On 08/ 6/10 12:40 AM, Frank Batschulat (Home) wrote:
On Thu, 05 Aug 2010 14:03:20 +0200, Richard L. Hamilton<rlha...@smart.net>  
I would like to upgrade a Thumper we use as a staging
server for backups form Solaris 10 to OpenSolaris.  The backup
application (NetVault) is only supported on Solaris.

So my question is: can a branded Solaris 10 zone
access the external
tape vault?  If so are there likely to be any issues
with running an application like NetVault within a branded zone?
Devices can be assigned to zones.  With a disk, that could
be a security issue (a corrupted filesystem could crash the whole
system, for example).  A tape probably wouldn't be as much
of a threat, but that's not the same as saying it would be safe.
In general, one should consider very carefully the security and
reliability implications of assigning devices to zones.
the problem with exporting the tape device to a NGZ, which although
not "supported" can be achived as you mention,
is that there's no way to exclusive assign that particular tape device
to a particular NGZ or to restrict access from the GZ or any other
NGZ to that same tape device. that might become a problem
if several different users try to use that tape from different
NGZs or a NGZ and the GZ, that access may produce a somewhat
questionable end result that care must be taken here when
setting up such configuration.

NetVault will be the exclusive user of the tape unit, so we shouldn't have any 
issues with attempted multiple access.  In some ways I would prefer to run it 
from a zone.  All the other services currently sand-boxed in their own zones, 
so moving NetVault
 to a zone will make it the rule rather than the exception.


zones-discuss mailing list

Reply via email to