What are Solaris Zones?

Solaris Containers are built using one or more of the following technologies:

  • Solaris Resource Manager, for workload resource management;
  • Resource Pools, for partitioning, and,
  • Zones

A Solaris Zone is a complete execution environment for a set of software services - a separate, virtual Solaris environment within a Solaris instance. A Zone provides a virtual mapping from software services to platform resources, and allows application components to be isolated from each other even though they share a single Solaris OS instance. It establishes boundaries for resource consumption and provides isolation from other Zones on the same system. The boundaries can be changed dynamically to adapt to changing processing requirements of the applications running in the Zone.

The global zone encompasses the entire system and is comparable to a normal Solaris OS instance. It has access to the physical hardware and can see and control all processes. The administrator of the global zone can control the system as a whole. The global zone always exists, even when no other zones are configured. Inside the global zone are local zones. These zones are isolated from the physical hardware characteristics of the machine by the virtual platform layer. This layer provides the zones with a virtual network interface, one or more file systems and a virtual console. Even though the virtual network interfaces may map to the same physical network interface, applications in different zones are prevented from seeing traffic from applications in other zones. Every zone has its own process environment and runs its own set of core Solaris OS services, including inetd(1M), syslogd(1M), rpcbind(1M), and more. Applications running in a zone are unable to see applications running in other zones because of this private process environment. All zones share the same operating system instance and therefore run the same Solaris OS version.

There are two general zone types to pick from during zone creation. They are:

  • Small zone - (also known as a "Sparse Root zone")

    This is a partial replica of the global zone using a loopback file system (LOFS) to access its shared libraries (see Figure 1). It inherits packages and patches distributed through the global zone.

    smallzone-final

    Figure 1 : A small zone

  • Big zone - (also known as a "Whole Root zone")

    This is a whole replica of the global zone using its own physical copy of the system’s shared libraries. It also inherits the entire package and patch database, and maintains its own physical copy of product contents.

    bigzone-final

    Figure 2 : A big zone

Large virtualized Solaris environments are often characterized by a large number of zones (small or big) hosting critical server applications. Since the zones actively share resources with the base OS, any performance deficiency or resource contention at the base could adversely impact the performance of the server applications executing on the zone. It is therefore imperative to closely monitor the functioning of the virtual Solaris host and the zones executing on it from the perspective of resource usage, so that resource-intensive applications or processes can be instantly identified and corrective measures immediately initiated.