WIXLIB

Virtual Network Device108Managing a Virtual Switch109 Add a Virtual Switch Set Options for an Existing Virtual Switch Remove a Virtual Switch109110111Managing a Virtual Network Device111 Add a Virtual Network Device Set Options for an Existing Virtual Network Device Remove a Virtual Network Device111112112Determining the Solaris Network Interface Name Corresponding to a VirtualNetwork Device 113 Find Solaris OS Network Interface Name113Assigning MAC Addresses Automatically or Manually114Range of MAC Addresses Assigned to Logical Domains SoftwareAutomatic Assignment Algorithm115Duplicate MAC Address Detection115Freed MAC Addresses116Using Network Adapters With LDoms 117Determine If a Network Adapter Is GLDv3-Compliant117Configuring Virtual Switch and Service Domain for NAT and Routing 114117Set Up the Virtual Switch to Provide External Connectivity to Domains118Configuring IPMP in a Logical Domains Environment119Configuring Virtual Network Devices into an IPMP Group in a LogicalDomain 119 Configure a Host Route121Configuring and Using IPMP in the Service DomainUsing VLAN Tagging With Logical Domains SoftwarePort VLAN ID (PVID)VLAN ID (VID)121122123123Contentsix

Assign VLANs to a Virtual Switch and Virtual Network DeviceUsing NIU Hybrid I/O8.125 Configure a Virtual Switch With an NIU Network Device Enable Hybrid Mode Disable Hybrid Mode128Migrating Logical Domains128129Introduction to Logical Domain MigrationOverview of a Migration OperationSoftware CompatibilityAuthentication129130131Migrating an Active DomainCPUs131131Memory132Physical Input/OutputVirtual Input/Output132132NIU Hybrid Input/OutputCryptographic Units133133Delayed Reconfiguration133Operations on Other Domains133Migrating Bound or Inactive DomainsCPUsPerforming a Dry Run134134Monitoring a Migration in ProgressCanceling a Migration in ProgressRecovering From a Failed Migrationx134134Virtual Input/OutputExamples129135135136136Logical Domains (LDoms) 1.1 Administration Guide December 2008127124

9.Other Information and Tasks139Using CPU Power Management With LDoms 1.1 Software139Showing CPU Power-Managed Strands in LDoms 1.1 Software List CPU Power-Managed Strands List Power-Managed CPUsEntering Names in the CLI140141142File Names (file) and Variable Names (var name)142Virtual Disk Server backend and Virtual Switch Device NamesConfiguration Name (config name)All Other NamesMachine-Readable Output143143143Show Syntax Usage for ldm SubcommandsFlag Definitions143147Utilization Statistic DefinitionExamples of Various Lists148148 Show Software Versions (-V) Generate a Short List Generate a Long List (-l) Generate an Extended List (-e) Generate a Parseable, Machine-Readable List (-p) List a Variable List Bindings List Configurations List Devices 148149149151Generate a Subset of a Long List (-o format) 142143Listing Logical Domains Resources 140153155155156157List Available MemoryList Services153158159Contentsxi

Listing Constraints159 List Constraints for One Domain List Constraints in XML Format List Constraints in a Machine-Readable Format160161Connecting to a Guest Console Over a Network162162Stopping a Heavily-Loaded Domain Can Time Out163Determining Where Errors Occur by Mapping CPU and Memory AddressesCPU Mapping 164Determine the CPU NumberMemory Mapping 164164Determine the Real Memory AddressExamples of CPU and Memory MappingUsing Console Groups 164165165167Combine Multiple Consoles Into One GroupOperating the Solaris OS With Logical Domains167168OpenBoot Firmware Not Available After Solaris OS Has Started If DomainingIs Enabled 168Power-Cycling a Server 168Save Your Current Logical Domain Configurations to the SC169Do Not Use the psradm(1M) Command on Active CPUs in a Power-ManagedDomain 169Result of Solaris OS Breaks169Results From Halting or Rebooting the Control DomainUsing LDoms With ALOM CMT 171Reset the Logical Domain Configuration to the Default or AnotherConfiguration 171Enabling and Using BSM Auditingxii169172 Use the enable-bsm.fin Finish Script Use the Solaris OS bsmconv(1M) Command Verify that BSM Auditing is EnabledLogical Domains (LDoms) 1.1 Administration Guide December 2008173172173

10. Disable Auditing Print Audit Output Rotate Audit Logs174174174Using the XML Interface With the Logical Domains ManagerXML TransportXMPP175176Local ConnectionsXML Protocol176176Request and Response stration and UnregistrationThe LDM event MessagesEvent Types183184Domain Events184Resource EventsHardware EventsAll Events182185186186Logical Domains Manager Actions187Logical Domains Manager Resources and Properties188Logical Domain Information (ldom info) ResourceCPU (cpu) ResourceMAU (mau) Resource189189Memory (memory) Resource190Virtual Disk Server (vds) Resource190Virtual Disk Server Volume (vds volume) ResourceDisk (disk) Resource188191192Contentsxiii

Virtual Switch (vsw) Resource193Network (network) Resource194Virtual Console Concentrator (vcc) ResourceVariable (var) Resource195196Physical I/O Device (physio device) ResourceSP Configuration (spconfig) Resource196197Virtual Data Plane Channel Service (vdpcs) ResourceVirtual Data Plane Channel Client (vdpcc) ResourceConsole (console) ResourceDomain MigrationA.XML Schemas200201203LDM interface XML SchemaLDM Event XML Schema203206The ovf-envelope.xsd SchemaThe ovf-section.xsd SchemaThe ovf-core.xsd Schema208211212The ovf-virtualhardware.xsc SchemaThe cim-rasd.xsd Schema221The cim-vssd.xsd Schema226The cim-common.xsd Schema227The GenericProperty XML SchemaBinding Type XML SchemaGlossaryxiv231232233Logical Domains (LDoms) 1.1 Administration Guide December 2008219198199

PrefaceThe Logical Domains (LDoms) 1.1 Administration Guide provides detailed informationand procedures that describe the overview, security considerations, installation,configuration, modification, and execution of common tasks for the Logical DomainsManager 1.1 software on supported servers, blades, and server modules. Refer to“Supported Platforms” in the Logical Domains (LDoms) 1.1 Release Notes for a list. Thisguide is intended for the system administrators on these servers who have aworking knowledge of UNIX systems and the Solaris Operating System (SolarisOS).Related DocumentationThe Logical Domains (LDoms) 1.1 Administration Guide and Release Notes are s#hicThe Beginners Guide to LDoms: Understanding and Deploying Logical Domains Softwarecan be found at the Sun BluePrints site lYou can find documents relating to your server, software, or Solaris OS at:http://docs.sun.comPrefacexv

Type the name of the server, software, or Solaris OS in the Search box to find thedocuments you need.ApplicationTitlePart NumberFormatRelease notes for LDomsLogical Domains (LDoms) 1.1 Release Notes820-4914-10HTMLPDFSolaris man pages for LDomsSolaris 10 Reference Manual Collection: drd(1M) man page vntsd(1M) man pageN/AHTMLLDoms man pageldm(1M) man pageN/ASGMLLogical Domains (LDoms) 1.1 Manager ManPage Guide820-4915-10PDFBasics for Logical Domains softwareBeginners Guide to LDoms: Understanding andDeploying Logical Domains Software820-0832PDFAdministration for LDoms MIBLogical Domains (LDoms) MIB 1.0.1Administration Guide820-2319-10HTMLPDFRelease notes for LDoms MIBLogical Domains (LDoms) MIB 1.0.1 ReleaseNotes820-2320-10HTMLPDFAdministration for Libvirt for LDomsLibvirt for LDoms 1.0.1 Administration Guide820-3839-10HTMLPDFRelease Notes for Libvirt for LDomsLibvirt for LDoms 1.0.1 Release Notes820-3838-10HTMLPDFSolaris OS including installation, usingJumpStart , and using the SMFSolaris 10 CollectionN/AHTMLPDFSecuritySolaris Security Toolkit 4.2 is Security Toolkit 4.2 Reference Manual819-1503-10HTMLPDFSecuritySolaris Security Toolkit 4.2 Release Notes819-1504-10HTMLPDFSecuritySolaris Security Toolkit 4.2 Man Page Guide819-1505-10HTMLPDFxviLogical Domains (LDoms) 1.1 Administration Guide December 2008

Documentation, Support, and TrainingSun om/trainingSun Welcomes Your CommentsSun is interested in improving its documentation and welcomes your comments andsuggestions. You can submit your comments by going to:http://www.sun.com/hwdocs/feedbackPlease include the title and part number of your document with your feedback:Logical Domains (LDoms) 1.1 Administration Guide, part number 820-4913-10.Prefacexvii

xviiiLogical Domains (LDoms) 1.1 Administration Guide December 2008

CHAPTER1Overview of the Logical DomainsSoftwareThis chapter contains a brief overview of the Logical Domains software. All of theSolaris OS functionality necessary to use Sun’s Logical Domains technology is in theSolaris 10 11/06 release (at a minimum) with the addition of necessary patches.However, system firmware and the Logical Domains Manager are also required touse logical domains. Refer to “Required and Recommended Software” in the LogicalDomains (LDoms) 1.1 Release Notes for specific details.Hypervisor and Logical DomainsThis section provides a brief overview of the SPARC hypervisor and the logicaldomains it supports.The SPARC hypervisor is a small firmware layer that provides a stable virtualizedmachine architecture to which an operating system can be written. Sun servers usingthe hypervisor provide hardware features to support the hypervisor’s control over alogical operating system’s activities.A logical domain is a discrete logical grouping with its own operating system,resources, and identity within a single computer system. Each logical domain can becreated, destroyed, reconfigured, and rebooted independently, without requiring apower cycle of the server. You can run a variety of applications software in differentlogical domains and keep them independent for performance and security purposes.Each logical domain is allowed to observe and interact with only those serverresources made available to it by the hypervisor. Using the Logical DomainsManager, the system administrator specifies what the hypervisor should do throughthe control domain. Thus, the hypervisor enforces the partitioning of the resources ofa server and provides limited subsets to multiple operating system environments.1

This is the fundamental mechanism for creating logical domains. The followingdiagram shows the hypervisor supporting two logical domains. It also shows thelayers that make up the Logical Domains functionality: Applications, or user/services Kernel, or operating systems Firmware, or hypervisor Hardware, including CPU, memory, and I/OFIGURE 1-1Hypervisor Supporting Two Logical DomainsLogical Domain ALogical Domain nelOperating System AFirmwareHypHardwareC P U ,erOperating System BvisorM e m o r y&I / OThe number and capabilities of each logical domain that a specific SPARChypervisor supports are server-dependent features. The hypervisor can allocatesubsets of the overall CPU, memory, and I/O resources of a server to a given logicaldomain. This enables support of multiple operating systems simultaneously, eachwithin its own logical domain. Resources can be rearranged between separate logicaldomains with an arbitrary granularity. For example, memory is assignable to alogical domain with an 8-kilobyte granularity.Each virtual machine can be managed as an entirely independent machine with itsown resources, such as:2 Kernel, patches, and tuning parameters User accounts and administrators DisksLogical Domains (LDoms) 1.1 Administration Guide December 2008

Network interfaces, MAC addresses, and IP addressesEach virtual machine can be stopped, started, and rebooted independently of eachother without requiring a power cycle of the server.The hypervisor software is responsible for maintaining the separation betweenlogical domains. The hypervisor software also provides logical domain channels(LDCs), so that logical domains can communicate with each other. Using logicaldomain channels, domains can provide services to each other, such as networking ordisk services.The service processor (SP), also known as the system controller (SC), monitors andruns the physical machine, but it does not manage the virtual machines. The LogicalDomains Manager runs the virtual machines.Logical Domains ManagerThe Logical Domains Manager is used to create and manage logical domains. Therecan be only one Logical Domains Manager per server. The Logical DomainsManager maps logical domains to physical resources.Chapter 1Overview of the Logical Domains Software3

Roles for Logical DomainsAll logical domains are the same except for the roles that you specify for them. Thereare multiple roles that logical domains can perform.TABLE 1-1Logical Domain RolesDomain RoleDescriptionControl domainDomain in which the Logical Domains Manager runs allowing you tocreate and manage other logical domains and allocate virtual resources toother domains. There can be only one control domain per server. Theinitial domain created when installing Logical Domains software is acontrol domain and is named primary.Service domainDomain that provides virtual device services to other domains, such as avirtual switch, a virtual console concentrator, and a virtual disk server.I/O domainDomain that has direct ownership of and direct access to physical I/Odevices, such as a network card in a PCI Express controller. Shares thedevices with other domains in the form of virtual devices when the I/Odomain is also the control domain. The number of I/O domains you canhave is dependent on your platform architecture. For example, if you areusing a Sun UltraSPARC T1 processor, you can have a maximum of twoI/O domains, one of which also must be the control domain.Guest domainDomain that is managed by the control domain and uses services from theI/O and service domains.If you have an existing system and already have an operating system and othersoftware running on your server, that will be your control domain once you installthe Logical Domains Manager. You might want to remove some of your applicationsfrom the control domain once it is set up, and balance the load of your applicationsthroughout your domains to make the most efficient use of your system.Command-Line InterfaceThe Logical Domains Manager provides a command-line interface (CLI) for thesystem administrator to create and configure logical domains. The CLI is a singlecommand, ldm(1M), with multiple subcommands.To use the Logical Domains Manager CLI, you must have the Logical DomainsManager daemon, ldmd, running. The ldm(1M) command and its subcommands aredescribed in detail in the ldm(1M) man page and the Logical Domains (LDoms)Manager Man Page Guide. The ldm(1M) man page is part of the SUNWldm packageand is installed when the SUNWldm package is installed.4Logical Domains (LDoms) 1.1 Administration Guide December 2008

To execute the ldm command, you must have the /opt/SUNWldm/bin directory inyour UNIX PATH variable. To access the ldm(1M) man page, add the directory path/opt/SUNWldm/man to the variable MANPATH. Both are shown as follows: %%PATH PATH:/opt/SUNWldm/bin; export PATH (for Bourne or K shell)MANPATH MANPATH:/opt/SUNWldm/man; export MANPATHset PATH ( PATH /opt/SUNWldm/bin) (for C shell)set MANPATH ( MANPATH /opt/SUNWldm/man)Virtual Input/OutputIn a Logical Domains environment, an administrator can provision up to 32 domainson a Sun Fire or SPARC Enterprise T1000 or T2000 server. Though each domaincan be assigned dedicated CPUs and memory, the limited number of I/O buses andphysical I/O slots in these systems makes it impossible to provide all domainsexclusive access to the disk and network devices. Though some physical devices canbe shared by splitting the PCI Express (PCIe) bus into two (see “Configuring PCIExpress Busses Across Multiple Logical Domains” on page 71), it is not sufficient toprovide all domains exclusive device access. This lack of direct physical I/O deviceaccess is addressed by implementing a virtualized I/O model.All logical domains with no direct I/O access are configured with virtual I/Odevices that communicate with a service domain, which runs a service to provideaccess to a physical device or its functions. In this client-server model, virtual I/Odevices either communicate with each other or a service counterpart throughinterdomain communication channels called logical domain channels (LDCs). InLogical Domains 1.1 software, the virtualized I/O functionality comprises supportfor virtual networking, storage, and consoles.Virtual NetworkThe virtual network support is implemented using two components: the virtualnetwork and virtual network switch device. The virtual network (vnet) deviceemulates an Ethernet device and communicates with other vnet devices in thesystem using a point-to-point channel. The virtual switch (vsw) device mainlyfunctions as a multiplexor of all the virtual network’s incoming and outgoingpackets. The vsw device interfaces directly with a physical network adapter on aservice domain, and sends and receives packets on a virtual network’s behalf. Thevsw device also functions as a simple layer-2 switch and switches packets betweenthe vnet devices connected to it within the system.Chapter 1Overview of the Logical Domains Software5

Virtual StorageThe virtual storage infrastructure enables logical domains to access block-levelstorage that is not directly assigned to them through a client-server model. Itconsists of two components: a virtual disk client (vdc) that exports as a block deviceinterface; and a virtual disk service (vds) that processes disk requests on behalf ofthe virtual disk client and submits them to the physical storage residing on theservice domain. Although the virtual disks appear as regular disks on the clientdomain, all disk operations are forwarded to the physical disk through the virtualdisk service.Virtual ConsoleIn a Logical Domains environment, console I/O from all domains, except theprimary domain, is redirected to a service domain running the virtual consoleconcentrator (vcc) and virtual network terminal server, instead of the systemscontroller. The virtual console concentrator service functions as a concentrator for alldomains’ console traffic, and interfaces with the virtual network terminal serverdaemon (vntsd) and provides access to each console through a UNIX socket.Dynamic ReconfigurationDynamic reconfiguration (DR) is the ability to add or remove resources while theoperating system is running. The ability to perform dynamic reconfiguration of aparticular resource type is dependent on havi

vi Logical Domains (LDoms) 1.1 Administration Guide December 2008 Creating and Starting a Guest Domain 53 Create and Start a Guest Domain 53 Installing Solaris OS on a Guest Domain 56 Install Solaris OS on a Guest Domain From a DVD 56 Install Solaris OS on a Guest Domain From a Solaris ISO Fil