With Solaris 11, Oracle has introduced many new features. This is true with the Solaris zones as well. This post tries to list out the new features introduced in Solaris 11 zones.
Oracle Solaris Zones is an OS virtualization feature in Oracle Solaris with a long and distinguished pedigree. One of the most highly adopted, highly used, mature virtualization technologies, Oracle Solaris Zones was first introduced as a core part of Oracle Solaris 10. In Oracle Solaris 11, Oracle Solaris Zones become even more central to both the application and the end user. Enhancements and new features include:
- Integration into the new packaging system (IPS)
- Support for Oracle Solaris 10 Zones
- Integration with the new Oracle Solaris 11 network stack architecture
- Improved observability
- Increased control over administration
- Tight integration with ZFS
|Solaris 10 Zones||Solaris 10 Zones host Solaris 10 user environments inside zones on Oracle Solaris 11.|
|Boot environments for zones||Boot environments are integrated with Oracle Solaris Zones.|
|IPS integration||Oracle Solaris Zones have been integrated with the new IPS package management tools in Oracle Solaris 11.|
|Zone resource monitoring||Oracle Solaris 11 features a robust zones resource monitoring utility, zonestat.|
|Delegated administration||Delegate common zone administration tasks for specific zones to different administrators by using Role-Based Access Control.|
|Zones on shared storage||Configure, install and run Oracle Solaris zones hosted directly on arbitrary storage device objects, such as Fibre Channel or iSCSI targets.|
|NFS server in nonglobal zones||Nonglobal zones now support NFS servers.|
|New unavailable zone state||This state indicates that the zone has been installed, but cannot be verified, made ready, booted, attached, or moved.|
|Live zone reconfiguration||This enables configuration changes in a running zone without the need to reboot, eliminating down time in service availability within the zone when configuration changes are made.|
|Datalinks creation in nonglobal zones from the global zone||This feature enables administrators to dynamically create VNICs, VLANs, and IP-over-InfiniBand partitions directly in the nonglobal zone’s namespace from the global zone.|
Oracle Solaris 10 Zones
Oracle Solaris 10 Zones host Oracle Solaris 10 user environments inside zones on Oracle Solaris 11. They are meant to help maintainers of Oracle Solaris 10 systems consolidate their production environments onto systems running Oracle Solaris 11. Workloads running within Oracle Solaris 10 Zones can take advantage of the performance improvements made to the Oracle Solaris 11 kernel and use some of the innovative technologies available only on Oracle Solaris 11 (such as virtualized NICs). The Oracle Solaris 10 Zones support x86 and SPARC Solaris 10 9/10 (or later released Oracle Solaris 10 update) Zones. Note that it is possible to use an earlier update release if you first install the kernel patch 142909-17 (SPARC) or 142909-17 (x86/x64), or a later version.
Boot Environments for Zones
Boot environments are integrated with Oracle Solaris Zones. Zone root file systems use Zone Boot Environment (ZBE) datasets. When a new boot environment is created by cloning an existing one, the base boot environment’s zones are also cloned into the new boot environment.
Oracle Solaris Zones have been integrated with the new IPS package management tools in Oracle Solaris 11. Zones require an active network connection for their creation and must be manually updated (by using zoneadm attach -u) to stay in sync with the global zone, if zones were detached. The pkg update command can also be run from the global zone to update the nonglobal zones. Sparse root zones are not supported in Oracle Solaris 11.
Zone Resource Monitoring
Oracle Solaris 11 features a robust zones resource monitoring utility, zonestat. The zonestat utility greatly enhances the observation of system resources consumed by Oracle Solaris Zones. You can observe memory and CPU utilization, utilization of resource control limits, and total utilization and per-zone utilization breakdowns over specified time periods.
With Oracle Solaris 11, you can delegate common zone administration tasks for specific zones to different administrators by using Role-Based Access Control (RBAC). With delegated administration, for each zone, a user or set of users may be identified with the permissions to log in, manage, or clone that zone. These specific authorizations are interpreted by the appropriate commands running in the global zone to allow access at the correct authorization level to the correct user.
Zones on Shared Storage
With Oracle Solaris 11.1, zones of shared storage feature enable you to configure, install, and run Oracle Solaris Zones hosted directly on arbitrary storage device objects, such as Fibre Channel or iSCSI targets. You can specify and configure the path to the device directly by the zonecfg command. The zone is then automatically encapsulated into its own zpool. The aim is to simplify deployment, administration, and migration of Oracle Solaris Zones.
NFS Server in Nonglobal Zones
In previous versions of Oracle Solaris, establishing an NFS share was not supported in nonglobal zones as it required a privilege to be granted that is prohibited by the Oracle Zones security model. With Oracle Solaris 11, NFS servers are now supported in a nonglobal zone. If you want to disable shares within a zone, you can add PRIV_SYS_SHARE to the zone’s set of prohibited privileges.
unavailable Zone State
This state indicates that the zone has been installed, but cannot be verified, made ready, booted, attached, or moved. A zone enters the unavailable state at the following times:
- When the zone’s storage is unavailable and svc:/system/zones:default begins, such as during system boot
- When the zone’s storage is unavailable
- When archive-based installations fail after successful archive extraction
- When the zone’s software is incompatible with the global zone’s software, such as after an improper -F (force) attach
The unavailable zone state allows pkg operations to work even if a zone’s storage is not available. It is important for Oracle Solaris Zones on shared storage implementation.
Live Zone Reconfiguration
Starting from Oracle Solaris 11.2 release, you can make configuration changes in a running zone without the need to reboot. Previously, administrators had to reboot a zone for a configuration change to take effect. Live Zone Reconfiguration eliminates down time in service availability within the zone when configuration changes are made. You can use this feature to make the following changes in running nonglobal zones:
- Change resource controls
- Change network configuration
- Change the CPU resource pool
- Add or remove file systems
- Add or remove virtual and physical devices
Create Datalinks in Nonglobal Zones from the Global Zone
Starting from Oracle Solaris 11.2, you can create datalinks in nonglobal zones from the global zone. This feature enables administrators to dynamically create VNICs, VLANs, and IP-over-InfiniBand partitions directly in the nonglobal zone’s namespace from the global zone. Link names are specified as [zonename]/[linkname] and the links are created directly in the specified non-global zone.