Wednesday, December 7, 2011

solaris branded zone in solaris 11

Solaris branded zone is the default zone in Solaris 11
  • whole-root type only
  • immutable (read-only zone root) zone with  file-mac-profile (mandatory acccess control)
    • none: standard read-write
    • strict: read-only FS, no exceptions, only logged remotely
    • fixed-configuration: permits updates to /var except systome configuration
    • flexible-configuration:permit change
        • /etc
        • root home directory
        • /var
    • zonecfg add dataset: read-only dataset
    • zonecfg add fs, can mount read-only FS
  • IPS packing
  • install, detach, attach and P2V
  • NGZ root is a ZFS dataset
  • use boot env: beadm
  • All enabled IPS pkg repositories must be accessible while installing a zone
  • zone SW is minimized
  • default exclusive-IP with Automatic NET (anet) VNIC
  • support
    • ZFS encryption
    • Network V12n and QoS
    • SMB and NFS
    • can be NFS server
  • not supported
    • DHCP address assignment in a shared-IP zone
    • ndmpd
    • SMB server
    • SSL proxy server
    • ZFS pool administration through zpool cmd
  • zonestat: report CPU, memeory resource control, network bandwidth for exclusive-ip zone
  • admin resource
    • user
    • auths
      • solari.zone.login
      • solaris.zone.manage
      • solaris.zone.clonefrom
  • resources pool association
    • dedicated-cpu
      • ncpus
      • importance
    • capped-cpu
    • capped-memory
      • physical
      • swap
      • locked
  • zone network interface
    • shared-IP
      •  shared a network interface with GZ
      • use ipadm
      • net resource properties
        • address
        • physical
    • exclusive-IP
      • must have dedicated network interface
      • anet resource, a dedicated VNIC is automatically created and assigned to zone
      • can use pre-configured VNIC
      • default
      • support
        • DHCP v4 and v6
        • IP filter
        • IPMP
        • IP routing
        • ipadm for setting  TCP/UDP/SCTP and IP/ARP
        • IPsec and IKE
        • snoop
        • dtadm
        • sysconfig
  • hostid
  • disk format: uscsi
  • devices: /dev in zone
  • zone-wide resource
    • zone.cpu-cap
    • zone.cpu-shares
    • zone.max-locked-memeory
    • zone.max-lofi
    • zone.max-lwps
    • zne.max-msg-ids
    • zpne.max-processes
    • zone.max-sem-ids
    • zone.mac-shm-ids
    • zone.max-shm-memory
    • zone.max-swap
  • use attr for comment

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)