Add to collection(s) Add to saved
  1. Business
  2. Management

Solaris Containers

advertisement 
Solaris Containers
Research Design Team
Leading The Way
Agenda
► Containers
and the TCO game
► Solaris Resource Management
► Solaris Zones
► Solaris 10 benefits
► Potential Usage
Consolidation
and
the TCO shell game
► “Consolidate”
► What
constitutes consolidation?
► Factors to consider
► “Work Smarter……..”
Solaris Containers
►
►
►
►
Build customized, isolated containers—each with their own
IP address, file system, users, and assigned resources—to
safely and easily consolidate systems
Guarantee sufficient CPU and memory resource allocation
to applications while retaining the ability to use idle
resources as needed
Reserve and allocate a specific CPU or group of CPUs for
the exclusive use of the container
Automatically recover from potentially catastrophic system
problems by leveraging the combined functionality of
Predictive Self Healing and Solaris Containers
Solaris Resource Management
► All
features are included in Solaris
► Fair Share scheduler
 Controls allocation of CPU
 Meet application SLA
 Real time allocation based on what else is
running
► Dynamic
Resource Pools
► Extended Accounting
In the Zone…….
► Virtualized
O/S layer
 File System
 Network Processes
 Devices
► Privacy
- can’t see other zones on same
host
► Security – Can’t affect activity outside zone
► Failure Isolation – application failure in one
zone does not affect other zones
Failure Isolation
► Each
process is associated with one zone
► From within a zone, only processes in the
same zone can be seen or affected
► “root” in a zone has authority for that zone
only!
Security
► Each
zone has a security boundary
► Processes running in a zone are unable to
affect activity in the global zone or other
zones
► A compromised zone can not escalate its
privileges
File Systems
► Each
zone is allocated its own root /
► File systems can be inherited in read-only,
copied into zone, mounted read-write:
 /usr, /lib /sbin and /platform are read-only
 /etc and /opt are copied into zones
► Sections
of a file system can be mounted
into one or more zones (read-only)
Patch and Package Management
Network and Identity
► Global
system admin can administer
software on every zone
► Global zones use Solaris packaging and
patch tools
► Each zone has its own identity
 Node name, RPC domain name, time zone,
 Separate /etc/passwd
 Private IP addresses
► Only
one TCP/IP stack per kernel
 Each zone is shielded from stack specifics
 Each zone is prohibited from view of other
zones traffic
► Each
zone has its own logical network
interfaces
Global Zone
►
►
►
►
►
►
►
►
►
Is assigned ID 0 by the system
Provides the single instance of the Solaris kernel that is bootable and
running on the system
Contains a complete installation of the Solaris system packages
Can contain additional software packages or additional software,
directories, files, and other data not installed through packages
Provides a complete and consistent product database that contains
information about all software components installed in the global zone
Holds configuration information specific to the global zone only, such
as the global zone host name and file system table
Is the only zone that is aware of all devices and all file systems
Is the only zone with knowledge of non-global zone existence and
configuration
Is the only zone from which a non-global zone can be configured,
installed, managed, or uninstalled
Non-global or Local zone
►
►
►
►
►
►
►
►
►
►
Is assigned a zone ID by the system when the zone is booted
Shares operation under the Solaris kernel booted from the global zone
Contains an installed subset of the complete Solaris Operating System
software packages
Contains Solaris software packages shared from the global zone
Can contain additional installed software packages not shared from the
global zone
Can contain additional software, directories, files, and other data
created on the non-global zone that are not installed through packages
or shared from the global zone
Has a complete and consistent product database that contains
information about all software components installed on the zone
Is not aware of the existence of any other zones
Cannot install, manage, or uninstall other zones, including itself
Has configuration information specific to that non-global zone only
Solaris 10 Benefits
► Dynamic
Tracing (DTrace)
► Predictive Self Healing
► Services
► The Least Privilege Model
► Linux Application Environment (allow users
on x86 systems to take existing, unmodified
Linux binaries and run them on the Solaris
platform )
UPS futures
► Limit/reduce
overall TCO
 Consolidate and reduce O/S images to maintain
 Reduced number of server footprints
► Use
of commodity hardware
► Increased flexibility
► Reduce time to market
Possible applications?
► MRS
lab – simultaneous training on new
products and features.
► Build environments for POC efforts quickly
► Horizontally scaled applications
Q&A
Related documents
executive summary
executive summary
Voyager Server Security and Monitoring
Voyager Server Security and Monitoring
Virtual Design | CATIA Mechanical Design
Virtual Design | CATIA Mechanical Design
SO111 - Introduction to the Solaris 10 Operating Environment
SO111 - Introduction to the Solaris 10 Operating Environment
Decimal Problem Solving
Decimal Problem Solving
Sunchem Presentation – Activities and Results
Sunchem Presentation – Activities and Results
What time is it
What time is it
Map Skills
Map Skills
Reginald Marshall
Reginald Marshall
Chapter21
Chapter21
2012 Training Powerpoint
2012 Training Powerpoint
Where are Cities Located and Why?
Where are Cities Located and Why?
Press Release - Solaris Bus and Coach SA
Press Release - Solaris Bus and Coach SA
INNOVATION DESIGN TECHNOLOGY BASIC TAILOR MADE
INNOVATION DESIGN TECHNOLOGY BASIC TAILOR MADE
Securing Solaris Systems - Virginia Alliance for Secure Computing
Securing Solaris Systems - Virginia Alliance for Secure Computing
Download
advertisement