Security within a MiniCluster compute node is provided on multiple levels. It starts with secure verified boot of the compute nodes, a hardened and minimized OS that runs as isolated VMs to prevent workloads and data from being accessed by unauthorized users and systems.
Oracle Solaris Zones technology is used on VMs in MiniCluster to host isolated compute environments and segregate different applications running on the same OS. This isolation protects the applications from unintentional or malicious activities happening in other VMs. Despite running on the same kernel, each Solaris zone has its own isolated identity, resources, namespace, and processes. Essentially, Solaris zones provide built-in virtualization with strong isolation and flexible resource controls at a smaller CPU and memory footprint than traditional VMs running on Type 1 hypervisors. Each VM is configured with a security profile that defines a comprehensive set of security controls and policies that are automatically applied during the installation process. ZFS pools and data sets allow further division and isolation of storage into more granular units for VMs and can have their own security policies.