Security Advantages of the Solaris Zones Software

Security Advantages of the Solaris Zones Software

by Dr. Christoph Schuba
December 2008

Virtualization is emerging as an important tool as organizations look to consolidate redundant and aging infrastructure and create a more agile and cost-effective datacenter. Indeed, virtualization technologies can help organizations quickly recover from disasters, reduce time to market for new services, and better utilize existing infrastructure to reduce space, power, and cooling requirements. It can help increase service levels while delivering security that once required the use of individual servers. In particular, operating system (OS) level virtualization allows multiple applications to share the same operating system instance while providing separate security domains for each application.

Contents

  • Chapter 1. Introduction
  • Chapter 2. Solaris Zones Architecture
    • Branded Zones
    • Labeled Zones
    • Zones and Networking
      • Shared-IP Zones
      • Exclusive-IP Zones
    • Zone Identity, CPU Visibility, and Packaging
    • Zones and Devices
  • Chapter 3. Getting Started with Zones
    • Zones Administration
    • Creating, Installing, and Booting a Zone for Apache HTTP Server
  • Chapter 4. The Security Advantages of OS Virtualization
    • Isolation and Encapsulation
      • Offering Replicated or Redundant Services Using Zones
      • Hardening a Web-Facing Web Server Using Solaris Zones
    • A Reduced Set of Privileges for Non-Global Zones
    • Benefits of Exclusive IP Stack Instances
    • Monitoring Events in Zones
      • Auditing Events in Non-Global Zones
  • Chapter 5. For More Information
    • About the Author
    • References
    • Ordering Sun Documents
    • Accessing Sun Documentation Online
About the Authors

Christoph Schuba studied mathematics and management information systems at the University of Heidelberg and the University of Mannheim in Germany. As a Fulbright Scholar, he earned his M.S. and Ph.D. degrees in Computer Science from Purdue University in 1993 and 1997, performing most of his dissertation research in the Computer Science Laboratory at the Xerox Palo Alto Research Center (PARC). Christoph has taught undergraduate and graduate courses in computer and network security, cryptography, operating systems, and distributed systems at San Jose State University, U.S., at the Universtitaet Heidelberg, Germany, at the International University in Bruchsal, Germany, and at Linkopings universitet in Linkoping, Sweden where he held the chair in information security.

Christoph has worked at Sun Labs since 1997, and most recently in the Solaris Software Security Organization at Sun. He holds 11 patents and is the author or co-author of numerous scientiļ¬c articles in computer and network security.

Rate this blueprint (Log In to vote.)
Choices Your Vote

Great

Good

Fair

Poor

Labels

new new Delete
blueprint blueprint Delete
security security Delete
virtualization virtualization Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact