The Oracle Solaris Zones product virtualizes OS services and provides an isolated and secureenvironment for running applications. Azone is a virtualized OS environmentthat is created within a single instance of the Oracle Solaris OS.
When you create a zone, you produce an application execution environment in which processesare isolated from the rest of the system. This isolation prevents processes that are running in onezone from monitoring or affecting processes that are running in other zones. Even a process thatruns withroot credentialscannot view or affect activityin other zones. With Oracle Solaris Zones, you can maintain the one-application-per-system deploymentmodel while simultaneously sharing hardware resources.
A zone also provides an abstract layer that separates applications from the physicalattributes of the system on which they are deployed. An example of an attribute is the physicaldevice path.
Zones can be used on any system that runs the Oracle Solaris 10 OS or the Oracle Solaris 11 OS. The number of zonesthat can be effectively hosted on a single system is determined by the following:
The size of the system
The total resource requirements of the application software that runs in all of thezones
Oracle Solaris Zones and Oracle Solaris 10 Zones are complete runtime environments for applications. A zoneprovides a virtual mapping from the application to the platform resources. Zones permit applicationcomponents to be isolated from one another even though the zones share a single instance of theOracle Solaris OS. The Oracle Solaris resource management feature permits you to explicitly allocate the amountand type of resources that a workload receives.
An Oracle Solaris Kernel Zone runs a zone that has a separate kernel and OS installation from the global zoneor the system that runs the kernel zone. Because of the separate kernel and OS installation, kernelzones are more independent than other zones and provide enhanced security of the operating systeminstances and its applications. System processes are handled in the kernel zone's separate processID table and are not shared with the global zone.
For more information, seeCreating and Using Oracle Solaris Kernel Zones andChapter 1, Oracle Solaris Zones Introduction inIntroduction to Oracle Solaris Zones.
A zone establishes boundaries for resource consumption, such as CPU usage. You can expandthese boundaries to adapt to the changing processing requirements of the application that runs inthe zone.
solaris branded zones can provide near-native performance. There is nolayer of overhead required to pass virtual I/O requests to physical devices and no emulation ofprivileged instructions. Also, because there is only one kernel, only one copy of the kernel must bekept on disk and in RAM.
For additional isolation and security, you can configureimmutable zones,which are zones that have a read-only root (/) file system. Immutable zonesenable you to "lock down" zones, which means that system files cannot be modified, evenby a privileged user in a zone.
Oracle Solaris 10 Zones enable you to run Oracle Solaris 10 applications on the Oracle Solaris 11 OS. Applications run unmodifiedin the secure environment that is provided by the non-global zone. Using asolaris10 branded non-global zone enables you to use an Oracle Solaris 10 system to develop,test, and deploy applications. Workloads that run within these branded zones can take advantage ofthe enhancements made to the kernel and use some of the innovative technologies available only inthe Oracle Solaris 11 release.
For more information about zones and resource management see the following documents: