A zone environment includes a global zone and one or more nonglobal zones. When Solaris 10 is first installed on a system, there is only a single, global zone. An administrator can then create one or more nonglobal zones as children of the global zone. Each zone appears as an independent system running Solaris, with its own IP address, system configuration, instances of running applications, and area of the file system.
The global zone contains resources that can be shared among nonglobal zones. This allows the centralization of certain administrative functions: for example, packages installed in the global zone are available (propagated) to all existing nonglobal zones. This enables you to centralize life-cycle management like installation, upgrade, and uninstallation. At the same time, the isolation provided by nonglobal zones results in greater security and allows you to have differently configured instances or different versions of the same application running on the same machine.
Nonglobal zones are of two types: whole-root and sparse-root. Which of these you choose as an environment for an application depends on how you want to balance administrative control with resource optimization.
A whole-root zone contains a read/write copy of the global zone’s file system. Packages installed in the global zone are automatically copied (with their registry information) to the whole-root zone. This maximizes administrative control at the expense of resource sharing.
A sparse-root zone contains a read/write copy of a portion of the global zone’s file system; other file systems are mounted as read-only file systems. Packages installed in the global zone are available to the sparse-root zone by means of read-only file systems and through the automatic synchronization of registry information. Sparse-root zones optimize resource sharing at the cost of centralized administration.