WIXLIB

Oracle Solaris 11 SystemVirtualization EssentialsSecond Edition

This page intentionally left blank

Watanabe fm.fm Page iii Wednesday, November 18, 2009 5:04 PMSolaris Solaris10 s Second EditionScott WatanabeJeff Victor, Jeff Savit,Gary Combs, Bob NethertonSun Microsystems PressUpper SaddleRiver, NJIndianapolis Boston NewIndianapolis FranciscoSan FranciscoBoston ColumbusYork San Amsterdam Cape TownNew York Toronto MontrealLondon Paris Munich Paris MadridDubai London Madrid Milan Munich Montreal Toronto Delhi Mexico CityCapeTown Sydney Tokyo MexicoCity TokyoSãoPaulo Sydney HongKong SingaporeSeoul Singapore Taipei

Many of the designations used by manufacturers and sellers to distinguish their products areclaimed as trademarks. Where those designations appear in this book, and the publisher wasaware of a trademark claim, the designations have been printed with initial capital letters orin all capitals.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may betrademarks of their respective owners.The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions.No liability is assumed for incidental or consequential damages in connection with or arisingout of the use of the information or programs contained herein.This document is provided for information purposes only and the contents hereof are subjectto change without notice. This document is not warranted to be error-free, nor subject to anyother warranties or conditions, whether expressed orally or implied in law, including impliedwarranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations areformed either directly or indirectly by this document. This document may not be reproducedor transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.For information about buying this title in bulk quantities, or for special sales opportunities(which may include electronic versions; custom cover designs; and content particular to yourbusiness, training goals, marketing focus, or branding interests), please contact our corporatesales department at corpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contact governmentsales@pearsoned.com.For questions about sales outside the U.S., please contact intlcs@pearson.com.Visit us on the Web: informit.com/phLibrary of Congress Control Number: 2016959409Copyright 2017 Oracle and/or its affiliates. All rights reserved.500 Oracle Parkway, Redwood Shores, CA 94065Portions copyright 2017 Pearson Education, Inc.All rights reserved. Printed in the United States of America. This publication is protectedby copyright, and permission must be obtained from the publisher prior to any prohibitedreproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms and the appropriate contacts within the Pearson Education Global Rights& Permissions Department, please visit www.pearsoned.com/permissions/.ISBN-13: 978-0-13-431087-9ISBN-10: 0-13-431087-X117

Jeff Victor dedicates this book to the memory ofhis sister, Diana Lyn Victor.

This page intentionally left blank

ContentsForeword to the First EditionxiiiPrefacexviiAcknowledgmentsxxiAbout the AuthorsxxiiiChapter 1Chapter 2Introduction to Virtualization11.1Definitions and at Is Virtualization?Why Virtualize?Virtualization Improves ConsolidationOther Reasons for VirtualizationSupport of Cloud ComputingCommon Concepts1.2System Virtualization Models101.3Summary301.2.11.2.21.2.3Hardware PartitioningVirtual MachinesOperating System Virtualization121724Use Cases and Requirements312.1Introduction312.2General Workload Consolidation32vii

viiiContents2.2.12.2.22.2.3Chapter 3Types of Resource ControlsNeed for AvailabilitySummary3438402.3Asynchronous Workloads402.4Software Development and Other Bursty Workloads412.5Testing and Staging422.6Simplifying Workload Mobility432.7Maintaining a Legacy Operating System on New Hardware462.8Flexible, Rapid Provisioning472.9Relieving Scalability Constraints482.10 Fine-Grained Operating System Modification492.11 Configurable Security Characteristics492.12 Summary50Oracle Solaris Zones513.1Introduction523.2What’s New in Oracle Solaris 11 Zones533.3Feature Overview543.4Feature Details673.5Oracle Solaris Kernel 3.5.53.5.6Basic ModelIsolationNamespacesBrandsPackaging and File SystemsBoot EnvironmentsDeploymentManagementBasic OperationsPackagingStorage OptionsResource ManagementNetworkingDirect Device AccessVirtualization Management FeaturesSupportCreation and Basic PropertiesPackagingSecurityResource ControlsFile Systems and 16116117118

ixContents3.5.73.5.8Chapter 41181183.6Solaris 10 Zones1213.7Strengths of Oracle Solaris Zones1253.8Summary126Oracle VM Server for SPARC1314.1Oracle VM Server for SPARC Features1314.2CPUs in Oracle VM Server for SPARC1324.3Features and Implementation1344.4Installing Oracle VM Server for SPARCand Building a Guest Domain1494.5Oracle VM Server for SPARC and Solaris 64.3.74.3.84.3.94.4.14.4.24.4.34.4.44.4.5Chapter 5NetworkingManagementDomain RolesDynamic ReconfigurationVirtual I/OPhysical I/ODomain Configuration and ResourcesCPUsVirtual Network DevicesVirtual DiskConsole and OpenBootVerifying and Installing FirmwareInstalling Oracle VM Server for SPARC SoftwareDomain MigrationPhysical to Virtual ConversionOracle VM Manager and Ops ysical Domains1715.1Introduction1715.2SPARC M6: An Introduction1725.3SPARC M7: An Introduction1745.4Virtualization CPU/Memory and I/O UnitsDomain Configurable UnitsCPU/Memory I/O UnitsDomain Configurable UnitsPhysical DomainsStatic PDomsDynamic PDoms173173176176180184184

xContents5.4.45.4.5Chapter 61851885.5Fault Isolation1895.6Oracle Enterprise Manager Ops Center1905.7Summary191Oracle VM VirtualBox1936.1How Oracle VM VirtualBox Works1956.2Oracle VM VirtualBox Guest Platform1986.3Oracle Solaris as an Oracle VM VirtualBox Host2106.4Oracle Solaris as an Oracle VM VirtualBox Guest2156.5Creating and Managing Oracle VM VirtualBox .5.86.6Chapter 7Logical DomainsOracle Solaris ZonesRedundant CPUs in a PDomRedundant Memory in a PDomRedundant I/O in a PDomOracle VM VirtualBox ArchitectureInteracting with Oracle VM VirtualBoxVirtual CPUsRAMVirtual DiskVirtual Network DevicesBIOS and EFIInstalling Oracle VM VirtualBox on a Solaris HostCreating the Guest MachineInstalling the Guest Operating SystemCreating a Microsoft Windows 10 Guest MachineUsing the Command LineCreating an Oracle Solaris 11 Guest MachineUsing the Command LineStarting a Virtual MachineStopping a Virtual MachineCloning a Virtual MachineLive Migration of a 1223229238239242246247Automating Virtualization2497.1249Oracle Enterprise Manager Ops ization ControllersControl DomainsGlobal ZonesStorage Libraries250251252253253

xiContents7.1.67.1.77.1.87.1.97.1.107.27.3Chapter 8Chapter 9Server PoolsMigrationAutomatic RecoveryLayered 7.2.17.2.27.2.37.2.4What Is OpenStack?The OpenStack General ArchitectureOracle Solaris and OpenStackCompute Virtualization with Solaris Zonesand Solaris Kernel ZonesCloud Networking with Elastic Virtual SwitchCloud Storage with ZFS and COMSTARSample Deployment OptionsSingle-System Prototype EnvironmentSimple Multinode EnvironmentOpenStack SummarySummary256257258271Choosing a Virtualization Technology2738.1Review of Strengths and Limitations2738.2Choosing the 18.2.28.2.38.2.4Oracle Solaris ZonesOracle VM Server for SPARCHard Partitioning and Physical DomainsOracle VM VirtualBoxStart with RequirementsPreferencesVirtualization Decision TreeExamples276278280281282283284285Applications of Oracle Virtualization2899.1Database Zones2899.2Virtualization with Engineered Systemsand Oracle Identity and Naming ServicesSecurityResource ManagementAdministrative BoundaryFault IsolationConclusionOracle SuperCluster290290290293294294295

re ArchitectureVirtualization ArchitecturePhysical DomainsLogical DomainsOracle Solaris ZonesSummary of Oracle SuperCluster Virtualization296297297297300301Virtualization with SecureEnterprise Cloud Infrastructure3019.4Virtualization in Oracle Exalytics3089.5Consolidating with Oracle Solaris Zones3099.6Security Hardening with Oracle Solaris Zones3159.7Customer Deployment 13239.8Customer Deployment 23249.9Customer Deployment ntroductionSECI ComponentsService DomainsServer PoolsSecurityPlanning of Resources and AvailabilityConclusionPlanningConfigure CPU UtilizationCreate ZonesTestingSummaryScenarioBasic StepsImplementing Hardened ZonesTestSecurity AnalysisSummaryFurther Reading9.10 18322322323323326Appendix: History of Virtualization and Architectural Evolution327Index345

Foreword to the First EditionI’m no longer sure when I first became hooked. Was it when I overheard a casualconversation about running a “test” copy of MVS in parallel with the real copyof MVS on a new 390 mainframe? Or was it the idea of Zarniwoop researchingthe Hitchhiker’s Guide to the Galaxy in an electronically synthesized copy of theentire universe he kept in his office? Whatever the cause, I’m still addicted tovirtual machine technology.Fooling a whole stack of software to run correctly on a software simulation ofthe platform it was designed to run on has been a recurring interest in my career.Poring through the history of VM/370 as a graduate student, absorbing JamesGosling’s audacious idea of the Java VM, spending a few weeks building an experimental machine emulator to run SPARC applications on Solaris for PowerPC, the“aha!” moment when we realized how useful it would be if we arranged that a setof processes could behave as a little OS within an OS (the idea that became SolarisZones), the first bring-up of OpenSolaris running as a paravirtualized guest onXen—those are just a few of the highlights for me.This book began as a project within Sun in mid-2009 during Oracle’s acquisition of the company, so it both explores aspects of Sun’s virtualization technology portfolio, and—now that the acquisition is complete—peers a little into 2010.Sun’s unique position as a systems company allowed it to deliver a full set of integrated virtualization technologies. These solutions span the different trade-offsbetween maximizing utilization for efficiency and maximizing isolation for availability, while enabling the system to be managed at a large scale and up and downxiii