ARTICLE CONTENTS    »  Executive Overview    »  Solaris Containers    »  Workload Resource Management    »  Partitioning    »  Isolation    »  Solaris Container Evolution    »  Free White Paper

Executive Overview

Over the years organizations have been building large-scale information systems to solve business problems, with a focus on building scalable and highly available IT infrastructures that can adapt to change. Providing sufficient availability and performance for business applications was the primary driver for these efforts. Today, the need to protect technology investments and provide the same service levels at a lower price point is shifting the focus to reducing IT infrastructure cost and improving end user service level management. Sun believes organizations can accomplish this goal by utilizing the facilities available in Solaris Containers.

Solaris Containers provide isolation between software applications or services using flexible, software-defined boundaries. Applications can be managed independently of each other, even while running in the same instance of the Solaris Operating System (Solaris OS). Solaris Containers create an execution environment within a single instance of the Solaris OS and provide:

• Full resource containment and control for more predictable service levels
• Software fault isolation to minimize fault propagation and unplanned downtime
• Security isolation to prevent unauthorized access as well as unintentional intrusions

The primary benefits of Solaris Containers are:

• Reduced management costs through server consolidation, and a reduced number of operating system instances
• Increased resource utilization with dynamic resource reallocation between Containers
• Increased service availability by minimizing fault propagation and security violations between applications
• Increased flexibility because software based Containers can be dynamically reconfigured
• Increased accuracy and flexibility of accounting, based on workloads rather than systems or processes

Solaris Containers

Today, businesses often design their systems with extra capacity to handle occasional peak loads to maximize revenue during periods of high demand. This extra system capacity remains unused during periods of normal demand. By allowing other applications to borrow this unused capacity a more cost-effective solution can be realized. During periods of high demand resources can be dynamically reallocated to important applications. Sharing resources in this way leads to higher resource utilization, reduces capital and system management costs by reducing the total number of systems required. For the consolidation of applications onto fewer systems to be effective, applications must be able to be managed independently. This requires the ability to control resource utilization, isolate faults, and manage security between multiple applications on the same server. In other words, it requires the establishment of virtual server boundaries within the server.

One of the first steps in this direction was the introduction of Dynamic System Domains on large Sun servers. With Dynamic System Domains, a server can be divided into several domains, each running its own copy of the Solaris OS. The domains provide hardware isolation between the applications so that faults in one domain do not propagate to applications in other domains. Domain boundaries can be dynamically partitioned to adapt to changing resource requirements. Resources can be moved from one domain to another without requiring a restart of the system. This adds flexibility to the data center while maintaining security and isolation from faults in other domains.

Starting with Solaris Resource Manager 1.x in the Solaris 2.6 OS, Sun has gradually enhanced the ability to control resource utilization and separate applications running in a single instance of the Solaris OS. Several technologies have been added to the Solaris OS over the years, providing additional capabilities and finer control over resource utilization. Examples of such technologies include the Solaris 9 Resource Manager and Resource Pools in the Solaris 9 OS. These technologies allow users to create a Solaris Container, an application or service that has one or more resource boundaries associated with it. These resource boundaries can limit CPU or memory consumption, network bandwidth, or even be a processor set. As a result, Solaris Containers are a prime enabler for server consolidation.

With the introduction of Solaris Zones in the Solaris 10 OS, Sun is taking Solaris Containers a step further by allowing servers to be partitioned in sub-CPU granularity. A Solaris Zone is a complete execution environment for a set of software services — a separate, virtual Solaris environment within a Solaris instance. A Zone provides a virtual mapping from software services to platform resources, and allows application components to be isolated from each other even though they share a single Solaris OS instance. It establishes boundaries for resource consumption and provides isolation from other Zones on the same system. The boundaries can be changed dynamically to adapt to changing processing requirements of the applications running in the Zone.

Solaris Containers can be built using one or more the following technologies. These technologies can be combined to create Containers tailored for a specific server consolidation project:

• Solaris Resource Manager, for workload resource management
• Resource Pools, for partitioning
• Zones, for isolation, security and virtualization

It is important to note that a Solaris Container is not equivalent to a Solaris Zone. Zones technology can be used to create a Container with certain characteristics, such as the isolation provided by the virtual Solaris environment. But it is also possible to create another Solaris Container using Resource Pools technology if the required characteristics of that Container can be met with the features Resource Pools provide. So while a Zone is a Container, a Container is not necessarily a Zone.

Workload Resource Management

One of the inhibitors for consolidating multiple applications onto a single server is the lack of control over the resources utilized by applications. Consider the example of a company that wants to consolidate two database servers onto one system to decrease the number of systems to manage, as well as the number of software licenses required.

The first database is used by an on-line sales application while the second database is used by a marketing application. Because the sales application supports the core business of the company, it should be guaranteed a certain minimum amount of CPU when needed. The marketing application is a supporting application, and the CPU requirements of the database server are much less stringent. Without a mechanism to enforce these requirements, these two applications cannot be consolidated successfully onto one system. With Solaris Containers, these business requirements can be implemented by establishing the appropriate CPU resource boundaries using the Fair Share Scheduler (Figure 1). The Fair Share Scheduler controls the allocation of available CPU resources among workloads based on their relative importance.

Figure 1: Solaris Containers provide an environment that
fosters the safe consolidation of applications onto a single server

Partitioning

In some cases a more strict separation of resource consumption may be required. For example, some applications may require a dedicated number of CPUs regardless of the processing requirements of other workloads. Furthermore, it may be desirable to restrict some applications to a maximum number of CPU resources as defined in a service level agreement. Dynamic Resource Pools can be used to provide this kind of partitioning.

In the example of the sales and the marketing database, two Resource Pools can be created: one with a large number of CPUs, and another with a small number of CPUs (Figure 2). The sales database would be assigned to the large pool and the marketing database to the small pool. The Solaris 10 OS adds the capability to dynamically adjust these resource allocations in response to application load changes in order to meet system performance goals set by administrators

Figure 2: Resource pools can be used to partition resources

Isolation

Another inhibitor for consolidating applications is the lack of logical isolation between applications. This is of prime importance when the applications belong to different business units. Consider the example of an internal IT department acting as a service provider for a large corporation consolidating two workloads onto a single system. The IT department currently uses two systems, each dedicated to a single workload, since the workloads are from two different business units and each procured a system. Assuming the systems are currently under utilized, the organization wants to consolidate the applications onto a single system to achieve a more cost-effective solution.

However, both businesses object to sharing a system with another customer, as they are concerned about possible namespace conflicts, security issues, and administration conflicts. Solaris Containers make it possible to consolidate these workloads on one system by virtue of the namespace isolation, security and virtualization features of Solaris Zones. By creating a Zone for each business unit, the IT department can effectively create two separate systems on one physical system. To each business unit it appears as if they have a dedicated machine.

Figure 3: Zones effectively create separate systems on one physical system

Solaris Container Evolution

With the release of the Solaris 10 OS the Solaris Container reaches the full functionality discussed above. However, much of the functionality discussed in this document can be used in earlier Solaris OS releases. Some Solaris Containers features, such as the Fair Share Scheduler, have been available since the release of the Solaris 9 OS. Prior to that release, a fair share scheduler was available in the form of the Solaris Resource Manager 1.x unbundled software for Solaris 2.6 OS and later releases. This means that much of the functionality discussed in this document can be equally used on these earlier platforms.

Free White Paper

For more information on Solaris Containers, click here to download the new Sun BluePrints white paper "Solaris Containers: What They Are and How to Use Them."

For additional information on Solaris Containers, visit http://www.sun.com/visitors-info/benchmarks/, contact education_news@sun.com or click here to have your local Sun representative contact you.