Zones are containers to segregate services so that they do not interfere with each other. One zone, the global zone, is the locus for system-wide administrative functions. Non-global zones are not able to interact with each other except through network interfaces. When using management commands that reference PIDs, only processes in the same zone will be visible from any non-global zone.
Zones requiring network connectivity have at least one dedicated IP address. Non-global zones cannot observe each other’s network traffic. Users in the global zone, however, are able to observe the functioning of processes in non-global zones. It is usually good practice to limit user access to the global zone to system administrators. Other processes and users should be assigned to a non-global zone.
Each zone is assigned a zone name and a unique numeric zone ID. The global zone always has the name “global” and ID “0.” A node name is also assigned to each zone, including global. The node names are independent of the zone names.
Each zone has a path to its root directory relative to the global zone’s root directory.
A non-global zone’s scheduling class is set to be the same as the system’s scheduling class. If a zone is assigned to a resource pool, its scheduling class can be controlled by controlling the pool’s scheduling class.
Non-global zones can have their own zone administrators. Their authority is limited to their home zone.
The separation of the environments allows for better security, since the security for each zone is independent. Separation also allows for the installation of environments with distinct profiles on the same hardware.
The virtualization of the environment makes it easier to duplicate an environment on different physical servers.
ZFS is supported in Solaris 10 zones from the 6/2006 release and after.
Zone Installation
Zone StatesZone Control Commands
Resource Management
Zone Components
Zonecfg Interactive Mode
Adding Resources
Zone Models
Read more
No comments:
Post a Comment