Response to: IBM, Sun and HP: Comparing UNIX Virtualization Offerings By Ken Milberg
By user12611852 on Feb 26, 2007
IBM Systems Mag recently posted an article comparing Sun, HP and IBM virtualization offerings entitled, "IBM, Sun and HP: Comparing UNIX Virtualization Offerings" By Ken Milberg.
You can read the article at:
This article covers a variety of issues some accurate and some
horribly inaccurate. I will only address the Solaris portion of the article:
It took over a hundred commands and hours of architectural work, including partitioning drives and planning for replicas.
While I will admit that Solaris Volume Manager (aka DiskSuite) is not the easiest to set up via the command line, the Solaris Mgt. Console can be used to make this easier. Ken doesn't say exactly what he was trying to do but "hundreds of commands and hours of time" sounds to be a bit of an exaggeration. In addition, ZFS can create a mirrored storage pool in two commands and also supports an easy to use web GUI. In addition ZFS provides data integrity capabilities and nearly infinite storage capabilities. ZFS is also open source and being ported to BSD variants including MacOS X.
this method requires all partitions have the same OS and patch levels. Their virtualization essentially virtualizes an OS environment more-so than hardware. In fact, they don't emulate any of the underlying hardware. The virtualized OS will make the calls to the hardware. That's where multiple partitions run on the same server, but with one kernel. To reiterate, every OS level must be exactly the same across all containers. One kernel fault will bring down every container.This is true, however, as the author points out later in the article there is SIGNIFICANTLY less overhead in CPU, memory and disk space incurred in the Solaris Containers virtualization. Logical Domains in the T2000 and Single CPU domains in the APL (due later this year) will alleviate this issue by allowing multiple, different OS versions to run. The author fails to point out, however, that a single kernel is easier to manage and patch than multiple kernels. In addition, we have taken significant steps to enhance the availability of the kernel (SMF, Predictive Self-healing.)
There's also limited security isolation as a result of a single kernel across containers. What that means is one breach will impact every container in the OS image.Although a breach of the Global zone can impact every container, the global zone can be configured without an IP address making it impossible to attack without direct console access. This is, in fact, the preferred configuration. User applications and logins should not be allowed in the Global zone. The local zones themselves, if attacked, are completely isolated from the other zones via reduced privs. They can be rebooted independently without affecting other zones. Another benefit of a single kernel image is the ability to use Dynamic Tracing (DTrace) to diagnose problems across all the Solaris containers. This is impossible using virtualization with separate OS instances.
From a licensing perspective, one must also be aware ISVs will charge on a per CPU basis across all containers in the single image, even though they may need only a part of the OS image capacity.This varies by ISV. Oracle, for instance, respects Sun CPU pools when set up in the global zone and attached to local zones for licensing purposes. Most licensing system are based upon the Honor system. Negotiate the best deal you can with your ISVs.
Sun containers also can't share I/O, which is not a good thing.This is not true. Containers can share ethernet ports, FCAL channels, devices, disk drives and even mounted file systems in read-only or read-write access modes.
You could use the Solaris Container Manager, though I suspect you may have similar problems that I had with the Solaris Management Console in configuring storage resourcesYou can also use webmin from webmin.com to manage containers, SMF, users, cron jobs and many other aspects of Solaris. Webmin is an open source, lightweight, web based management interface.
When Red Hat came up with virtualization for RHEL5 (still in Beta), they decided not to go the container route, and will introduce version 3 of Xen's hpypervisor. The virtualization is a para-virtualized kernel, which virtualizes part of an OS operating environment and also selectively emulates hardware devices as well. It provides access to the native hardware. Of all the virtualization technologies out there, Xen most closely mirrors IBM's Advanced Power Virtualization (APV). But it's not yet available on the Sparc.Sun is engaged with the Xen project at opensolaris.org and expects a Xen based distribution later in 2007 for the Intel/AMD platforms. Logical Domains is a similar technology available for T1000/2000 today.
My Solaris buddies have informed me - with Sun's new line of T2000 servers - one can run Solaris, Unix and also Windows,
I'm not sure which Solaris buddies he is referring to but MS Windows does NOT run on the T2000. Ubuntu Linux does.
Mr Milberg summarizes with:
Solaris containers are NOT a virtualization technology for everyone. Containers, however, solve both the "server sprawl" as well as the "operating system sprawl" problem that exists in many data centers today. There are a wide variety of customers (commercial and government) using Solaris containers in production today. Sun offers now a number of virtualization choices including:
and is working on more solutions to come
- Logical domains (CMT chips)
- VMware (Intel/AMD chips)
- Hardware Domains (UltraSparce data center servers)
- Solaris containers (all chips, small to large platforms)
Per CPU virtualization (APL)
Xen for Solaris 10 (Intel/AMD)
You can find much more on the architecture and implementation of Solaris Containers at our Sun Blueprints web site (perhaps Mr. Milberg was unaware of this resources). There is also a Solaris Zones FAQ available in the OpenSolaris Communities. I highly suggest that you (and Ken) review the Solaris Containers Technology Architecture Guide
To summarize, Solaris is the high volume Unix based OS that runs on more platforms, has more applications and the most advanced technology in the world. Compared to AIX and Red Hat Enterprise Linux 4, Solaris 10:
- Does more
- Costs less
- Runs on more platforms
- Is developed as an open source product
Download Solaris 10 for free (Sparc or X64) and try it out for yourself.
Why should you care?
We believe that you should have the most accurate information available when choosing a platform to deploy your mission critical applications.