Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zones are in Solaris Express (Solaris 10)

Posted by CmdrTaco on from the i-want-my-processes-in-the-danger-zone dept.

snoofy writes "Zones, as people from SUN Microsystems have talked about for some time are now available in solaris express (the pre-release of Solaris 10). This will let you virtualize Solaris so that processes run in isolation from other activity on the system... A system can then be configured to run several zones which will make it look like different systems on the network Some info from a posting to comp.unix.solaris. The cool stuff is that it works on both SPARC and x86."

9 of 164 comments (clear)

  1. Can this be used for honeypots? by El+Volio · · Score: 5, Interesting

    It would be cool to do something like the UML honeypots in Linux. You could run multiple systems, each insulated from each other and the host system, see what you get.

    --

    "You can never have too many elephants on your team."

    1. Re:Can this be used for honeypots? by molnarcs · · Score: 2, Interesting

      Ooops, made a mistake: WITH_LIBMAP shouldn't be there (I copied my own make.conf, and forget to remove that line). That's for choosing between different threading libraries for your applications. (FreeBSD has three: libc_r - old one, libthr - 1:1 threading like linux, libkse - M:N threading).

  2. Look up Argante by SharpFang · · Score: 4, Interesting

    That was a project of a cross-platform "virtual OS" to be run "on top of" other OSes (loaded like a normal process) designed with security in mind - building exploits in it was meant to be impossible. I'm not sure about progress, but launching 10 Argante processes on, say, plain Linux running nothing but "bare bones" was meant to be equal to creating 10 computers, each running Argante OS, to create, say, 10 super-secure servers.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  3. Question by mikeophile · · Score: 2, Interesting

    Is this similar to running multiple instances of VMWare or Bochs?

  4. Only if it works... by RunAmuk · · Score: 5, Interesting

    This would be interesting to see if the installer actually worked. I tried downloading and installing the Solaris Express preview on my SunBlade 100, and the installer died halfway through the installation. When I was finally able to get the installatin finished, I couldn't even make it recognize the integrated network card.

    I've always been surprised how Linux installers can easily support the large variety of OEM Network cards available, and yet Sun can't make an installer that recognises their own hardware.

  5. But... does "rebooting" a zone fix issues? by 192939495969798999 · · Score: 5, Interesting

    What makes zones so important in large systems is the ability to restart one, or totally reconfigure it, without taking down the other zones. This seems obvious, but it helps put a layer in between the hardware and the software. What surprises me is that if so many other platforms already supported this to a large degree, how come its deployment has not been extensive? It seems like a great feature.

    --
    stuff |
    1. Re:But... does "rebooting" a zone fix issues? by nemaispuke · · Score: 5, Interesting

      Yes there are other platforms that have similar features (AIX LPAR and DLPAR, HP-UX VPAR, Solaris Dynamic Domains). The problems are (1) you have to be using recent versions of the OS for the software virtualization (AIX 5L 5.2, HP-UX 11 and 11i) or (2) have the specific hardware necessary to use the hardware virtualization (AIX, HP-UX, and Solaris). And this hardware is costly (minimum cost for a Sun Sun Fire midrange to support dynamic domains is $100,000.00).

      The other reason could be that management (particularly in DoD) won't allow the use of hardware or software virtualization despite the benefits. Management could see this as a "toy" rather than a feature. Of all the documentation I have read concerning DoD, implementation, security, etc., I have never read anything about setting up or using virtualization. Not to say that some DoD activities aren't using it, but they are not well "advertised". The last Navy project I worked on we tried to deploy an Open Source monitoring solution and was basically told "we will not the first in doing anything!"

  6. Re:Solaris Needs to Pay More Attention to Detail by christophersaul · · Score: 2, Interesting

    Should have added that if you want to get all the OSS stuff installed easily on Solaris, you can easily download it from Sun.com, or better still use pkg-get, an apt-get style tool for Solaris. Do a search on Google for pkg-get and it'll pop up. It's excellent.

  7. Virtual routers anyone? by sd3 · · Score: 2, Interesting

    It would be interesting to virtualize the machine down to the IP level. You could run separate instances of routed (or whatever) in each virtualized machine's space, then have a router cloud-in-a-box. Now you can play games like changing the data or error rate on certain links, bring routers up or down, etc.

    Yes, I know you could use NISTnet but this would allow you to do other things. Besides, with a virtualized machine you get (?) more assurance that things are correct down to the Nth level.

    I tried running four instances of UML on a 2400XP+ machine and it's usable, though not necessarily for 100Mb/s traffic. Doesn't give you much in the way of network depth though. Tried four instances of VMware+NetBSD on a P-III/500 and it's painful. Am currently struggling with Xen now, but I'm ready to try a userland VM instead.