New wiki article: Exploring Oracle Solaris 11 Express
By Jsavit-Oracle on May 24, 2011
Recommended: Exploring Oracle Solaris 11 Express
There's a very useful new wiki article at http://wikis.sun.com/display/solaris/Exploring+the+World%27s+First+Fully+Virtualized+Operating+System titled Exploring the World's First Fully Virtualized Operating System.
This covers material similar to what I discussed in
http://blogs.oracle.com/jsavit/entry/flow_control_in_solaris_11 "Flow control in Solaris 11 Express Network virtualization", but goes further. Instead of just adding a flow to an existing physical network interface as I did, the wiki illustrates creating virtual network interfaces with the
dladm create-vnic and
ipadm commands. In its second example, the wiki shows how to create a zone using the virtual nic.
No need to trade off shared vs. exclusive
That brings up an important new capability of Oracle Solaris 11. In Solaris 10, a zone (aka Solaris Container) could have a shared network interface or an exclusive IP. The shared model works well for most use-cases, typically many virtual environments on the same host and same network, with individual IP addresses and efficient off-box and inter-zone networking. But, that didn't allow zones to do things like assign their own IP address, or individually set network characteristics like turning on jumbo frames.
Exclusive IP was invented for cases where some zones had to have control over their own network interfaces (even issuing
ndd commands if they want, and when some zones had to exist on separate networks from other zones, especially for hosts residing on a DMZ or the Internet along with a company's internal network. However, exclusive IP required, well - exclusive access to a physical network device, restricting how many exclusive IP zones could be hosted on a server. Now, you can create an arbitrary number of virtual interfaces.
Recommended reading - several tasty recipes in one serving
In addition to the above features, the blog illustrates several other tasty items: the exclusive-IP zone is created using ZFS compression to save disk space, and sudo is used for commands that (traditionally, or by habit) would have implied becoming
root. Switching to an all-powerful root userid is so, last-century. Userids are created within the zone (names that will be familiar to viewers of a recent pair of movies about a high-tech superhero). Software is added to the zone (Solaris 11 zones start with a minimized install), Apache web server is set up, and then the whole thing is cloned to make a new zone. Great stuff, and a good illustration of ways that Oracle Solaris 11 Express provides new, flexible, and more secure administration. For a further illustration, see Jeff Victor's blog at http://blogs.oracle.com/JeffV/entry/virtual_network_part_3
Don't Fear The Reaper
My opportunity for a little joke: Sun blogs were on blogs.sun.com, sometimes referred to by us bloggers as "b.s.c". Now that we're on blogs.oracle.com (this is my first post in the new name), I expect to see references to "b.o.c". Which makes me think of Blue Öyster Cult. Naturally!
The views expressed on this [blog; Web site] are my own and do not necessarily reflect the views of Oracle.