Solaris Containers (including Solaris Zones) is a virtualization feature first available with Solaris 10. This is an implementation of operating system-level virtualization technology.
Description
Zones act as completely isolated virtual servers within a single machine. Zones were created to aid in the consolidation of under-utilized server farms. By consolidating servers into isolated virtual server Containers, system administrators can reduce cost and provide all the same protection of separate machines on a single machine.
Zones can be created with a minimal amount of disk space called Sparse Zones. Alternatively, a Whole-Root Zone can be created in which the entire operating system is duplicated for the zone. Each zone has a security boundary surrounding it. This boundary prevents a process associated with one zone from interacting with or observing processes in other zones except through the use of network connections.
A zone can be assigned to a resource pool (processor set plus scheduling class) to guarantee certain usage, or can be given shares via Fair-share scheduling, at which point it is referred to as a container.
Some programs cannot be executed from a zone : for example, you can't run an NFS server in a zone. As a zone is not a running kernel (comparing to what happens in hardware emulation), when things come close to kernel space, some limitations may be found.
Terminology
There is always one zone defined, named the "global" zone. The global zone may contain other zones, but further nesting is not permitted. Zones hosted by a global zone are known as "Non-global zones" but are sometimes just called "zones." The term "local zone" is specifically discouraged, since "local" is not an antonym of "global."
Required Resources
Zones induce a very low overhead on CPU and memory. Currently a maximum of 8191 non-global zones can be created on a single machine. "Sparse Zones" — in which most filesystem content is shared — can take as little as 50MB of disk space. Disk space requirements can be negligible when zones are based on ZFS clones, since only the blocks different from a snapshot image need to be stored on disk; this method also makes it possible to create zones in a few seconds. "Whole Root Zones" — in which all packages are copied from the global zone — may occupy anywhere from several hundred megabytes to several gigabytes, depending on installed software.
Documentation
Sun provides several resources for Container Documentation, including the installed man pages and on-line technical documents called Sun BluePrints. Containers are created with the zoneadm and zonecfg commands. Both can be found in section 1m of the manual pages.
Current implementation issues
As of the Solaris 10 11/06 release, the following limitations in Solaris Containers still exist. These issues may be resolved in the future.
- Live Upgrade cannot be used to upgrade a Solaris system with non-global zones. It is still possible to upgrade such a system, but only offline via DVD/network. There is a project underway to provide this functionality (ZULU - Zone Update via Live Upgrade).
Similar technologies
Other implementations of operating system-level virtualization technology are OpenVZ/Virtuozzo, Linux-VServer, FreeBSD Jails, and FreeVPS.
References
See also
External links
Server providers
Here is a list of providers that offer hosted virtualization solutions based on Solaris Containers/Zones
- ↑ RFE: Zones should be able to be NFS servers. In: OpenSolaris BugTracker. 7. Dezember 2003, abgerufen am 20. Februar 2007.
- ↑ NFS server in zones. In: zones-discuss. 14. Februar 2007, abgerufen am 20. Februar 2007.