Oracle Solaris Zones Study Purpose Only www.networkuser.wordpress.com.

Slides:



Advertisements
Similar presentations
Operating-System Structures
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Page 1 Dorado 400 Series Server Club Page 2 First member of the Dorado family based on the Next Generation architecture Employs Intel 64 Xeon Dual.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Lesson 18: Configuring Application Restriction Policies
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing software on personal computer
The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.
Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.
Paper on Best implemented scientific concept for E-Governance projects Virtual Machine By Nitin V. Choudhari, DIO,NIC,Akola.
Hands-On Microsoft Windows Server 2008
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Chapter 9: Novell NetWare
Oracle10g RAC Service Architecture Overview of Real Application Cluster Ready Services, Nodeapps, and User Defined Services.
Microsoft ® Official Course Module 10 Optimizing and Maintaining Windows ® 8 Client Computers.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Chapter Two Exploring the UNIX File System and File Security.
Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
© 2004 IBM Corporation IBM ^ z/VM Design considerations > Security > Performance (SIE)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Portable, Virtualized Oracle Environments on Solaris Sam Brunacini, ServerWare Session #127.
Chapter 8: Installing Linux The Complete Guide To Linux System Administration.
Introduction to Active Directory
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Solaris 가상화 기술 이강산. What is a zone? A zone is a virtual operating system abstraction that provides a protected environment in which applications run.
Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.
Virtual Local Area Networks In Security By Mark Reed.
Solaris containers (Zones) Server virtualization What zones are and how they are used in ECE/CIS at the University of Delaware Ben Miller.
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
VMware ESX and ESXi Module 3.
Chapter 6: Securing the Cloud
Bentley Systems, Incorporated
Lecture 1-Part 2: Operating-System Structures
Guide to Linux Installation and Administration, 2e
Current Generation Hypervisor Type 1 Type 2.
Dockerize OpenEdge Srinivasa Rao Nalla.
Credits: 3 CIE: 50 Marks SEE:100 Marks Lab: Embedded and IOT Lab
Building a Virtual Infrastructure
NOX: Towards an Operating System for Networks
Introduction to Operating System (OS)
NAT , Device Discovery Chapter 9 , chapter 10.
Virtual Servers.
KERNEL ARCHITECTURE.
Managing Clouds with VMM
Exploring the UNIX File System and File Security
System And Application Software
Operating System Architecture OS
Virtualization Layer Virtual Hardware Virtual Networking
Chapter 2: System Structures
HC Hyper-V Module GUI Portal VPS Templates Web Console
Cloud computing mechanisms
CT 1306 Communication Networks Management Lab
Lecture 1-Part 2: Operating-System Structures
Threads Chapter 4.
Chapter 2: Operating-System Structures
Operating Systems: A Modern Perspective, Chapter 3
Chapter 2: Operating-System Structures
A Virtual Machine Monitor for Utilizing Non-dedicated Clusters
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Presentation transcript:

Oracle Solaris Zones Study Purpose Only www.networkuser.wordpress.com

Zones Overview A zone is a virtualized operating system environment created within a single instance of the Oracle Solaris operating system. Virtualization is driven by the need to consolidate multiple hosts and services on a single machine. Virtualization reduces costs through the sharing of hardware, infrastructure, and administration. Increased hardware utilization Greater flexibility in resource allocation Reduced power requirements Fewer management costs Lower cost of ownership Administrative and resource boundaries between applications on a system www.networkuser.wordpress.com

Continue… With Oracle Solaris Zones, you can maintain the one-application-per-server deployment model while simultaneously sharing hardware resources. The upper limit for the number of zones on a system is 8192 The branded zone (BrandZ) facility in the Oracle Solaris operating system is a simple extension of Oracle Solaris Zones. BrandZ extends the zones tools in the following ways: The zonecfg command is used to set a zone's brand type when the zone is configured. The zoneadm command is used to report a zone's brand type as well as administer the zone. www.networkuser.wordpress.com

How Zones Work A process assigned to a zone can manipulate, monitor, and directly communicate with other processes that are assigned to the same zone. Each zone, including the global zone, is assigned a zone name. The global zone always has the name global. Each zone is also given a unique numeric identifier, which is assigned by the system when the zone is booted. The global zone is always mapped to ID 0. Each zone also has a node name that is completely independent of the zone name. The node name is assigned by the administrator of the zone. www.networkuser.wordpress.com

Summary of Zones by Function Global Non-Global Is assigned ID 0 by the system. Provides the single instance of the Solaris kernel that is bootable & running on system. Contains a complete installation of the Oracle Solaris system software packages. Can contain additional software packages or additional software, directories, files, and other data not installed through packages. Provides a complete & consistent product database that contains info. about all software components installed in the global zone. Holds configuration information specific to the global zone only, such as the global zone host name and file system table Is the only zone that is aware of all devices and all file systems Is the only zone with knowledge of non-global zone existence and configuration Is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled Is assigned a zone ID by the system when the zone is booted. Shares operation under the Oracle Solaris kernel booted from the global zone. Contains an installed subset of the complete Oracle Solaris OS software packages. Can contain additional installed software packages. Can contain additional software, directories, files, & other data created on the non-global zone that are not installed through packages. Has a complete and consistent product database that contains information about all software components installed on the zone. Is not aware of the existence of other zones. Cannot install, manage, or uninstall other zones, including itself. Has configuration information specific to that non-global zone only, such as the non-global zone host name and file system table. Can have its own time zone setting. www.networkuser.wordpress.com

How Non-Global Zones Are Created Global administrator uses the zonecfg command to configure a zone by specifying various parameters for the zone's virtual platform and application environment. Gone administration command zoneadm to install software at the package level into the file system hierarchy established for the zone and used to boot the zone. Log in to the installed zone by using the zlogin command. www.networkuser.wordpress.com

Non-Global Zone State Model Configured Incomplete Installed Ready Running Shutting down and Down configuration is complete & committed to stable storage & initial boot are not yet present. During an install or uninstall operation, zoneadm sets the state of the target zone to incomplete. zone's configuration is instantiated on the system. Packages are installed under the zone's root path The kernel creates the zsched process, network interfaces are set up and made available to the zone, file systems are mounted, and devices are configured. A unique zone ID is assigned by the system. zone application environment are running. The zone enters the running state as soon as the first user process associated with the application environment (init) is created. Zone is being halted, a zone that is unable to shut down for any reason will stop in one of these states. www.networkuser.wordpress.com

Commands That Affect Zone State www.networkuser.wordpress.com

Commands That Affect Zone State Cont. #zonestat ;utility reports on network bandwidth utilization in exclusive-IP zones. www.networkuser.wordpress.com

Non-Global Zone Characteristics Provides isolation at almost any level of granularity you require. Does not need a dedicated CPU, a physical device, or a portion of physical memory. Resources can either be multiplexed across a number of zones running within a single domain or system, or allocated on a per-zone basis using the resource management features. Customized set of services Basic communication between zones is accomplished by giving each zone IP network connectivity. An application running in one zone cannot observe the network traffic of another zone. Each zone is given a portion of the file system hierarchy. Workload running in a particular zone cannot access the on-disk data of another workload running in a different zone. Files used by naming services reside within a zone's own root file system. www.networkuser.wordpress.com

Capabilities Provided by Non-Global Zones Security : Once a process has been placed in a zone other than the global zone, neither the process nor any of its subsequent children can change zones. By running network services in a zone, you limit the damage possible in the event of a security violation. Isolation : Applications are also prevented from monitoring or intercepting each other's network traffic, file system data, or process activity. Network Isolation : Each zone can also define its own IP layer security rules. Isolation is useful for both operational and security reasons. Zones can be used to consolidate applications that must communicate on different subnets using their own LANs or VLANs. www.networkuser.wordpress.com

Capabilities Provided by Non-Global Zones Cont.. Virtualization : Virtualized environment allows separate administration of each zone, hide details such as physical devices and the system's primary IP address and host name from applications. Granularity : zone can provide isolation at almost any level of granularity. Environment : Zones do not change the environment in which applications execute except when necessary to achieve the goals of security and isolation, Applications in the global zone run without modification, whether or not additional zones are configured. www.networkuser.wordpress.com