Hi Mike,

Le 2 oct. 08 à 21:47, Mike Gerdts a écrit :

> The overall availability of a server comes from a number of factors
> which include security and usability.  If the level of separation that
> you are worried about is a critical factor, I'd suggest not using
> zones.  They are good but they can leak information about each other.

Really interesting advise.

1) As you showed in your post, zones with shared-IP may present some  
hole/clue/whatever to find where is the global zone. This is true if  
non-global zone and global are sharing the same IP network. Ok, I  
know, routing can become a challenge when using different networks  
between global zone and non-global.

2) With exclusive-IP, how do you find your global zone ?

> If an organization does not have a good process for documenting the
> relationship between real and virtual machines[1], the availability of
> the services running in a zone can be dramatically enhanced by
> allowing those that care and feed for software within a zone to know
> the name of the global zone.  They can then use this information when
> they contact the helpdesk/sysadmin team/whatever to ask for help on
> their broken virtualized OS instance.

This shouldn't be on the non-global zone. I insist on this.
Even if you don't looking for a strong isolation between your zones.  
Anybody working on Solaris will assume there's no easy way to find the  
name ON the non-global zone.  You do implement something opposed to  
the doc/man/faq/whatever !

I clearly understand what you want to point out...this have to be on a  
separate "thing": any sort of webserver/wiki/monitoring app

> Another case is if an application has application-level clustering to
> provide HA.  It doesn't take too paranoid of an application
> administrator to say that it is a good idea to be sure that the
> various redundant virtual OS instances are not all on a single
> physical machine.

---> monitoring app

> Zones are wonderful, but to date I haven't seen a widely available
> tool that makes this type of information and management easy to do
> without implementing some large and/or costly virtualization
> management framework.

3 lines script recording the information on a .txt shared by an apache ?

zones-discuss mailing list

Reply via email to