Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Oracle Solaris 11: First Look

You're reading from  Oracle Solaris 11: First Look

Product type Book
Published in Jan 2013
Publisher Packt
ISBN-13 9781849688307
Pages 168 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Philip P. Brown Philip P. Brown
Profile icon Philip P. Brown
LinkedIn
Philip P. Brown was introduced to computers at the early age of 10, by a Science teacher at St. Edmund's College, Ware, UK. He was awestruck by the phenomenal power of the ZX81's 3 MHz, Z80 CPU, and 1 K of RAM, showcasing the glory of 64 x 48 monochrome block graphics! The impressionable lad promptly went out and spent his life savings to acquire one of his very own, and then spent many hours keying in small BASIC programs such as "Ark Royal", a game where you land a block pretending to be an aircraft, on a bunch of lower blocks pretending to be an aircraft carrier. Heady stuff! When birthday money allowed expanding the ZX81 to an unbelievable 16 K of RAM, he also felt the need to acquire a patch cable to allow him to actually save programs to audio cassettes. Once this was deployed to the family cassette recorder, he was not seen or heard from for many months that followed. Phil's first exposure to Sun Microsystems was at U.C. Berkeley in 1989, as part of standard computer science classwork. Students were expected to do their classwork on diskless Sun 3/50 workstations running SunOS 4.1.1. During this time, he wrote his first serious freeware program, "kdrill", which at one time was part of the official X11 distribution, and remains in some Linux distros to this day. He eventually acquired a Sun workstation for personal use (with a disk and quarter-inch tape drive) and continued his home explorations, eventually transitioning from SunOS to Solaris, around Solaris 2.5.1. The principles of the original, pre-GPL freeware licenses prevalent in 1989 inspired Phil the most. Led by their example, he has contributed to an assortment of free software projects along the way. A little-known fact is that he is responsible for "MesaGL" morphing into the modern GLX/OpenGL implementation it is known for today. At the time, MesaGL was primarily an OpenGL workalike with a separate, non-X11 API, as author Brian Paul did not believe that it could function in a speed-effective way. In 2003, Phil wrote the first GLX integration proof-of-concept code, which convinced Brian to eventually commit to true GLX extension support. In 2002, Phil created pkg-get, inspired by Debian's apt-get utility, and started off CSW packaging. This, at last, brought the era of network-installed packages to Solaris. All major public Solaris package repositories prior to Solaris 11 still use pkg-get format catalogs for their software. In reality, Phil also had an impact on the existence of Solaris itself. In 2002, Sun Microsystems was on the road to canceling Solaris x86 as a product line. The community was outraged, and a vote in the old "solarisonintel" Yahoo! group resulted in six community representatives making the case for x86 to Sun. Phil was one of those six who eventually flew to Sun HQ to meet the head honchos and banish the forces of evil for a while. Phil's current hobbies include writing (both articles and code), riding motorcycles, reading historical fiction, and keeping his children amused. The Solaris-specific part of his website is http://www.bolthole.com/solaris. Most of his writing until this point has been done online, for free. His website has a particular wealth of Solaris information, and includes a mix of script writing, driver code, and Solaris sysadmin resources. As far as books go, he was only a prepublication reviewer for Solaris Systems Programming, Rich Teer. However, the first time any of his articles got published was in Rainbow magazine (a publication for the Tandy Color Computer) on page 138 of the May 1989 issue, under a column named Tools for Programming BASIC09 (http://ia700809.us.archive.org/26/items/rainbowmagazine-1989-05/The_Rainbow_Magazine_05_1989_text.pdf).
See other products by Philip P. Brown

Table of Contents (19) Chapters

Oracle Solaris 11: First Look
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. IPS – The Image Packaging System 2. Solaris 11 Installation Methods 3. Sysadmin Configuration Differences 4. Networking Nuts and Bolts 5. NWAM – Networking Auto-reconfiguration 6. ZFS – Now You Can't Ignore It! 7. Zones in Solaris 11 8. Security Improvements 9. Miscellaneous IPS Package Reference
New ACL Permissions and Abbreviations
Solaris 10 Available Enhancements Index

Chapter 7. Zones in Solaris 11

Solaris 11 zones have some significant differences from Solaris 10 zones. Some features are no longer there, but others have replaced them. Zones in Solaris 11 are a few steps closer to being completely independent virtual machines in their own right yet still retain the performance and interoperability advantages of zones.

Taking things to the next zone

Zones in Solaris 11 come with some new utilities, new features, and some mandatory differences in basic setup and usage. Key new features covered in this chapter are:

  • zonestat

  • New zone capabilities, including zone beadm

  • anet, the new auto-configuring zone network interface type

  • How to preconfigure zones

  • Read-only zones, aka immutable zones

New zone utilities

The most useful new utility is zonestat. Similar in principle to the other *stat tools, it will give you a repeating snapshot over time of relevant resources being used, where you tell it the interval between each output. It was actually possible already to get per-zone statistics with prstat -Z, but that forced you to look at "ps" style output as well.

In contrast, the new zonestat tool has many more options, and its output is focused purely on entire zone-level usage. See the manpage for full details, but in general terms, zonestat lets you see each zone's total CPU, memory, and network bandwidth usage.

It is possible to run the zonestat command within a zone, but you will only see statistics for that zone.

An additional tool of interest is zonep2vchk. The purpose of this tool is to check for potential difficulties when transferring a physical zone (that is, a global zone) "2" a virtual one. Its default mode is to look at installed services to see if they are compatible...

New zone capabilities

Solaris 11 zones have a few extra capabilities, some of which have been awaited for a long time now.

  • Zones can now be NFS servers. There's not much more to be said about that, other than "it's about time!".

  • zoneadm can now do shutdown and reboot, in addition to halt.

  • Zones can now run snoop successfully, and safely, if the zone has its own private network interface. While it was technically possible to allow snoop in a zone under Solaris 10, it was necessary to take some dubious and unsafe shortcuts to do so.

Thanks to the drastic rewriting of how the Solaris 11 kernel handles networking, this does not mean that the zone needs its own dedicated physical network interface. It is possible to allocate a virtual NIC (VNIC) device to a zone, and safely allow the zone to use snoop, without letting it see traffic from other zones that may share the same physical interface.

  • It is also possible to allow a zone to manage its own IP address. It is even possible for a zone to use DHCP...

Fast zone creation via clone

In Solaris 10, you may or may not have been taking advantage of zones on ZFS, and thus, zone cloning.

In Solaris 11, since you must give each zone its own ZFS subfilesystem, you may as well take advantage of cloning if you plan on creating more than one zone. This is particularly relevant given that, by default, all zones are created with the same small set of packages, but it can still take quite a while to initialize. In contrast, when using zoneadm -z newzone clone oldzone, installing a new zone takes only 10 to 15 seconds.

Tip

The one drawback of using the zoneadm clone is that you cannot clone a currently running zone. However, if you plan ahead and create your first running zone from a non-running template zone, you will take up no extra disk space and will also have a template immediately available for your next zone.

If you use cloning to create a zone, the new ZFS root filesystem will initially be a writable ZFS clone of the old zone filesystem, presuming...

Automatic Network Interfaces – the anet resource

The old net resource for zones has been somewhat deprecated, in favor of a new name, anet. Technically, it stands for Automated Network Interface, but it also adds a few new capabilities that could have been added to the regular net resource but were not.

Zones now, by default, have a network type of exclusive rather than shared. This may be a little misleading to Solaris 10 admins since that previously implied an entire physical network interface would be dedicated to the zone. Happily, this is no longer required.

Solaris 11 zones make use of the new Virtual Network Interface, aka VNIC. It is now standard procedure for a zone to have its own VNIC, which is in some ways similar to the concept of a virtual interface under VMware or VirtualBox. The VNIC device usually has its own automatically generated Ethernet address and so can be a fully functional direct member of your network, including the use of DHCP, VLAN tagging, and anything else...

Preconfiguring zones

Zone configuration has three basic levels to it, which can be automated at one or all levels.

Sysconfig information

In Solaris 10 zones, it was possible to preconfigure sys-unconfig type information, (hostname, name service, and so on) by prepopulating /etc/sysidcfg before first boot. In Solaris 11, there is a similar concept, but with a very different implementation. First of all, as the relevant file is now XML-based, you are best off using the sysconfig create-profile subcommand to generate it for you. Secondly, you are now expected to pass the location of the file as an argument to zoneadm install. The following examples will hopefully make this clearer:

  • zoneadm -z newzone install -c /path/to/sysconfig.xml

  • zoneadm -z newzone clone -c /path/to/sysconfig.xml oldzone

The two crucial things here are that you must give the full path to the XML file, and that if you are cloning, you must give the old zone name last on the command line.

Initial zonecfg defaults

There is only...

Immutable zones

In Solaris 10, it was common to have zones created with read-only versions of /usr, shared from the global zone. This had assorted benefits, one of which was to disallow overwriting of system binaries from the zone.

Solaris 11 zones offer the option of having fixed, or immutable zones. The typical configuration will lock down all files other than those under clearly volatile filesystems such as /tmp and /var/tmp (including local filesystems such as /export/home).

It is possible to choose from three different types of immutable configurations. They have varying degrees of inhibition, but all of them have the following features in common:

  • It is no longer possible to install IPS packages

  • Persistently enabled SMF services cannot be changed

  • SMF manifests cannot be added from the normal locations

The three individualized types of immutable zones, set through the file-mac-profile property of zonecfg are as follows:

  • flexible-configuration: This is similar to the prior sparse-zone configuration...

Summary

Zones in Solaris 11 are even closer to the capabilities of a fully autonomous VM, yet with the performance efficiencies of a shared kernel. With the extremely fast creation and boot capabilities they provide, (not to mention the zero incremental license cost), there is very little reason to use a full-blown VM solution any more. In fact, even if you still need one, you can now use Oracle VM for free. Support for it costs extra but is based on physical number of CPU sockets rather than number of VMs.

With the added observability of zonestat, plus the greater autonomy of zone-local Boot Environments, you can now have a virtual datacenter on a single commodity priced box. This all comes without the barriers of inter-VM communication that full virtualization solutions tend to bring along with them as baggage.

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 19
Next Chapter arrow right
You have been reading a chapter from
Oracle Solaris 11: First Look
Published in: Jan 2013 Publisher: Packt ISBN-13: 9781849688307
© 2013 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Philip P. Brown
LinkedIn
Philip P. Brown was introduced to computers at the early age of 10, by a Science teacher at St. Edmund's College, Ware, UK. He was awestruck by the phenomenal power of the ZX81's 3 MHz, Z80 CPU, and 1 K of RAM, showcasing the glory of 64 x 48 monochrome block graphics! The impressionable lad promptly went out and spent his life savings to acquire one of his very own, and then spent many hours keying in small BASIC programs such as "Ark Royal", a game where you land a block pretending to be an aircraft, on a bunch of lower blocks pretending to be an aircraft carrier. Heady stuff! When birthday money allowed expanding the ZX81 to an unbelievable 16 K of RAM, he also felt the need to acquire a patch cable to allow him to actually save programs to audio cassettes. Once this was deployed to the family cassette recorder, he was not seen or heard from for many months that followed. Phil's first exposure to Sun Microsystems was at U.C. Berkeley in 1989, as part of standard computer science classwork. Students were expected to do their classwork on diskless Sun 3/50 workstations running SunOS 4.1.1. During this time, he wrote his first serious freeware program, "kdrill", which at one time was part of the official X11 distribution, and remains in some Linux distros to this day. He eventually acquired a Sun workstation for personal use (with a disk and quarter-inch tape drive) and continued his home explorations, eventually transitioning from SunOS to Solaris, around Solaris 2.5.1. The principles of the original, pre-GPL freeware licenses prevalent in 1989 inspired Phil the most. Led by their example, he has contributed to an assortment of free software projects along the way. A little-known fact is that he is responsible for "MesaGL" morphing into the modern GLX/OpenGL implementation it is known for today. At the time, MesaGL was primarily an OpenGL workalike with a separate, non-X11 API, as author Brian Paul did not believe that it could function in a speed-effective way. In 2003, Phil wrote the first GLX integration proof-of-concept code, which convinced Brian to eventually commit to true GLX extension support. In 2002, Phil created pkg-get, inspired by Debian's apt-get utility, and started off CSW packaging. This, at last, brought the era of network-installed packages to Solaris. All major public Solaris package repositories prior to Solaris 11 still use pkg-get format catalogs for their software. In reality, Phil also had an impact on the existence of Solaris itself. In 2002, Sun Microsystems was on the road to canceling Solaris x86 as a product line. The community was outraged, and a vote in the old "solarisonintel" Yahoo! group resulted in six community representatives making the case for x86 to Sun. Phil was one of those six who eventually flew to Sun HQ to meet the head honchos and banish the forces of evil for a while. Phil's current hobbies include writing (both articles and code), riding motorcycles, reading historical fiction, and keeping his children amused. The Solaris-specific part of his website is http://www.bolthole.com/solaris. Most of his writing until this point has been done online, for free. His website has a particular wealth of Solaris information, and includes a mix of script writing, driver code, and Solaris sysadmin resources. As far as books go, he was only a prepublication reviewer for Solaris Systems Programming, Rich Teer. However, the first time any of his articles got published was in Rainbow magazine (a publication for the Tandy Color Computer) on page 138 of the May 1989 issue, under a column named Tools for Programming BASIC09 (http://ia700809.us.archive.org/26/items/rainbowmagazine-1989-05/The_Rainbow_Magazine_05_1989_text.pdf).
Read more
See other products by Philip P. Brown

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon