54754037 EMC PowerPath

8/13/2019 54754037 EMC PowerPath

1/29

EMC Power Path Solaris

Basically Multipathing is a fault-tolerance & performance enhancement technique

where there will be more than one physical paths between the computer and its

storage devices through the buses, controllers & switches. The product/software

released by M! for this purpose is M! power path.

"irst of all to use this software it needs to be installed and it can be downloaded from powerlin#

website . $nce it is installed and configured below are some of the commands for the

administration purpose.

% hen new luns are added, to chec# the newly added luns

#/etc/powermt display

#/etc/powermt display dev=all

'f it does not recogni(es then

#devfsadm ) this ta#es the luns to $* control.

To ma#e the configuration changes

#/etc/powermt config

To save the changes

#/etc/powermt save

To see all the devices and the logical device '+* of the dis#

#/etc/powermt display dev=all | more

To remove "ailed devices & all the old device entries

#/etc/powermt check

't shows the failed devices and as#s whether to delete the failed ones. "or eample

arning device path c0t1d2 is currently dead.

+o you want to remove it 3y/n/a/q45 y enter.

664hat happens if v!configd is disa"led

$ns%&Basically vconfigd is the veritas volume manager configuration daemon.'t maintains dis#

configuration and dis# groups in 7eritas volume manager. hen ever this 3vconfigd4 is disabled

it stops ta#ing requests from other veritas volume manager utilities for configuration changes and
http://unix4humans.wordpress.com/2010/12/06/emc-powerpath-clariion-array-solaris/http://unix4humans.wordpress.com/2010/12/06/emc-powerpath-clariion-array-solaris/

8/13/2019 54754037 EMC PowerPath

2/29

also stops updating the changes to the #ernel and configuration information stored on dis#. *o

when ever this is disabled, we cannot wor# under 7eritas 7olume Manager.

'( hat is )$

$*SE+( )$ )igh $vaila"ility is a technology to achieve failover with very less latency,

-ts a practical re.irement of data centers these days when cstomers e!pect the servers to

"e rnning 01 hors on all 2 days arond the whole 345 days a year sally referred as

01!2!345, So to achieve this6 a redndant infrastrctre is created to make sre if one

data"ase server or if one app server fails there is a replica 7ata"ase or $ppserver ready to

take&over the operations, End cstomer never e!periences any otage when there is a )$

network infrastrctre,

Array

'( hat is $rray

$( $rray is a grop of -ndependent physical disks to configre any 8olmes or +$-7

volmes,

*89

'( hat is the highest and lowest priority of SCS-

$( 9here are :4 different -7;s which can "e assigned to SCS- device 26 46 56 16 36 06 :6 ,

'()ow to find the * ? orld ide *ame( in solaris

$( #fcinfo h"a&port | grep *

9o see the model and firmware details

#fcinfo h"a&port

*ote % World Wide Name (WWN) are unique : byte identifiers in fibre channel which are

similar to the M8! 8ddresses on a 9etwor# 'nterface !ard 39'!4.

% World Wide port Name (WWpN); 't is a 9 assigned to a port on a "abric

World Wide node Name (WWnN),'t is a 9 assigned to a node/device on a "ibre

!hannel fabric

*89

8/13/2019 54754037 EMC PowerPath

3/29

84 >enerally the default '+ for *!*' =B8 is 1.

*!*'- *mall !omputer *ystem 'nterface

=B8 ; =ost Bus 8daptor

8/13/2019 54754037 EMC PowerPath

4/29

*$S *etwork attached Storage

-t accesses data on file level and prodces space to host in form of shared network folder,

main.cf 37!*4

'( hich two ways can the synta! of the main,cf file "e verified

$nswer( :( Can check manally 0 ( $t 8CS startp

Jeopardy (VCS)

'( 9here are three heart"eat connections6 two private and one low priority6 that are

configred and operational in a 8CS clster,

hat happens if "oth of the private heart"eat connections are nplgged

$nswer( 9he clster enters Beopardy state,

+isplay @oc#ed ?ser 8ccounts

'( - have 0

8/13/2019 54754037 EMC PowerPath

5/29

$% -t is possi"le to create non&glo"al Kones that rn the same S as the glo"al Kone6 which is

the S rnning on the system, -t is also possi"le to create a non&glo"al Kone that rns a

different operating environment from the glo"al Kone, 9he "randed Kone ?ArandL(

framework e!tends the Solaris Lones infrastrctre to inclde the creation of "rands that

contain alternative sets of rntime "ehaviors, 9he following types of non&glo"al Kones are

availa"le%

native%

9he defalt S CE and Solaris :< non&glo"al Kone is the native Kone, -t has the same

characteristics as the Solaris :< perating System or S release that is rnning in

the glo"al Kone,

-f yo have configred yor system with Solaris 9rsted E!tensions6 each non&

glo"al Kone is associated with a level of secrity6 or la"el, a"eled Kones can "e

configred starting with the Solaris :< ::/

8/13/2019 54754037 EMC PowerPath

6/29

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an " create a zone #hich shares ($inherits%) some& b't not all of 'sr& lib& platform&

sbin?

$% 9he original design of Solaris Containers assmes that those for directories are either

all shared ?GinheritedJ( or all not shared, Sharing some and not others will lead to

ndefined and/or npredicta"le "ehavior,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: o# do " get zones or containers?

$% perating systems "ased on the penSolaris code "ase may elect to inclde spport for

Kones, Sn provides Solaris :< and Solaris E!press6 each of which inclde complete spport

for Lones,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: What hard#are can 'tilize zones or containers?

$% Lones and resorce management are all software featre of penSolaris6 and "y

e!tension6 Solaris and other operating systems "ased on penSolaris, $s software featres6

they do not depend pon any specific hardware platform, $ny hardware that rns

penSolaris or one of its distros6 e,g, Solaris :

8/13/2019 54754037 EMC PowerPath

7/29

$pplications which re.ire direct access to certain devices6 e,g,6 a disk partition6 will

sally work if the Kone is configred correctly, )owever6 in some cases this may

increase secrity risks,

$pplications which re.ire direct access to these devices mst "e modified to work

correctly%

o /dev/kmem

o a network device

6. Starting with penSolaris "ild 32 and Solaris :< >/

8/13/2019 54754037 EMC PowerPath

8/29

$% hile the theoretical limit is over >6

8/13/2019 54754037 EMC PowerPath

9/29

Q: !an a zone incl'de m'ltiple zones (a/a $is the containment model hierarchical%)?

$% *o6 the model is strictly two&level% one glo"al Kones and one or more non&glo"al Kones,

nly the glo"al Kone can create non&glo"al Kones6 and each non&glo"al Kone mst "e

contained within the glo"al Kone,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an " a'tomate the process of entering system information& e0g0 #ith sysidcfg?

$% Oes6 after a Kone has "een installed6 copy a sysidcfg?1( file to the Kone;s /etc/sysidcfg

"efore the first "oot of that Kone,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an some local zones be in different time zones?

$% Oes, Each non&glo"al Kone has its own copy of /etc/defalt/init6 which contains thetimeKone setting, Oo can change the line starting with G9L=J, 9he recogniKed names of

timeKones are in /sr/share/li"/Koneinfo, @or e!ample6 Eastern Standard 9ime in the NS$ is

defined in the file /sr/share/li"/Koneinfo/NS/Eastern, 9o set a non&glo"al Kone;s timeKone to

that timeKone6 the line in /etc/defalt/init wold look like this%

9L=NS/Eastern

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an some non-global zones have different date andor time settings (i0e0 different cloc/s)?

$% $lthogh different Kones can ;"e; in different time Kones6 each Kone gets its date and time

clock from the same sorce, 9his means that the time Kone setting gets applied after thecrrent time data is o"tained from the kernel,

-f yo wold like the a"ility to have different clock sorces per Kone6 please add a call

record to +@E 5

8/13/2019 54754037 EMC PowerPath

10/29

6. Create and mont the filesystem in the glo"al Kone and se @S to mont it intothe non&glo"al Kone ?very safe(

. Create the filesystem in the glo"al Kone and se Konecfg to mont the filesystem intothe Kone as a N@S filesystem ?very safe(

A. E!port the device associated with the disk partition to the non&glo"al Kone6 createthe filesystem in the non&glo"al Kone and mont it, Secrity consideration% -f a

X"lockX device is present in the Kone6 a malicios ser cold create a corrpt

filesystem image on that device6 and mont a filesystem, 9his might case the

system to panic, 9he pro"lem is less acte with raw ?character( devices, 7isk devices

shold only "e placed into a Kone that is part of a relatively trsted infrastrctre,

. Mont a N@S filesystem directly into the non&glo"al Kone;s directory strctre?allows dynamic modifications to the mont withot re"ooting the non&glo"al Kone(

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: o# can " ma/e a #riteable 'srlocal in a sparse-root zone?

$% Nse one of the methods a"ove6 for e!ample%

glo"al# mkdir &p /path/to/some/storage/local/twilight

glo"al# Konecfg &K twilight

Konecfg%twilightR add fs

Konecfg%twilight%fsR set dir=/sr/local

Konecfg%twilight%fsR set special=/path/to/some/storage/local/twilight

Konecfg%twilight%fsR set

Konecfg%twilight%fsR end

Konecfg%twilightR commit

Konecfg%twilightR e!it

glo"al#


Q: !an " assign an S.3 meta-device& or a .eritas .ol'me& to a non-global zone?

$% ith Solaris :< :/

8/13/2019 54754037 EMC PowerPath

11/29

Q: !an "& and sho'ld "& import ra# devices into a non-global zone?

$% 9he Solaris Lones featre set provides the glo"al Kone administrator with the a"ility to

allow a non&glo"al Kone to access a raw device, 9here are many sitations where this will "e

the "est approach to solve a pro"lem, 9here are even sitations which re.ire sch se,

@irst6 however6 it is important to stress that there are sally other soltions that do not

re.ire direct device access, et;s discss this first,

ith regard to importing 8!8M devices into a Kone6 this is possi"le with 8!8M 5,

8/13/2019 54754037 EMC PowerPath

12/29

that re.ires access to raw disk partitions, 9he instrctor knows how to se Nni!6 "t does

not have a "ackgrond in Nni! system administration, @rther6 the instrctor will re.ire

se of the root accont to assist stdents, -t is possi"le that the instrctor cold make a

mistake6 or a malicios stdent cold a"se the raw disk access6 leading to a crash of the

kernel, 9his wold also stop all of the other non&glo"al Kones6 as well as the glo"al Kone, -f

the other Kones are rnning prodction software6 this re.est for raw disk access in a Kone

shold not "e flfilled, ther soltions shold "e prsed6 sch as creating an +A$C rolefor the instrctor which only gives the necessary privileges to the isntrctor;s Nni! accont,

ther e!amples mst "e Ydged "y their particlars6 e,g, a prodction data"ase program

which needs raw access, @actors to consider inclde%

ho will login to the Kone )ow trstworthy are they

-s this system protected from nathoriKed access "y a firewall

hat level of availa"ility is re.ired "y applications rnning in this Kone and in

other Kones


Q: !an " share an "4 reso'rce (e0g0 N"!& 56) bet#een containers?

$% Oes6 in fact6 that is the defalt model, Each container is assigned its own -P address6 "t

sally mltiple containers will share one *-C, @rther6 mltiple Kones may "e assigned

separate filesystems accessed throgh one )A$,


Q: !an zones in one comp'ter comm'nicate via the net#or/?

$% Aoth shared&-P and e!clsive&-P Kones can commnicate via the network, -n general6 aKone is assigned to se one or more network ports ?aka *-Cs(6 and network traffic to or

from other compters ses the assigned *-C?s(6 following standard -P rles,

*etwork traffic "etween two Kones on the same system may re.ire e!tra planning, -f a

Kone is an Ge!clsive&-PJ Kone6 its network packets will always leave the compter6 and

in"ond packets will always come from otside the compter, @rther6 an e!clsive&-P Kone

performs all of its own network configration6 inclding roting and -P filtering,

Aefore Solaris :< :

8/13/2019 54754037 EMC PowerPath

13/29

-nter&Kone network latency is e!tremely small6 and "andwidth is e!tremely high

Solaris -P @ilter can "e ena"led in non&glo"al Kones "y trning on loop"ack filtering

as descri"ed inSystem $dministration Dide% -P Services, @ilter rles are still

configred in the glo"al Kone,

-t is possi"le to configre roting to "lock traffic "etween specific Kones completely,


Q: o# do " modify the net#or/ config'ration of a r'nning zone?

$% @or shared&-P Kones6 the ifconfig?:M( command can "e sed in the glo"al Kone to modify

that Kone;s e!isting network configration or to add new logical interfaces to a Kone, )ere

are some e!amples that add6 and then delete a logical interface assigned to a Kone%

glo"al# ifconfig "ge< addif :0,:4>,0

8/13/2019 54754037 EMC PowerPath

14/29

$% Oes, $ Kone does not need a network interface in order to operate, -f yo don;t specify a

network interface when yo create the Kone6 it will still "oot correctly, -f an e!isting Kone

has "een given access to a network interface6 yo can se Konecfg?:M( to remove that

access6 "t if the Kone is rnning yo mst also either re&"oot the Kone or se ifconfig?:M(

to remove access ntil the ne!t re&"oot,

-t is also possi"le to allow a shared&-P Kone to access the network6 "t not commnicate with

other Kones on the same system, ne method is to set p a pair of rotes sing the G&reYectJargment to the rote?:( command, @or e!ample6 if one Kone has an -P address of $ddr:R

and the second Kone has an address of $ddr0R6 then the following commands will prevent

network traffic from passing "etween the two Kones, 9'ly ++;T

glo"al# rote add $ddr:R $ddr0R &interface &reYect

glo"al# rote add $ddr0R $ddr:R &interface &reYect


Q: 6re .6Ns s'pported in zones?

$% Oes, @or a shared&-P Kone6 the 8$* interface mst "e plm"ed in the glo"al Kone, $*

and 8$* separation are availa"le in an e!clsive&-P non&glo"al Kone,


Q: o# do " config're a defa'lt ro'te in a container?

$% @or a shared&-P configration% $ll rotes6 inclding defalt rotes6 mst "e configred

"y the glo"al Kone administrator, Ay defalt6 sch Kones se the glo"al Kone;s defalt

roter, Starting with Solaris :< :

8/13/2019 54754037 EMC PowerPath

15/29

$% $ll accesses to entries in lofs monted file systems map to their nderlying file system,

9herefore6 if a mont point is made availa"le in mltiple locations via lofs and it is in se in

any of those locations ?as a mont point6 a crrent working directory6 etc,(6 an attempt to

mont a file system at that mont point will fail nless the overlay flag has "een specified,


Q: o# can " mo'nt a filesystem into t#o or more different zones safely?

$% Create a directory in the glo"al Kone6 and remont it into each non&glo"al Kone sing

lofs, 9his will allow reading and writing from "oth Kones withot corrpting, -t;s the same

mechanism sed "y the atomonter in certain cases,


Q: o# can " create a zone #ith its o#n 'sr or root file system (a 1#hole root file system1)?

$% Ay defalt a Kone shares /sr and a few other directories with the glo"al Kone, -f a Koneneeds its own separate copy of /sr6 et al,6 yo mst tell Konecfg to not se the defalt

configration, 9o do this6 se the G&"J option on the GcreateJ s"&command of the

Konecfg?0( command,

-f yo do this6 yo mst specify each e!isting file system that yo do want to share with this

new Kone,


Q: o# can " restrict a zone (or a fe# zones) to one 56 (storage connector)?

Each Kone ses space in at least one disk partition its root directory and several others

?e,g, /etc( live there, $ll of these files are part of Solaris, -n addition6 each Kone can "e givenaccess to one or more file systems and/or one or more raw disks, Ay planning careflly6 yo

can configre one Kone so that all of its files and devices are accessi"le throgh one )A$6

and all of the storage of another Kone is accessi"le throgh a different )A$,


Q: !an a non-global zone N8S-mo'nt a file system that has been shared from its o#n global

zone?

$% *o, 9his may "e addressed in the ftre, )owever6 the filesystem can "e @S&monted

into the local Kone6 and6 if necessary6 the glo"al Kone can e!port the same filesystem via *@S

so that other compters can also access those files,


Q: !an a zone1s root directory be on a

8/13/2019 54754037 EMC PowerPath

16/29

Solaris :< :/7 client or server?

$:% $ Kone can "e an *9P server,

$0% 9he *9P client software sets the system time clock shared "y all Kones6 inclding the

glo"al Kone, Ay defalt6 non&glo"al Kones cannot do this, )owever6 the glo"al Kone

administrator can give a Kone the a"ility to change the system time clock with the

GsysXtimeJ privilege, Ae aware that this changes the time clock for all Kones,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an a zone be a N"S (a/a yp)& N"S& or =67 server?

$% Oes6 yes6 and yes,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an a zone provide net#or/ login via telnet& rlogin& rsh or ssh?
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=5102011http://www.opensolaris.org/jive/thread.jspa?messageID=197789&tstart=0http://blogs.sun.com/JeffV/date/20070905http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=5102011http://www.opensolaris.org/jive/thread.jspa?messageID=197789&tstart=0http://blogs.sun.com/JeffV/date/20070905

8/13/2019 54754037 EMC PowerPath

17/29

$% Oes6 yes6 and yes,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an a zone be an ftp server?

$% $ Kone can "e an ftp server6 "t it is not possi"le to se ftpconfig?:M( to set p a Kone to

"e an anonymo'sftp server, 9his is "ecase ftpconfig attempts to set p certain device

special files6 and a Kone does not have the necessary privileges,


Q: !an a zone r'n sendmail?

$% Oes,


Q: !an " 'se @ #indo#s in a zone?

$% 9here are a few different methods to se windows with Kones%

6. n the system console% at the login screen6 yo can choose G+emote )ostJ and enterthe hostname of the Kone, 9he windows login screen shold "e replaced with an

windows remote login screen,

0, $t the console6 logged into the glo"al Kone% yo can tell to allow remote

connections from the non&glo"al Kone6 telnet to that Kone6 and set the appropriate

environment varia"le so that sessions go to the glo"al Kone;s windows session6

e,g, Gsetenv 7-SP$O my&glo"al&KoneJ,

3, $t another system6 yo can login directly to the non&glo"al Kone6 and performsteps similar to the previos method,


Q: o# can " prevent one container from cons'ming all of the !7A po#er?

$% Nse the resorce management featres of Containers, 9his re.ires sing some

com"ination of the @air Share Schedler6 CPN caps6 assigned ?;dedicated;( CPNs6 and/or

7ynamicT +esorce Pools featres,

e" inks%

*on&Dlo"al Lone Configration ?verview(

@air Share Schedler ?verview(

CPN Caps

7ynamic +esorce Pools ?verview(


Q: What is the reso'rce gran'larity for !7A assignment to a container?
http://docs.sun.com/app/docs/doc/819-2450/z.config.ov-1http://docs.sun.com/app/docs/doc/819-2450/rmfss-1http://docs.sun.com/app/docs/doc/817-1592/ggeji?l=en&a=viewhttp://docs.sun.com/app/docs/doc/819-2450/rmpool-1http://docs.sun.com/app/docs/doc/819-2450/z.config.ov-1http://docs.sun.com/app/docs/doc/819-2450/rmfss-1http://docs.sun.com/app/docs/doc/817-1592/ggeji?l=en&a=viewhttp://docs.sun.com/app/docs/doc/819-2450/rmpool-1

8/13/2019 54754037 EMC PowerPath

18/29

$% @air Share Schedler% $r"itrary, @SS garantees a minim'mamont of CPN tiliKation6

so it doesn;t waste CPN cycles, E!cessive CPN se is only prevented if there is contention

for CPN resorces, Minima are specified "y GsharesJ and enforced "y the @air Share

Schedler, @or e!ample6 CPN share assignments cold "e :6 :/

8/13/2019 54754037 EMC PowerPath

19/29

where ZS)$+ES is the new nm"er of shares and ZL*E*$ME is the name of the Kone,

-n penSolaris and Solaris :< ?starting with 5/( similar methods can "e sed to change

the CPN cap6 +$M cap6 8M cap and shared memory cap,

e" inks%

+esorce Controls

Nsing the prctl Command@air Share Schedler ?verview(

prctl?:(


Q: !an s#ap space 'sage be managed?

$% 9he entire swap partition is treated as a single glo"al resorce to processes rnning in

"oth glo"al and non&glo"al Kones, Aefore Solaris :< >/

8/13/2019 54754037 EMC PowerPath

20/29

&n specifies the name of the resorce to get or set

&r specifies a replace operation

&v specifies the new vale for the resorce

&i specifies the owning process6 task or proYect of the resorce,


Q: !an " bind a zone to a pool?

$% Oes6 "t in penSolaris and Solaris :< >/

8/13/2019 54754037 EMC PowerPath

21/29

$% Oes6 yo can, )ere is the command?s( yo wold se%

-f yo don;t care which CPNs yo move from a processor set the command wold

"e%

poolcfg &dc Gtransfer 0 from pset pset: to pset0[

which will move any two processors from pset: to pset0

&d operate directly on the kernel state&c this signifies the command

-f yo want to move a specific CPN?s( here is the command%

poolcfg &dc Gtransfer to pset pset0 ?CPN /

8/13/2019 54754037 EMC PowerPath

22/29

one Control DN-

9he Lone Manager Command

Lonestat command reports on resorce sage and caps

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: o# do " create a zone?

$% @irst gather some information6 then se the Solaris Container Manager DN- or the

commands shown "elow, 9his is the simplest possi"le creation of a Kone that has network

access, Oo will need this information ?e!ample vales in parentheses%

6. *ame that yo choose for the Kone ?my&Kone(0, )ostname that choose for the Kone ?my&Kone(

3, *ame of the directory in the glo"al Kone where all of the Kone;s operating system

files will "e ?/Kones/KoneXroots/my&Kone(

1, -P address of the Kone ?:

8/13/2019 54754037 EMC PowerPath

23/29

glo"al# Koneadm &K KonenameR ninstall

glo"al# Konecfg &K KonenameR delete


Q: "s the ma2im'm n'mber of e2cl'sive-"7 zones limited to the n'mber of physical ethernet

ports?

$% *o6 if yo se 8$*s yo can have one per 8$* per port, 9o se the same "ase ;"ge

8/13/2019 54754037 EMC PowerPath

24/29


Q: " created a zone and booted it& b't it doesn1t #or/0 What sho'ld " do?

$% 9he most common pro"lem is that the Kone doesn;t have its system identification

information yet, Oo can determine if this is the pro"lem "y rnning Gps &fK J in the glo"al

Kone, -f the otpt only shows Ksched6 init6 and a ?3&4( processes related to SM@ ?/li"/svc/

\6 /sr/s"in/svccfg( then system identification is not complete, 9o complete this6 attach to

the Kone;s console "y rnning GKlogin &C J in the glo"al Kone6 pressing once6 and following

the instrctions,


Q: !an " add pac/ages to B'st the global zone (for e2ample& SCS net!onnect)?

$% Oes6 se pgkadd &D, *ote that if the SN*XPIDX9)-SL*E package parameter is set

to tre6 yo do not have to se the &D option


Q: =o zones boot a'tomatically& or m'st " boot each one man'ally every time the system

(re)boots?

$% 9he Kones ato"oot property determines whether the Kone is "ooted when the system

"oots, 9he glo"al Kone adminstrator can set the ato"oot property to GtreJ or Gfalse,J 9he

Kones service svc%/system/Kones%defalt mst also "e ena"led,


Q: Sho'ld " halt a system1s zones before applying patches?

$% 9here is no need to do this, -n fact6 the package and patch tools will perform their

operations on all Kones that are rnning6 as well as all Kones that are not crrently rnning

"t are capa"le of "eing "ooted ?e,g, they are at least in the GinstalledJ state(, 9he rnning

Kones are operated on first6 and then for each Kone that is not rnning "t can "e "ooted6

the Kone is "ooted6 the operation is performed6 and the Kone is then halted,


Q: Where does a zone1s syslog o'tp't go?

$% Ay defalt the syslog otpt from a Kone goes only into the Kone;s syslog file, -f yo

wold like the otpt to also appear in the glo"al Kone;s log files6 configre the non&glo"al

Kone;s loghost to "e the glo"al Kone,


Q: " removed a device from a zone& b't it1s still there0 Why& and ho# do " get rid of it?

8/13/2019 54754037 EMC PowerPath

25/29

$% 9his is "g 14334>, 9he crrent ?@e" 0

8/13/2019 54754037 EMC PowerPath

26/29

Q: What is the defa'lt net#or/ing service config'ration of a non-global zone #hen it is

installed?

$% n Solaris :< systems6 the traditional open configration is installed, n S systems6 the

limited networking configration is installed,

Oo can switch the Kone to either networking configration "y sing the netservices

command6 or ena"le and disa"le specific services "y sing SM@ commands,


Q: o# do " clear a h'ng non-global zone?

$% +e"oot the glo"al Kone,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an " access one zone from another zone?

$% nly throgh -P connections6 e,g, telnet6 rlogin,


Q: !an " 1s'1 from one zone to another?

$% *o6 this wold violate the secrity implementation of Kones, -n this conte!t6 think of

Kones as separate compters yo can;t ;s; from one Nni! compter to another,

Oo canse the Klogin?:( command to login to a non&glo"al Kone from the glo"al Kone, Oo

mst have all privileges?5( to se Klogin,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: !an " prevent the root acco'nt in one zone from affecting other zones?

$% Aecase each container has its own namespace6 each container has its own root accont,

Each Kone;s root accont is na"le to access other containers in any way,


Q: !an programs r'nning in one zone change the operation of programs r'nning in another

container?

$% $ great deal of design work was done to prevent containers from affecting each other, Ay

defalt it is very difficlt for one local Kone to affect another Kone6 "t it is possi"le, -t is also

easy for the glo"al Kone administer to configre containers nsafely, Consider these factors%

@irst6 there are no known methods for one ser ?even root( in one local Kone to

;"reak into; another Kone ?glo"al or non&glo"al(,

)owever6 a modern compter has many resorces6 some of them real6 some virtal,

7enial of Service attacks often attempt to se all of the instances of a virtal

8/13/2019 54754037 EMC PowerPath

27/29

resorce, ne early attack on Nni! systems was creating so many processes that all

of the P-7s were in se6 preventing the creation of new processes, 9here are now

methods to prevent those attacks6 and those methods atomatically apply6 or have

"een applied to6 Kones, -n some cases the method of prevention incldes the manal

se of Solaris featres6 e,g, proYects,

Ay defalt it is difficlt to disrpt operation of Kones, )owever6 the glo"al Kone

administrator can make it easier for a non&glo"al Kone ser to impact operation ofone or more other Kones6 even the glo"al Kone, 9ry to avoid assigning disk devices

directly to non&glo"al Kones% the root ser of that Kone might "e a"le to take

advantage of this to case a SCS- "s reset or even panic the kernel, $lso6 avoid

assigning the same device or file system to mltiple Kones nless needed to achieve a

specific goal, -f that is necessary6 ensre that all of the software in those two Kones

will o"ey a synchroniKation mechanism when sing the device or file system,

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: o# do " prevent a 1for/ bomb1 from affecting all of the zones?

$% $ ;fork "om"; is a process which creates ?forks( as many child processes as possi"le6

attempting to se p all of the virtal memory or P-7s in a system6 reslting in a 7enial of

Service to other sers, -f yo wold like to prevent someone from doing this in a non&glo"al

Kone6 add this to a Kone;s configration6 sing Konecfg?:M(%

add rctl

set name=Kone,ma!&lwps

add vale ?priv=privileged6limit=:

8/13/2019 54754037 EMC PowerPath

28/29

this6 that Kone cold lock down enogh memory that the glo"al Kone inclding

platform management tools cannot fnction properly,

-n Solaris :< 5/ and later6 yo shold set that limit with the following command%

glo"al# Konecfg &K myKone

add capped&memory

set locked=1g

end

e!it

*ote that common memory&siKe sffi!es can "e sed% k or I ?kilo"ytes(6 m or M ?MA(6 g or

D ?DA(6 etc, See Konecfg?:M( for more details,

-n Solaris :< >/

8/13/2019 54754037 EMC PowerPath

29/29

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

Q: What are zone1s strengths compared to other server virt'alization sol'tions?

$% Solaris Lones have many strengths relative to other server virtaliKation soltions6

inclding%

Cost% Kones are a featre of the operating system, 9here is no e!tra charge for sing

them,

-ntegration% Lones are integrated into the operating system6 providing seamless

fnctionality and a smooth pgrade path,

Porta"ility% Lones are not tied to any one hardware platform, $s a device&

independent featre set of penSolaris6 their fnctionality is e!actly the same on all

hardware to which penSolaris has "een ported,

"serva"ility% 9he Dlo"al Lone has visi"ility into all activity in all Kones6 inclding

viewing process and network activity6 system&wide acconting and aditing6 etc,

9his makes it possi"le to find performance pro"lems and resolve inter&Kone

conflicts6 "oth of which are e!tremely difficlt pro"lems on most other S8 soltions,

-t is even possi"le to re&host applications typically fond on different systems ?e,g,

we" server and app server( on different Kones in the same system6 and then se

79race to analyKe their interactions,

Managea"ility% Oo can manage all of the Kones on one system as one collection6

rather than as separate servers, 9his incldes adding packages and patches once per

system6 not once per Kone,

Sn 7ynamic System 7omains


Q: 6re containers li/e .3#are?

$% 9hey are only vagely similar, Aoth technologies are very sefl for consolidating

servers, )owever6 the "asic model is different% Containers form isolated application

environments that share one S instance6 while 8Mware hosts mltiple S instances, 9he

differences also inclde%

Containers are only availa"le for Solaris :< and S *evada, 8Mware spports

Solaris6 Microsoft indows and in! clients6 simltaneosly,

8Mware ses a great deal of CPN capacity managing the mltiple environments,

CPN overhead of containers is hardly measra"le ?typically :Q( for a few Kones or

even doKens of Kones6 depending somewhat on the applications,

Containers do not have any financial cost "eyond Solaris license and/or spport

costs, 8Mware for prodction environments costs thosands of dollars6 and alicense is necessary for each indows or +) instance hosted on top of 8Mware,

'()ow to find Dlo"al Kone name from local Lone

$( @rom the ocal Lone +n 9he following command

# arp a | grep SP

Documents

54754037 EMC PowerPath