doc/en/features.sgml

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" [
<!ENTITY date "$FreeBSD: www/en/features.sgml,v 1.23 2004/12/01 01:04:55 rwatson Exp $">
<!ENTITY title "About FreeBSD's Technological Advances">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>

<html>
    &header;
    
    <h1>FreeBSD offers many advanced features.</h1>
    
    <blockquote>
      <p>No matter what the application, you want your system's resources
	performing at their full potential.  FreeBSD's advanced features
	enable you to do just that.</p>
    </blockquote>

    <hr align="left" noshade="noshade" width="100%"><font
      color="#FF0000"><font size="+1">A complete operating system based on
	4.4BSD.</font></font>

    <blockquote>
      <p>FreeBSD's distinguished roots derive from the latest <b>BSD</b>
	software releases from the Computer Systems Research Group at the
	University of California, Berkeley.  The book <i>The Design and
	  Implementation of 4.4BSD Operating System</i>, written by the 4.4BSD
	system architects, thus describes much of FreeBSD's core functionality
	in detail.</p>

      <p>Drawing on the skills and experience of a diverse and world-wide
	group of volunteer developers, the FreeBSD Project has worked to
	extend the feature set of the 4.4BSD operating system in many ways,
	striving constantly to make each new release of the OS more stable,
	faster and containing new functionality driven by user requests.</p>
    </blockquote>

    <hr align="left" noshade="noshade" width="100%"><font
      color="#FF0000"><font size="+1">FreeBSD provides higher performance,
	greater compatibility with other operating systems and less system
	administration.</font></font>

    <blockquote>
      <p>FreeBSD's developers attacked some of the more difficult problems in
	operating systems design to give you these advanced features:</p>
      
      <ul>
	<li><b>A merged virtual memory and filesystem buffer cache</b>
	  continuously tunes the amount of memory used for programs and the
	  disk cache.  As a result, programs receive both excellent memory
	    management and high performance disk access, and the system
	    administrator is freed from the task of tuning cache sizes.</li>
	
	<li><b>Compatibility modules</b> enable programs for other operating
	  systems to run on FreeBSD, including programs for Linux, SCO UNIX,
	  and System V Release 4.</li>
	  
	<li><b>Soft Updates</b> allows improved filesystem
	  performance without sacrificing safety and reliability.
	  It analyzes meta-data filesystem operations to avoid having
	  to perform all of those operations synchronously.
	  Instead, it maintains internal state about pending meta-data
	  operations and uses this information to cache meta-data,
	  rewrite meta-data operations to combine subsequent
	  operations on the same files, and reorder meta-data
	  operations so that they may be processed more efficiently.
	  Features such as background filesystem checking and
	  file system snapshots are built on the consistency
	  and performance foundations of soft updates.</li>

	<li><b>File system snapshots</b>, permitting administrators to take
	  atomic file system snapshots for backup purposes using the free
	  space in the file system, as well as facilitating <b>background
	  fsck</b>, which allows the system to reach multiuser mode without
	  waiting on file system cleanup operations following power outages.
	  </li>

	<li>Support for <b>IP Security (IPsec)</b> allows improved security in
	  networks, and support for the next-generation Internet Protocol,
	  IPv6.  The FreeBSD IPSEC implementation includes support for a
	  broad range of <b>accelerated crypto hardware</b>.</li>

	<li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
	  allows FreeBSD to be seamlessly integrated into next generation
	  networking environments.  FreeBSD even ships with many applications
	  extended to support IPv6!</li>

	<li><b>Multi-threaded SMP architecture</b> capable of executing the
	  kernel in parallel on multiple processors, and with <b>kernel
	  preemption</b>, allowing high priority kernel tasks to preempt
	  other kernel activity, reducing latency.  This includes a
	  <b>multi-threaded network stack</b> and a <b>multi-threaded
	  virtual memory subsystem</b>.  With FreeBSD 6.x, support for a
	  fully parallel VFS allows the UFS file system to run on multiple
	  processors simultaneously, permitting load sharing of
	  CPU-intensive I/O optimization.</li>

	<li><b>M:N application threading via pthreads</b> permitting threads
	  to execute on multiple CPUs in a scaleable manner, mapping many user
	  threads onto a small number of <b>Kernel Schedulable Entities</b>.
	  By adopting the <b>Scheduler Activation</b> model, the threading
	  approach can be adapted to the specific requirements of a broad
	  range of applications.</li>

	<li><b>Netgraph pluggable network stack</b> allows developers to
	  dynamically and easily extend the network stack through clean
	  layered network abstractions.  Netgraph nodes can implement a broad
	  range of new network services, including encapsulation, tunneling,
	  encryption, and performance adaptation.  As a result, rapid
	  prototyping and production deployment of enhanced network services
	  can be performed far more easily and with fewer bugs.</li>

	<li><b>TrustedBSD MAC Framework extensible kernel security</b>,
	  which allows developers to customize the operating system security
	  model for specific environments, from creating hardening policies
	  to deploying mandatory labeled confidentiality of integrity
	  policies.  Sample seucrity policies include <b>Multi-Level
	  Security (MLS)</b>, and <b>Biba Integrity Protection</b>.  Third
	  party modules include <b>SEBSD</b>, a FLASK-based implementation
	  of <b>Type Enforcement</b>.</li>

	<li><b>GEOM pluggable storage layer</b>, which permits new storage
	  services to be quickly developed and cleanly integrated into the
	  FreeBSD storage subsystem.  GEOM provides a consistent and
	  coherrent model for discovering and layering storage services,
	  making it possible to layer services such as RAID and volume
	  management easily.</li>

	<li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
	  strong cryptographic protection using the GEOM Framework, and can
	  protect file systems, swap devices, and other use of storage
	  media.</li>

	<li><b>Kernel Queues</b> allow programs to respond more efficiently
	  to a variety of asynchronous events including file and socket IO,
	  improving application and system performance.</li>

	<li><b>Accept Filters</b> allow connection-intensive applications,
	  such as web servers, to cleanly push part of their functionality into
	  the operating system kernel, improving performance.</li>
      </ul>

    </blockquote>

    <hr align="left" noshade="noshade" width="100%"><font
      color="#FF0000"><font size="+1">FreeBSD provides many security features
      to protect networks and servers.</font></font>

    <blockquote>
      <p>The FreeBSD developers are as concerned about security as they are
	about performance and stability.  FreeBSD includes kernel support for
	<b>stateful IP firewalling</b>, as well as other services, such as
	<b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
	access control</b>, <b>jail-based virtual hosting</b>, and
	<b>cryptographically protected storage</b>.  These features can be
	used to support highly secure hosting of mutually untrusting
	customers or consumers, the strong partitioning of network segments,
	and the construction of secure pipelines for information scrubbing
	and information flow control.</p>

      <p>FreeBSD also includes support for encryption software, secure
	shells, Kerberos authentication, "virtual servers" created using
	jails, chroot-ing services to restrict application access to the
	file system, Secure RPC facilities, and access lists for services
	that support TCP wrappers.</p>
    </blockquote>

      &footer;
  </body>
</html>

<!-- 
     Local Variables:
     mode: sgml
     sgml-indent-data: t
     sgml-omittag: nil
     sgml-always-quote-attributes: t
     End:
-->