Slashdot Mirror


Zones are in Solaris Express (Solaris 10)

snoofy writes "Zones, as people from SUN Microsystems have talked about for some time are now available in solaris express (the pre-release of Solaris 10). This will let you virtualize Solaris so that processes run in isolation from other activity on the system... A system can then be configured to run several zones which will make it look like different systems on the network Some info from a posting to comp.unix.solaris. The cool stuff is that it works on both SPARC and x86."

5 of 164 comments (clear)

  1. Can this be used for honeypots? by El+Volio · · Score: 5, Interesting

    It would be cool to do something like the UML honeypots in Linux. You could run multiple systems, each insulated from each other and the host system, see what you get.

    --

    "You can never have too many elephants on your team."

  2. Look up Argante by SharpFang · · Score: 4, Interesting

    That was a project of a cross-platform "virtual OS" to be run "on top of" other OSes (loaded like a normal process) designed with security in mind - building exploits in it was meant to be impossible. I'm not sure about progress, but launching 10 Argante processes on, say, plain Linux running nothing but "bare bones" was meant to be equal to creating 10 computers, each running Argante OS, to create, say, 10 super-secure servers.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  3. Only if it works... by RunAmuk · · Score: 5, Interesting

    This would be interesting to see if the installer actually worked. I tried downloading and installing the Solaris Express preview on my SunBlade 100, and the installer died halfway through the installation. When I was finally able to get the installatin finished, I couldn't even make it recognize the integrated network card.

    I've always been surprised how Linux installers can easily support the large variety of OEM Network cards available, and yet Sun can't make an installer that recognises their own hardware.

  4. But... does "rebooting" a zone fix issues? by 192939495969798999 · · Score: 5, Interesting

    What makes zones so important in large systems is the ability to restart one, or totally reconfigure it, without taking down the other zones. This seems obvious, but it helps put a layer in between the hardware and the software. What surprises me is that if so many other platforms already supported this to a large degree, how come its deployment has not been extensive? It seems like a great feature.

    --
    stuff |
    1. Re:But... does "rebooting" a zone fix issues? by nemaispuke · · Score: 5, Interesting

      Yes there are other platforms that have similar features (AIX LPAR and DLPAR, HP-UX VPAR, Solaris Dynamic Domains). The problems are (1) you have to be using recent versions of the OS for the software virtualization (AIX 5L 5.2, HP-UX 11 and 11i) or (2) have the specific hardware necessary to use the hardware virtualization (AIX, HP-UX, and Solaris). And this hardware is costly (minimum cost for a Sun Sun Fire midrange to support dynamic domains is $100,000.00).

      The other reason could be that management (particularly in DoD) won't allow the use of hardware or software virtualization despite the benefits. Management could see this as a "toy" rather than a feature. Of all the documentation I have read concerning DoD, implementation, security, etc., I have never read anything about setting up or using virtualization. Not to say that some DoD activities aren't using it, but they are not well "advertised". The last Navy project I worked on we tried to deploy an Open Source monitoring solution and was basically told "we will not the first in doing anything!"