Thursday Mar 29, 2012

eSTEP: Virtualization@Oracle (Part 4: Oracle Solaris Zones and Linux Containers)

After the Oracle VM coverage in the previous two articles we will now cover the Operating System side by looking at the

Oracle Solaris Zones and Linux Containers

Oracle Solaris Zones or also Linux Containers are not a separate product, but a technology, a feature of an Operating System. Both technologies are in principle based on the same technologies. They are a virtualization at the application level, so “above” the OS kernel. Compared to the Hypervisor based virtualization, we do not have such an additional software layer here. We have one OS kernel that is shared by many zones or containers.

To put it into perspective, let’s reuse the image from the first articles, where we show the positioning of Oracle Solaris Zones, which can roughly be compared to Linux Containers. The difference between both technologies is more at the implementation level and on the way it is integrated into the OS.

Let’s first dive more into detail with the

Oracle Solaris Zones

This Solaris feature at first showed up in Solaris Express and Sun Solaris 10 3/05 as Solaris Containers, but has always been called Solaris Zones. With Oracle Solaris 11 we now officially call it Oracle Solaris Zones. Zones are a virtualization technology that create a virtualization layer for applications. We could say a zone is a “sandbox” that provides a playground for an application. Those zones are called non-global zones and are isolated from each other, but all share one global zone. The global zone holds the Solaris kernel, the device drivers and the devices, the memory management system, the filesystem and in many cases the network stack.

So the global zone sees all physical resources and provides common access to these resources to the non-global zones.

The non-global zones appear to applications like separate Solaris installations.

Zones have their own filesystems, their own process namespace, security boundaries, and own network addresses. Based on requirements, zones can also have their own network stack with separated network properties. And yes there also is a separated administrative login (root) for every non-global zone, but still even as a privileged user there is no way to break-out/in from one non-global zone into a neighborhood non-global zone. But looking from the global zone, such a non-global zone is just a bunch of processes grouped together by a tag, called zoneid.

This type of virtualization is often called lightweight virtualization, because we have nearly no overhead in which we have to invest for the virtualization layer and the applications, running in the non-global zones. Therefore we get native I/O-performance from the OS. Thus zones are a perfect choice, if many applications need to be virtualized and high performance is a requirement.

Due to the fact, that all non-global zones share one global zone, all zones run the same level of OS software – with one exception. Branded zones run non-native application environments. With that, for Oracle Solaris 10 we have the special case of being able to create Solaris 8 and Solaris 9 Legacy Containers, providing Solaris 8 and Solaris 9 runtime environments, but still sharing the Solaris 10 kernel in the global zone. With Oracle Solaris 11 it is possible to create Solaris 10 Zones.

Within Oracle Solaris 11, zones have been much more integrated with the OS, compared to zones in Solaris 10. It’s no longer just an additional feature of the OS. Zones are well integrated into the whole lifecycle management process of the OS when it comes to (automatic) installation or updates of zones. A big step forward is, once again, the better integration of zones with more kernel security features, which enables more delegated administration of Zones. Better integration into ZFS, consistent use of boot environments, network virtualization features and the Solaris resource management are additional improvements, made to the zones in Oracle Solaris 11. Oracle Solaris Zones have always been very easy to setup on the command line and easy to use. If you want to use a Graphical Tool to configure Zones, you can use Oracle Enterprise Manager OpsCenter (which we will cover later on in this series).

Now while we have discussed Oracle Solaris Zones, what are:

Linux Containers (LXC)

Is this the same technology like zones or if not, how do they differ ?

First of all, compared to Oracle Solaris Zones, it’s really a new technology in Linux starting with kernel 2.6.27 and provides the resource management through control groups (also called userspace process containers) and resource isolation through namespaces. The LXC project page at has a very good explanation of Linux Containers: “Linux Containers take a completely different approach than system virtualization technologies such as KVM and Xen, which started by booting separate virtual systems on emulated hardware and then attempted to lower their overhead via paravirtualization and related mechanisms. Instead of retrofitting efficiency onto full isolation, LXC started out with an efficient mechanism (existing Linux process management) and added isolation, resulting in a system virtualization mechanism as scalable and portable as chroot, capable of simultaneously supporting thousands of emulated systems on a single server while also providing lightweight virtualization options to routers and smart phones.”

So we are talking here about chroot-environments, that can be created on various isolation levels, but also share as isolated group of processes one Linux kernel.


Oracle Solaris Zones and Linux Containers are offering a lightweight virtualized runtime environment for applications. Solaris Zones exist since Solaris 10 and are now highly integrated into Oracle Solaris 11. Linux Containers are available as BETA for Oracle Linux with the Unbreakable Enterprise Kernel only for testing and demonstration purposes.

With that we'd like to close this article on Oracle Solaris Zones and Linux Containers and hope we've kept you eager to read the ones coming in the following newsletters.

Further Reading

This series already had the following articles:

  • December 2011: Introduction to Virtualization (Matthias Pfützner)
  • January 2012: Oracle VM Server for SPARC (Matthias Pfützner)
  • February 2012: Oracle VM Server for x86 (Matthias Pfützner)

The series will continue as follows (tentative):

  • April 2012: Resource Management as Enabling Technology for Virtualization
    (Detlef Drewanz)
  • May 2012: Network Virtualization (Detlef Drewanz)
  • June 2012: Oracle VM VirtualBox (Detlef Drewanz)
  • July 2012: Oracle Virtual Desktop Infrastructure (VDI) (Matthias Pfützner)
  • August 2012: OpsCenter as Management Tool for Virtualization (Matthias Pfützner)

If you have questions, feel free to contact me at: Detlef Drewanz

Read more:

<<< Part 3: Oracle VM Server for x86 >>>> Part 5: Resource Management as Enabling Technology for Virtualization

Friday Jan 20, 2012

eSTEP: Virtualization@Oracle (Part 1: Overview)

Welcome to the first articel of our series Virtualization@Oracle. In the following months we want to discuss several aspects of Virtualization and what can be used with Oracle technology.

Let us know what you think, give feedback.

Thanks in advanced

Part 1: Overview

As a starter let's see, what Virtualization means.

Wikipedia ( describes it as:
"Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources."

Virtualization areas can then be categorized:

  • Hardware
  • Desktop
  • Software
  • Memory
  • Storage
  • Data
  • Network
We will at least address Hardware, Desktop and Operating System (as part of Software) and may add Network and Storage later on...

But before we dive into the specific layers and topics in more detail, this introductory article  explains the basics, what Oracle is capable of doing, and how it's done.

Before looking at the hardware layer, we introduce some concepts. These are called:
  • Full Virtualization
  • Paravirtualization
Then we define the term
  • Hypervisor
and talk about the differences between
  • Thick Hypervisor
  • Thin Hypervisor
  • Type 1 Hypervisor
  • Type 2 Hypervisor
Before starting into definitions, it should be mentioned, that this series will not cover software virtualization. In order to explain, what can be understood by software virtualization, here are some examples:
  • Application servers are means of virtualizing the application by spreading the task of running an application (or a business transaction, or many such parallel transactions) across multiple so-called instances of the application, possibly spread across multiple physical servers.
  • Even at the time, when the definitions of some internet software protocols were created, they already allowed for software virtualization, like the definition of the MX-records (list of servers for internet Mail Exchange - not to be confused by Microsoft’s e-mail program by the name of Exchange) in the DNS (Domain Name System, the directory of all servers on the Internet), where there can be secondary servers useful if the primary servers are not reachable.
  • Also an Oracle RAC implementation can be seen as software virtualization, because it allows for the distribution of the task across multiple instances and/or servers.
So, there is a broad range of such software virtualization technologies, which will not be covered in this series.

Let's start the definitions section with the term

Full Virtualization

Again, Wikipedia has a complete article on that (, but for our purposes here it should be sufficient to define it as a technology, that 100% abstracts the underlying layers, so that the layer and its interfaces can be 100% similar. So for "stuff" being programmed (be it an Operating System or an application) there is no need to know anything about the possible different implementations of the underlying layers. This then enables the easy migration from one fully virtualized environment into another fully virtualized environment.

Back to the definition section, and to the term


Again, here also, we have something from Wikipedia (, but for us here it shall suffice to say, that Paravirtualization differs from Full Virtualization in a way that it might expose some of the underlying elements directly. With that, different implementations of Paravirtualization might differ in small things, making the portability harder, as in the upper layers there needs to be an understanding of these differences. The advantage might in contrast be, that with the direct exposing of underlying stuff, these can be used to better serve specific needs. Therefore Paravirtualization adds into the upper layers of a stack specifics of the technology being virtualized. Typically this can increase the efficiency of the virtualization, because it often e.g. eliminates latency, which might be added through the full virtualization. On the other hand the knowledge and use of specifics of the underlaying virtualization technology makes it harder to change later to another virtualization technology.

With that definition we can now also introduce the concept of a


Again, Wikipedia has a full article on that ( but suffice it to say, that a hypervisor is the layer that abstracts the underlying elements, so that the stuff above it doesn't know, what's underneath, and only sees the interfaces exposed by the hypervisor. One could also call it a virtual machine manager, and, yes, this also is possible on different levels of the stack.

Back to the definition section and to the term

Thick Hypervisor

Every hypervisor needs something to configure itself or be configured. So, if the hypervisor itself contains all these configuration tools directly, accessible via interfaces to configure itself, than we call it a thick hypervisor.
Thin Hypervisor
In contrast, if the hypervisor itself requires some external entity to be configured, than we call it a thin hypervisor.

Then we have the term

Type 1 Hypervisor

A Type 1 hypervisor runs directly on top of some hardware, whereas a

Type 2 Hypervisor

requires an already running operating system, and therefore runs inside that Operating System.

Now, with the definitions done, let's go back and look at Oracle and its product portfolio, w.r.t.

Hardware Virtualization

Again: Wikipedia has an Article:

When we look at the hardware layer, Oracle has a couple of different products, based on different technologies.

Oracle offers SPARC and x86 based systems, and divides those on the SPARC side into  T- and M-series. The x86 systems have names like X????.

Looking at these three system-series, we have the following Oracle virtualization technologies, which can be used on the systems:
  • M-Series: Dynamic System Domains
  • T-Series: Oracle VM Server for SPARC (aka: Logical Domains)
  • x86-based systems: Oracle VM Server for x86, Oracle VM VirtualBox
While both Oracle VM Servers (SPARC and x86) are type-1 hypervisors, Oracle VM VirtualBox is a type-2 hypervisor.

If we move up the stack, we have to look at what's available from the Operating System. Wikipedia calls that

Operating System-level Virtualization


This technology provides applications a secure and isolated runtime environment, that acts like an exclusive OS instance, but shares some resources of the operation system like devices and the kernel. Resource management is need, if Operating system-level virtualization is used.

Before we dive deeper, we first need to classify the different Operating Systems, that can run on the different types of hardware:
  • M-Series: Oracle Solaris
  • T-Series: Oracle Solaris
  • x86-based Systems: Oracle Solaris, Linux, Microsoft Windows.
In the articles to come, we will mainly look at what's available inside Oracle Solaris and Oracle Linux. For Oracle Solaris that technology is named Oracle Solaris Zones (aka Oracle Solaris Containers).

Another major area of virtualisation centers around the desktop.

Desktop Virtualization

In order to describe that, let’s first define, what a desktop is. Also Wikipedia has articles on that (, and Let's stick to the term: A Desktop is, what a person sees on his computer monitor and interacts with a keyboard and mouse.

Desktop Virtualization then in turn describes technologies, that separate the "provider of the desktop" from the system, that controls the monitor, keyboard and mouse. More on that also in articles to come.

To finish, let’s add a small picture to help to understand the positioning:

With that we'd like to close this first introductory article and hope we've made you eager to read the ones coming in the following newsletters.

The series will continue as follows (tentative):

January 2012: Oracle VM Server for SPARC (Matthias Pfützner)
February 2012: Oracle VM Server for x86 (Matthias Pfützner)
March 2012: Oracle Solaris Zones and Linux Containers (Detlef Drewanz)
April 2012: Resource Management as Enabling Technology for Virtualization (Detlef Drewanz)
May 2012: Network Virtualization (Detlef Drewanz)
June 2012: Oracle VM VirtualBox (Detlef Drewanz)
July 2012: Oracle Virtual Desktop Infrastructure (VDI) (Matthias Pfützner)
August 2012: OpsCenter as Management Tool for Virtualization (Matthias Pfützner)

If you have questions, feel free to contact me: Matthias Pfützner

Read more:

>>> Part 2: Oracle VM Server for SPARC

eSTEP LogoeSTEP is an integrated program for our partner, focusing at the technical community to provide them with relevant technical information for their day-to-day business with us


« July 2016