You can perform backups in individual non-global zones, or back up the entire system from the global zone:
From within a zone you can back up databases or applications only, or the entire zone. You can also back up a non-global zone from the global zone. Backups are easily restored.
Back up and restore loopback file systems (lofs) from the global zone only, to avoid multiple copies. Do not back up the loopback file systems of non-global zones.
If you back up and restore read/write loopback file systems from within a non-global zone, these file systems are then also writable from the global zone and from any other zones in which they are read/write mounted.
You might choose to perform your backups from the global zone in the following cases:
You want to back up the configurations of your non-global zones as well as the application data.
Your primary concern is the ability to recover from a disaster. If you need to restore everything or almost everything on your system, including the root file systems of your zones and their configuration data as well as the data in your global zone, backups should take place in the global zone.
You have commercial network backup software.
You might decide to perform backups from within a non-global zone in the following cases.
The non-global zone administrator needs the ability to recover from less serious failures or to restore application or user data specific to a zone.
You use the backup software of a particular application or service running in a zone. It might be difficult to execute the backup software from the global zone because application environments, such as directory path and installed software, would be different between the global zone and the non-global zone.
If the application can perform a snapshot on its own backup schedule in each non-global zone and store those backups in a writable directory exported from the global zone, the global zone administrator can pick up those individual backups as part of the backup strategy from the global zone.
You can use the zonecfg and zoneadm commands to configure and to install new zones directly from a Unified Archive file. Unified Archive files contain both zone configuration and zone data. On the destination system, a zone can be configured and installed from the archive.
For more information, see Using Unified Archives for System Recovery and Cloning in Oracle Solaris 11.4 for a full description of Unified Archives, including usage for system and zone cloning and recovery.
You can back up everything in the non-global zone, or you can back up the application data only.
If application data is kept in a particular part of the file system, you might decide to perform regular backups of this data only. The zone's root file system might not have to be backed up as often because it changes less frequently.
You will have to determine where the application places its files. Locations where files can be stored include the following directories:
User home directories
/etc for configuration data files
Assuming the application administrator knows where the data is stored, it might be possible to create a system in which a per-zone writable directory is made available to each zone. Each zone can then store its own backups, and the global administrator or user granted the appropriate authorizations can make this location one of the places on the system to back up.
If the database application data is not under its own directory, the following rules apply:
Ensure that the databases are in a consistent state first.
Databases must be quiesced because they have internal buffers to flush to disk. Make sure that the databases in non-global zones have come down before starting the backup from the global zone.
Within each zone, use file system capabilities to make a snapshot of the data, then back up the snapshots directly from the global zone.
This process will minimize elapsed time for the backup window and remove the need for backup clients/modules in all of the zones.
Each non-global zone can take a snapshot of its private file systems when it is convenient for that zone and the application has been briefly quiesced. Later, the global zone can back up each of the snapshots and put them on tape after the application is back in service.
The snapshot method has the following advantages:
Fewer tape devices are needed.
There is no need for coordination between the non-global zones.
There is no need to assign devices directly to zones, which improves security.
Generally, this method keeps system management in the global zone, which is preferred.
In the case of a restore where the backups were performed from the global zone, the global administrator or a user granted the appropriate authorizations can reinstall the affected zones and then restore that zone's files. This assumes the following:
The zone being restored has the same configuration as it did when the backup was done.
The global zone has not been updated between the time when the backup was done and the time when the zone is restored.
Otherwise, the restore could overwrite some files that should be merged by hand.