This is a discussion on Immutable Service Containers on OpenSolaris 2009.06 - Solaris Rss ; US AMI Details AMI ID : ami-48c32021 AMI Manifest : sun-opensolaris-2009-06/ISC_hardened_opensolaris_2009.06_32_V_1.1.img.mani fest.xml AKI / ARI ID: aki-1783627e / ari-9d6889f4 License : Public Europe AMI Details AMI ID : ami-78567d0c AMI Manifest : sun-opensolaris-2009-06-eu/ISC_hardened_opensolaris_2009.06_32_V_1.1.img.mani fest.xml AKI / ARI ID: aki-2181a955 / ...
US AMI Details AMI ID :
ami-48c32021
AMI Manifest :
sun-opensolaris-2009-06/ISC_hardened_opensolaris_2009.06_32_V_1.1.img.mani fest.xml
AKI / ARI ID:
aki-1783627e / ari-9d6889f4
License :
Public
Europe AMI Details AMI ID :
ami-78567d0c AMI Manifest :
sun-opensolaris-2009-06-eu/ISC_hardened_opensolaris_2009.06_32_V_1.1.img.mani fest.xml AKI / ARI ID:
aki-2181a955 / ari-b49fb7c0 License :
Public
Description
Immutable Service Container configuration is intended to be used as a virtual single system. The global zone performs administrative and monitoring functions similar to those of a system controller whereas all end-user services and functions should be installed into the non-global zone. In this way, services such as packet filtering, NAT and auditing can operate without being exposed to services or users operating inside of the non-global zone. This enables greater operational integrity as those services and users are not able to alter the configurations or logs associated with these services. Additional non-global zones can be added as needed. This configuration uses a single exposed network interface and IP address for all of its communication even though internally the service is separated to run inside of its own non-global zone.
Organizations can further customize the configuration based upon their requirements to add things such as resource controls, read-only and read-write file systems (to the non-global zone), specific users and services, etc.
More Details
For detailed explanations on Immutable Service Container Configuration, Please Visit
Architecture Diagram
Europe Launch:
To run this AMI in Europe (AMI ID: ami-78567d0c), change the following environment variables before launching the AMI:
bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"The other env variables remain the same as documented in the getting started guide.
bash # export LOCATION="EU"
NOTE: a unique must be generated for each region before launching an AMI.(Use ec2-add-keypair > keypairfile after setting the above env variables).
Documentation
Support
- For information regarding Immutable Service Container configuration, please visit
- For general questions on OpenSolaris, please visit OpenSolaris on Amazon EC2 Getting Started Guide: http://www.sun.com/third-party/globa...artedGuide.pdf
- For Information on Hardened Security on OpenSolaris 2009.06, Visit
http://blogs.sun.com/ec2/entry/hardened_opensolaris_2009_06_on
- Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
- For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.
- AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org
More...
