What You See Is What You Get Element

Building a Cloud-Based Data Center with Oracle Solaris 11

Part 1 - What's Involved

by Ron Larson and Richard Friedman

This article discusses the factors to consider when building a cloud, the cloud capabilities offered by Oracle Solaris 11, and the structure of Oracle Solaris Remote Lab, an Oracle implementation of an Oracle Solaris 11 cloud. This is the first in a series of articles that show how to build a cloud with Oracle Solaris 11.


Published March 2014


Why a Cloud? And Why Oracle Solaris 11?

By now, it has become obvious that the cloud model provides enterprise data centers with significant cost savings. By sharing pooled resources, cloud computing offers increased hardware utilization and high efficiency, while also providing elastic scalability and fast deployment of applications and services.

Want to comment on this article? Post the link on Facebook's OTN Garage page.  Have a similar article to share? Bring it up on Facebook or Twitter and let's discuss.

What might not be immediately obvious is how easy and cost-free it is for an IT department to create a cloud infrastructure with Oracle Solaris 11. All the technologies needed to create a cloud are already part of the operating system (OS) or are easily downloadable, and they work directly without modification.

In this series of articles, we will explore the general business needs solved by a cloud model, and show how creating a cloud infrastructure can be accomplished simply and easily with Oracle Solaris 11.

Cloud Benefits—Solving Business Needs

Efficiency and cost savings are the primary benefits of consolidating an IT center's infrastructure as a cloud. With a pool of shared computing resources made available over a public or private network, users can be up and running in minutes. Contrast that with the weeks or months required for a classic data center to acquire, install, and implement new dedicated servers. Consolidating servers and storage through virtualization simplifies management, improves resource utilization, and streamlines conformity to security and compliance standards.

A dynamically scalable grid architecture that automatically responds to changing demands makes the cloud a very compelling solution compared to the traditional data center.

In the most general terms, cloud virtualization brings significant benefits to business data centers, including

  • Increased efficiency—Pooling resources through clustering and server virtualization offers a high degree of resource sharing, reduces complexity and operational costs, and, by balancing workload over a smaller data center footprint, improves total hardware utilization.
  • High availability—Redundancy through server clustering and data storage mirroring reduces the risk of outages and downtime due to hardware failures or system upgrades, and ensures continuous operation and a high quality of service.
  • Elastic scalability—Virtualization allows dynamically changing workloads to be reallocated to their own virtual machines. Dedicated resources can easily be managed and reassigned as needed to isolate I/O- or CPU-intense applications. With virtual clustering, dedicated zone clusters can be configured to run specific business applications according to predefined management policies.
  • Rapid deployment—By virtualizing the building blocks of the data center (the servers, storage and networks), standard application environments can be deployed rapidly and easily, greatly reducing, even eliminating, the need to install, configure, or modify physical components.

But first, we need to clarify some of the concepts and models implied by the term cloud computing.

The Cloud as Multitier Data Center Virtualization

When we talk about "the cloud," we are actually talking about a cluster of servers managed through server virtualization as a pool of shared compute, storage, and network resources. This is in contrast to the more traditional data center built of individual discrete components, such as a particular host machine, storage device, network connection, or application.

With server virtualization, virtual hosts, virtual storage, and virtual networks can be created, allocated, and deallocated as needed, increasing hardware utilization and offering greater operating flexibility.

Virtualization is the key. To users, it appears as if they have their own private server somewhere on the internet or within a company's private cloud. They really do not need to know where the server is physically located, what it looks like, or how to maintain it. It's just there as long as they need it. In reality, the host OS has spawned itself into shared environments that appear to multiple simultaneous users as their own fully functional and private virtual computer.

Make this capability available to users over the global internet and you have a public cloud. Bring this capability inside an enterprise's network and make it available only to employees and trusted partners and customers, and you have a private cloud. Hybrid clouds, which combine components of both public and private clouds, are also possible.

As we'll soon see, Oracle Solaris 11 provides the technologies a system administrator needs to virtualize all the physical elements in a data center including storage, OS, and networking. In the most general terms, the following three basic virtualization models—two of which are software-based and one of which is hardware-based—can be used individually or in combination to create cloud infrastructures that offer a wide range of capabilities and complexity:

  • OS virtualization with Oracle Solaris Zones
  • Virtual machines (VMs)
  • Physical (hardware) domains

OS Virtualization with Oracle Solaris Zones

OS virtualization with Oracle Solaris Zones provides one or more isolated execution environments under a single OS instance. Each environment contains what appears to be a private copy of the OS in its own container, or zone. Zones offer near-native performance and flexibility, and present a much smaller resource footprint than either virtual machines or physical domains.

Zones are easy to create and provide an isolated and secure environment for running applications. Processes that run in a zone are isolated from the rest of the system. This prevents processes running in one zone from monitoring or affecting processes running in other zones, even if the processes have root credentials within their own zones. Resource allocation prevents processes in one zone from interfering with the performance of processes in other zones on the same server. Because zones do not introduce a software layer between applications and the OS, they can provide near-native performance by eliminating overhead.

Virtual Machines

Virtual machines make it possible to run multiple operating systems over a single hardware kit. Each VM a user creates runs its own OS, which need not be the same as that of the host system, and each isolated OS instance can be stopped, restarted, and rebooted independently. Active VMs can be migrated to another physical machine without interruption.

Oracle Solaris 11 supports this virtualization model through Oracle VM Server for SPARC (previously called Sun Logical Domains), Oracle VM Server for x86, and Oracle VM VirtualBox.

Oracle VM Servers rely on a hypervisor, a thin software layer that subdivides and partitions server CPUs, memory, I/O, and storage resources among VMs. CPU threads running in VMs achieve native performance. Virtualization overhead is higher in this model than with Oracle Solaris Zones, since it typically takes longer to create, provision, and manage the VMs.

Physical Domains

Hardware partitions, also known as physical domains, provide physical separation between the running OS and its resources and power. Because this model does not use a hypervisor, it provides bare-metal performance along with the most isolation, but resource configuration is much less flexible than with either virtual machines or Oracle Solaris Zones.

As the name implies, hardware partitioning is a feature designed and built into the server hardware itself. Oracle provides this type of virtualization in Oracle's SPARC Enterprise M-Series servers.

The Cloud as a Service

Currently, three service models drive cloud building: software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). How the cloud is to be used determines which service model is appropriate to deploy.

  • SaaS—SaaS generally refers to applications that are delivered to end users over the internet within a browser or specialized application. There are hundreds of SaaS providers covering a wide variety of applications. Oracle Cloud, Salesforce.com, and Google Apps are examples of the SaaS model in a public cloud.
  • IaaS—With IaaS, a complete computing hardware and software environment (servers, storage, network, and OS) is made available as a service over a network. Amazon Web Services, for example, offers Elastic Compute Cloud (EC2) for compute servers, SimpleDB for database, and Simple Storage Service (S3) for storage.
  • PaaS—The PaaS model provides an application development and deployment platform as a service to developers, allowing them to quickly build and deploy a SaaS application for end users. These platforms typically include database and middleware, and are often specific to a language or API. For example, Google AppEngine is based on Java and Python, EngineYard is based on Ruby on Rails, and Force.com uses a proprietary variation of Java.

Choosing the Virtualization Model That Fits

The best virtualization model is the one that best matches project requirements. The following list maps various environments to the virtualization models, and Table 1 describes some pros and cons:

  • Virtual machines provided through Oracle VM VirtualBox—Best for developers working on their own desktops or within remote virtualized servers, but clearly not a model for building data centers
  • Virtual machines provided through Oracle VM Servers—Best for development environments or environments where multiple operating systems need to be deployed over one infrastructure, and where application performance and security are not a top concern
  • Oracle Solaris Zones—Best for production environments requiring efficiency and high performance for mission-critical enterprise applications
Table 1. Pros and Cons of Virtualization Models
Virtualization Model Pros Cons
Virtual Machines
  • Each VM can run a different OS.
  • Equipment can be directly allocated to a VM.
  • Users have root password access, which grants them "bare metal" management of their VMs.
  • Not as dynamically flexible as Oracle Solaris Zones
  • Has more overhead than Oracle Solaris Zones
Oracle Solaris Zones
  • Very low overhead.
  • Very fast creation and management.
  • Very dynamic.
  • All zones on a server run the same version and release of Oracle Solaris.
  • While users can have root access within their zones, they cannot execute commands that require "bare metal" access, such as formatting mass storage.
  • All zones on a server run the same version and release of Oracle Solaris.

Advantages of Creating a Cloud Using Oracle Solaris Zones

Oracle Solaris Zones provide a really quick and efficient way to create a cloud.

Oracle Solaris Zones virtualization is often referred to as lightweight virtualization because the overhead for running applications in zones is minimal. A global zone runs the Oracle Solaris kernel, device drivers, and the rest of the OS. Users are assigned non-global zones in which to run applications. These non-global zones are isolated from each other and are unable to modify or impact the shared global zone, and they appear to users as their own Oracle Solaris installation with its own file system, network addresses, and so on.

Because there is no virtualization layer in the non-global zones, high performance is easily attained. And while non-global zones run the same version of the OS as the global zone, Oracle Solaris 11 "branded" zones can be created for legacy applications that run in Oracle Solaris 10, Oracle Solaris 9, or Oracle Solaris 8 Containers.

Oracle Solaris Zones technology is fully integrated into Oracle Solaris 11, permitting secure, delegated administration of zones and better integration with ZFS and with resource management products. For example, zones can be easily created and managed from the command line or through the GUI of Oracle Enterprise Manager Ops Center.

The article "How to Get Started Creating Oracle Solaris Zones in Oracle Solaris 11" shows how easy it is to create, install, boot, and automatically configure Oracle Solaris Zones, creating a ZFS data set and network. The article also demonstrates how to add an application to a zone using the Oracle Solaris Image Packaging System and then clone the zone to create a new zone that has the same configuration.

Oracle Solaris Remote Lab—An Overview

Oracle Solaris Remote Lab provides a good example of how to achieve a business solution by building a cloud with Oracle Solaris 11. The Lab is a benefit of Oracle PartnerNetwork (OPN) members at the Gold level and above who are also members of the Oracle Solaris Knowledge Zone, and it provides them with live, web-based environments running the latest major release of Oracle Solaris, which they can use for testing and validating their applications.

Oracle Solaris Remote Lab

Figure 1. Oracle Solaris Remote Lab

To test and verify their applications on the Lab, developers typically will do the following:

  1. Determine the servers, database, and client configuration needed to install and test their application, and then create the corresponding Oracle Solaris Zones in the Lab.

    Note: Step 1 of Figure 1 states "Check out Virtual Machines." As explained earlier in this article, Oracle Solaris Zones perform a function similar to virtual machines and, therefore, can be thought of as virtual machines, but they are more lightweight and powerful.

  2. Upload the installation files and any data files required for testing.
  3. Install the application.
  4. Run the verification tests.
  5. Download the results of the tests to their local systems.
  6. Review the results.

Developers will iterate steps 3 through 7 to tune and improve their application for best performance.

The Lab is based on the cloud technologies that are at the core of Oracle Solaris 11. It is a virtual lab that grants users remote access through a secure web browser to virtual machines created as Oracle Solaris Zones. Instantly, users can have access from anywhere, anytime, to a secure and isolated testing environment running Oracle Solaris 11. They can create their own zones easily with a single click, avoiding the need to acquire, build, and provision servers for their own test environments—a significant savings in cost and time.

These ready-to-use virtual machines are implemented at the Lab as either SPARC-based or x86-based Oracle Solaris Zones, with Oracle Database, Oracle Fusion Middleware, and/or Oracle Solaris Studio preinstalled. Oracle Secure Global Desktop provides access to users' zones through command-line terminal sessions or full-screen Oracle Solaris desktops. Oracle Secure Global Desktop also provides remote file transfer capabilities between users' local systems and their assigned secure storage at the Lab.

Let's take a quick look to see how all this was put together to create a public cloud. Later articles in this series will get into some of the details.

Oracle Solaris Remote Lab Virtualization

As a developer cloud, the Lab relies on the virtualization technologies native to Oracle Solaris 11. Resource sharing through virtualization greatly improves the total utilization of the lab's back-end compute and storage servers. The Lab implementation of compute, data, and network virtualization uses Oracle Solaris Zones, the ZFS file system, and Oracle Solaris 11 network virtualization technology.

Oracle Solaris Zones

The Oracle Solaris Remote Lab implementation uses Oracle Solaris Zones extensively. NFS servers and Oracle Secure Global Desktop servers are all implemented in Oracle Solaris Zones. New zones are created by cloning existing zones, which copies all the source zone's properties and provisioning. The new zone includes all the changes and configurations that were made to customize the source zone. Zone cloning requires very little overhead and significantly less time than fresh creation of a new zone, and it provides users with immediate access to ready-to-use zones that are already configured with application software such as an Oracle Database instance or Oracle Fusion Middleware.

Oracle Solaris 11 ZFS File System

ZFS is the default file system for Oracle Solaris 11 and for Oracle Solaris Remote Lab. With its self-healing capabilities, transparent encryption, and snapshot features, ZFS simplifies the deployment and management of petabyte-scale storage. ZFS introduces the concept of a virtual storage pool, which decouples the file system from physical storage in the same way that virtual memory abstracts the address space from physical memory, allowing for much more efficient use of storage devices. The details will be described in a later article.

The Oracle Solaris Remote Lab Front End

A web-based portal provides the main entryway into the Lab. Users log in to their dashboard from any web browser to manage their virtual machines (as Oracle Solaris Zones), open terminal sessions or full-screen Oracle Solaris desktops, and initiate file transfers.

Creating, Rebooting, and Deleting Zones

From their dashboard, users can create up to five virtual machines (zones), which can be either x86 or SPARC machines or a combination of the two. The dashboard also allows users to reboot within seconds and delete their zones securely.

Each zone has 4 GB of RAM and 10 GB of disk space, and users can select to create zones from a library of Oracle Solaris 11 images that have provisioned database or middleware software preinstalled.

Requests to create a new zone are added into a work queue in the front end. Provisioning of the zones is done in the back end, where one of several servers initiates and creates the zone, which is ready for use within a few minutes.

The work queue, a MySQL database, provides the main communication channel within the Lab. It acts as a queuing system where all the requests for the back end provisioning services are recorded. Java agents from servers in the back end regularly poll the database looking for any outstanding job requests they can perform.

User Access

To access their zones, users open terminal sessions or full-screen Oracle Solaris 11 desktops from their dashboard. The implementation is with Oracle Secure Global Desktop, which uses a remote display protocol (Adaptive Internet Protocol, or AIP) to provide secure remote access to desktop applications remotely from a variety of systems and mobile devices. Oracle Secure Global Desktop provides excellent performance even over high-latency WAN links.

When a user registers with the Lab, an Oracle Secure Global Desktop server zone is created and assigned to the user. It occupies the unique VLAN where the user's zones were also assigned, which is connected to an Oracle Secure Global Desktop Gateway in the front end of the lab. The gateway directs user network traffic to the correct user VLAN and zones.

Transferring Files and Data

An NFS server implements permanent data storage at the Lab through a shared directory, /data, which is mounted in a dedicated NFS server zone that appears in each user's zone. Sharing data between a user's zones is just a matter of copying files to and from /data.

File transfers between a user's local computer and the Lab zones are handled by file upload and download mechanisms that utilize the dedicated NFS server zone created for the user. The upload mechanism permits transfer of files from a user's local system or device to the shared /data directory, making the files accessible to all of the user's zones. Similarly, downloads to a user's local machines are accomplished by placing the files to be transferred in the /data directory and initiating a file download from the dashboard.

Security

A developer cloud requires that every user's data, applications, and network remain private. Since virtualization is all about resource sharing, providing a high level of security is critical. At the same time, the integrity of the entire system should be protected at all times from attacks by intruders.

A significant level of security is achieved at the Lab by isolating not only front-end and back-end servers from one another, but also by the virtualization technologies utilized. Data, compute resources, and network security were major concerns in the design of the Lab. A later article will explain how each was handled.

Management of the Oracle Solaris Remote Lab Developer Cloud

Administration of a developer cloud such as the Lab includes user account management, software package management, resource auditing, and operations monitoring. The entire user experience is provided by scripts that do everything from handling user login/logout to creating and deleting virtual machines and updating the installed software. A later article will describe how all these features were implemented using standard Oracle Solaris 11 components.

Conclusion

In this article, we've described some of the basic virtualization components of Oracle Solaris 11 used in building a cloud service. And, we introduced Oracle Solaris Remote Lab as an example of a cloud that provides users with a controlled virtual environment to test and validate their applications.

In our next article, we take a look at how Oracle Solaris 11 provides data security for Oracle Solaris Remote Lab.

See Also

About the Authors

Ron Larson is a forty-five-year veteran in the computing industry with extensive experience in computer and software systems design, prototyping, and implementation. He is currently the project manager for the Oracle Solaris Remote Lab project.

Richard Friedman is a freelance technical writer with over thirty years of experience working in high-performance computing, software application development, and programming languages

Revision 1.0, 03/17/2014

Follow us:
Blog | Facebook | Twitter | YouTube