Sync users on cluster nodes and solaris zones?

We're implementing a 4 node VCS cluster (Sun servers) with multiple solaris zones in operation within the various service groups. The zones will failover from node to node as required under the contr...

Best Practice

business continuity

Cluster Server

Configuring

Tip-How to

Virtualization

joseph_dangelo
13 years ago
The best reference for Solaris Zones relative to Storage Foundation HA is the Solaris Virtualization Guide.
https://sort.symantec.com/public/documents/sfha/5.1sp1/solaris/productguides/pdf/sfha_virtualization_51sp1_sol.pdf

As far as maintaining consistency, once thing to consider here are the two methods used to impelement zones for high availability.

1. Shared Zone Root with Zone and Application Failover
2. Local Zone Root with Application Failover Only

If the first example, a non-global zone will be essentially portable and subject to patching considerations when detached and attached to a different Global Zone/Physical host. This can be advantageous if your concern is in the number of "Operating/User Environemnts" and keeping that number to a minimum. Also with the use of CFS for a Zone root, you can completely remove the delay associated with failing over the zone root storage. One other advantage here is in the ability to create a "Golden Zone Image" (one that has not been configured) and use flashsnap to provision new environments very quickly. The disadvantage here is that you must be cognisant of the patch level on each Global Zone and avoid patch drift between the Global and Non-Global zones. The zone detach feature introduced in Solaris 10 8/07 can be as much a help as it is a hinderance in my opinnion.

The second example will mitigate all patching concerns as the zone root itself is not "portable" but rather localized to the physical host. This could still be a VxFS file system but not one that would be deported on imported on a reqular basis. The VCS configuration here would simply localize the Zone Name attribute in the ContainerInfo property for the service group to each Global Zone and thus only the application would failover. This would require an independent zone for each physical host and as such you would be required to maintian user accounts accordingly. Keeping those users consistent can in some cases be as simple as LDAP. I've seen customers implement directory services in a such a way to remidiate that issue.

Hope this helps.

Joe D

Forum Discussion

Sync users on cluster nodes and solaris zones?

Related Content

Solaris cluster zones client support

Solaris 10 + Zones + ZFS + VCS

Zone Cluster in VCS

SFHA install in Solaris 10 with Solaris 9 Branded Zone

vxresize in solaris zone

Recent Discussions

Configure two Mount type resources of nfs FStype attribute using the same share

order

key registration and reservation

Verifying that primary and dr clusters replication is synced

vcs can create logical nic