Solaris 가상화 기술

1. Solaris 가상화 기술 이강산

2. What is a zone? • A zone is a virtual operating system abstraction that • provides a protected environment in which applications run. • The applications are protected from each other to provide software fault isolation. • To ease the labor of managing multiple applications and their environments, • they co-exist within one operating system instance, and are usually managed as one entity.

3. What is a container? • A zone which also uses the operating system's resource management facility is then called a container. • Many people use the two words 'zone' and 'container' interchangeably.

4. What types of zones are available? • Native • The default non-global zone is the native zone. • It has the same characteristics as the Solaris 10 Operating System or later release that is running in the global zone. • Branded Zones • It is also possible to run a different operating environment inside of a non-global zone. • The branded zone (BrandZ) framework extends the Solaris Zones infrastructure to include the creation of brands, or alternative sets of runtime behaviors. • "Brand" can refer to a wide range of operating environments.

5. Install OS GlobalZone GlobalZone Create a zone Non-GlobalZone (zone or local zone) What is a global zone? Sparse-root zone? Whole-root zone? Local zone? • After installing Solaris 10 on a system, but before creating any zones, all processes run in the global zone. • After you create a zone, it has processes which are associated with that zone and no other zone. • Any process created by a process in a non-global zone is also associated with that non-global zone. • Any zone which is not the global zone is called a non-global zone. Some people call non-global zones simply "zones." • Others call them "local zones" but this is discouraged.

6. The default zone filesystem model is called "sparse-root." • This model emphasizes efficiency at the cost of some configuration flexibility. • Sparse-root zones optimize physical memory and disk space usage by sharing some directories, like /usr and /lib. • Sparse-root zones have their own private file areas for directories like /etc and /var. • Whole-root zones increase configuration flexibility but increase resource usage. • They do not use shared filesystems for /usr, /lib, and a few others.

7. Will my software run in a zone or container? • Most Solaris software will run unmodified in a zone, without needing to re-compile. • Unprivileged software (programs that do not run as root nor with specific privileges) typically run unmodified in a zone once they can be successfully installed. • Installation software must not assume that it can write into shared, read-only filesystems, e.g. /usr. • This can be circumvented by adding a writable filesystem to the zone (e.g. at /usr/local) or using a whole-root zone.

8. However, there are a few applications which need non-default privileges to run - privileges not normally available in a zone, such as the ability to set the system's time-of-day clock. • For these situations, the feature named "configurable privileges" has been added. • This feature allows the global zone administrator - the person who manages zones on a system - to assign additional, non-default privileges to a zone. • The zone's administrator can then allow individual users to use those non-default privileges. • An applications which requires privileges which cannot be added to a zone may need modification to run properly in a zone.

9. Here are some guidelines • An application which accesses the network and files, and performs no other I/O, should work correctly. • Applications which require direct access to certain devices, e.g. a disk partition, will usually work if the zone is configured correctly. • However, in some cases this may increase security risks. • Applications which require direct access to these devices must be modified to work correctly • /dev/kmem • a network device • Starting with OpenSolaris build 37 and Solaris 10 8/07, a zone can be configured as an "exclusive-IP zone" which gives it exclusive access to the NIC(s) that the zone has been assigned. Applications in such a zone can communicate directly with the NIC(s) available to the zone. • Applications running in shared-IP zones should instead use one of the many IP services.

10. How "big" is a zone? • If configured with default parameters, a zone requires about 85MB of free disk space per zone when the global zone has been installed with the "All" metacluster of Solaris packages. • Additional packages installed in the global zone will require additional space in the non-global zones. • SVM soft partitions can be used to divide disk slices and enforce per-zone disk space constraints. • When performing capacity planning, 40MB of additional RAM per zone is suggested. • Applications do not use any "extra" RAM because they are running in a zone. • A zone installed using the "full-root model" will take up as much space as the initial Solaris 10 installation, which will be more than 500MB in most cases.

11. Can each zone run a different Solaris version? • No. • All of the zones use a single underlying kernel. • The version of the kernel determines the version of every container in that domain.

12. What types of re-configurations require a non-global zone re-boot? • Adding a device to a non-global zone. • Binding a zone to a pool.