Zones and Solaris Security


An under-appreciated aspect of the isolation inherent in Solaris Zones (aka Solaris Containers) is their ability to use standard Solaris security features to enhance security of consolidated workloads. These features can be used alone or in combination to create an arbitrarily strong level of security. This includes DoD-strength security using Solaris Trusted Extensions - which use Solaris Zones to provide labeled, multi-level data classification. Trusted Extensions achieved one of the highest possible Common Criteria independent security certifications.

To shine some light on the topic of Zones and security, Glenn Brunette and I recently co-authored a new Sun BluePrint with an overly long name :-) - "Understanding the Security Capabilities of Solaris Zones Software." You can find it at http://www.sun.com/blueprints.

Comments:

Is it possible to create a container/zone that itself runs Solaris 10? The idea is to keep this container seperated from the global Solaris 10. This would allow us to work on Solaris 10 within the container without affecting the global Solaris 10.

Posted by Richard on January 12, 2009 at 04:22 AM EST #

Post a Comment:
Comments are closed for this entry.
About

Jeff Victor writes this blog to help you understand Oracle's Solaris and virtualization technologies.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today