This section describes the types of zones available in this release and compares their features.
The Oracle Solaris Zones feature is a complete runtime environment for applications. The default solaris branded zone is also known as the native zone. Native zones are managed from the global zone by using the tools zonecfg, zoneadm, and zlogin.
A zone provides a virtual mapping from the application to the platform resources. Zones enable application components to be isolated from one another even though the zones share a single instance of the Oracle Solaris operating system. Zones use resource management components to control how applications use available system resources. For additional information about resource management features, see Administering Resource Management in Oracle Solaris 11.4.
The zone establishes boundaries for resource consumption, such as CPU. These boundaries can be expanded to adapt to changing processing requirements of the application running in the zone.
Native solaris zones cannot contain any other zones within them.
For additional isolation, you can configure zones with a read-only root, called Immutable Zones. See Immutable Zones for more information.
The Oracle Solaris Zones feature provides a full kernel and user environment within a zone, and also increases kernel separation between the host system and the zone. The brand name is solaris-kz.
Kernel zones are managed from the global zone by using the existing tools zonecfg, zoneadm, and zlogin. The administrator of a kernel zone has greater flexibility in configuring and managing the zone than the administrator of a native zone. For example, you can fully update and modify the kernel zone's installed packages, including the kernel version, without being limited to the packages installed in the global zone. You can manage storage private to the zone, create and destroy ZFS pools, and configure iSCSI and CIFS.
You can install solaris and solaris10 zones within the kernel zone.
A kernel zone installation is independent of that of the global zone; it is not a pkg(7) linked image and can be modified regardless of the global zone content. A kernel zone can be installed directly from the global zone, from a Universal Archive, or from a boot image.
When specifying a manifest for installation, use a manifest that is suitable for a global zone installation. Because kernel zones always install into a known location for the root pool, do not specify an installation target disk in the manifest.
Boot environment (BE) management is independent of the global zone.
Kernel zones support live migration and warm migration for running zones and support cold migration for non-running zones. . For successful migration, the zone storage must be accessible by both the source and target systems. Supported storage URI types for migration are NFS, iSCSI and LU.. See About Zone Migration for more information.
Kernel zones also support evacuation, a migration and return of all zones. See Zone Evacuation for more information.
To use Oracle Solaris Kernel Zones, the package brand-solaris-kz must be installed on your system.
To determine whether your system supports kernel zones, see Software and Hardware Requirements for Oracle Solaris Kernel Zones in Creating and Using Oracle Solaris Kernel Zones.
You can also run the virtinfo command on your system. For more information about the virtinfo command, see How to Verify That a System Can Support Kernel Zones in Creating and Using Oracle Solaris Kernel Zones and the virtinfo(8) man page.
For more information about Oracle Solaris Kernel Zones, see Creating and Using Oracle Solaris Kernel Zones and the solaris-kz(7) man page.
Oracle Solaris 10 Zones, also known as solaris10 branded non-global zones, use BrandZ technology to run Oracle Solaris 10 applications on the Oracle Solaris 11 operating system. Applications run unmodified in the secure environment provided by the non-global zone. This enables you to use the Oracle Solaris 10 system to develop, test, and deploy applications. Workloads running within these branded zones can take advantage of the enhancements made to the kernel and utilize some of the innovative technologies available only on the Oracle Solaris 11 release. These zones are used to convert Oracle Solaris 10 systems into zones on Oracle Solaris 11. A solaris10 branded zone cannot be an NFS server.
Oracle Solaris 10 Zones cannot contain any other zones within them.
For more information, see Creating and Using Oracle Solaris 10 Zones.
Differences between solaris-kz kernel zones and solaris and solaris10 native zones are as follows.
|
This section provides information about Oracle Solaris Zones used in other Oracle Solaris family products.
Oracle Solaris Trusted Extensions use a zone brand called labeled.
For information about using zones on an Oracle Solaris Trusted Extensions system, see Chapter 13, Managing Zones in Trusted Extensions in Trusted Extensions Configuration and Administration. Note that only the labeled brand can be booted on an Oracle Solaris Trusted Extensions system.
Zone clusters are a feature of Oracle Solaris Cluster software. A zone cluster is a group of non-global zones that serve as the nodes of the zone cluster. One non-global zone is created on each global-cluster node that is configured with the zone cluster.
The nodes of a zone cluster can be of either the solaris brand or the solaris10 brand, and use the cluster attribute. The cluster attribute can only be set by the Oracle Solaris Cluster clzonecluster command at the time the zone cluster or zone-cluster node is created. No other brand type is permitted except labeled for a zone cluster that uses Oracle Solaris Trusted Extensions.
You can run supported services on the zone cluster in the same way as on a global cluster, with the isolation that is provided by zones. For more information about zone clusters, see Working With a Zone Cluster in Administering an Oracle Solaris Cluster 4.4 Configuration.