– Global Zone
– Non-Global Zone
Zone 특징(Summary of Zone Features)
(1). Global Zone 특징
– Is assigned ID 0 by the system
– Provides the single instance of the Solaris kernel that is bootable and running on the system
– Contains a complete installation of the Solaris system software packages.
– Can contain additional software packages or additional software, directories, files, and other data not installed through packages
– Provides a complete and consistent product database that contains information about all software components installed in the global zone
– Holds configuration information specific to the global zone only, such as the global zonehost name and file system table.
– Is the only zone that is aware of all devices and all file systems
– Is the only zone with knowledge of non-global zone existence and configuration
– Is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled
(2). Non-Global Zone 특징
– Is assigned a zone ID by the system when the zone is booted
– Shares operation under the Solaris kernel booted from the global zone
– Contains an installed subset of the complete Solaris Operating System software packages
– Contains Solaris software packages shared from the global zone.
– Can contain additional installed software packages not shared from the global zone.
– Can contain additional software, directories, files, and other data created on the non-global zone that are not installed through packages or shared from the global zone
– Has a complete and consistent product database that contains information about all software components installed on the zone, whether present on the non-global zone or shared read-only from the global zone
– Is not aware of the existence of any other zones
– Cannot install, manage, or uninstall other zones, including itself
– Has configuration information specific to that non-global zone only, such as the non-global zone host name and file system table
– Can have its own time zone setting
A zone provides isolation at almost any level of granularity you require. A zone does not need a dedicated CPU, a physical device, or a portion of physical memory. These resources can either be multiplexed across a number of zones running within a single domain or system, or
allocated on a per-zone basis using the resource management features available in the operating system.
Each zone can provide a customized set of services. To enforce basic process isolation, a process can see or signal only those processes that exist in the same zone. Basic communication between zones is accomplished by giving each zone IP network connectivity. An application running in one zone cannot observe the network traffic of another zone. This isolation is maintained even though the respective streams of packets travel through the same physical interface.
Each zone is given a portion of the file system hierarchy. Because each zone is confined to its subtree of the file system hierarchy, a workload running in a particular zone cannot access the on-disk data of another workload running in a different zone.
Files used by naming services reside within a zone’s own root file system view. Thus, naming services in different zones are isolated from one other and the services can be configured differently.