Solaris LDOM vs Zones

Sun Logical Domains or LDoms is a full virtual machine that runs an independent operating system instance and contains virtualized CPU, memory, storage, console, and cryptographic devices.

This technology allows you to allocate a system resources into logical groupings and create multiple, discrete systems, each with their own operating system, resources, and identity within a single computer system. We can run a variety of applications software in different logical domains and keep them independent of performance and security purposes.

A zone is a virtual operating system abstraction that provides a protected environment in which applications run. The applications are protected from each other to provide software fault isolation. To ease the labor of managing multiple applications and their environments, they co-exist within one operating system instance, and are usually managed as one entity.

LDOMs allow you to assign your hardware to different virtual hosts for exclusive use. Say you have a T5220 with an 8-core CPU. You could create 8 LDOMs and assign a core to each. Each core will be for the exclusive use of the domain you assigned it to, regardless of the load on the other domains. With zones/containers, all zones can use any CPU core/thread that they need when they need it. Limits can be set as far as how much CPU they use, but you cannot specify which CPU/core/thread they are to use.

With LDOMs you get an OBP per domain that can be configured independently from the others. Zones don't have OBPs.

You can "brand" a zone as a Solaris 8 or Solaris 9 zone (and I understand RHEL as well), running an instance of either OS on top of Solaris 10. This is useful in those cases when you are refreshing hardware but app vendors only support their apps on the older OSs. You can't "brand" an LDOM, but you can create a branded zone inside an LDOM.

Root on the global zone can see all of the file systems on each zone. Root on the primary domain cannot see the files systens on the domains.

Solaris Containers (Zones)

  • No special hardware required
  • Single OS image
  • Sub-CPU resource granularity
  • Shared kernel, memory, file systems (configuration, resources and management)
  • Solaris only (excluding Linux branded zone on x86)
  • CPUs can be shared
  • Works on all systems
  • Virtually unlimited partitioning (max is 8191 non-global zones)
  • Single system patch level
  • Most admin operations can be applied to all containers in a single operation
  • Very little performance overhead for zone infrastructure

Logical Doains (LDoms)

  • Sun4v systems only
  • Multiple OS images
  • Multiples of CPU granularity
  • Dedicated kernel, memory, file systems
  • Can support other OSes
  • CPUs can not be shared (CPUs here refers to a strand/thread)
  • Currently available on Tx000, T5xy0 only
  • Partitioning limited to number of CPUs
  • Multiple and different patch and release levels possible
  • Each LDom must be fully managed separately