Fast Track to Solaris 10 Adoption: Solaris Grid Containers

Please click on a question below or download a pdf version.

1. How useful is it to change from NIS+ to LDAP in the Solaris 10 OS?
2. Has or will SMCC consider hardware support to assist virtualization in its SPARC platform for grids as PMMUs have assisted in virtualizing memory, or is this concept more directed to domains?
3. Will the "core dump" be "zone aware"?
4. Can the zones be configured to make use of the dynamic reconfiguration capabilities of an F15, i.e., if a CPU is added from a less active domain, can the zone automatically use it, or does it have to be defined to the zone?
5. It's my understanding that the container inherits patch levels of the Solaris OS. Is this true of products as well? MQ products, for example, are famous for installing in system directories.
6. How difficult is it to upgrade from the Solaris 8 OS to the Solaris 10 OS? Do I need to go to the Solaris 9 OS as an intermediate step?
7. Is each zone tied to physical resources (specific CPUs), or do all zones share all the resources within the box dynamically? Is it possible to limit the amount of resources (CPU, memory, etc.) that one zone uses?
8. Can each zone have different TCP/IP settings and performance settings? Can these be controlled with Resource Manager? Does Resource Manager also control bandwidth for zones network?
9. Can JASS and FixModes be installed in a global zone to secure all zones at the same time?
10. What are the minimum system requirements (OS, memory, CPU) to run on a master and slaves?
11. Let's say I want to run a Web site with a three-tier configuration in a single machine. The three tiers would be on three different subnets. Configuration as follows: two Web servers as two zones, with a physical NIC; two application servers as two zones with a physical NIC assigned; and two db servers as two zones, also with a physical NIC. What would be the best practice to set up? Can IP-filter in the global zone filter traffic between the Web zone interfaces ce0:1, ce0:2, the app zone interfaces ce1:1, ce1:2, and db zone interfaces ce2:1, ce2:1?
12. When will the Solaris 10 OS be released for x86, and will ZFS be available in zone configurations?
13. Can a single network interface work with multiple containers on the same server?

Q: How useful is it to change from NIS+ to LDAP in the Solaris 10 OS?

A: There are tools in both Solaris 9 and 10 operating systems to aid in transitioning from NIS or NIS+ to LDAP. Please see the documentation at http://docs.sun.com/ for more information on these tools.

Back to top

Q: Has or will SMCC consider hardware support to assist virtualization in its SPARC platform for grids as PMMUs have assisted in virtualizing memory, or is this concept more directed to domains?

A: Zones don't require any hardware support and work equally well across all platforms supported by the Solaris 10 OS. Sun is also continuing to invest in improving its domain technology on future SPARC-based platforms.

Back to top

Q: Will the "core dump" be "zone aware"?

A: Each zone can have its own coreadm(1M) settings. Also, the global zone can be configured to have copies of all zones' core files.

Back to top

Q: Can the zones be configured to make use of the dynamic reconfiguration capabilities of an F15, i.e., if a CPU is added from a less active domain, can the zone automatically use it, or does it have to be defined to the zone?

A: Actually, we have some neat auto-sizing technology in the Solaris 10 OS. We introduced a new system daemon that can resize resource pools based on policy; it's also smart enough to cope with DR. It's called "poold." Since zones can be bound to resource pools, you can take advantage of this. So, for example, you could have a resource pool of size "1-to-5" CPUs, and as CPUs are added or removed, poold will adjust your resource pools.

Back to top

Q: It's my understanding that the container inherits patch levels of the Solaris OS. Is this true of products as well? MQ products, for example, are famous for installing in system directories.

A: If those products are in a "shared" area such as /usr, then yes, the zones will inherit the same patch level. But for most unbundled products, including the version of Java Enterprise System that will ship in conjunction with the Solaris 10 OS, each zone can have its own version and patch level.

Back to top

Q: How difficult is it to upgrade from the Solaris 8 OS to the Solaris 10 OS? Do I need to go to the Solaris 9 OS as an intermediate step?

A: You can upgrade directly from the Solaris 8 OS to the Solaris 10 OS; there's no need for an intermediate step. Difficulty is relative, of course; it depends on the software and drivers installed on your system. We guarantee that applications running on the Solaris 8 OS will run on forward releases; we plan to make this guarantee even simpler for developers to take advantage of with the Solaris 10 OS.

Back to top

Q: Is each zone tied to physical resources (specific CPUs), or do all zones share all the resources within the box dynamically? Is it possible to limit the amount of resources (CPU, memory, etc.) that one zone uses?

A: Zones can either be configured to share resources, or the system resources can be partitioned, and each zone can be assigned a specific set of resources (e.g., CPUs). In the case where the resources are shared, the proportion each zone receives can be configured. For example, the fair-share CPU scheduler can be used to assign each zone a share of the overall CPU in the system. This allows the resources to be divided to almost arbitrary granularity.

Back to top

Q: Can each zone have different TCP/IP settings and performance settings? Can these be controlled with Resource Manager? Does Resource Manager also control bandwidth for zones network?

A: Global TCP/IP settings as set via /etc/system and ndd(1M) are global and not currently settable on a per-zone basis. Please note that, with the new TCP/IP stack in the Solaris 10 OS, many of these settings no longer need to be changed. If there are other settings that you feel you need to set per-zone, please let us know on the Zones BigAdmin forum. Yes, it is possible to control the bandwidth that a zone uses. This can be done by using the bundled IPQoS functionality and configuring bandwidth parameters for each of the IP addresses that are configured for a particular zone.

Back to top

Q: Can JASS and FixModes be installed in a global zone to secure all zones at the same time?

A: JASS can be installed on a per-zone basis (and JASS has been enhanced to cope with zones properly), so you could easily write a script that JASS-ified all of your zones. I'm not 100 percent sure, but I believe that you don't need to use FixModes, starting with the Solaris 8 OS, as we've fixed all of the modes in the base product.

Back to top

Q: What are the minimum system requirements (OS, memory, CPU) to run on a master and slaves?

A: By master, I assume you mean the "global" zone. The requirements will be the same as for running the Solaris 10 OS in general. For "slave" or "non-global" zones, there are no hard requirements other than about 70MB of disk space and some amount of memory.

Back to top

Q: Let's say I want to run a Web site with a three-tier configuration in a single machine. The three tiers would be on three different subnets. Configuration as follows: two Web servers as two zones, with a physical NIC; two application servers as two zones with a physical NIC assigned; and two db servers as two zones, also with a physical NIC. What would be the best practice to set up? Can IP-filter in the global zone filter traffic between the Web zone interfaces ce0:1, ce0:2, the app zone interfaces ce1:1, ce1:2, and db zone interfaces ce2:1, ce2:1?

A: The zones on a system can be set up with different subnets. However at the current time, IP filter cannot be used to filter between zones. An alternate mechanism is to set up a "reject" route in the global zone for the relevant subnets. Another alternative is to configure IPsec from the global zone to deny traffic between certain zones on the system.

Back to top

Q: When will the Solaris 10 OS be released for x86, and will ZFS be available in zone configurations?

A: The Solaris 10 OS is being developed concurrently for both SPARC and x86; release is planned for the end of this year. You can download a preview of the Solaris 10 OS today. At the initial release, zones will be able to access ZFS volumes created in the global zone; we're exploring how to make it possible in the future to directly administer ZFS storage pools from a zone.

Back to top

Q: Can a single network interface work with multiple containers on the same server?

A: Yes, and this is the default mode. We create a "logical" network interface (which is a long-standing Solaris feature) atop the existing NIC, and then assign that to the zone. For example, zone "blue" might be assigned hme0:3, and zone "red" might be assigned hme0:5 (the zone's software takes care of this for you).

Back to top

Next >