Zone Brands Overview
This section describes the types of brands available in this release, compares their features, and describes the BrandZ technology that enables branding.
Native Oracle Solaris Zones
The Oracle Solaris Zones feature is a complete runtime environment for applications. The defaultsolaris branded zone is also known as the native zone. Native zones are managed from the global zone by using the toolszonecfg,zoneadm, andzlogin.
A zone provides a virtual mapping from the application to the platform resources. Zones allowapplication components to be isolated from one another even though the zones share a single instanceof the Oracle Solaris operating system. Zones use resource management components to control howapplications use available system resources. For additional information on resource managementfeatures, seeAdministering Resource Management in Oracle Solaris 11.3.
The zone establishes boundaries for resource consumption, such as CPU. These boundaries can beexpanded to adapt to changing processing requirements of the application running in the zone.
Nativesolaris zones cannot contain any other zones within them.
For additional isolation, you can configure zones with a read-only root, called ImmutableZones. SeeImmutable Zones later in this document for moreinformation.
Oracle Solaris Kernel Zones
The Oracle Solaris Kernel Zones feature provides a full kernel and user environment within a zone, and also increases kernel separation between the host system and the zone. The brand name issolaris-kz. Kernel zones are managed from the global zone by using the existing toolszonecfg,zoneadm, andzlogin. The administrator of a kernel zone has greater flexibility in configuring and managing the zone than the administrator of a defaultsolaris zone. For example, you can fully update and modify the zone's installed packages, including the kernel version, without being limited to the packages installed in the global zone. You can manage storage private to the zone, create and destroy ZFS pools, and configure iSCSI and CIFS. You can installsolaris andsolaris10 zones within the kernel zone.
Asolaris-kz installation is independent of that of the global zone; it isnot apkg(5) linked image and can be modified regardless of the global zone content. Asolaris-kz zone can be installed in the same manner as other brands: Directlyfrom the global zone, or by using a boot media.
When specifying a manifest for installation, use a manifest that is suitable for a global zoneinstallation.Because kernel zones always install into a known location for the root pool, aninstallation target disk should not be specified.
Boot environment (BE) management is independent of the global zone.
Kernel zones support live migration and warm migration using suspend and resume. You canmigrate a kernel zone by suspending the zone on the source system and resuming the zone on thetarget system.These zones also support cold migration.
To use Oracle Solaris Kernel Zones, the packagebrand-solaris-kz must beinstalled on your system. To determine whether your system supports kernel zones, seeHardware and Software Requirements for Oracle Solaris Kernel Zones inCreating and Using Oracle Solaris Kernel Zones. You can also run thevirtinfo commandon your system. For more information about Oracle Solaris Kernel Zones, seeCreating and Using Oracle Solaris Kernel Zones and thesolaris-kz(5) man page. For more information about thevirtinfocommand, seeHow to Verify That a System Can Support Kernel Zones inCreating and Using Oracle Solaris Kernel Zones and thevirtinfo(1M) man page.
Oracle Solaris 10 Zones
Oracle Solaris 10 Zones, also known assolaris10 branded non-global zones, use BrandZ technology to run Oracle Solaris 10 applications on the Oracle Solaris 11 operating system. Applications run unmodified in the secure environment provided by the non-global zone. This enables you to use the Oracle Solaris 10 system to develop, test, and deploy applications. Workloads running within these branded zones can take advantage of the enhancements made to the kernel and utilize some of the innovative technologies available only on the Oracle Solaris 11 release. These zones are used to convert Oracle Solaris 10 systems into zones on Oracle Solaris 11. Asolaris10 branded zone cannot be an NFS server.
Oracle Solaris 10 Zones cannot contain any other zones within them.
For more information, seeCreating and Using Oracle Solaris 10 Zones.
Zone Brand Comparison
Differences betweensolaris-kz branded zones andsolarisandsolaris10 branded zones are shown below.
|
About the Branded Zones Framework
By default, a non-global zone on a system runs the same operating system software as the global zone. The branded zone (BrandZ) facility in the Oracle Solaris operating system is a simple extension of Oracle Solaris Zones. The BrandZ framework is used to create non-global branded zones that contain operating environments that are different from that of the global zone. Branded zones are used on the Oracle Solaris operating system to run applications. The BrandZ framework extends the Oracle Solaris Zones infrastructure in a variety of ways. These extensions can be complex, such as providing the capability to run different operating system environments within the zone, or simple, such as enhancing the base zone commands to provide new capabilities. For example, Oracle Solaris 10 Zones are branded non-global zones that can emulate the Oracle Solaris 10 operating system. Even default zones that share the same operating system as the global zone are configured with abrand.
The brand defines the operating environment that can be installed in the zone, and determineshow the system will behave within the zone so that the software installed in the zone functionscorrectly. In addition, a zone's brand is used to identify the correct application type atapplication launch time. All branded zone management is performed through extensions to the standardzones structure. Most administration procedures are identical for all zones.
The resources included in the configuration by default, such as defined file systems andprivileges, are covered in the documentation for the zone brands referenced inFor More Information About Zones.
Thezonecfg command is used to set a zone's brand type when the zone isconfigured.
Thezoneadm command is used to report a zone's brand type as well asadminister the zone.
BrandZ extends the zones tools in the following ways:
Although you can configure and install branded zones on an Oracle Solaris Trusted Extensionssystem that has labels enabled, you cannot boot branded zones on this system configuration,unless the brand being booted is thelabeled brand on acertified system configuration.
You can change the brand of a zone that is in theconfigured state. Once abranded zone has beeninstalled, the brand cannot be changed or removed.
 | Caution - If you plan to migrate your existing Oracle Solaris 10 system into asolaris10 branded zone on a system running the Oracle Solaris 11 release, you must migrate any existing zones to the target system first. Becausesolaris10 zones do not nest, the system migration process renders any existing zones unusable. SeeChapter 3, Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Zone inCreating and Using Oracle Solaris 10 Zones for more information. |
Processes Running in a Branded Zone
These points are found in such paths as thesyscall path, the processloading path, and the thread creation path.
At each of these points, a brand can choose to supplement or replace the standard OracleSolaris behavior.
Branded zones provide a set of interposition points in the kernel that are only applied to processes executing in a branded zone.
A brand can also provide a plug-in library forlibrtld_db. The plug-inlibrary allows Oracle Solaris tools such as the debugger, described inmdb(1), and DTrace, described indtrace(1M), to access the symbol information of processes running inside a brandedzone.
Note that zones do not support statically linked binaries.
Zone Brands In Related Oracle Solaris Products
This section provides information about Oracle Solaris Zones used in other Oracle Solarisfamily products.
Oracle Solaris Zones on an Oracle Solaris Trusted Extensions System
Oracle Solaris Trusted Extensions use a zone brand calledlabeled.
For information about using zones on an Oracle Solaris Trusted Extensions system, seeChapter 13, Managing Zones in Trusted Extensions inTrusted Extensions Configuration and Administration. Note that only thelabeled brand can bebooted on an Oracle Solaris Trusted Extensions system.
Oracle Solaris Cluster Zone Clusters
Zone clusters are a feature of Oracle Solaris Cluster software. A zone cluster is a group of non-global zones that serve as the nodes of the zone cluster. One non-global zone is created on each global cluster node that is configured with the zone cluster. The nodes of a zone cluster can be of either thesolaris brand or thesolaris10 brand, and use the cluster attribute. No other brand type is permitted exceptlabeled if the cluster is using Oracle Solaris Trusted Extensions. You can run supported services on the zone cluster in the same way as on a global cluster, with the isolation that is provided by zones. For more information, see theOracle Solaris Cluster 4.3 System Administration Guide.