Overview of Oracle Solaris 11.4 Virtualization Environments

Oracle Solaris 11.4 Virtualization Technologies

The core purpose of virtualization is to enable a computing environment to run multiple independent systems at the same time. Virtualization simplifies data center management and increases workload density to use more of the computing capacity of servers.

Virtualization reduces costs through the sharing of hardware, infrastructure, and administration. Benefits include the following:

Increasing the utilization of hardware
Enabling greater flexibility in resource allocation
Reducing data center power requirements
Minimizing management costs
Lowering the cost of ownership
Providing administrative and resource boundaries between applications on a system
Quickly provisioning virtual compute environments from templates and clones
Providing layered security and isolation

Oracle Solaris 11.4 enables you to take advantage of several virtualization technology models to suit your data center requirements.

Virtualization Technology Models

The virtualization models are described by means of the following competing characteristics:

The amount of execution environment isolation
The amount of resource flexibility

The more isolation that a model provides, the less resource flexibility it provides. The more resource flexibility that a model provides, the less isolation it provides. Because these characteristics compete, they cannot be maximized by a single model.

You can use the Oracle Solaris 11.4 operating system with one or more of the following virtualization technologies, listed in order of increasing execution isolation and decreasing resource flexibility:

Operating system virtualization provides one or more isolated execution environments in a single operating system instance. Each environment contains what appears to be a private copy of the operating system in a container. The operating system virtualization model provides near-native performance and flexibility, and has a much smaller disk, RAM, and CPU footprint than either virtual machines or physical domains. However, the operating system virtualization model provides the least amount of execution environment isolation.
Oracle Solaris 11.4 provides this virtualization model by means of the Oracle Solaris Zones feature.
Virtual machines can be used to run multiple operating system instances with a single set of hardware resources. Each virtual machine that you create runs its own operating system. You can run various operating systems in this way. A software or firmware hypervisor creates the illusion that each guest operating system instance is running on its own separate system. Virtual machines provide less resource flexibility than a machine that uses operating system virtualization, but virtual machines do provide more isolation.
Oracle Solaris 11.4 provides this virtualization model by means of Oracle VM Server for SPARC, Oracle VM Server for x86, Oracle VM VirtualBox, and Oracle Linux Virtualization Manager. Note that running Oracle VM VirtualBox and Oracle Solaris Kernel Zones on the Oracle Solaris x86 system at the same time is not supported.

For information about using Oracle VM VirtualBox, see the Oracle VM VirtualBox Documentation. For information about using Oracle Linux Virtualization Manager see Oracle Linux Virtualization Manager.
Hardware partitions, also known as physical domains, provide physical separation between the running operating system and its separate set of resources and power. Because this model does not use a hypervisor, it provides bare-metal performance. This virtualization model provides the most isolation, but it is much less flexible with resource configuration than either the virtual machines or operating system virtualization model.
Oracle provides this type of virtualization on Oracle's SPARC M-Series servers. For more information, see the SPARC Servers Documentation.

Choosing Your Virtualization Level

The following sections describe two levels of virtualization to consider:

Compute virtualization – Virtualization at the operating system and physical domain level
Network virtualization – Virtualization at the networking subsystem level

Compute Virtualization

You can use one or more virtualization technologies to maximize workload density. For example, you could configure multiple zones to run within Oracle VM Server for SPARC logical domains in one or more physical domains of a SPARC M-Series system to leverage the strengths of the different virtualization technologies.

Figure 1-1 Virtualization Technologies

Description of "Figure 1-1 Virtualization Technologies"

Oracle Solaris 11.4 virtualization technologies provide a different emphasis in the degree ofisolation of each instance of the operating system versus flexibility. More isolation leads to less sharing of system resources.

Physical domains on Oracle SPARC M-Series servers let you deploy different Oracle Solaris operating systems to electrically isolated domains. Each domain provides separation and isolation from the other domains on the M-Series server at the socket level, or at the board level to provide electrical isolation. Each domain can run a different version of the Oracle Solaris operating system that is supported by the hardware.
Oracle VM VirtualBox helps you develop and test software in heterogeneous environments. Oracle VM VirtualBox enables you to run unmodified 32-bit and 64-bit operating systems as virtual machines on Intel and AMD processors directly on your existing operating system.
Oracle VM Server for x86 and Oracle Linux Virtualization Manager enable you to deploy a server with heterogeneous operating systems, including supported versions of the Oracle Solaris operating system as guests.
Oracle VM Server for SPARC enables you to migrate Solaris 8, Solaris 9, Oracle Solaris 10, and Oracle Solaris SPARC workloads and to deploy different Oracle Solaris environments on supported SPARC T-Series and SPARC M-Series systems.
Oracle Solaris Kernel Zones can run many instances per host to share system resources but still provide independence of the kernel zone from the global zone and the host itself. This configuration enables you to run multiple versions of Oracle Solaris and provides enhanced security to the operating system instances and its applications.
Oracle Solaris Zones shares the kernel among the instances to maximize the efficiency and scalability of workloads and to migrate Oracle Solaris 11 and Oracle Solaris 11.4 workloads.

Figure 1-2 Virtualization Products

Description of "Figure 1-2 Virtualization Products"

Network Virtualization

The Oracle Solaris 11.4 operating system provides support for several of the following network virtualization features, some of which implement new IEEE standards:

Using OSI stack features such as aggregations, edge virtual bridging, data center bridging, flows, tunnels, and VXLANs. See Summary of Oracle Solaris Network Administration in Strategies for Network Administration in Oracle Solaris 11.4.
Using a virtual NIC as a data link layer network device to enhance management efficiency, abstraction, and the performance of networked objects between multiple zones and logical domains. See Configuring the Components of a Virtual Network in Managing Network Virtualization and Network Resources in Oracle Solaris 11.4.
Managing network devices that support the single root I/O virtualization (SR-IOV) feature. See Using Single Root I/O Virtualization With VNICs in Managing Network Virtualization and Network Resources in Oracle Solaris 11.4.
Using an elastic virtual switch as a distributed virtual switch to expand network virtualization capabilities by enabling you to manage virtual switches across multiple systems. Elastic virtual switches enable you to deploy virtual networks that span multiple hosts within either a multi-tenant cloud environment or a data center. See Administering Elastic Virtual Switches in Managing Network Virtualization and Network Resources in Oracle Solaris 11.4.

Oracle Solaris Zones Overview

The Oracle Solaris Zones feature virtualizes operating system services and provides an isolated and secure environment for running applications. A zone is a virtualized operating system environment that is created within a single instance of the Oracle Solaris OS.

When you create a zone, you produce an application execution environment in which processes are isolated from the rest of the system. This isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in other zones. Even a process that runs with root credentials cannot view or affect activity in other zones. With Oracle Solaris Zones, you can maintain the one-application-per-server deployment model while simultaneously sharing hardware resources.

A zone also provides an abstract layer that separates applications from the physical attributes of the machine on which they are deployed. An example of an attribute is the physical device path.

Zones can be used on any machine that runs the Oracle Solaris 10, Oracle Solaris 11, or Oracle Solaris 11.4 operating system. The number of zones that can be effectively hosted on a single system is determined by the following:

The size of the system
The total resource requirements of the application software that runs in all of the zones

Oracle Solaris Zones and Oracle Solaris 10 Zones are complete runtime environments for applications. A zone provides a virtual mapping from the application to the platform resources. Zones permit application components to be isolated from one another even though the zones share a single instance of the Oracle Solaris OS. The Oracle Solaris resource management feature permits you to explicitly allocate the amount and type of resources that a workload receives.

An Oracle Solaris Kernel Zone runs a zone that has a separate kernel and operating system installation from the global zone or the host that runs the kernel zone. Because of the separate kernel and operating system installation, kernel zones are more independent than other zones and provide enhanced security of the operating system instances and its applications. System processes are handled in the kernel zone's separate process ID table and are not shared with the global zone.

For more information, see Creating and Using Oracle Solaris Kernel Zones and Oracle Solaris Zones Introduction in Introduction to Oracle Solaris Zones.

A zone establishes boundaries for resource consumption, such as CPU usage. You can expand these boundaries to adapt to the changing processing requirements of the application that runs in the zone.

solaris branded zones can provide near-native performance. There is no layer of overhead required to pass virtual I/O requests to physical devices and no emulation of privileged instructions. Also, because there is only one kernel, only one copy of the kernel must be kept on disk and in RAM.

For additional isolation and security, you can configure immutable zones, which are zones that have a read-only root (/) file system. Immutable zones enable you to "lock down" zones, which means that system files cannot be modified, even by a privileged user in a zone.

Oracle Solaris 10 Zones enable you to run Oracle Solaris 10 applications on the Oracle Solaris 11 OS. Applications run unmodified in the secure environment that is provided by the non-global zone. Using a solaris10 branded non-global zone enables you to use an Oracle Solaris 10 system to develop, test, and deploy applications. Workloads that run within these branded zones can take advantage of the enhancements made to the kernel and use some of the innovative technologies available only in the Oracle Solaris 11 release.

For more information about using zones, Oracle Solaris 10 Zones, and resource management, see Administering Resource Management in Oracle Solaris 11.3 and the Resource Management and Oracle Solaris Zones Developer’s Guide.

For more information about zones and resource management, see the following documents:

Oracle VM Server for SPARC Overview

Oracle VM Server for SPARC (formerly Sun Logical Domains) is the SPARC hypervisor virtualization solution for simultaneously running multiple operating system instances on a single physical domain. A physical domain is the scope of resources that are managed by a single Oracle VM Server for SPARC instance. A physical domain might be a complete physical system as is the case of supported SPARC T-Series platforms. Or, it might be either the entire system or a subset of the system as is the case of supported SPARC M-Series platforms or supported Fujitsu SPARC M12 or Fujitsu M10 systems.

Using the Oracle VM Server for SPARC software on Oracle SPARC platforms, you can create up to 128 virtual servers, called logical domains, on a single physical domain. This kind of configuration enables you to take advantage of the massive thread scale offered by SPARC T-Series and SPARC M-Series servers and the Oracle Solaris OS. You can also use operating system-level virtualization features, such as zones, with Oracle VM Server for SPARC.

Each logical domain has its own operating system and identity within a single physical domain, and comprises a discrete logical grouping of resources, such as:

Kernel, patches, and tuning parameters
User accounts and administrators
Disks
Network interfaces, MAC addresses, and IP addresses
PCIe slots, buses, and end-point devices
PCIe SR-IOV physical functions and virtual functions

You can create, destroy, stop, start, reboot, and live migrate each domain independently of one another without requiring a power cycle or reboot of the server or domain. You can also reconfigure resources such as CPUs or memory on domains in this way.

You can run a variety of application software in different domains and keep them independent for performance and security purposes. Each domain is only permitted to monitor and interact with those server resources that are made available to it by the hypervisor. The Logical Domains Manager enables you to create virtual machines and assign hardware resources to them. The Logical Domains Manager runs in the control domain. The hypervisor partitions the server and provides subsets of server resources to each independent virtual machine. This partitioning and provisioning is the fundamental mechanism for creating logical domains.

The hypervisor software also provides logical domain channels (LDCs) that enable logical domains to communicate with each other. Oracle VM Server for SPARC uses LDCs to offload I/O handling for guest virtual machines to Oracle Solaris service domains, which provide virtual network and disk device services. These service domains leverage the Oracle Solaris features for performance and availability to provide virtual I/O, and make it possible to use a small, efficient hypervisor kernel compared to monolithic designs. You can configure more than one service domain to eliminate single points of failure and to provide high availability. For information about the domain roles, see Roles for Domains in the Oracle VM Server for SPARC 3.3 Administration Guide.

The service processor (SP), also known as the system controller (SC), monitors and runs the physical machine, but it does not manage the logical domains. The Logical Domains Manager manages the logical domains. In addition, you can use the browser-based Oracle VM Manager or Oracle Enterprise Manager Ops Center to provision and manage virtual environments, physical server pools, and storage and network resources on x86 and SPARC platforms.

For more information about Logical Domains Manager and Oracle VM Server for SPARC, see Oracle VM Server for SPARC.
For information about Oracle VM Manager, see Oracle VM Server for x86 and Oracle VM Manager.
For information about Oracle Enterprise Manager Ops Center, see Enterprise Manager Cloud Control.

Oracle VM Server for x86 Overview

Oracle VM Server for x86 is the x86 virtualization solution for simultaneously running multiple operating system instances on a single machine. Oracle VM Server for x86 is based on the open source Xen project. The Oracle VM Server for x86 software supports a privileged domain (dom0) to manage guest domains and unprivileged guest domains (also called domUs) to run workloads. As with the Oracle VM Server for SPARC control domain, the dom0 domain permits the use of a small and efficient hypervisor and enhances availability. The Oracle VM Server for x86 software supports the running of the Oracle Solaris OS in guest domains.

Oracle Solaris guest domains can use operating system level virtualization features, such as zones. Oracle VM Server for x86 uses an administration tool called Oracle VM Manager that enables you to use a browser to do the following:

Provision and manage virtual machines
Arrange physical servers into pools
Apply resource management policies
Manage network and storage resources

Oracle VM Manager can also be used with Oracle VM Server for SPARC systems. For information about using the Oracle VM Manager with Oracle VM Server for SPARC, see https://docs.oracle.com/cd/E50245_01/E50246/html/vmrns-sparc.html.

For more information about the Oracle VM Server for x86 product, see Oracle VM Server for x86 and Oracle VM Manager.

Oracle Linux Virtualization Manager Overview

Oracle Linux Virtualization Manager is a server virtualization management platform that can be easily deployed to configure, monitor, and manage an Oracle Linux Kernel-based Virtual Machine (KVM) environment with enterprise-grade performance and support from Oracle.

For more information about the Oracle Linux Virtualization Manager product, see Oracle Linux Virtualization Manager.