Solaris Zones Partitioning Technology (Overview)
After the Solaris OS is installed, you can install and configure zones. The global zone is the single instance of the operating system that is running and is contained on every Solaris system. The global zone is both the default zone for the system and the zone that is used for system-wide administrative control. A non-global zone is a virtualized operating system environment.
Solaris Zones are a software partitioning technology used to virtualize operating system services and provide an isolated and secure environment for running applications. When you create a zone, you produce an application execution environment in which processes are isolated from all other zones. This isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in any other zones. Even a process running in a non-global zone with superuser credentials cannot view or affect activity in any other zones. A process running in the global zone with superuser credentials can affect any process in any zone.
Understanding Global and Non-Global Zones
The global zone is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administration of the system infrastructure, such as physical devices, routing, or dynamic reconfiguration (DR), is only possible in the global zone. Appropriately privileged processes running in the global zone can access objects associated with any or all other zones. The following table summarizes the characteristics of both global and non-global zones.
|
Global Zone |
Non-Global Zone |
|---|---|
|
Is assigned ID 0 by the system |
Is assigned a zone ID by the system when the zone is booted |
|
Provides the single instance of the Solaris kernel that is bootable and running on the system |
Shares operation under the Solaris kernel booted from the global zone |
|
Contains a complete installation of the Solaris system software packages |
Contains an installed subset of the complete Solaris Operating System software packages |
|
Can contain additional software packages or additional software, directories, files, and other data not installed through packages |
Contains Solaris software packages shared from the global zone |
|
Provides a complete and consistent product database that contains information about all software components installed in the global zone |
Can contain additional installed software packages not shared from the global zone Can contain additional software, directories, files, and other data created on the non-global zone that are not installed through packages or shared from the global zone |
|
Holds configuration information specific to the global zone only, such as the global zone host name and file system table |
Has configuration information specific to that non-global zone only, such as the non-global zone host name and file system table |
|
Is the only zone that is aware of all devices and all file systems |
Has a complete and consistent product database that contains information about all software components installed on the zone, whether present on the non-global zone or shared read-only from the global zone |
|
Is the only zone with knowledge of non-global zone existence and configuration |
Is not aware of the existence of any other zones |
|
Is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled |
Cannot install, manage, or uninstall other zones, including itself |
For more information, see the following:
- © 2010, Oracle Corporation and/or its affiliates