Solaris 10 with sparse root zones provides an excellent virtualization solution. If you want systems that are largely identical (but perhaps with different applications) then it's pretty much optimal, and very resource efficient.
Agreed. The most efficient form of application stacking with complete isolation.
The key advantage of using sparse-root is that there's only one OS to manage.
That's true in a very large degree to both sparse and whole root zones. The most attractive features of sparse root zones is - trojan horse protection against inherit-pkg-dirs - smaller in size which means you have less to sling around - upgrade on attach covers more (if not all) of the packages - smaller memory footprint due to library sharing - quicker to maintain (less moving parts) If you are not using ZFS then they are faster to install and remove.
With whole-root zones, and other heavier solutions, there's an extra OS image to manage with each virtual system
I think you are over estimating the heft of a whole root zone a bit. It's not a complete system image and there aren't that many more things to consider than a sparse root zone. The variability of packing and patching is about it. Everything else is the same. Slightly larger memory footprint which may or may not matter in your environment. Some of the additional girth can be offset by using ZFS and cloning. When ZFS gets dedup it will be very welcome in these environments. From an admin perspective, whole-root
zones offer no real advantage over xen/vmware, and while I would (and do) run sparse-root zones extensively, I would run Xen or VMware rather than whole-root zones, as they have other capabilities you can leverage.
The decision point between whole and sparse root zones is whether or not the application writes can be contained in a few directories rather than spraying all over /usr. If it is a manageable number (which should be most of the cases), sparse is the way to go. If not then try to figure out how to constrain the directories the apps write to, and then punt to whole root. VMs like Xen, VMware and LDOMs do one thing, zones do another. Nothing prevents you from combining them to get the best of both worlds. A lot of folks miss this point because their application OS doesn't have application isolation capabilities like zones and think VMs are the answer. They are part of an answer. Bob _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
