Sun Wants to Get Into the Zone with Future Partitions.
Since early 2002, Sun Microsystems Inc has been talking about how it would eventually deliver sophisticated partitioning technology for the Solaris platform. This should allow the kind of fine-grained, sub-CPU logical partitioning that rivals IBM Corp and Hewlett Packard Co have popularized on their enterprise and midrange platforms and which is becoming increasingly popular on the Wintel and Lintel platforms through the likes of VMware Inc, SWsoft Inc, and soon even Microsoft Corp itself. With Solaris 10, Sun will take a slightly different tack from the industry when it delivers its own variant on logical partitioning, which it is calling "zones" or "trusted containers," depending on who at Sun you talk to.
Sun has been delivering static partitioning since it acquired the 64-way "Starfire" Enterprise 10000 server line from Cray in 1996. The Cray server was based on a four-way cell board, and the granularity of the static partitions, which Sun calls domains, was that cell board. No partition could be smaller than that cell board. (This is a common way to deliver static partitioning). Sun's domains, like other static partitions, could span multiple cell boards, all the way up to creating a single domain that covered all processors in the system. In 1999, just as the dot-com bubble was expanding to its breaking point, Sun delivered dynamic partitions on the Starfire servers that could automatically move resources from one domain to the other at the cell board level. With the advent of the Sun Fire "Serengeti" servers in 2000 and 2001, Sun brought the dynamic domain concept down into the midrange with the Sun Fire 3800, 4800, and 6800 servers and extended it to more powerful servers in the Sun Fire 12000 and 15000 lines. All of these machines are based on the UltraSparc-III processor, and the domains are as dependent on that Sparc iron as they are on the Solaris operating system. In fact, each domain runs its own instance of the Solaris operating system, and while Sun doesn't officially support this, it is possible to load the Sparc version of Linux into these domains, too.
With zones, which were developed under the code name "Kevlar," rather than load a whole operating system into a physical or logical partition, Sun will abstract the essential things that make a partition different - resource, fault and security isolation - from the Solaris operating kernel and various system services such as file systems and create a new kind of logical partition. With zones, there is only one instance of the Solaris kernel running on a machine, even though the applications running in zones believe that each zone is the entirety of the machine with its own complete Solaris operating system. One might call this extremely logical partitioning.
In September 2002, Sun launched a new feature in Solaris 9 and its integrated Sun Management Center resource manager called IP Quality of Service (IPQoS), and this was the first step in delivering zones. In general, QoS software allows service providers and data centers to provide different amounts of bandwidth and resources to different classes of customers. The IPQoS feature in Solaris 9 allows network resources to be monitored and managed in real-time so applications, users, or organizations accessing Solaris resources can have network bandwidth allocated to them based on pre-set priorities and policies. The IPQoS software also allows organizations to do charge-back accounting on the use of network resources, which is another thing companies want to be able to do.
According to Bill Moffitt, group manager of Solaris product marketing, the next phase of containers that moves them from being resource containers to being fully protected zones is fault isolation and security isolation. The Solaris zones, he says, borrow concepts from BSD Unix jails, which makes little sandboxes for applications to play in that give them security isolation. With both Solaris zones and BSD jails, users with access on one zone or jail cannot jump to another zone or jail on the same machine. Zones will, in fact, have their own root access.
The tricky bit is adding fault isolation, like the kind of fault isolation that Sun provides with dynamic domain hardware partitions. The idea is that an application crashing in one zone should not be able to crash applications running in other zones. The fault protection that Sun is working on is keeping faults in the zones from creeping into the Solaris kernel space. A memory leak from a single C++ application running in one zone, for instance, should not be able to crash a whole system.
What is immediately obvious in this description of zones is that the Solaris kernel is still a single point of failure, and this is something that Sun's competitors will be sure to point out. Sun will no doubt counter that IBM's Power series of servers, which are sold under the iSeries and pSeries brands, a hypervisor layer that sits above the hardware and below AIX, Linux, and OS/400 operating systems residing in logical partitions, is also a single point of failure.
Moreover, the logical partitioning as implemented by IBM and HP on their Unix and proprietary machines requires the full overhead of an operating system to be loaded into each logical partition. This is very inefficient. According to sources inside Sun familiar with its early tests on zones, Sun has run 500 zones on a four-way Solaris server. The theoretical limit in Solaris 10 for the purposes of naming zones uniquely is apparently 900,000 zones. The practical limit for the number of zones on a machine will depend on what those zones are doing. Several thousand per midrange box is probably a good guesstimate.
There is another benefit to the Solaris zones that is not necessarily obvious: It is platform agnostic in as much as it will run on any machine that supports the future Solaris 10. That includes old 32-bit and 64-bit Sparc, old 32-bit Intel iron, current Sun UltraSparc-III and UltraSparc-IIIi machines, current 32-bit Intel Xeon systems, future Opteron-based Sun servers (and indeed, any X86 server that runs Solaris, be it from IBM, Dell, HP or others), future Sun UltraSparc-IV and UltraSparc-V systems, and past, present, and future Sparc-compatible iron from Fujitsu Siemens. Zones will look the same and act the same on all of these platforms when they are running Solaris 10, because they are not tied to any specific feature of Sparc or X86 iron. They will also be able to run within Sparc machines that support dynamic domains, by the way.
The ability to support zones on all Solaris platforms is a real benefit, and one that should give Sun and Solaris an edge on Linux if zones pan out to be as useful and safe as they sound. With VMware's GSX Server costing $2,500 for a two-way Xeon machine, virtual partitioning in the Intel space has not exactly spread like wildfire. The ability to run zones and get the kind of resource isolation that IBM's legendary MVS and OS/400 subsystems have offered for decades is a serious differentiator. Dynamic domains were of limited interest since they were only available on expensive Starfire and Sun Fire servers. The cheaper V series UltraSparc-III servers from Sun do not support domains, and hence their lower price tags.
There is one other neat feature of zones that will make them appealing. Solaris 10 will have single node failover, which is akin to an IBM subsystem that can restart its applications when they crash. Right out of the chute, Sun will not be able to support high availability failover clustering across two linked zones, but the Solaris team is working with the Sun Cluster and Solstice teams to make that happen.
Moffitt says that the zones feature of Solaris 10, which is also being called Solaris Next since Sun may change the naming of the product, will be available in beta through the Solaris Express program starting in the first quarter of 2004. The formal beta of Solaris 10, which is being called a "customer acceptance release," will begin in early 2004. Solaris 10 is expected to be delivered as a finished product in the fourth quarter of 2004, perhaps in the October timeframe if the word on the street is right.
|Printer friendly Cite/link Email Feedback|
|Author:||Morgan, Timothy Prickett|
|Date:||Dec 3, 2003|
|Previous Article:||Microsoft to Expand Technology Licensing Program.|
|Next Article:||SAP Gets Vertical Over Standards.|