ordorica

Rescued by somebody in Oracle
March 2006

The Solaris Fingerprint Database (sfpDB) enables you to verify the integrity of files distributed with the Solaris Operating Environment. By validating that these files have not been modified administrators can determine whether their systems have, or have not, been hacked and had trojaned malicious replacements for system files installed.

[Aug 14, 2011] Performance Forensics-by Bob Sneed

Still available. See also InformIT Performance Forensics Introduction

Originally from Dec, 2003

The health care industry has well-established protocols for the triage, diagnosis, and treatment of patient complaints, while the resolution of system-performance complaints often seems to take a path that lacks any recognizable process or discipline. This article draws from lessons and concepts of health care delivery to provide ideas for addressing system-performance complaints with predictable and accurate results. Specific tools from the Solaris Operating System are discussed. This article is applicable to all audience levels.

[Aug 14, 2011] Still available via Google

See also fs-performance-149840

[Jan, 2004] Design, Features, and Applicability of Solaris File Systems - by Brian Wong

The Solaris Operating System includes many file systems, and more are available as add-ons. Deciding which file system to apply to a particular application can be puzzling without insight into the design criteria and engineering tradeoffs that go into each product. This article offers a taxonomy of file systems, describes some of the strengths and weaknesses of the different file systems, and provides insight into the issues you should consider when deciding how to apply the set of file systems that are available for specific applications. This article requires an intermediate reader.

[Aug 14, 2011] InformIT Understanding Tuning TCP TCP Tuning Domains

Bluprint is gone but main content is preserved in this article.

[March, 2004] Understanding Tuning TCP - by Deepak Kakadia

This article describes some of key Transport Control Protocol (TCP) tunable parameters related to performance tuning. More importantly, it describes how these tunables work, how they interact with each other, and how they impact network traffic when they are modified. This article requires an advanced level reader.

Sun BluePrints Online - Articles by Sarma Vempat

12/2006 December 2006

The Messenger Express Web-based email client includes a Personal Address Book (PAB) application for storing and managing user's personal information, such as email addresses and phone numbers. Sun Java System Communications Express, the unified Web client introduced in Sun Java Enterprise System 2004Q2 supersedes Messenger Express and Calendar Express. Communications Express also includes Address Book Store (ABS) that provides all of the functionality of PAB and is better integrated with mail and calendar components.

When upgrading from Messenger Express (also known as Webmail) to Communications Express, you need to migrate users' PAB entries to ABS. (This migration does not occur automatically as part of the upgrade process.) A new tool,, has been made available that provides improved performance over the earlier migration tool, This article describes how you can use the tool to either migrate a single or a few users, or to migrate your entire PAB database.

Note: This article is available in PDF Format only.

Creating a Customized Boot CD/DVD for the Solaris Operating System for x86 Platforms (December 2005) -by John Cecere, Dana Fagerstrom

This article explains the mechanics of the boot process on the Solaris Operating System for x86 platforms so that you understand what is needed to create a customized CD/DVD. It discusses both the hard disk and CD/DVD boot processes, and points out the differences between the two.

There are a number of practical applications for this topic, including:

This article begins by examining the layout of a hard disk in the x86 architecture and the components on it that are used for booting. It then describes the pieces that are unique to a CD boot. Finally, this article puts the pieces together and creates an image file that can be burned to CD.

Configuring JumpStart Servers to Provision Sun x86-64 Systems (February 2005) -by Pierre Reynes

Organizations are constantly challenged to deploy systems throughout the enterprise with consistent and reliable configurations. Solaris JumpStart technology provides a mechanism for fully automating the Solaris Operating System (Solaris OS) installation process. With the ability to locate installation information over the network or from a local CD-ROM drive, and use customized profiles, JumpStart facilitates the rapid and consistent deployment of Solaris OS-based systems.

Many organizations have relied on UltraSPARC/Solaris platforms for years, and use JumpStart technology for operating system deployment. With the introduction of Sun x86-64 based systems, organizations are now seeking ways to use existing JumpStart servers to deploy the Solaris OS and Linux operating environment on Sun x86-64 based systems. This article describes how to modify existing JumpStart servers to support the deployment of the Solaris OS and Linux operating environment on Sun x86-64 based systems, as well as how to use standard Linux installation tools for configuring Sun x86-64 based systems.

[April, 2004] Building OpenSSH--Tools and Tradeoffs, Updated for OpenSSH 3.7.1p2 -by Jason Reid

This article updates the information in the January 2003 Sun BluePrints OnLine article, "Building OpenSSH--Tools and Tradeoffs". This article contains information about gathering the needed components, deciding the compile-time configuration decisions, building the components, and finally assembling OpenSSH. The script file, "Building OpenSSH Tools TAR", provides tools that simplify the packaging and deployment of the OpenSSH tool on the Solaris Operating Environment. This article targets an advanced audience.

[April, 2004] Building a Bootable DVD to Deploy a Solaris Flash Archive -by John S. Howard

This article provides techniques to augment a DVD-ROM-based installation with the services and behaviors typically provided by a JumpStart server. The techniques presented in this article can be used when you need to perform an automated installation of a Solaris Flash archive, but are unable to use a JumpStart server. This article describes a procedure to create a bootable installation DVD-ROM with a complete software stack on a DVD that you can use to perform a standardized and fully automated installation of the software stack from the DVD.

This article also examines the structure of a bootable Solaris OS DVD and provides information about modifying installation behaviors to perform an automated install of a Solaris Flash archive from a DVD.

[Jan, 2004] Solaris Operating System Availability Features -by Thomas M. Chalfant

The processor offlining feature enables a processor to be removed from use by Solaris in response to one or more L2 cache errors. The page retirement feature enables a page of memory to be removed from use by Solaris in response to repeated ECC errors within a memory page on a DIMM. This paper provides detailed discussion regarding the algorithm, implementation, kernel tunables, and messages you are likely to see on a system running the appropriate kernel updates. This article is ideal for an intermediate to advanced reader.

Securing Web Applications through a Secure Reverse Proxy (November 2003) -by Anh-Duy Nguyen

Content is also avaiable from Securing Web Applications through a Secure Reverse Proxy

This article describes recommended practices for setting up the Sun ONE Proxy Server software to represent a secure content server to outside clients, preventing direct, unmonitored access to your server's data from outside your company. This article uses recommended practices to secure your web applications behind a firewall and leverage access and authentication using the Sun ONE platform products.

This article assumes an intermediate reader who is familiar with installing and configuring the Sun ONE Proxy Server. It also assumes that the reader can configure the firewall router to allow a specific server on a specific port access through the firewall without allowing any other machines in or out.

Design, Features, and Applicability of Solaris File Systems by Brian Wong

The Solaris Operating System includes many file systems, and more are available as add-ons. Deciding which file system to apply to a particular application can be puzzling without insight into the design criteria and engineering tradeoffs that go into each product. This article offers a taxonomy of file systems, describes some of the strengths and weaknesses of the different file systems, and provides insight into the issues you should consider when deciding how to apply the set of file systems that are available for specific applications. This article requires an intermediate reader.

[Feb, 2001] Auditing in the Solaris 8 Operating Environment -by William Osser and Alex Noordergraaf

The use of the Solaris 8 Operating Environment auditing (BSM) has never been well understood. This article presents an auditing configuration optimized for the Solaris 8 OE. The recommended configuration will audit activity on a system without generated gigabytes of data every day. In addition, the configuration files are available for download from

Recommended Links

Google matched content

Softpanorama Recommended

Top articles


Old Sun sites




Booting and Recovery




[Nov 2000] **** Solaris Operating Environment Minimization for Security: A Simple, Reproducible and Secure Application Installation Methodolgy - Updated for Solaris 8 Operating Environment -by Alex Noordergraaf

This article updates the original OS Minimization article's required package listings for Solaris 8 Operating Environment and 64bit UltraSPARC II hardware.


This is a very good paper. It explains how to remove unnecessary packages -- actually they consider a very practical case of Solaris + Netscape Enterprise Server. The paper a little bit weak on the tool side, though.

The Solaris Operating Environment installation process requires the selection of one of four installation clusters:

  • Core
  • End User
  • Developer
  • Entire Distribution

Each installation cluster represents a specific group of packages (operating system modules) to be installed. This grouping together of packages into large clusters is done to simplify the installation of the OS for the mass market. Because each of these installation clusters contains support for a variety of hardware platforms (SolarisTM Operating Environment (Intel Platform Edition), microSPARCTM, UltraSPARCTM, UltraSPARC II, and so on) and software requirements (NIS, NIS+, DNS, OpenWindowsTM, Common Desktop Environment (CDE), Development, CAD, and more), far more packages are installed than will actually ever be used on a single Solaris Operating Enironment.

The Core cluster installs the smallest Solaris Operating Environment image. Only packages that may be required for any SPARCTM or Solaris Operating Environment (Intel Platform Edition) system are installed. The End User cluster builds on the Core cluster by also installing the window managers included with the Solaris Operating Environment (OpenWindows and CDE). The Developer and Entire Distribution clusters include additional libraries, header files, and software packages that may be needed on systems used as compile and development servers.

The size of the clusters varies significantly: the Core cluster contains only 39 packages and uses 52MBytes; the End User cluster has 142 packages and uses 242 MBytes; the Developer cluster has 235 packages and consumes 493 MBytes of disk space. Experience to date has shown that in many cases, a secure server may require only 10 Solaris Operating Environment packages and use as few as 36MBytes of disk space.

Installing unnecessary services, packages, and applications can severely compromise system security. One well known example of this is the rpc.cmsd daemon, which is unnecessary on many data center systems. This daemon is installed and started by default when the End User, Developer, or Entire Distribution cluster is chosen during the installation process.

There have been many bugs filed against the rpc.cmsd subsystem of OpenWindows/CDE in the last few years, and at least two CERT advisories (CA-99-08, CA-96.09). To make matters even worse, scanners for rpc.cmsd are included in the most common Internet scanning tools available on the Internet. The best protection against rpc.cmsd vulnerabilities is to not install the daemon at all, and avoid having to insure it is not accidentally enabled.

The problem described above is well known in the computer industry, and there are hundreds of similar examples. Not surprisingly, almost every security reference book ever written discusses the need to perform "minimal OS installations" [Garfinkel]. Unfortunately, this is easier said than done. Other than the occasional firewall, no software applications are shipped with lists of their package requirements, and there's no easy way of determining this information other then through trial and error.

Because it is so difficult to determine the minimal set of necessary packages, system administrators commonly just install the Entire Distribution cluster. While this may be the easiest to do from the short-term perspective of getting a system up and running, it makes it nearly impossible to secure the system. Unfortunately, this practice is all too common, and is even done by so-called experts brought in to provide infrastructure support, web services, or application support. (If your organization is outsourcing such activities, be sure to require the supplier to provide information on what their OS installation policies and procedures are, or you may be in for some unpleasant surprises.)

The rest of this article presents one method for determining the minimal set of packages required by a particular application--the iPlanetTM Enterprise Server. Future articles will discuss other applications. The tentative list includes NFSTM Servers (with SecureRPC and Solstice DiskSuiteTM), iPlanetTM WebTop, and SunTM Cluster. If you have followed this procedure and developed the scripts for a particular application, please forward them to the authors for inclusion in future articles.

Solaris Operating Environment Security: Updated for Solaris 9 Operating Environment (December 2002) -by Alex Noordergraaf and Keith Watson

This article provides recommendations on how to secure a Solaris Operating Environment (Solaris OE). Securing a Solaris OE system requires that changes be made to its default configuration. The changes outlined in this article address the majority of the methods that intruders use to gain unauthorized or privileged access to an improperly configured system. Implementing the changes recommended in this article requires planning, testing, and documentation to be successful in securing a computing environment.

Solaris Operating Environment Network Settings for Security

Auditing System Security (May 2003) -by Alex Noodergraaf and Glenn Brunette

This article describes how to audit (validate) a system's security using the Solaris Security Toolkit software. You can use the information and procedures in this article to maintain an established security profile after hardening. For systems that are already deployed, you can use this information to assess security before hardening.

This article is the entire sixth chapter of the Sun BluePrints book, "Securing Systems With the Solaris Security Toolkit", by Alex Noodergraaf and Glenn Brunette (ISBN 0-13-141071-7)

General Security



Incident Response







Back to Top


Naming and Directory Services

PC Interoperability

High Availability

Data Center Practices

Rapid Recovery Techniques

Operating Environment



Resource Management

Random Findings



Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2021 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March, 12, 2019