IT Operations Management (ITOM)

Monitoring UNIX Virtualization – Oracle Solaris Containers

Monitoring UNIX Virtualization – Oracle Solaris Containers

Ramkumar Devana

There are occasions where I have been asked this question from customers asking how to use HP Ops Agent to monitor Solaris zones. So here's an article on this.


Unlike VMware, Solaris Container virtualization is pure unadulterated OS virtualization. Basically the sys-admin creates partitions (or containers or ‘zones’) within the system wherein users can run individual workloads in water-tight compartments. The base OS is called the global zone and the smaller containers are called non-global zones. Note here that the base OS kernel and many of its services are shared with the non-global zones.


Think about it.. How cool would it be if you could create a smaller windows desktop within your desktop, for testing a new app – at the end of the day, you don’t have to worry about your desktop being affected as the test is done within your smaller container desktop, and when you delete this container, it is all gone – no trace of the container or its apps left on your system.


Note also that this allows running some older version of the Solaris OS (like Solaris 8 and Solaris 9) as ‘legacy containers’.


To take the above example further, you can run windows NT/Server 2003 apps within containers in your desktop, if you had this feature. Again, cool stuff, if you really need that app to do something important for you.


For folks from HP-UX world, closest to this is HP-UX SRPs (secure resource partitions or ‘HP-UX containers’) and HP 9000 containers for PA-RISC apps running on pre-integrity HP-UX OS versions such as 11.11 or so.


NOTE: Zones are different from logical domains (lDoms, in short). Logical domains or Oracle VM Servers are a complementary offering from Oracle for kernel separation between virtual machines, which is unlike the case with containers (which run within a single kernel space on a box). To understand further differences read this blog post.


HP’s similar offering in this area is HP vPAR Virtual machines for HP-UX. 


So what's important to monitor in Solaris containers?


Of course the base OS (a.k.a global zone) and beneath it, the hardware is important to monitor. Then it is important to monitor the containers/partitions and apps running within the containers. Here’s a schematic showing what’s important to monitor.




NOTE: Image above shows SPARC/Intel as the processor for simplicity - even though Solaris supports running on Intel x86 family of processors do note that lDoms are not supported on Intel x86 servers. If a customer is running Solaris on Intel processors, the logical domain ring is not present and should be ignored. Containers however are supported on both SPARC and Intel architectures.


Basically this shows how monitoring is required at all levels for compute resource (CPU and memory) usage and IOPS (disk and network), and this is not just because I am from HP that I am saying this. As long as your apps are critical it is important to monitor them too.


So in effect you need to monitor typically all aspects of your infrastructure and then, the apps that run on top.


  1. Hardware monitoring
  2. Logical domains
  3. Global zones
  4. Non-global zones
  5. Apps running within the zones


What's the deployment picture?



As you would see above the HP Operations Agent can be deployed on the global zone for close ended monitoring of the SPARC server and the Solaris zones. The OM agent works fine on non-global zones but you may choose not to install to reduce additional CPU cycles used for monitoring, in each zone. If you do not install OM agent in a non-global zone, for monitoring disk space within non-global zones, HP SiteScope may be used.


To monitor lDoms (logical domains) which are partitions within a SPARC server one needs to be operating in the control domain on the SPARC server. As of today it is not supported to run agent software within a control domain. As a result, it is not possible to monitor logical domains from the control domain. However again, SiteScope or other custom agentless solutions may be used in this context.


-          To monitor the logical domains, you can use SiteScope with the ssh script monitor, and send out threshold alerts on the data obtained or use SNMP trap interceptor policies with HP Ops Manager and Agents (


NOTE: You can use the very nifty 'mib2pol' script to create a SNMP trap interceptor OM policy directly from the mibfile.


-          To monitor global and non-global zones and apps running within the zones, install the HP operations agent.


You could build your own policies to monitor the zones or use the HP OM Virtualization SPI (VISPI). VISPI provides the following policies to monitor the non-global and global zones.


  • CPU, Memory and Swap utilization monitors (for non-global zones)
  • CPU, Memory, Process monitors (for global zone)
  • Zone state monitor (deploy to Global zone) - alerts when a zone is shutdown for instance

In addition there are SISPI policies which provide monitoring for global and non-global zones alike - if you have the VISPI policies deployed to the global zone, obviously you don't want to have SISPI policies deployed into non-global zones - that's redundant monitoring.


Monitoring CPU pools and zones with shared resources is done most effectively from the global zone.


References, Links



HPE Software Rocks!
  • infrastructure management
About the Author

Ramkumar Devana

Ramkumar Devanathan (twitter: @rdevanathan) is Product Manager for HPE Cloud Optimizer (formerly vPV). He was previously a member of the IOM-Customer Assist Team (CAT) providing technical assistance to HP Software pre-sales and support teams with Operations Management products including vPV, SHO, VISPI. He has experience of more than 14 years in this product line, working in various roles ranging from developer to product architect.

Frequent Visitor

Really useful!



//Add this to "OnDomLoad" event