|
Sun Ponders the Future of Virtualized Solaris
Published: November 2, 2006
by Timothy Prickett Morgan
Server virtualization is all the rage these days, and there are so many ways to slice and dice a physical server into virtual or logical machines that it is hard to keep track of all of the variants. But as Sun Microsystems plots out the course of its Solaris Unix variant, it is going to not only absorb as many virtualization techniques as possible, but it is also going to try to position Solaris as the best, secure wrapper to put around various kinds of hypervisors and virtualization techniques.
Only a few weeks ago, Sun divulged that it had created yet another new twist on the virtualization idea specifically for its "Niagara" Sparc T1 processors called Logical Domains, or LDoms for short. With LDoms, T1000 and T2000 servers can have an isolated logical partition that can be scaled down to the size of an individual processor thread on these servers. So, for instance, T2000 machine with all eight cores activated can support 32 logical partitions, since each core has four threads. Each LDom can run an entire instance of Solaris, including the kernel, a file system, and all the other parts of the Solaris environment. This makes LDoms distinctive from Solaris containers, which can slice a single server into hundreds of virtual private servers that are isolated in terms of applications and security, but which all have a shared Solaris kernel and file system underpinning them. LDoms will not be available in UltraSparc-based servers, only on the T1-based machines, and LDom support is due in the 11/06 update to Solaris, which is running a little late and is expected in early December.
While LDoms will be interesting and useful for T1000 and T2000 customers, native support for the open source Xen hypervisor will perhaps be a more broadly deployed, given the popularity of Sun's "Galaxy" Opteron-based servers. In the first half of 2007, according to Chris Ratcliffe, director of marketing for Sun's Solaris software products, Sun will have the Xen 3 hypervisor completely integrated into the commercial-grade Solaris operating system; if you want to test it out on X86 and X64 iron today, you can play around with the pre-release, open source version of the code at the OpenSolaris project.
Sun is picking up a theme from the VMware subsidiary of EMC , which last year announced a tool called the VMware Player. With VMware Player, users can move their virtual machines around and "play" them on any X86 or X64 machine. At the time, VMware conceived of VMware Player as not just a tool for using VMs, but also as a new means of distributing software--in essence, a virtualized stack of software would be put in a VMware format and distributed using VMware Player, making this a virtual shrink wrapped box.
According to Ratcliffe, Sun is also thinking virtual machines are a means of distributing software, a kind of rapid deployment methodology that, to its credit, Sun was talking about years ago when it started up its N1 sales pitch to dot-com customers. Ratcliffe says that Sun will be encouraging customers to use virtualization tools to wrap and distribute applications.
"A lot of the focus on virtualization has been on running multiple operating systems on a server," explains Ratcliffe. "We are working on delivering pre-built stacks that are not just software on a DVD, but a set of fully integrated, pre-tested, and actually running software. We think this is the most interesting part of virtualization, and that it will become the standard way of deploying software. It will let you go from a dead, cold system to a running system in seconds."
Another thing that Sun is working on is expanding its Solaris container technology so it will be able to support earlier releases of Solaris on a machine that is running the latest release. Unfortunately for the 1.5 million or so Sparc/Solaris boxes out there in the world (that's my estimate), Sun cannot allow Solaris containers on a Solaris 10 machines to support Solaris 9, 8, 7, or 2.6 applications. The guts of the Solaris kernel in those versions of Sun's Unix are so different that they cannot easily be made to share a kernel and file system, which is how Solaris containers work. But, the good news is that when the next version of Solaris comes out--say it is called Solaris 11--this version will be able to support Solaris 10 containers. And so will Solaris 12, Solaris 13, and so on be able to support Solaris 10 containers, too. In the future, customers could upgrade their systems and operating systems to a new version or release, but leave their applications alone on prior releases, not having to port and recertify them until they see a need to.
On the virtual and logical machine hypervisor front, Sun is also expecting some of the key features of the Solaris 10 platform to give it an edge over competing implementations of these same technologies. "Today, the rush is to make sure you have the right mix of hypervisor technology to run multiple operating systems," says Ratcliffe. "We think this is going to change. We think people are going to want more functionality in their hypervisors."
So when Sun rolls out support for the Xen hypervisor in the first half of 2007, expect the company to make a big deal about the DTrace system telemetry, its related predictive self-healing, and user rights management features, and various security features that are all part of Solaris 10 today. "The way we will implement Xen will bring the benefits of Solaris 10 to operating systems that do not have these features," says Ratcliffe. "So rather than trying to make Solaris the operating system of choice, Solaris becomes the strategic choice of hypervisors."
For example, customers will be able to, for example, run a DTrace on Windows applications running on a Galaxy box inside Xen virtual machines, and thereby be able to better tune them and perhaps boost their performance or reduce the amount of resources they consume.
Of course, a hypervisor is just a new kind of single point of failure, and Sun as well as its customers are well aware of this. So Sun will be creating virtual machine methodologies that will checkpoint and snapshot running VMs from time to time, offering customers a chance for recovery.
But this capability of snapshotting and moving whole stacks of software also presents an interesting dilemma. "If you can checkpoint an entire system and recreate it, is this a security risk," asks Ratcliffe.
Sun has already developed data labeling technologies in the Trusted Extensions to Solaris, which are coming in the 11/06 update, that won't allow people with the wrong clearances to see data on a screen or move it to peripherals. Virtual machines will need similar kinds of controls and tight security. You won't have to hack an operating system any more, but just steal the hypervisor and software stack and hack it later at your convenience.
RELATED STORIES
Sun Readies LDom Partitioning for Sparc T1 Servers
Solaris 10 with Trusted Extensions Readied for 11/06 Update
Sun Previews Next Rev of Solaris 10
Sun Finally Delivers ZFS and Linux Containers
|
