With today's launch of Solaris 11, I felt it would be good to introduce 11 of my favorite things about zones in Solaris 11.
- Minimized by default. The default zone installation size is about 420 MB and has a very strong selection of the tools you expect in a modern UNIX installation. It's also very simple to find (e.g. pkg search -r hg) and install (e.g. pkg install mercurial) that tool that you use all the time that isn't in the default installation.
- It's easy to have different packages in the global zone and in each non-global zone. In fact, the default is to have the solaris-large-server group package installed in the global zone and the solaris-small-server installed in each zone.
- Zone boot environments, synchronized with global zone boot environments.
- Immutable zones allows you to turn all or part of a zone read-only. Even if a bad guy (or a mostly good guy doing something bad) running as root cannot add, delete, or modify protected files.
- Dedicated IP stack by default with automatic configuration with anets.
- The same zfs dataset layout in the global zone and non-global zones.
- Dataset aliasing.
- The automated installer configuration (AI manifest) used to install a global zone and a non-global zone are almost the same (and you can install zones automatically as part of a global zone installation installation).
- Performance monitoring with zonestat.
- Easy p2v and v2v using zfs send streams.
- solaris10 branded zones allow you to easily begin to take advantage of some Solaris 11 goodies while still running Solaris 10.
In the coming weeks, I'll talk about each of these and show how you can put them together in interesting ways to solve the types of problems that you see in the real world. If there's something you would really like me to dig into first, let me know.