Virtualization is a CIO's dream. Part of an emerging family of containment technologies, server virtualization is designed to lower costs by reducing the hardware and system administration required to run applications, and to speed application deployment by allowing multiple deployment scenarios to be tested with ease.

Sun provides a range of options on multiple operating systems across both SPARC and x86 product lines. Sun's innovative Solaris Containers technology, part of the Solaris 10 Operating System, lets you run isolated systems in which each one thinks it is running on a dedicated system.

This article, the first in a series, covers server-oriented containment and virtualization with a focus on Solaris Containers technology. Part 2 of the series will cover virtualization technology on the x86 platform. Part 3 of the series will cover storage virtualization.

ADDITIONAL RESOURCES    »  Sun Virtualization Learning Center    »  Solaris 10: Containers    »  Solaris Containers Learning Center    »  Oracle Pricing with Solaris 10 Containers

One Application, One Server = Server Sprawl
Deploying applications, selecting appropriate server resources to support them, and managing the resulting environment is a complex problem. Many IT managers take a simple approach — assign each application its own server. Why? They do not want applications to interfere with each other in any way, and conclude that this can only be accomplished through dedicated, application-specific hardware servers.

This belief may be motivated by mistrust of the application, mistrust of other users or applications that could potentially share the same server, not wanting to put too many eggs in one basket, or other technical or organizational reasons. The result of this approach is often server sprawl — a large number of servers that are typically underutilized, difficult to manage effectively, and which increase data center space, cooling, and power requirements.

A variety of hardware and software technologies has evolved to help address these problems. Nearly all of the solutions involve some form of containment. In computing environments it may be important to contain applications, processes, groups of users and possibly complete operating systems. Each of these categories can be thought of as a service — a long-lived set of software objects with well-defined states, error boundaries, start and stop mechanisms, and dependency relationships to other services. A service must be viewed and managed — that is, contained — as a single entity. A container is a bounded environment for a service; such environments can be implemented and managed using a wide variety of hardware and software technologies.

The Two Flavors of Software-Based Containment
Hardware containment methods originated in the 1960s and 1970s on early mainframe systems and continue today on modern enterprise-class servers. Software-based containment solutions are a more recent approach. These solutions generally do not require specialized hardware and can run on a wide range of systems, from laptops and desktop workstations, to mid-range and enterprise-class servers. There are two general architectures of software-based containment — one uses a hosted virtual machine monitor (VMM), and the other is operating system virtualization.

In a hosted VMM, a primary operating system runs directly on the system hardware, and a VMM runs as an application under the host operating system. VMware Workstation and Microsoft Windows Virtual Server 2005 are examples of this type of hosted VMM environments. The hosted VMM permits multiple guest operating systems, such as Linux, Microsoft Windows, or the Solaris OS, along with their applications to run simultaneously in a contained manner on the host system. Administrative tools are provided to allocate and change resources among the guest operating systems. Additionally, applications can be run directly on the primary operating system, ignoring the VMM entirely.

Not all server containment technologies require a VMM. In fact, VMMs can consume significant CPU resources as they rewrite or redirect guest operating system code, especially when they need to intercept and redirect privileged guest operating system instructions.

Operating System Virtualization with Solaris 10 Containers
If a collection of processes and resources can be defined and bounded to match the requirements of a contained server environment, server virtualization can be accomplished efficiently without the use of a separate VMM. This type of containment can be described as operating system virtualization and this is the approach taken with Solaris Containers.

Only one instance of the Solaris OS runs on the hardware and it is referred to as the global zone. The administrator defines one or more non-global zones that contain virtual server environments. A non-global zone appears to all users as a fully realized server. Non-global zones are isolated from each other. Not only do they have their own separate name space, non-global zones cannot see one another, their processes, or their attributes such as IP addresses.

Non-global zones also cannot share memory, and even have their own user level operating system services. Because every zone is isolated in this way, zones can be independently booted and rebooted at will without disturbing the other environments on the system. A Solaris Container provides isolation and resource control — important building blocks for creating a secure IT infrastructure.

Trade-Offs Between Containment and Virtualization
Which technology is right for your data center? Virtualization technologies are maturing, enabling them to provide contained environments for quickly creating and testing applications and operating systems, guarantee application of quality of service, and increase overall system utilization and return on investment. At the same time, some virtualization technologies can:

• Add complexity to the overall IT infrastructure
• Increase licensing and administrative costs
• Potentially add system overhead
• Complicate diagnosis of system problems

For example, consider an environment in which Oracle software is run under VMware on the Linux operating system on a Sun V40z server. If a problem is experienced, how do you identify its cause? Which vendor is ultimately responsible for helping you find and fix the issue?

The biggest factor impacting the selection of one containment model over another is the operating environment for which the application to be contained has been written. Unfortunately, factors that affect infrastructure decisions are often taken into account late in the process — after the application design and development phase have been initiated.

Once the operating system has been agreed upon, options for containment models are limited and tend to be vendor-specific. The table below outlines important virtualization guidelines that can aid the decision-making process.

Consider the following when selecting a virtualization technology and approach:

• Platform Availability: Different platforms provide different levels of availability. VMware only supports 32-bit applications on the x86 and x64 processor set. Solaris Containers operate on x86, x64, and UltraSPARC processors.
• Performance: If overhead is a concern, VMware may not be an option. The layers of software and different operating system kernels present in these software architectures may add additional overhead and slow overall system performance.
• Manageability: If data center manageability is a crucial factor, Solaris Containers are a good choice. The operating system standardization they ensure for a large percentage of applications helps ease the management burden, and footprint reduction is possible with high-end servers.
• Isolating software problems: If being able to isolate software problems is important — and it commonly is — then observability is essential. If an application in a VMware guest operating system is not behaving as expected, it may be difficult to diagnose what is happening in the operating system with respect to the entire platform and the foundation environment. With Solaris Containers, the global zone allows complete visibility into all container-sized application services and the underlying hardware.

Containment and virtualization technologies are beginning to play a critical role in IT infrastructure design decisions. It is important for IT managers, CTOs and CIOs to understand these evolving concepts and solutions and to know what questions to ask about their potential benefits and pitfalls. Virtualization is a key part of an overall strategy to reduce server sprawl and increase resource utilization in a systemically secure manner.

This article has been synthesized from the Sun BluePrints article, Slicing and Dicing Servers: A Guide to Virtualization and Containment Technologies, Harry J. Foxwell and Isaac Rozenfeld, October 2005.

Questions or comments? Please email education_news@sun.com