System News
back1 2 3 4 5 6 7 8 9 10 11 next
Articles for the keywords: zones
26 May 2014 Security Access Control With Solaris Virtualization [36634]
By Thierry Manfe

Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology - a.k.a. Project Crossbow - can be used to control outbound traffic from Solaris Zones.
(Get More Information . .) open to premium members only

23 May 2014 Overview of Solaris Zones Security Models [36519]
By Darren Moffat

Darren writes, "Over the years of explaining the security model of Solaris Zones and LDOMs to customers "security people" I've encountered two basic "schools of thought". The first is "shared kernel bad" the second is "shared kernel good".

Which camp is right ? Well both are, because there are advantages to both models.

If you have a shared kernel there the policy engine has more information about what is going on and can make more informed access and data flow decisions, however if an exploit should happen at the kernel level it has the potential to impact multiple (or all) guests.

If you have separate kernels then a kernel level exploit should only impact that single guest, except if it then results in a VM breakout..."
(Get More Information . .) open to premium members only

19 May 2014 How to Set Up a Hadoop 2.2 Cluster From the Unified Archive [36518]
By Orgad Kimchi

Orgad writes, "Learn how to combine an Apache Hadoop 2.2 (YARN) cluster using Oracle Solaris Zones, the ZFS file system, and the new Unified Archive capabilities of Oracle Solaris 11.2 to set up a Hadoop cluster on a single system.

Also see how to configure manual or automatic failover, and how to use the Unified Archive to create a 'cloud in a box' and deploy bare-metal system..."
(Get More Information . .) open to premium members only

05 May 2014 Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .) open to premium members only

05 May 2014 Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .) open to premium members only

 
back1 2 3 4 5 6 7 8 9 10 11 next






News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998

!-- end archive_section.tpl -->