Aix 6

Open, secure, scalable, reliable UNIX operating system for IBM Power Architecture servers

AIX Version 6.1

The next step in the evolution of the UNIX OS Businesses today need to maximize the return on investment in information technology. Their IT infrastructure should have the flexibility to quickly adjust to changing business computing requirements and scale to handle ever expanding workloads—without adding complexity. But just providing flexibility and performance isn’t enough; the IT infrastructure also needs to provide

Highlights ■

Next generation of IBM’s well-

■

rock solid security and near-continuous Built on IBM POWER6™ tech-

proven, scalable, open

nology and virtualization to help

standards-based UNIX®

deliver superior performance,

operating system

increase system utilization and efficiency, provide for easy

■

New features for virtualization,

administration and reduce

security, availability and man-

total costs

ageability designed to make AIX® 6 even more flexible, secure and available than previous versions

availability and while managing energy and cooling costs. These are just some of the reasons why more and more businesses are choosing the AIX operating system (OS) running on IBM systems designed with Power Architecture® technology. With its proven scalability, advanced virtualization, security, manageability and reliability features, the AIX OS is an excellent choice for building an IT infrastructure. And, AIX is the only operating system that leverages decades of IBM technology innovation designed to provide the highest level of performance and reliability of any UNIX operating system.

The newest version of AIX, Version 6.1,

availability features inspired by

You can use PowerVM Workload

is binary compatible with previous ver-

IBM legacy systems and numerous fea-

Partitions to save administrative overhead

sions of the AIX OS, including AIX 5L™

tures designed to make the AIX OS

when consolidating systems, by reducing

and even earlier versions of AIX. This

easier and less expensive to manage.

the number of AIX instances that have to

means that applications that ran on

This AIX release underscores IBM’s firm

be managed. For example, instead of

earlier versions will continue to run

commitment to long-term UNIX innova-

applying patches to multiple copies of

on AIX 6.1—guaranteed. AIX 6.1 is an

tions that deliver business value. This

AIX 6.1, using WPARs, you can patch the

open standards-based UNIX OS that is

release of AIX continues the evolution of

global instance, and all WPARs inherit that

designed to comply with the Open

the UNIX OS that started in Austin,

same patch level. This helps manage

Group’s Single UNIX Specification

Texas, with AIX on the RT PC and the

growth by allowing you to concentrate on

Version 3.

RISC Systems/6000™ (RS/6000).

managing applications instead of spend-

1

ing time on repetitive administration tasks.

AIX 6.1 runs on systems based on

PowerVM

POWER4™, PPC970, POWER5™ and

●

Workload Partitions

Each PowerVM Workload Partition can be

the latest generation of POWER™

AIX 6.1 introduces a new, software-based,

separately administered from other

processor, POWER6. Most of the new

virtualization approach called PowerVM™

WPARs in the system. For example, each

features of AIX 6.1 are available on the

Workload Partitions (WPARs). WPARs

WPAR can have unique users and groups

earlier POWER processor-based plat-

enable the creation of multiple virtual

and a unique root administrator. The root

forms, but the most capability is deliv-

AIX 6.1 environments inside of a single

user for a WPAR cannot take actions that

ered on systems built with the new

AIX 6.1 instance. Each WPAR can have a

would affect the global instance or other

POWER6 processors. The AIX OS is

unique “root” administrator, network

WPARs. This isolation provides for further

designed for the IBM Power™,

addresses, filesystems and security con-

savings through delegation of administra-

System p™, System i™, System p5™,

text (users and groups). WPARs share a

tive work.

System i5™, eServer™ p5, eServer

regulated portion of the processing and

pSeries® and eServer i5 server product

I/O resources of the global instance but

PowerVM Workload Partitions share a

lines, as well as IBM BladeCenter®

are isolated from the processes and users

single AIX 6.1 instance, so there is less

blades based on Power Architecture

in other WPARs or in the global instance.

isolation than there is with logical parti-

technology and IBM IntelliStation®

WPARs are unique in that they are the

tions (LPAR) in which each LPAR has its

POWER workstations.

only software-based virtualization

own independent copy of AIX 6.1.

approach designed from the beginning to

Feedback from users of AIX 6.1 is

AIX 6.1 extends the capabilities of the

be movable between systems. This capa-

that WPARs provide enough isolation for

AIX OS to include new virtualization

bility, call PowerVM Live Application

many workloads—at a substantial savings

approaches including the ability to relo-

Mobility, is described below.

of administrative effort. WPARs can be

cate applications between systems

used inside of LPARs, allowing the combi-

without restarting the application,

nation of the two technologies to leverage

new security features to improve and

the superior isolation of LPARs with the

simplify security administration, new

administrative ease of WPARs.

AIX 6.1 provides for two types of

AIX 6.1 includes Workload Partitions as

have to be restarted because the entire

Workload Partitions—System WPARs and

part of the base operating system.

WPAR, including the application context,

Application WPARs:

WPARs can be created and managed

has been moved to the target system.

on a single AIX 6.1 instance using

The WPAR Manager will also typically be

System WPARs look like inde-

SMIT and command line interfaces.

used to control the relocation, but com-

pendent AIX 6.1 instances. They

IBM also provides a new licensed pro-

mand line interfaces can also be used.

have their own copies of many

gram product, the IBM PowerVM

system services like init and mail,

Workload Partitions Manager™ for AIX

PowerVM Live Application Mobility can

they can be logged into via telnet,

(WPAR Manager) that lets you manage

provide several benefits: first, it allows

and they have their own users and

WPARs across multiple systems. The

some outages to be avoided by moving

groups.

WPAR Manager product is available

the application off of a system that needs

Application WPARs are much

separately; it is not part of AIX 6.1.

to be shut down for maintenance; sec-

—

—

simpler; an Application WPAR is simply a wrapper around an appli-

ond, it can be used to balance workloads Live Application Mobility

across several systems—automatically or

cation that makes it more man-

Workload Partitions can be moved from

manually; and finally, it can be used to

ageable. Application WPARs run

one system to another without restarting

move workloads off servers during non-

inside of the global instance and

the application or causing significant dis-

peak periods so that those servers could

do not have their own administra-

ruption to the application end user. This

be turned off—saving energy.

tor, filesystems or security context.

process is called PowerVM Live

All processes running inside of an

Application Mobility, a feature of AIX 6.1

PowerVM Live Application Mobility is a

Application WPAR can be grouped

and the Workload Partitions Manager for

feature of AIX 6.1 and the WPAR Manager

together for management, includ-

AIX (WPAR Manager). During the reloca-

and can be used on any hardware sup-

ing resource controls. Because

tion process, the WPAR Manager first cre-

ported by AIX 6.1.

Application WPARs are not run-

ates a checkpoint of the Workload

ning their own copies of system

Partition, then the memory and other

processes like init, they have an

WPAR configuration information is moved

even smaller resource footprint

to the target system, and finally, the

than System WPARs.

WPAR is resumed on the new system—

●

right where it left off. Applications do not

Security features

●

Trusted AIX

●

AIX Security Expert

Providing for a secure computing envi-

Trusted AIX extends the security capabili-

The AIX Security Expert was introduced

ronment has always been a key goal for

ties of the AIX OS by integrating compart-

with Technology Level 5 update to the

the AIX OS. AIX 6.1 is designed to be

mentalized, multilevel security (MLS) into

AIX 5.3 OS, and provides clients with

compliant under the Common Criteria

the base operating system to meet critical

the capability to manage more than

at Common Access Protection

government and private industry security

300 system security settings from a single

Profile/Evaluation Assurance Level 4+,

requirements. Trusted AIX is implemented

interface. To configure security on a sys-

including the Role Based Access

as an installation option that can provide

tem, you start with a template that pro-

Control Protection Profile (RBACPP)

the highest levels of label-based security

vides the initial configuration and then

and the Labeled Security Protection

to meet critical government and private

customize to fit security requirements. The

Profile (LSPP). It includes many new

industry security requirements. Trusted AIX

Security Expert provides four templates:

features that can increase security while

supports various MLS features such as

high, medium or low security or a

reducing the effort needed to provide a

partitioned directories, trusted networking

Sarbanes Oxley template designed to help

secure infrastructure:

and labeled printing.

you become compliant with the security requirements of the Sarbanes Oxley Act.

●

Role Based Access Control

Encrypting Filesystem

Once the Security Expert has been used

Role Based Access Control (RBAC) pro-

The IBM Enhanced Journaled Filesystem

to configure security on a system, you can

vides improved security and manageability

Extended (JFS2) adds even greater data

export those security settings and use

by allowing administrators to grant author-

security with the capability to encrypt the

them to set other systems identically. With

ization for management of specific AIX 6.1

data in a filesystem. Clients can select

AIX 6.1, you can even store these security

resources to users other than root. RBAC

from a number of different encryption

configurations directly in a Lightweight

can also be used to associate specific

algorithms. The encrypted data can even

Directory Access Protocol (LDAP)

management privileges with programs,

be backed up in encrypted format, reduc-

directory—simplifying implementation of

which can reduce the need to run those

ing the risk of data being compromised if

consistent security across an entire

programs under the root user or via

backup media is lost or stolen. The

enterprise.

●

setuid. RBAC improves security by reduc-

Encrypting Filesystem can even help pre-

ing the number of root users required to

vent the compromise of data by root level

manage systems. It can reduce adminis-

users. The Encrypting Filesystem does not

trative costs and improve administrative

require significant additional administrative

efficiency by allowing secure delegation of

effort because the key management is

routine administrative tasks to non-root

automatic and fully integrated into the

users.

login authentication process.

●

●

Secure by Default Installation Option

●

Support for Long Pass Phrases

●

Kernel Support for POWER6

The AIX 6.1 installation process will offer a

AIX 6.1 and AIX 5.3 Technology Level

Storage Keys

new option, Secure by Default that

7 will support greater than eight character

This AIX 6.1 feature brings a mainframe-

enables only the minimal number of sys-

passwords for authentication of users.

inspired reliability capability to the UNIX

tem and network services to provide the

These releases will provide for storing of

market for the first time. Enabled by the

maximum amount of security. Secure by

passwords using encryption algorithms

POWER6 processor, Storage Keys can

Default works best when used in conjunc-

such as SHA/256/512, MD5 etc. System-

reduce the number of intermittent outages

tion with the AIX Security Expert to tightly

wide controls can be configured by the

associated with undetected memory over-

control the security configuration of each

administrator to choose the algorithm as

lays inside the AIX kernel and kernel

system.

well as the size of the password which

extensions. Applications can also use the

could be up to 255 characters. Enhanced

POWER6 Storage Keys feature to

Trusted Execution

support will also include support for pass

increase the reliability of large, complex

In Trusted Execution mode, AIX 6.1 will

phrases.

applications running under the AIX 5.3 or AIX 6.1 releases.

verify the integrity programs at execution time. This can increase security by reduc-

In addition to these new features,

ing the possibility that tampered programs

AIX 6.1 provides a wide range of other

could be used to compromise the security

integrated security features—all

AIX 6.1 provides a new dynamic tracing

of the system. A signature (SHA256/RSA)

designed to provide a high level of con-

capability that can simplify debugging

database for important system files is cre-

fidence in the safety of mission-critical

complex system or application code. This

ated automatically as part of the regular

processes and applications.

dynamic tracing facility will be introduced

●

Dynamic Tracing

through a new tracing command, probe-

AIX 6.1 install. The Trusted Execution tool can be used to check the integrity of the

Near-continuous availability features

vue, which allows a developer or system

system against the database. Also the

Over the years, the AIX OS has

administrator to dynamically place probes

administrator can define policies such that

included many reliability features

in existing application or kernel code,

the loads of files listed in the database are

inspired by IBM legacy technologies.

without requiring special source code or

monitored and execution/loads not

The release of AIX 6.1 introduces

even recompilation. probevue is very flexi-

allowed if hashes do not match.

unprecedented availability features to

ble, allowing dynamic specification of the

Additionally the administrator can lock the

the UNIX market that can help reduce

data to be captured at probe points and

signature database or the files in the data-

planned and unplanned outages. These

providing the ability to associate execution

base from being modified by any one in

features include:

pre-conditions with a given probe.

the system, including root. ●

Concurrent AIX Kernel Updates Concurrent AIX updates provides a new capability to deliver some kernel updates as interim fixes that will not require a system reboot to put into effect. This can reduce the number of unplanned outages required to maintain a secure, reliable system.

●

Non-intrusive Service Aids

rather than writing to the dump device at

in previous AIX releases by introducing

AIX 6.1 service aids are designed to mini-

the time of the failure. The result is fewer

even more instrumentation to provide real

mally impact performance and availability.

dump failures which can enable quicker

time diagnostic information.

Second Failure Data Capture (SFDC) tech-

problem determination and resolution. ●

nology involves building highly tunable

Functional Recovery Routines

Enhanced Software FFDC

When many operating systems other than

the operating system, but only enabling

IBM has included many availability fea-

IBM z/OS® encounter a severe problem

them after problem diagnosis has started.

tures in the AIX 5.3 and earlier releases.

inside the heart of the OS, they crash.

The result is faster, less-disruptive problem

One of the key innovations used to

AIX 6.1 is the first UNIX OS to introduce

determination, without the need to install

improve the reliability, availability and serv-

new technology that can, in some cases,

special “debug” code. AIX 6.1 also intro-

iceability features of the AIX OS was the

recover from errors that would otherwise

duces a mainframe-inspired live dump

introduction of FFDC technology. As a

cause the operating system to crash. This

facility which allows selected subsystems

concept borrowed from IBM hardware reli-

is just another example of a feature

to dump their diagnostic information for

ability features, FFDC gathers diagnostic

inspired by IBM’s legacy technology and

subsequent service analysis, without

information about a problem at the time

designed to improve the reliability of AIX,

requiring a full system dump and partition

the problem occurs–dramatically reducing

our premier UNIX OS.

outage. For those problems that still

the need to recreate the problem (and

require a partition restart in order to

impact performance and availability) at a

Manageability features

recover, AIX 6.1 provides a firmware-

later time to generate diagnostic informa-

Many of the features already described

assisted dump mode on systems based

tion. Because clients do not typically inter-

such as Workload Partitions, Live

on POWER6 processor technology. In this

act with this technology, it is one of the

Application Mobility, Role Based Access

new mode, AIX 6.1 cooperates with sys-

“hidden innovations” that is largely unseen

Control, AIX Security Expert, and AIX

tem firmware to write the First Failure Data

but is designed to help increase the over-

Concurrent Updates can significantly

Capture (FFDC) information to the dump

all reliability, serviceability and most impor-

improve the administrative efficiency of

device using the restarted AIX 6.1 image,

tant, availability of the AIX OS. AIX 6.1

managing the AIX OS, particularly as

diagnostic and data capture features into

●

builds on the FFDC capabilities introduced

Automatic Variable Page Size for

the same information. Use of this facility

includes additional features specifically

POWER6

can dramatically improve the performance

intended to improve the manageability

AIX 6.1 will automatically manage the size

of applications that are dependent on

of the AIX OS:

of pages used when it is running on a

repeated requests for name resolution.

AIX environments grow. AIX 6.1 also

●

system based on POWER6 processors. ●

●

Graphical Installation

IBM Systems Director Console for AIX

AIX 6.1 will automatically use 4K, 64K or a

This new management interface allows

combination of those page sizes to opti-

This new installation option is intended

administrators to manage AIX 6.1

mize performance without administrative

primarily for use by administrators with

remotely through a browser. The

effort. This self tuning feature can be con-

limited AIX installation experience.

IBM Systems Director Console for AIX

trolled by the administrator but the default

Graphical Installation simplifies the installa-

(console) provides responsive Web access

behavior is to let AIX 6.1 manage page

tion process but includes options to navi-

to common systems management tools

sizes automatically.

gate to the traditional installation menus if required.

such as the Systems Management Interface Tool (SMIT). The console is

●

Solution Performance Tuning ●

Network Installation Manager Support

included as part of AIX 6.1—no other

The default tuning parameters for AIX 6.1

products are required to use it other than

have been changed to provide much bet-

for NFSv4

a Web browser. The console is named

ter performance for most applications

The Network Installation Manager (NIM)

after the IBM Systems Director because it

right out of the box. In many cases,

has been enhanced to provide additional

is built on the same graphical user inter-

administrators can get good applications

security features and flexibility by enabling

face as the IBM Systems Director. The

performance without the need to make

the use of NFS version 4. NIM can use

console also provides the capability to

any tuning changes.

NVSv4 to provide stronger, Kerberosbased security during the installation of

securely run administrative commands on multiple systems.

●

Name Resolver Caching Daemon This daemon caches requests to resolve a hostname, service or netgroup to improve the efficiency of subsequent requests for

AIX 6.1 and other software.

AIX 6.1 Feature

Platforms Supported

PowerVM Workload Partitions

POWER4, PPC970, POWER5 and POWER6

PowerVM Live Application Mobility

POWER4, PPC970, POWER5 and POWER6

Application Storage Keys

POWER6 (also supported by AIX 5.3)

Kernel Storage Keys

POWER6

Automatic Variable Page Size

POWER6

Firmware Assisted Dump

POWER6

Hardware Decimal Floating-Point

POWER6 (also supported by AIX 5.3)

Role Based Access Control

POWER4, PPC970, POWER5 and POWER6

Encrypting Filesystem

POWER4, PPC970, POWER5 and POWER6

Trusted AIX

POWER4, PPC970, POWER5 and POWER6

probevue Dynamic Tracing

POWER4, PPC970, POWER5 and POWER6

Platform Support

●

Shared Dedicated Capacity

Toolbox for Linux Applications, which is

AIX Version 6.1 will run on systems

This new configuration option for dedi-

a collection of open source and GNU

based on POWER4, PPC970,

cated processor partitions enables the

software commonly found with Linux

POWER5 and POWER6 processors.

administrator to donate excess processor

distributions. Because the applications

Most features of AIX 6.1 are available

cycles to a Shared Processor Pool without

run on AIX, businesses can combine

on all supported hardware. A few fea-

affecting the workload running in the dedi-

the flexibility of Linux with the

tures are only available when AIX 6.1 is

cated processor partition.

advanced features of AIX 6.1, including advanced workload management,

running on a system built with Multiple Shared Processor Pools

sophisticated systems management

lists selected features of AIX 6.1 and

Most POWER6 processor-based systems

tools, scalability and security.

whether those features require

support multiple separate Shared

POWER6 processors.

Processor Pools. This feature can be

AIX Expansion Pack

POWER6 processors. The table below

●

used for additional control of processor

The AIX Expansion Pack extends the

AIX 6.1 only supports the 64-bit kernel.

resource allocations and potentially can

base operating system by providing an

32-bit and 64-bit applications that

reduce the license charges for applica-

integrated directory server, encryption

ran on AIX 5L will continue to run

tions running in a micro-partition.

support, an HTTP server to serve online

unchanged on AIX 6.1, but 32-bit ker-

publication pages and support Web-

nel extensions and device drivers are

Open source flexibility

based System Manager and a number

not supported on AIX 6.1.

AIX 6.1 offers a wide range of system

of other useful applications. The AIX

interoperability features and open

Expansion Pack also includes new,

IBM systems based on the POWER6

source tools to enable Linux® applica-

supported versions of the lsof, openssh

processor such as the Power 570 pro-

tions to be recompiled and run in a

and openssl administrative tools.

vide additional virtualization capabilities

native AIX 6.1 environment. AIX affinity

of the PowerVM feature that are sup-

with Linux can promote faster and less

Service and support to help keep

ported by AIX 5.3 as well as AIX 6.1.

costly deployment of multi-platform,

businesses running

These features include:

integrated solutions. Many solutions

AIX 6.1 provides a platform that lets

developed for Linux will run on AIX 6.1

you get the most out of today’s applica-

PowerVM Live Partition Mobility

with a simple recompilation of the

tions while positioning your business for

This new capability of POWER6

source code. IBM provides the AIX

the future. And like all Power Systems

●

processor-based systems allows an entire

products, AIX 6.1 is backed by IBM’s

logical partition to be relocated from one

worldwide service and support.

server to another while end users are using applications running in the partition. The relocation is transparent to the end user and occurs with no application downtime. Like PowerVM Live Application Mobility, Live Partition Mobility can enable increased availability, workload balancing and energy savings.

AIX Version 6.1 New Features

Feature

Benefits

Virtualization PowerVM Workload Partitions

●

Reduced administration, improved system efficiency

PowerVM Live Application Mobility

●

Increased application availability, enhanced workload manageability and energy savings

PowerVM Live Partition Mobility

●

Increased application availability, enhanced workload manageability and energy savings * **

Multiple Shared Processor Pools

●

Greater resource management flexibility and reduced application software expense * **

Shared Dedicated Processors

●

Improved server utilization * **

Role Based Access Control

●

Improved security, decreased administration costs

Encrypting Filesystem

●

Improved security

Trusted AIX

●

Highest level of security for critical government and business workloads

AIX Security Expert

●

Improved security, decreased administration costs by enabling federated management of security across multiple AIX systems

Secure by Default

●

Improved security on initial installations of AIX 6.1

Trusted Execution

●

Improved security

Filesystem Permissions Tool

●

Improved security

Security

Feature

Benefits

Near-continuous Availability Concurrent AIX Updates

●

Greater system availability, improved security by enabling critical security patches to be installed without causing an outage

Storage Keys

●

Improved AIX availability* and improved application availability**

Dynamic Tracing

●

Easier resolution to application execution and performance problems

Enhanced First Failure Data Capture

●

Increased AIX reliability and quicker problem resolution

Non-intrusive Service Aids

●

Increased AIX reliability and quicker problem resolution

Functional Recovery Routines

●

Increased AIX and application reliability and availability

PowerVM Workload Partitions

●

Reduced administrative expense by reducing the number of AIX operating systems to maintain. Greater flexibility to deploy and manage workloads

PowerVM Live Application Mobility

●

Improved flexibility to improve application availability and performance and to reduce

Manageability

energy costs PowerVM Workload Partitions Manager

●

Reduced management costs by providing federated management of workload partitions across the enterprise

PowerVM Live Partition Mobility

●

Improved flexibility to improve application availability and performance and to reduce energy costs * **

IBM System Director Console for AIX

●

Reduced administrative costs and improved administrative effectiveness by enabling Webbased administration across multiple AIX instances

Automatic Variable Page Size

●

Improved performance with reduced administrative effort

* Supported only on Power™ Systems servers with POWER6 technology ** Also supported by AIX 5.3

For more information For more information on AIX 6.1 releases and upgrade benefits, contact your IBM representative or IBM Business Partner or visit the © Copyright IBM Corporation 2008

following Web sites:

●

ibm.com/aix

●

ibm.com/systems/power

IBM Corporation Integrated Marketing Communications, Systems and Technology Group Route 100 Somers, NY 10589 Produced in the United States of America April 2008 All Rights Reserved This publication was developed for products and/or services offered in the United States. IBM may not offer the products, features or services discussed in this publication in other countries. The information may be subject to change without notice. Consult your local IBM business contact for information on the products, features and services available in your area. All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. IBM, the IBM logo, AIX, AIX 5L, BladeCenter, eServer, IntelliStation, Power, POWER, POWER4, POWER5, POWER6, PowerVM, Power Architecture, Power Systems, pSeries, RISC Systems/6000, System i, System i5, System p, System p5, Workload Partitions Manager and z/OS are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries or both. A full list of U.S. trademarks owned by IBM may be found at: ibm.com/legal/copytrade.shtml. UNIX is a registered trademark of The Open Group in the United States, other countries or both. Linux is a trademark of Linus Torvalds in the United States, other countries or both. Other company, product, and service names may be trademarks or service marks of others. IBM hardware products are manufactured from new parts, or new and used parts. Regardless, our warranty terms apply.

All performance estimates are provided “AS IS” and no warranties or guarantees are expressed or implied by IBM. Buyers should consult other sources of information, including system benchmarks, to evaluate the performance of a system they are considering buying. 1

More information on the binary compatibility of AIX 6.1 can be found at ibm.com/systems/p/ os/aix/compatibility/.

Photographs show engineering and design models. Changes may be incorporated in production models. Copying or downloading the images contained in this document is expressly prohibited without the written consent of IBM. Information concerning non-IBM products was obtained from the suppliers of these products. Questions on the capabilities of the nonIBM products should be addressed with the suppliers.

POD03007-USEN-00