Tip of the Trade: Stuffing Containers on Solaris 10
Virtualization has come to the x86 platform in a big way, with hardware support on both Intel and AMD CPUs and every shade-tree code mechanic in the land writing new virtualization software. So much so that seeing the word "virtualization" is enough to give me the itches. So this week let's talk about something else Solaris 10 Containers.
|Solaris Containers are multiple independent instances of Solaris running on a single machine. Each container shares the same operating system image and drivers, creating safe, isolated environments for applications.|
Solaris' Containers (formerly known by the remarkably un-memorable name of N1 Grid Containers) are multiple independent instances of Solaris all running on a single machine. Each container shares the same operating system image and drivers. The idea is to have safe, isolated environments for applications. Containers are fast and easy to set up and very configurable. One popular way to use Containers is to run multiple Web servers.
Stuff as many Containers as you like into a single machine, up to the limits of the hardware. Install a Web server into each one each Web server gets a unique IP address, and all of them get to use port 80. Each Container is just as isolated as if each Web server were on a separate physical machine, which means no more resource conflicts. You don't have to create virtual hosts, complex directory structures for your data pages or go nuts configuring networking. And you don't have to worry about one compromised or misconfigured site bringing down the whole works. Access controls are easier. Hardware and network resources are configurable, so that the high-demand, important Web server gets all the bandwidth, storage, and CPU it needs, and lesser servers are allocated fewer resources.
Put your syslog server into a Container. If something goes haywire and your logfiles overflow, they'll be safely isolated. Mail servers are good candidates for Containers for the same reason; if something goes wrong and you get mailbombed, only the single Container will be affected.
Containers are good for software developers, since they allow for rapid testing of differently configured or even different applications side-by-side. No sitting around waiting for something to compile, just move into a different Container and do something else.
Sun's GUI control panel for Containers is good. Creating, provisioning and destroying Containers is pretty easy. Performance is exceptional while there are some high-availability tweaks that you get only with genuine Sun hardware, it's still a screamer on x86-64.
Visit Sun's Solaris Containers Page for more information.