Sun Microsystems 10 用户手册
Version 3.1-en
Solaris 10 Container Guide - 3.1 2. Functionality
Effective: 30/11/2009
2. Functionality
2.1. Solaris Containers and Solaris Zones
2.1.1. Overview
[ug] Solaris Zones is the term for a virtualized execution environment
[ug] Solaris Zones is the term for a virtualized execution environment
–
a virtualization at the operating
system level (in contrast to HW virtualization).
Solaris Containers are Solaris Zones with Resource Management. The term is frequently used
(in this document as well) as a synonym for Solaris Zones.
(in this document as well) as a synonym for Solaris Zones.
Resource Management has already been introduced with Solaris 9 and allows the definition of CPU,
main memory and network resources.
main memory and network resources.
Solaris Zones represent a virtualization at the interface between the operating system and the
application.
application.
•
There is a global zone which is essentially the same as a Solaris operating system was in earlier
versions
versions
•
In addition, local zones, also called nonglobal zones, can be defined as virtual execution
environments.
environments.
•
All local zones use the kernel of the global zone and are thus part of a single physical operating
system installation
system installation
–
unlike HW virtualization, where several operating systems are started on
virtualized hardware instances.
•
All shared objects (programs, libraries, the kernel) are loaded only once; therefore, unlike for
HW virtualization, additional consumption of main memory is very low.
HW virtualization, additional consumption of main memory is very low.
•
The file system of a local zone is separated from the global zone. It uses a subdirectory of the
global zone's filesystem for a root directory (as in chroot environments).
global zone's filesystem for a root directory (as in chroot environments).
•
A zone can have one or several network addresses and network interfaces of its own.
•
Physical devices are not visible in local zones (standard) but can optionally be configured.
•
Local zones have their own OS settings, e.g. for name service.
•
Local zones are separated from each other and from the global zone with respect to processes,
that is, a local zone cannot see the processes of a different zone.
that is, a local zone cannot see the processes of a different zone.
•
The separation extends also to the shared memory segments and logical or physical network
interfaces.
interfaces.
•
Access to another local zone on the same computer is therefore possible through the network
only.
only.
•
The global zone, however, can see all processes in the local zones for the purpose of control
and monitoring (accounting).
and monitoring (accounting).
Figure 1: [dd] Schematic representation of zones
2
Server
OS
App
Local
zone
Local
zone
Local
zone
Global zone