234 lines
		
	
	
	
		
			12 KiB
		
	
	
	
		
			XML
		
	
	
	
	
	
			
		
		
	
	
			234 lines
		
	
	
	
		
			12 KiB
		
	
	
	
		
			XML
		
	
	
	
	
	
| <?xml version="1.0" encoding="iso-8859-1"?>
 | |
| <!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
 | |
| "http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
 | |
| <!ENTITY title "About FreeBSD's Technological Advances">
 | |
| ]>
 | |
| 
 | |
| <html xmlns="http://www.w3.org/1999/xhtml">
 | |
|     <head>
 | |
|       <title>&title;</title>
 | |
| 
 | |
|       <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
 | |
|     </head>
 | |
| 
 | |
|     <body class="navinclude.about">
 | |
| 
 | |
|     <h1>FreeBSD offers many advanced features.</h1>
 | |
| 
 | |
|       <p>No matter what the application, you want your system's resources
 | |
| 	performing at their full potential.  FreeBSD's focus on
 | |
| 	performance, networking, and storage combine with easy system
 | |
| 	administration and excellent documentation to allow you to do just
 | |
| 	that.</p>
 | |
| 
 | |
|     <h2>A complete operating system based on 4.4BSD.</h2>
 | |
| 
 | |
|       <p>FreeBSD's distinguished roots derive from the <b>BSD</b>
 | |
| 	software releases from the Computer Systems Research Group at the
 | |
| 	University of California, Berkeley.  Over ten years of work have been
 | |
| 	put into enhancing BSD, adding industry-leading SMP, multithreading,
 | |
| 	and network performance, as well as new management tools, file
 | |
| 	systems, and security features.  As a result, FreeBSD may be found
 | |
| 	across the Internet, in the operating system of core router products,
 | |
| 	running root name servers, hosting major web sites, and as the
 | |
| 	foundation for widely used desktop operating systems.  This is only
 | |
| 	possible because of the diverse and world-wide membership of the
 | |
| 	volunteer FreeBSD Project.</p>
 | |
| 
 | |
|     <h2>FreeBSD provides advanced operating system features, making it ideal
 | |
| 	across a range of systems, from embedded environments to high-end
 | |
| 	multiprocessor servers.</h2>
 | |
| 
 | |
|       <p><b>FreeBSD 7.0</b>, released February 2008, brings many new features
 | |
| 	and performance enhancements.  With a special focus on storage
 | |
| 	and multiprocessing performance, FreeBSD 7.0 shipped with support
 | |
| 	for Sun's <b>ZFS file system</b> and <b>highly scalable
 | |
| 	multiprocessing performance</b>.  Benchmarks have shown that FreeBSD
 | |
| 	provides twice the MySQL and PostgreSQL performance as current Linux
 | |
| 	systems on 8-core servers.</p>
 | |
| 
 | |
|       <ul>
 | |
| 	<li><b>SMPng</b>: After seven years of development on advanced SMP
 | |
| 	  support, FreeBSD 7.0 realizes the goals of a fine-grained kernel
 | |
| 	  allowing linear scalability to over 8 CPU cores for many workloads.
 | |
| 	  FreeBSD 7.0 sees an almost complete elimination of the Giant Lock,
 | |
| 	  removing it from the CAM storage layer and NFS client, and moving
 | |
| 	  towards more fine-grained locking in the network subsystem.
 | |
| 	  Significant work has also been performed to optimize kernel
 | |
| 	  scheduling and locking primitives, and the optional ULE scheduler
 | |
| 	  allows thread CPU affinity and per-CPU run queues to reduce
 | |
| 	  overhead and increase cache-friendliness.  The libthr threading
 | |
| 	  package, providing 1:1 threading, is now the default.  Benchmarks
 | |
| 	  reveal a dramatic performance advantage over other &unix; operating
 | |
| 	  systems on identical multicore hardware, and reflect a long
 | |
| 	  investment in SMP technology for the FreeBSD kernel.</li>
 | |
| 
 | |
| 	<li><b>ZFS filesystem</b>: Sun's ZFS is a state-of-the-art file
 | |
| 	  system offering simple administration, transactional semantics,
 | |
| 	  end-to-end data integrity, and immense scalability.  From
 | |
| 	  self-healing to built-in compression, RAID, snapshots, and volume
 | |
| 	  management, ZFS will allow FreeBSD system administrators to easily
 | |
| 	  manage large storage arrays.</li>
 | |
| 
 | |
| 	<li><b>10Gbps network optimization</b>: With optimized device drivers
 | |
| 	  from all major 10gbps network vendors, FreeBSD 7.0 has seen
 | |
| 	  extensive optimization of the network stack for high performance
 | |
| 	  workloads, including auto-scaling socket buffers, TCP Segment
 | |
| 	  Offload (TSO), Large Receive Offload (LRO), direct network stack
 | |
| 	  dispatch, and load balancing of TCP/IP workloads over multiple CPUs
 | |
| 	  on supporting 10gbps cards or when multiple network interfaces are
 | |
| 	  in use simultaneously.  Full vendor support is available from
 | |
| 	  Chelsio, Intel, Myricom, and Neterion.</li>
 | |
| 
 | |
| 	<li><b>SCTP</b>: FreeBSD 7.0 is the reference implementation for the
 | |
| 	  new IETF Stream Control Transmission Protocol (SCTP) protocol,
 | |
| 	  intended to support VoIP, telecommunications, and other
 | |
| 	  applications with strong reliability and variable quality
 | |
| 	  transmission through features such as multi-path delivery,
 | |
| 	  fail-over, and multi-streaming.</li>
 | |
| 
 | |
| 	<li><b>Wireless</b>: FreeBSD 7.0 ships with significantly enhanced
 | |
| 	  wireless support, including high-power Atheros-based cards, new
 | |
| 	  drivers for Ralink, Intel, and ZyDAS cards, WPA, background
 | |
| 	  scanning and roaming, and 802.11n.</li>
 | |
| 
 | |
| 	<li><b>New hardware architectures</b>: FreeBSD 7.0 includes
 | |
| 	  significantly improved  support for the embedded ARM architecture,
 | |
| 	  as well as preliminary support for the Sun Ultrasparc T1
 | |
| 	  platform.</li>
 | |
|       </ul>
 | |
| 
 | |
|       <p>FreeBSD has a long history of advanced operating system feature
 | |
| 	development; you can read about some of these features below:</p>
 | |
| 
 | |
|       <ul>
 | |
| 	<li><b>A merged virtual memory and filesystem buffer cache</b>
 | |
| 	  continuously tunes the amount of memory used for programs and the
 | |
| 	  disk cache.  As a result, programs receive both excellent memory
 | |
| 	    management and high performance disk access, and the system
 | |
| 	    administrator is freed from the task of tuning cache sizes.</li>
 | |
| 
 | |
| 	<li><b>Compatibility modules</b> enable programs for other operating
 | |
| 	  systems to run on FreeBSD, including programs for Linux, SCO UNIX,
 | |
| 	  and System V Release 4.</li>
 | |
| 
 | |
| 	<li><b>Soft Updates</b> allows improved filesystem
 | |
| 	  performance without sacrificing safety and reliability.
 | |
| 	  It analyzes meta-data filesystem operations to avoid having
 | |
| 	  to perform all of those operations synchronously.
 | |
| 	  Instead, it maintains internal state about pending meta-data
 | |
| 	  operations and uses this information to cache meta-data,
 | |
| 	  rewrite meta-data operations to combine subsequent
 | |
| 	  operations on the same files, and reorder meta-data
 | |
| 	  operations so that they may be processed more efficiently.
 | |
| 	  Features such as background filesystem checking and
 | |
| 	  file system snapshots are built on the consistency
 | |
| 	  and performance foundations of soft updates.</li>
 | |
| 
 | |
| 	<li><b>File system snapshots</b>, permitting administrators to take
 | |
| 	  atomic file system snapshots for backup purposes using the free
 | |
| 	  space in the file system, as well as facilitating <b>background
 | |
| 	  fsck</b>, which allows the system to reach multiuser mode without
 | |
| 	  waiting on file system cleanup operations following power outages.
 | |
| 	  </li>
 | |
| 
 | |
| 	<li>Support for <b>IP Security (IPsec)</b> allows improved security in
 | |
| 	  networks, and support for the next-generation Internet Protocol,
 | |
| 	  IPv6.  The FreeBSD IPsec implementation includes support for a
 | |
| 	  broad range of <b>accelerated crypto hardware</b>.</li>
 | |
| 
 | |
| 	<li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
 | |
| 	  allows FreeBSD to be seamlessly integrated into next generation
 | |
| 	  networking environments.  FreeBSD even ships with many applications
 | |
| 	  extended to support IPv6!</li>
 | |
| 
 | |
| 	<li><b>Multi-threaded SMP architecture</b> capable of executing the
 | |
| 	  kernel in parallel on multiple processors, and with <b>kernel
 | |
| 	  preemption</b>, allowing high priority kernel tasks to preempt
 | |
| 	  other kernel activity, reducing latency.  This includes a
 | |
| 	  <b>multi-threaded network stack</b> and a <b>multi-threaded
 | |
| 	  virtual memory subsystem</b>.  Beginning with FreeBSD 6.x, support
 | |
| 	  for a fully parallel VFS allows the UFS file system to run on multiple
 | |
| 	  processors simultaneously, permitting load sharing of
 | |
| 	  CPU-intensive I/O optimization.</li>
 | |
| 
 | |
| 	<li><b>M:N application threading via pthreads</b> permitting threads
 | |
| 	  to execute on multiple CPUs in a scalable manner, mapping many user
 | |
| 	  threads onto a small number of <b>Kernel Schedulable Entities</b>.
 | |
| 	  By adopting the <b>Scheduler Activation</b> model, the threading
 | |
| 	  approach can be adapted to the specific requirements of a broad
 | |
| 	  range of applications.</li>
 | |
| 
 | |
| 	<li><b>Netgraph pluggable network stack</b> allows developers to
 | |
| 	  dynamically and easily extend the network stack through clean
 | |
| 	  layered network abstractions.  Netgraph nodes can implement a broad
 | |
| 	  range of new network services, including encapsulation, tunneling,
 | |
| 	  encryption, and performance adaptation.  As a result, rapid
 | |
| 	  prototyping and production deployment of enhanced network services
 | |
| 	  can be performed far more easily and with fewer bugs.</li>
 | |
| 
 | |
| 	<li><b>TrustedBSD MAC Framework extensible kernel security</b>,
 | |
| 	  which allows developers to customize the operating system security
 | |
| 	  model for specific environments, from creating hardening policies
 | |
| 	  to deploying mandatory labeled confidentiality of integrity
 | |
| 	  policies.  Sample security policies include <b>Multi-Level
 | |
| 	  Security (MLS)</b>, and <b>Biba Integrity Protection</b>.  Third
 | |
| 	  party modules include <b>SEBSD</b>, a FLASK-based implementation
 | |
| 	  of <b>Type Enforcement</b>.</li>
 | |
| 
 | |
| 	<li><b>TrustedBSD Audit</b> is a security event logging service,
 | |
| 	  providing fine-grained, secure, reliable logging of system events
 | |
| 	  via the audit service.  Administrators can configure the nature and
 | |
| 	  granularity of logging by user, tracking file accesses, commands
 | |
| 	  executed, network activity, system logins, and a range of other
 | |
| 	  system behavior.  Audit pipes allow IDS tools to attach to the
 | |
| 	  kernel audit service and subscribe to events they require for
 | |
| 	  security monitoring.  FreeBSD supports the industry-standard BSM
 | |
| 	  audit trail file format and API, allowing existing BSM tools to
 | |
| 	  run with little or no modification.  This file format is used on
 | |
| 	  Solaris and Mac OS X, allowing instant interoperability and unified
 | |
| 	  analysis.</li>
 | |
| 
 | |
| 	<li><b>GEOM pluggable storage layer</b>, which permits new storage
 | |
| 	  services to be quickly developed and cleanly integrated into the
 | |
| 	  FreeBSD storage subsystem.  GEOM provides a consistent and
 | |
| 	  coherent model for discovering and layering storage services,
 | |
| 	  making it possible to layer services such as RAID and volume
 | |
| 	  management easily.</li>
 | |
| 
 | |
| 	<li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
 | |
| 	  strong cryptographic protection using the GEOM Framework, and can
 | |
| 	  protect file systems, swap devices, and other use of storage
 | |
| 	  media.</li>
 | |
| 
 | |
| 	<li><b>Kernel Queues</b> allow programs to respond more efficiently
 | |
| 	  to a variety of asynchronous events including file and socket IO,
 | |
| 	  improving application and system performance.</li>
 | |
| 
 | |
| 	<li><b>Accept Filters</b> allow connection-intensive applications,
 | |
| 	  such as web servers, to cleanly push part of their functionality into
 | |
| 	  the operating system kernel, improving performance.</li>
 | |
|       </ul>
 | |
| 
 | |
|     <h2>FreeBSD provides many security features
 | |
|       to protect networks and servers.</h2>
 | |
| 
 | |
|       <p>The FreeBSD developers are as concerned about security as they are
 | |
| 	about performance and stability.  FreeBSD includes kernel support for
 | |
| 	<b>stateful IP firewalling</b>, as well as other services, such as
 | |
| 	<b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
 | |
| 	access control</b>, <b>jail-based virtual hosting</b>, and
 | |
| 	<b>cryptographically protected storage</b>.  These features can be
 | |
| 	used to support highly secure hosting of mutually untrusting
 | |
| 	customers or consumers, the strong partitioning of network segments,
 | |
| 	and the construction of secure pipelines for information scrubbing
 | |
| 	and information flow control.</p>
 | |
| 
 | |
|       <p>FreeBSD also includes support for encryption software, secure
 | |
| 	shells, Kerberos authentication, "virtual servers" created using
 | |
| 	jails, chroot-ing services to restrict application access to the
 | |
| 	file system, Secure RPC facilities, and access lists for services
 | |
| 	that support TCP wrappers.</p>
 | |
| 
 | |
|   </body>
 | |
| </html>
 |