Slashdot Mirror
Zones are in Solaris Express (Solaris 10)
snoofy writes "Zones, as people from SUN Microsystems have talked about for some time are now available in solaris express (the pre-release of Solaris 10). This will let you virtualize Solaris so that processes run in isolation from other activity on the system... A system can then be configured to run several zones which will make it look like different systems on the network
Some info from a posting to comp.unix.solaris. The cool stuff is that it works on both SPARC and x86."
That may be so but instead of buying an Alpha, you can run Solaris on x86 hardware. You're also right about UML, but that is probably not as easily configured and certainly not shipped in a ready-made form with a distribution, compared to Sun's solution. Of course, for all the people already commited to Sun, this is a great thing.
You have pointed out a critical thing. Marketing. For many year Sun has been succesful in the market because is a reliable brand and quite good.(at least in Chile, of course) its like being "mercedes" or something like that. They have a name and a reputation that helps them a lot. If windows came with a better command line(like xterm) it would be news too!!, and they of course would make shure its news for everyone.
If we want to make OS software more succesful in the market, we have to come up with marketing schemes for it, they can be as important as good coding.
"The quality of life is inversely proportional to the number of keys on your keyring."
If I am understanding the technology correctly, then I don't think you would want to run a honeypot/net in this configuration. The processes are isolated, but the kernel/core components are not.
Most compromises break/modify some kernel/core components to achieve the compromise. If a honeypot/net were run using this configuration then, it seems, that once the honeypot/net were compromised, then the WHOLE system (read: the part you wanted to keep safe) would be compromised.
Technology, like VMWare, uses a completely virtualized OS from a seperate installation and running instance of its kernel/core files. A compromise on a VMWare honeypot is much easier to recover from using the Snapshot/Revert features.
Then again, I may not completely understand the technology.
After reading the comments, it seems blatantly obvious that most /. readers don't work in the industry.
Zones fix some really important, real world problems. The main problem that it will solve for organizations is migration of apps from development to production boxes.
In Real Life (and in the well run organizations) there's a separation between dev, production, and sometimes test. There are a number of implications for this, the main one being this: there are usually two sets of hardware (or three, if there's a separate test area).
Now with a few moments of thought, you can see the problem. By moving the software from place to place you introduce changes. Change is bad, because change causes software to break. How many times have you had problems with your apps because you forgot to change some config file, or a machine name, or whatever?
With zones you don't need to change the machine to change the machine. You just copy your zone from one machine to another. Ta-da! You have no problem with changes impacting your app. If the app worked in test, it'll work in production. Do you need to mirror production in a test environment? Just create a bunch of zones and do it. You don't have to change the IP addresses or anything.
Need to migrate your app to a bigger box? Heck, just move your zone. No need to reinstall your app, synchronize and adjust all the configs, and repoint everyone and everything to the new box. Move it from that ultra 5 in the basement to the big cat in the data center.
I suppose you'll be able to auto-migrate zones between machines in later releases, in a form of cross data-center load balancing. Hey, that E450 is unused, let's move the web server there on the fly.
Just another step on the road to virtualization...