Slashdot Mirror
Zones are in Solaris Express (Solaris 10)
snoofy writes "Zones, as people from SUN Microsystems have talked about for some time are now available in solaris express (the pre-release of Solaris 10). This will let you virtualize Solaris so that processes run in isolation from other activity on the system... A system can then be configured to run several zones which will make it look like different systems on the network
Some info from a posting to comp.unix.solaris. The cool stuff is that it works on both SPARC and x86."
That may be so but instead of buying an Alpha, you can run Solaris on x86 hardware. You're also right about UML, but that is probably not as easily configured and certainly not shipped in a ready-made form with a distribution, compared to Sun's solution. Of course, for all the people already commited to Sun, this is a great thing.
You have pointed out a critical thing. Marketing. For many year Sun has been succesful in the market because is a reliable brand and quite good.(at least in Chile, of course) its like being "mercedes" or something like that. They have a name and a reputation that helps them a lot. If windows came with a better command line(like xterm) it would be news too!!, and they of course would make shure its news for everyone.
If we want to make OS software more succesful in the market, we have to come up with marketing schemes for it, they can be as important as good coding.
"The quality of life is inversely proportional to the number of keys on your keyring."
If your LinBSD chroot experiment screws up, you can get told to RTFM by the resident "expert" on your favourite mailing list. If your Sun box goes tits up, Mr. Sun engineer comes round and fixes it for you before you've finished typing the mail.
I'm not saying one method is better than the other for all people, but when you're betting a zillion pounds an hour on it working, it's nice to have backup :)
If I am understanding the technology correctly, then I don't think you would want to run a honeypot/net in this configuration. The processes are isolated, but the kernel/core components are not.
Most compromises break/modify some kernel/core components to achieve the compromise. If a honeypot/net were run using this configuration then, it seems, that once the honeypot/net were compromised, then the WHOLE system (read: the part you wanted to keep safe) would be compromised.
Technology, like VMWare, uses a completely virtualized OS from a seperate installation and running instance of its kernel/core files. A compromise on a VMWare honeypot is much easier to recover from using the Snapshot/Revert features.
Then again, I may not completely understand the technology.
This isn't true? Sorry, I didn't see you sitting there next to me while I ran the install. I wish you had told me that the blank screen the install froze on (I left it for an hour before restarting) was part of a "fine" install. This happened all THREE times I tried to run the installatn. I also wish you would have told me that network card wasn't supposed to let me see anything on the network, before I spent 2 days on and off trying to get it to. Had I recognized these components of a fine intstall I probably wouldn't have made this post.
When I reverted back to Solaris 8, I had no blank screen during the install, and while the network card wan't recognized and configured properly there, I had no problem setting it up after the install. I guess my point is, just because you didn't encounter bugs, it doesn't mean they don't exist.
I realize this is a beta release (I don't remember exactly which one, but I downloaded it about three weeks ago), but the installer has been around for a while, shouldn't it be able to recognize Sun hardware?
If the vendors are not selling any Alpha software for what you need to run your business, buy Alpha over Sparc would make you an idiot. You buy whatever fits your business, not for some overzealous philosophy or the l33test stats. For those who are running Sparc, this is one less thing that Tru64 has over Sparc. Yes, I have a beef with Sun over how they have pretty much sat on their laurels for the past couple of years while being passed by Intel, AMD, and anyone else scribing on silicon. While Intel and friends are talking about 4Hz and 5GHz systems, Sun is getting excited about their 3GHz stuff. Woohoo, big friggin deal. Frankly at this point I move as much stuff over to Linux on Intel as I can. The EDA vendors that have Sparc software are releasing their stuff for Linux and Hz vs Hz it is many times faster than Sun's products. Sun cannot compete in the small server market unless they pull a 4GHz system out of their wazoo.
Of course, since clustering systems and grid computing are becoming more commonplace, the large server market may just not be as unapproachable as it once was either.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
User mode Linux is similar. It's nearly impossible to break out from the child servers to the main server. I know of several hosting services that use this to give clients "private" servers at a reduced cost.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Welcome to the 21st century, where Sun Micro sells their own x86 and x86-64 servers, and Solaris x86 isn't just a portability demonstration.
After reading the comments, it seems blatantly obvious that most /. readers don't work in the industry.
Zones fix some really important, real world problems. The main problem that it will solve for organizations is migration of apps from development to production boxes.
In Real Life (and in the well run organizations) there's a separation between dev, production, and sometimes test. There are a number of implications for this, the main one being this: there are usually two sets of hardware (or three, if there's a separate test area).
Now with a few moments of thought, you can see the problem. By moving the software from place to place you introduce changes. Change is bad, because change causes software to break. How many times have you had problems with your apps because you forgot to change some config file, or a machine name, or whatever?
With zones you don't need to change the machine to change the machine. You just copy your zone from one machine to another. Ta-da! You have no problem with changes impacting your app. If the app worked in test, it'll work in production. Do you need to mirror production in a test environment? Just create a bunch of zones and do it. You don't have to change the IP addresses or anything.
Need to migrate your app to a bigger box? Heck, just move your zone. No need to reinstall your app, synchronize and adjust all the configs, and repoint everyone and everything to the new box. Move it from that ultra 5 in the basement to the big cat in the data center.
I suppose you'll be able to auto-migrate zones between machines in later releases, in a form of cross data-center load balancing. Hey, that E450 is unused, let's move the web server there on the fly.
Just another step on the road to virtualization...