Le 2 oct. 08 à 21:47, Mike Gerdts a écrit :
> The overall availability of a server comes from a number of factors
> which include security and usability. If the level of separation that
> you are worried about is a critical factor, I'd suggest not using
> zones. They are good but they can leak information about each other.
Really interesting advise.
1) As you showed in your post, zones with shared-IP may present some
hole/clue/whatever to find where is the global zone. This is true if
non-global zone and global are sharing the same IP network. Ok, I
know, routing can become a challenge when using different networks
between global zone and non-global.
2) With exclusive-IP, how do you find your global zone ?
> If an organization does not have a good process for documenting the
> relationship between real and virtual machines, the availability of
> the services running in a zone can be dramatically enhanced by
> allowing those that care and feed for software within a zone to know
> the name of the global zone. They can then use this information when
> they contact the helpdesk/sysadmin team/whatever to ask for help on
> their broken virtualized OS instance.
This shouldn't be on the non-global zone. I insist on this.
Even if you don't looking for a strong isolation between your zones.
Anybody working on Solaris will assume there's no easy way to find the
name ON the non-global zone. You do implement something opposed to
the doc/man/faq/whatever !
I clearly understand what you want to point out...this have to be on a
separate "thing": any sort of webserver/wiki/monitoring app
> Another case is if an application has application-level clustering to
> provide HA. It doesn't take too paranoid of an application
> administrator to say that it is a good idea to be sure that the
> various redundant virtual OS instances are not all on a single
> physical machine.
---> monitoring app
> Zones are wonderful, but to date I haven't seen a widely available
> tool that makes this type of information and management easy to do
> without implementing some large and/or costly virtualization
> management framework.
3 lines script recording the information on a .txt shared by an apache ?
zones-discuss mailing list