Version 3.1-en Solaris 10 Container Guide - 3.1 2. Functionality Effective: 30/11/2009
Thus, a local zone is a Solaris environment that is separated from other zones and can be used
independently. At the same time, many hardware and o perating system resources are shared with
other local zones, which causes little additional runtime expenditure.
Local zones execute the same Solaris version as the global zone. Alternatively, virtual execution
environments for older Solaris versions (SPARC: Solaris 8 and 9) or other operating systems (x86:
Linux) can also be installed in so-called Branded Zones. In this case, the original environment is then
executed on the Solaris 10 kernel; differences in the systemcalls are emulated.
Additional details are summarized in the following table:
Shared kernel: The kernel is shared by the global zone and the local zones. The resources needed by the OS are
needed only once. Costs for a local zone are therefore low, as measured by main memory, CPU
consumption and disk space.
Shared objects: In Unix, all objects such as programs, files and shared libraries are loaded only once as a shared
memory segment which improves overall performance. For Solaris 10, this also includes zones; that is,
no matter how frequently e.g. a program or a shared library is used in zones: in the main memory, it will
occupy space only once. (other than in virtual machines.)
File system: The visible portion of the file system of the local zone can be limited to one subtree or several subtrees of
the global zone. The files in the local zone can be configured on the basis of directories shared with the
global zone or as copies.
Patches: For packages (Solaris packages) installed as copies in the local zone, patches can be installed
separately as well. The patch level regarding non-Application patches should be the same, because all
zones share the same kernel.
Network: Zones have their own IP addresses on one or more virtual or physical interfaces. Network
communication between zones takes place, if possible, via the shared network layers or when using
exclusive IP-instances via external network connections.
Process: Each local zone can see its own processes only. The global zone sees all processes of the local zones.
Separation: Access to the resources of the global zone or other local zones, unless explicitly configured as such
(devices, memory), is prevented. Any software errors that may occur are limited to their respective local
zone by means of error isolation.
Assigned devices: No physical devices are contained in the standard configuration of a local zone. It is, however, possible to
assign devices (e.g. disks, volumes, DVD drives, etc.) to one or more local zones.
Special drivers can be used this way as well.
Shared disk space: In addition, further parts of the file tree (file systems or directories) can be assigned from the global zone
to one or more local zones.
Physical devices: Physical devices are administered from the global zone. Local zones do not have any access to the
assignment of these devices.
Root delegation: A local zone has an individual root account (zone administrator). Therefore, the administration of
applications and services in a local zone can be delegated completely to other persons – including the
root portion. Operating safety in the global zone or in other local zones is not affected by this. The global
zone root has general access to all local zones.
Naming
environment:
Local zones have an independent naming environment with host names, network services, users, roles
and process environments. The name service of one zone can be configured from local files, and another
zone from the same computer can use e.g. LDAP or NIS.
System settings: Settings in /etc/system apply to the kernel used by all zones. However, the most important settings of
earlier Solaris versions (shared memory, semaphores and message queues) can be modified from
Solaris 10 onwards by the Solaris resource manager for each zone independently.
Table 1: [ug] Characteristics of Solaris 10 Zones
3