Hi Peter, hi Nahum,
thanks. Yes that makes it more clearer in spite of the fact that it does not
make me happier.Yes, like Nahim mentioned the appliance depends on iptables. So
the LX brand seems to be out.So I still have some questions which you could
perhaps enlighten...
1.) How bad is the performance of KVM really? I have a Quadcore Skylake
installed - do you think it's worth trying to install such a thing like that
Sophos Firewall in a KVM instance? (I just installed a Windows 8 KVM Zone - and
that performance is acceptable, but not more. It has quite a lot lags)
2.) Does anyone know of another Firewall Appliance which I could give a try
apart of the Sophos AND which runs in LX Brandz or in SmartOS/Solaris? (It has
the benefits that Proxy, Child protections and many other things are
preconfigrued, so I would prefer that the solution to set up all using Solaris)
3.) As Peter said that the LX Brandz does not have its own Linus Kernel I am
still a bit confused about the images provided by Joyent:Supposed I install now
a LX Zone with Debian. Time passes and Joyent offers a new Debian with a newer
release - will there (and if yes, which) be a difference between the LX Zone I
installed now and that new one Joyent will release in half a year - supposed
that I did aptitude update and so on inside that zone regulary? If yes - is
there a way to update the Zone itself from one Joyent release to another or has
all be destroyed an reinstalled again?The same thing is not quite clear to me
with the smartos zones. Is there a difference between a newer Smartos Image
from imgadm to an older one which is kept update with pkgin fug?
Sorry for so much questions...Mat
Von: Peter Kelm <[email protected]>
An: [email protected]; Mat Schreiber
<[email protected]>
Gesendet: 18:24 Montag, 16.Januar 2017
Betreff: Re: [smartos-discuss] LX Zone from CD/ISO Image
Mat,
You’d be (more or less) limited to a KVM zone if all you have is an ISO of an
appliance. In a nutshell an LX zone is a native zone („Solaris“) using a Linux
compatibility layer. It is not a full Linux OS, does not run its own kernel…
Theoretically you could build an LX zone that mimics the setup of that Sophos
appliance.1) Determine what distribution (and specific version) the Sophos
appliance is based on. Then start out with an LX dataset of the same
distribution (on SmartOS).2) „Diff“ the filesystems and replicate all changes
(install packages, edit config files,…) on that LX zone/machine.
I looked at this a while ago for an AV appliance but found that it is too
cumbersome and completely unsupported anyway. Fortunately our AV vendor also
offered an RPM install in addition to the appliance ISO. So I spun up an Ubuntu
LX zone using the Joyent provided dataset and installed those RPMs per the
directions or the AV software supplier…
Let me know if this makes it clearer.
Peter
Am 16.01.2017 um 17:57 schrieb Mat Schreiber via smartos-discuss
<[email protected]>:
Hi,
sorry if my question is answered somewhere in the Joyent Wikis, but I found
nothing clearly explaining it:
I want to install the Sophos Firewall UTM in an LX Zone (as I assume LX Zones
to be ways faster than KVM Zones).So far so good. But I do not know how to
create a VM now, as I don't have an empty Image in imgadm.I just have
instructions from Oracle wiht LX Zones and installation from CD:Installing and
Booting lx Branded Zones (System Administration Guide: Oracle Solaris
Containers-Resource Management and Oracle Solaris Zones)
But I am not sure if it would be possible afterwards getting this thing again
under control of vmadm...
Or is it like that, that I should take an image (which one wouldn't matter) and
when set up I do an unconfigure to that Zone and install it again from CD as
described in the Oracle Instruction...What to do best?
Sorry and thanks,Mat
| smartos-discuss | Archives | Modify Your Subscription | |
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
