Slashdot Mirror
Zones are in Solaris Express (Solaris 10)
snoofy writes "Zones, as people from SUN Microsystems have talked about for some time are now available in solaris express (the pre-release of Solaris 10). This will let you virtualize Solaris so that processes run in isolation from other activity on the system... A system can then be configured to run several zones which will make it look like different systems on the network
Some info from a posting to comp.unix.solaris. The cool stuff is that it works on both SPARC and x86."
UML here means User Mode Linux.
You are refering to UML as Unified Modelling Language
Don't forget Xen, VMWare, and Bochs (not as fast, but still cool).
There are already a ton of viable OS virtualizers out there. This news is seriously a real yawner.
>Where have I seen this before... Oh that's right,
>the features Compaq/Hp have been shipping with
> their Tru64 Alpha Servers for _years_.
First I watched this movie, your comparsion is unfair; HP/Compaq/DEC partitions are more like Sun domains, i.e implemented in hardware. Domains have been around since say 1996 when E10K was introduced.
> Sorry people, but sun are pushing 20th century
> technology with some marketing spin to make it
> sound up to date.
While Solaris zones are similar to UML or other virtual OS instance technologies there are some innovative features which would be really useful say on multiprocessor Opteron that you want to consolidate some applications on:
1) Support: I can expect to run Oracle/websphere,
etc in this zone without having to say oh and this is UML (which I have seen many times on mailling lists) (I mean applications support the fact that a OS vendor is behind this is good news as well)
2) Integration with Global Zone. From the global zone you can control each zone and watch and cap resources within a zone. This means modications to ps/prstat(solaris's top) and other core OS utilities. How hard would this be under Linux? Is the UML patch even accepted by Linus yet?
3) Inteface bindings - can bind zone to specific NIC.
4) Greenline - init.d replacement becomes service aware and can stop/start zones at boot and monitor services within a zone.
5) Dtrace - the greatest thing even, dynamic tracing of the kernel. Fully integrated with Solaris Zones.
Solaris Express is a program that they are using to give people early access to sun software. Solaris 10 is not solaris express
Open Source Java DAO Generator
Well considering that alpha is a discontinued platform I doubt anyone would be smart to buy one. Furthermore, if this technology is the next evolution of containers (which I think it is) it's nothing like what you speak of. You don't need to maintain a seperate os image for each zone, making administration easy. The only problem I've had with containers is isolation, which I hear has improved with zones. Physical partitioning (domains) have been in the sun product line since the 10k. Try understanding the technology before you comment about it... or more likely, IHBT
Go away, or I will replace you with a very small shell script.
Essentially the same as what the linux-vserver project http://www.linux-vserver.org/ or BSD jail feature provided. It sets up different contexts for different processes so that they are isolated from each other with a different root directory. The effect is that they acts each context acts like a separate sever, but in fact they are all running on the same kernel.
Linux-vserver is a great project. We have been running different services under differnt "virtual" servers for a while and its performance is stellar.
:. Ultimate Control Dedicated/VM Servers
Zones differ from jails in that you can limit the amount of resources a zone can consume. Even in jail you can launch a denial of service with a fork() bomb or busy loop, or even netcat. With zones, you can limit the amount of cpu cycles, network io, and (perhaps? don't have docs nearby) disk and serial io. Plus zones get their "own" virtual os, so you can reboot them.
Envy my 5 digit Slashdot User ID!
It sounds to me more like a Java Servlet container model than a VM. There's even a "global zone" that can see all the others.
Here's a post about it.
Here's Sun's page on it
This looks just like the Virtual Server project that Jacques Gelinas started a number of years ago. Possibly with some neat configuration utilities, but much the same. I'm not sure whether VServers can be allocated a dedicated CPU, or certain hardware exclusively, etc, but I think it can.
Xen, on the other hand is a much "heavier" approach, similar to VMWare, which virtualises the hardware, and emulates certain peripherals.
Sun has had the ability to do multiple system images on the same box for a while, but they've always been hardware partitioning only. The 4800/6800/12k/15k allowed you to run different domains on the same system, so long as you had the right combo of CPU and I/O boards. This was great if you had one of those systems, but not so hot it you had a workgroup level system (e.g. E450 or V880). I'm glad to see they've put software partitioning in the O/S so I can take a mid range system and chop it up into separate pieces. AIX and HP-UX have been able to do the software side thing for a while (but not the dedicated hardware piece, I believe).
This will help with consolidation and utilisation on existing machines, I think.
This is quite similar to vPar's in HP/UX (forgive me but I stopped paying attention to HP's ugly stepchildren Alpha & Tru64 a long time ago, it's too bad 'cause it was a great chip but its moribund, you would be wise to do the same pretty soon).
Hard partitions, like Sun Domains, HP's nPARs and IBM's LPARs slice up a physical machine and run an OS image on each slice. As far as I can tell here there is still just one OS image but applications running in these Zones can be isolated from each other. A malicous root user in the global zone is still able to make mischief in the zones if they want to.
The nice thing here unlike on HP is that you can slice up a uniprocessor machine if you have many tiny workloads that need to be isolated. IBM will too be able to do this soon with the next crank of their LPAR technology but a better implmentation with no issues with a global root user.
Very sure.
The zones routines, just re-read the zone config and re-initialise it. From the outside it can appear as an OS, but from another perspective (and this is gross over simplification but works for this point) it's just like loading an instance of an application.
Brought to you via Pidgeon TCP
The corresponding technology in Linux is called "vservers". It has been around for a number of years now, as an external kernel patch.
You can find more info about it on linux-vserver.org.
This is based on Trusted solaris as the underlining of the virtual system, but it doesn't share kernel/core as far as the SUN engineer explained it. So in the future you can have different versions of Solaris that support this technology running on the same machine. Everything is separated, FS,Kernel,Core,etc.. AFAIK :)
Almost everything written under "Features:" can be also said about jails: Security, Isolation, Virtualization, Granularity, Transparency. For instance, you can put one single binary in a jail (if it works) or you can put there an entire system. Or, if you want to run a service in a jail (isolation, security), you can build the entire system with make buildworld targetting a jail,and you can optimize that system for running a single service, by stripping out most parts in make.conf:
Jailed processes/systems are so isolated, that even if you root one jailed system, you won't have access to the others/host system (unless admin was stupid enough to have the same passwords). Jails have their own ip addresses and firewall rules as well. I guess (if I read this correctly) we can say there is nothing new under the Sun
This feature has been compared to BSD jails, and it's logical to say that it grew from that feature, but the functionality isn't exactly the same.
A Solaris zone can be rebooted independant of the other zones on the machine; it can have resources added or removed from the zone (CPUs, for example) dynamically, etc.
I'm still installing my copy of SolExp, so I haven't played with the feature just yet. But it looks to be located somewhere between FreeBSD jails and a completely emulated machine like VMWare.
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/