Information Technology Reference
In-Depth Information
Security.
Containers remain securely isolated from one another. This sepa-
ration permits extremely granular privilege assignments, and has provisions
for providing immutable containers for “locked-down” environments that
are protected from modification. Tamper-proof execution environments are
very difficult to achieve with other virtualization methods.
■
A high level of compatibility with native (non-Container) Solaris
environments.
Containers do have some functional limitations. For ex-
ample, a Container cannot currently be an NFS server, though it can be an
NFS client. An up-to-date list of exceptions, and other useful information,
is maintained at the Zones and Containers FAQ at
http://hub.openso-
■
Native performance compared to non-virtualized environments.
Containers require no hypervisor or other virtualization software, and the
code paths of the OS and applications are unchanged.
■
Maximum scalability, permitting the largest number of VEs per
computer.
The theoretical maximum is 8191 Containers per OS instance.
Production systems with more than 100 running Containers exist in data
centers.
■
Highest resource granularity.
This characteristic permits fine-grained as-
signment of CPU capacity, RAM use, and allocation of other system resources.
■
Low overhead.
Only hardware partitions have less overhead than containers.
■
More predictable performance than hypervisors.
Because only one
scheduler is making scheduling decisions, predictability is enhanced.
■
Independence from any processor family.
Containers are available
on any SPARC-, Intel-, or AMD-based computer that runs Solaris 10 or
OpenSolaris. This platform independence lets planners select a virtualiza-
tion architecture without being locked into a chip family.
■
Centralized observability.
Solaris tools enable you to examine all activi-
ties of all processes in all Containers without buying or learning new tools.
This is not possible with other virtualization methods.
■
Coexistence.
Solaris 10 environments can coexist with virtual environ-
ments at the Solaris 8 or Solaris 9 levels.
■
No extra license fees needed.
Containers are simply a feature of the OS.
Some hypervisors require a fee for use, or a fee for support in addition to the
support fees for the operating systems.
■
Business agility and operational efficiency.
Containers' features and
flexibility exceed those of hardware partitions, owing to their advanced fea-
tures such as VE cloning, mobility, and dynamic resource management.
■
Search WWH ::
Custom Search