jay kruemcke aix program director [email protected] · – rewrote mapping repository class to remove...
TRANSCRIPT
© 2010 IBM Corporation
AIX Trends and Directions
Jay Kruemcke
AIX Program Director
2
© 2010 IBM Corporation
IBM Power Systems
2
15%
20%
25%
30%
35%
40%
45%
Q399
Q100
Q300
Q101
Q301
Q102
Q302
Q103
Q303
Q104
Q304
Q105
Q305
Q106
Q306
Q107
Q307
Q108
Q308
Q109
Q309
Q110
HP Sun IBM
Source: IDC Quarterly Server Tracker Q409 release, February 2010
UNIX® Server Rolling Four Quarter Average Revenue Share
POWER4™Dynamic LPARsDynamic LPARs
POWER6™Live Partition Live Partition
MobilityMobility
POWER5™MicroMicro--PartitioningPartitioning™™
Customers are moving to higher value …as shown by the largest shift of customer spending in UNIX History
3
© 2010 IBM Corporation
IBM Power Systems
Why AIX is the Premier UNIX® Platform Today
�Outstanding Performance
�Strong, stable, non-disruptive roadmap
�Innovation though Integrated Development
�Improved Efficiency through Virtualization
4
© 2010 IBM Corporation
IBM Power Systems
54% of IT executives and managers say that they require 99.99% or better availability for their applications
Power Systems with AIX deliver 99.997% uptime
Reliability: The fewest unscheduled outages
� Less than one outage per year
Availability: The least amount of downtime
� 15 minutes a year
� 2.3 times better than the closest UNIX competitor
� More than 10X better than Windows
Serviceability: The fastest patch time
� 11 minutes to apply a patch
Minutes of downtime per year
0
60
120
180
AIX / Power HP-UX /
PA_RISC
HP-UX /
Integrity
x86 - Windows
Source: ITIC 2009 Global Server Hardware & Server OS Reliability Survey Results, July 7, 2009 Fully paper is available at ibm.com/aix
AIX & Power Systems delivers the best reliability of UNIX, Linux, and Windows
5
© 2010 IBM Corporation
IBM Power Systems
Network Centric
Computing
AIX V2 & V3Establishment in the market:
- RISC Support
- UNIX credibility
- Open Sys. Stds..
- Dynamic Kernel
- JFS and LVM
- SMIT
AIX V3.2.5Maturity:
- Stability
- Quality
AIX V4.1/4.2SMP Scalability:
- POWERPC spt.- 4-8 way SMP- Kernel Threads- Client/Server pkg- NFS V3- CDE - UNIX95 branded- NIM- > 2GB filesystems-HACMP Clustering- POSIX 1003.1, 1003.2, XPG4- Runtime Linking - Java 1.1.2
AIX V4.3Higher levels of
scalability:- 24-way SMP- 64-bit HW support- 96 GB memory- UNIX98 branded- TCP/IP V6- IPsec- Web Sys. Mgr.- LDAP Dir. Server. - Workload Mgr- Java JDT/JIT- Direct I/O- Alt. Disk Install- Exp/Bonus CDs
Distributed
Client-Server
19861986--19921992 19941994--19961996 19971997--19991999
Flexible Resource Management:
- POWER4+ spt.- Dynamic LPAR- Dynamic CUoD- New 64bit kernel- 512GB mem- JFS2 - 16 TB filesystems- UNIX03 branded- Concurrent I/O- MultiPath I/O- Flex LDAP Client- XSSO PAM spt
e-Business
Computing
Open Systems
Workstations
AIX Evolution
AIX/6000
Uni-processor 4-8 way SMP 24-way SMP 32-way SMP
AIX 7Future of UNIX:-256 core/1024 tread scalability-POWER7 Exploitation-Domain based RBAC- AIX Profile Manager-WPAR enhancements-AIX 5.2 in a WPAR-PowerVM virtualized storage-LVM SSD support-Terabyte segment
20102010
On Demand
Business
20012001--20022002
64/128-way SMT
AIX 5L V5.3Advanced
Virtualization:- POWER5 support- 64-way SMP- SMT- MicroPartitions™
- Virt I/O Server- Partition Load Mgr- NFS Version 4- Adv. Accounting- Scaleable VG- JFS2 Shrink- SUMA - SW RAS features- POSIX Realtime
20042004--20052005
AIX 5L V5.1/5.2
Smarter
Planet
20072007
AIX 6Enterprise RAS:-POWER6 support-Workload Partitions-Application Mobility-Continuous Avail.
-Storage Keys -Dynamic tracing-Software FFDC-Recovery Rtns-Concurrent MX
-Trusted AIX-RBAC-Encrypting JFS2-AIX Security Expert-Director Console
New Enterprise
Data Center 1024-way SMT4
6
© 2010 IBM Corporation
IBM Power Systems
DB2 pureScale
Leverages the architecture of z/OS:the Gold Standard of reliability and scalability
� Unlimited Capacity
– Buy only what you need, add capacity as your needs grow
� Application Transparency
– Avoid the risk and cost of application changes
� Continuous Availability
– Deliver uninterrupted access to your data with consistent performance
Built on Power Systems and AIX
7
© 2010 IBM Corporation
IBM Power Systems
DB2 pureScale Architecture
PowerHA pureScaletechnology drives the
clustering
Runs on an LPAR or a stand alone server
Automatic workload balancing
Shared Data – IBM Storage supported
InfiniBand network
Cluster of DB2 nodes running on Power servers: Power 550 or Power 595s
8
© 2010 IBM Corporation
IBM Power Systems
AIX 6 Technology Level 4 – October 2009
� AIX Enterprise Edition– New capabilities for reporting, capacity planning, WPAR Management
� WPAR Enhancements– Live Application Mobility for WPARs with SAN devices
– Root Volumes for WPARs
– Workload Partitions Manager V2.1
� Manageability Enhancements– AIX Runtime Expert
– Enhanced AIX Concurrent Maintenance
– Multiple System topas support
– topas compatibility with Performance Management for Power Systems
– ssh on base AIX media (ssl was included in May 2009)
– probevue support for Java
� Security– Cryptographic framework
– Encrypting filesystem keys and Trusted Execution profiles in LDAP
9
© 2010 IBM Corporation
IBM Power Systems
AIX Updates for February 2010
� POWER7 support
� AIX Enterprise Edition includes Systems Director Enterprise Edition
� AIX three tier pricing Structure
� Active Memory Expansion
10
© 2010 IBM Corporation
IBM Power Systems
AIX supports Power 750, 770, and 780 with POWER7 processors offering more performance, energy efficiency and scalability
� Initial AIX Levels supported – AIX 6 Technology Level 4 SP2 (POWER 750/755) (GA 2/12)
– AIX 6 Technology Level 4 SP3 (POWER 770/780) (GA 3/5)
– AIX 5.3 Technology Level 11 SP3 (GA 3/5)
� April AIX Technology Levels – AIX 6 Technology Level 5 (GA 4/23)
– AIX 5.3 Technology Level 12 (GA 4/23)
� Prior Technology levels– AIX 6 Technology Levels 2 and 3 (June 2010)
– AIX 5.3 Technology Levels 9 and 10 (May 2010)
AIX support for POWER7
First ever launch of a new generation of POWER serversthat does not require upgrade to a new AIX Technology Level!
11
© 2010 IBM Corporation
IBM Power Systems
POWER7 Platform Support
� POWER7 provides three modes for an LPAR
– POWER7 mode� AIX 6.1 TL4 SP2 and later
– POWER6 & POWER6+ modes � AIX 5.3 and AIX 6.1 TL2 and TL3
� POWER7 mode features– 4 thread Simultaneous Multithreading (SMT)
– Very large single Double precision Vector Scalar Extension
(VSX)
– 32 Storage Protection Keys
Core
L3
MC0 MC1PowerBus
GX
EI3 (Elastic Interface) I/O
EI3 (Elastic Interface) I/O
Me
mo
ry I/O
Me
mo
ry I/O
Me
mo
ry I/O
Me
mo
ry I/O GX
L2
� Cores: 8
� L2: On Chip
� L3: On Chip
� Technology: 45nm
� Transistors: >1B
� Size: 567 mm2
12
© 2010 IBM Corporation
IBM Power Systems
POWER6 and POWER6+ Mode� Allows clients to easily integrate new POWER7 Systems into their infrastructure
� Allows seamless workload movement between POWER7 and POWER6 servers
POWER6 and POWER6+ Mode� Allows clients to easily integrate new POWER7 Systems into their infrastructure
� Allows seamless workload movement between POWER7 and POWER6 servers
AIX 7.1
AIX 6.1
AIX 5.3
AIX 7.1
AIX 6.1
AIX 5.3
POWER6 / POWER7 Partition Mobility
POWER7POWER6/6+
AIX 6.1
AIX 5.3
AIX 6.1
AIX 5.3
AIX 6.1 AIX 7.1
AIX 6.1
AIX 5.3POWER7
AIX 6.1
AIX 5.3
AIX 6.1
Legend
LPAR in POWER6/6+ mode
LPAR in POWER7 modes
AIX 6
AIX 6
13
© 2010 IBM Corporation
IBM Power Systems
POWER7 Processor Mode Summary
� Additional memory for applications
Active Memory Expansion
� Improved AIX and application resiliency
32 Memory Protection Keys (8 for applications)
8 Memory Protection Keys (POWER6)
16 Memory Protection Keys (POWER6+)
� High Performance Computing Parallel Programming synchronization facility.
Enhanced Barrier Synchronization
Variable Sized Array; User Shared Memory Access
Barrier Synchronization
Fixed 128-byte Array; Kernel Extension Access
� High Performance Computing.VSX (Vector Scalar Extension)VMX (Vector Multimedia Extension/ AltiVec)
� Improved Energy EfficiencyEnergyScale CPU Idle and Folding with NAP and SLEEP
EnergyScale CPU Idle
POWER6 & POWER6+ MODE POWER7 MODE POWER7 Client Value
2-Thread SMT 4-Thread SMT � Throughput performance, processor core utilization.
Affinity OFF by Default 3-tier Memory, MicroPartition Affinity � Improved system performance for system images spanning sockets and nodes.
64-core/128-thread Scaling 32-core / 128-thread Scaling
64-core / 256-thread Scaling
256-core / 1024-thread Scaling (Statement of Direction)
� Performance and Scalability for Large Scale-Up Single System Image Workloads (e.g. OLTP, ERP scale-up, WPAR consolidation).
14
© 2010 IBM Corporation
IBM Power Systems
WebSphere Exploitation of POWER7 and AIX
� WebSphere Java Changes– Eliminate lock contention by removing several hash tables
– Replace synchronized blocks with atomic updates classes
– Use of lock-free data structures and algorithms
� OpenJPA Changes
– Rewrote Mapping Repository class to remove lock contention
� JIT and JVM Changes
– Loop optimizations - Widening: load multiple characters into register
– Java changes to use 64K pages by default on AIX
� AIX Changes
– Hint Bit - 7.8% performance boost when lock contention is occurring
– Improve the pthreads data layout to minimize data footprint expansion with 64K pages
These are just few of the many enhancements done to optimize WebSphere on POWER7
15
© 2010 IBM Corporation
IBM Power Systems
Java exploitation of POWER7
� SPECjbb2005 throughput improved >50% from Java6 SR1 to SR7 on same hardware. SR7 was used in POWER7 publishing.
� JIT compiler in JVM understands exploits POWER7 features in generating code.
� POWER7 boasts many leading Java performance benchmarks http://www.ibm.com/systems/power/hardware/benchmarks/jba.html
� Additional POWER7 exploitation planned for Java 7
� No significant difference between Java performance on AIX 7 vsAIX 6
Note: Customer workload may be quite different from SPECjbb2005
16
© 2010 IBM Corporation
IBM Power Systems
�Note: This is an illustrative scenario based on using a sample workload. This data represents measured results in a controlled lab environment. Your results may vary.
� Max Partition throughput: 99 tps
� 1000 Simulated Users
Without Active Memory Expansion� Partition utilization
– Memory: 100% (18 GB)
– CPU: 46% (12 cores in LPAR)
� Memory capacity is the bottle-neck– CPU is under-utilized
12-core POWER7 partition18 GB Memory
18 GB true .0 GB expanded
�Max Partition Throughput: 166 tps�1700 Simulated Users
With Active Memory Expansion� Partition utilization
– Memory: 100% (18 GB )
– CPU: 88% (12 cores in LPAR) Note: Most of the CPU increase is due to additional work done on server
� Higher throughput enabled with the same amount of physical memory– Gain 37% memory capacity
+ 65%
Expanded Memory
12-core POWER7 partition24.7 GB Memory
18 GB true .6.7 GB expanded
AIX on POWER7 Advantage: SAP ERP Workload with Active Memory Expansion
17
© 2010 IBM Corporation
IBM Power Systems
����
����
����
����
����
����
Systems Director
VMControl
��������Cluster
Feature of OS*PowerHA
������������IBM i
Power Systems SoftwareEditions
Express Standard Enterprise
AIX ����1 ���� ����
PowerVM ���� ���� ����
Power Systems Software Editions
1 AIX 6 Express Edition 04/102 PowerHA SystemMirror Editions for IBM i 04/10* Cluster feature of IBM i, AIX 7 Cluster Aware Feature (SOD)
18
© 2010 IBM Corporation
IBM Power Systems
AIX Editions
AIX 6 is available in three different editions:– AIX Standard Edition
� Suitable for most UNIX workloads� Vertical scalability up to 64 cores
– AIX Enterprise Edition� AIX plus enterprise management � Includes AIX Standard Edition plus
Systems Director Enterprise Edition and the Workload Partitions Manager for AIX
� Vertical scalability up to 64 cores
– AIX Express Edition� Lower priced edition targeted a low end servers and
consolidation of smaller workloads on larger servers � Includes most of the functionality of AIX Standard Edition� Vertical scalability is limited to 4 cores and 8GB of memory per core in a single partition� Clients can use multiple AIX Express Edition partitions in a single larger server
Clients can mix multiple AIX editions in the same server
Cap
abili
ty
AIX StandardEdition
AIX EnterpriseEdition
AIX ExpressEdition
Note: AIX V5.3 is only available in a Standard Edition
19
© 2010 IBM Corporation
IBM Power Systems
AIX Enterprise Edition
AIX Enterprise Edition includes:
– AIX 7 or AIX 6
– WPAR Manager V2.1
– Systems Director Enterprise Edition� IBM System Director 6.1.2
� Active Energy Manager 4.2
� VMControl 2.2 (including Image Management & System
Pools)
� Network Control 1.1
� Transition Manager for HP® SIM
� Service and Support Manager 6.1.2
� IBM Tivoli Monitoring 6.2.2
� Tivoli Application Dependency Discovery Manager (TADDM)
AIX Enterprise Edition is a single offering that brings together AIX with key service management capabilities that are designed to:
� Improve availability through access to relevant real-time information and predictive
monitoring to avoid future problems
� Enhance operational efficiency through visualization of resources and centralized
deployment and management of virtualized AIX environments
� Provide accurate assessment of system resource usage
20
© 2010 IBM Corporation
IBM Power Systems
AIX StandardEdition
AIX StandardEdition
AIX Enterprise Edition
AIX Enterprise Edition
AIX Express Edition
AIX Express Edition
Capability
Introducing AIX 6 Express Edition (April 2010)
� A new edition of AIX priced for smaller workloads
– AIX 6 and 7 will feature Express Edition
– AIX 5.3 will not feature Express Edition
� Intended primarily for two deployment situations
1. Entry price on entry servers and blades
2. Consolidation of smaller workloads on enterprise servers
� AIX 6 Express Edition terms are designed for small workloads
– Vertical scalability limited to 4 core maximum partition size
– 8 GB memory per core maximum
� Flexibility to optimize for multiple workloads
– Run any combination of AIX Editions on a server
21
© 2010 IBM Corporation
IBM Power Systems
AIX Express can improve the economics of consolidation
Example: Consolidate eight 4-way POWER6 520s into a 24 way POWER7 770
Old price with AIXStandard Edition
AIX License + SWMA
List price 24 cores x $1,950
Total (list) $46,800
(U.S. prices shown)
With AIX Express
AIX License + SWMA
List price 24 cores x $1,000
Total (list) $24,000
Savings of $22,800(U.S. prices shown)
22
© 2010 IBM Corporation
IBM Power Systems
April 2010 AIX Update
� AIX Express Edition
– AIX Edition at a lower price point
� AIX V5.3 Announcement of End of Marketing
– Effective April 2011
� Rational Development tools for AIX
� AIX 7 Statement of Direction
23
© 2010 IBM Corporation
IBM Power Systems
AIX Version 5.3 End of Marketing Announcement
� Announce withdrawal of marketing for AIX 5.3 effective April 2011
� Goal is to give customers advance notice for planning and an additional incentive to move up to AIX 6 or consider move to AIX 7
AIX 5.3
GA 8/04EOM 4/11
EOM Announced 4/10
24
© 2010 IBM Corporation
IBM Power Systems
Common server infrastructure enables collaborative coordinationfor multi-platform development teams.
IBM Rational Team Concert for Power Systems Software
IBM Rational Developer for Power Systems Software
New compilers exploit Power Systems including the latest POWER7 architecture and multi-core technology, boosting performance, productivity and portability.
IBM Rational Compilers
Common developer desktop delivering integrated developer tools for Power operating systems and programming languages.
Announcing: The IBM Rational solutions for Power Systems
Learn more: ibm.com/software/rational/announce/power/
25
© 2010 IBM Corporation
IBM Power Systems
AIX 6 Technology Level 5 Enhancements
� Enhanced memory affinity on POWER7 processor based systems
– Designed to deliver additional performance on POWER7
� NIM IPv6 support for thin server environments– Support for IPv6 with diskless/dataless thin server configurations
26
© 2010 IBM Corporation
IBM Power Systems
� Workload-Optimizing Systems– Vertical scalability for massive workloads with up to 256 cores/1024 threads
in a single AIX partition
� Virtualization without limits– Run AIX 5.2 in a WPAR to simplify consolidation of legacy environments on
POWER7
� Resiliency without downtime– Built in clustering to simplify configuration and management of scale-out
workloads and high availability solutions
� Management with Automation– Profile based configuration management eases the management
of pools of AIX systems
AIX 7 -- The Future of UNIX
*All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some features require the purchase of additional software components.
27
© 2010 IBM Corporation
IBM Power Systems
AIX 7 is Binary Compatible with prior AIX versions
� AIX 7 is binary compatible with AIX 6 and AIX V5*– Current applications will continue to run – no need to recompile applications
– Even supports 32 bit applications created on AIX versions prior to AIX V5
– Fully exploits POWER7 processor-based systems
– Also exploits systems based on POWER4™, POWER5™, POWER6 processors
– Binary compatibility guarantee planned
� Upgrade process– Prior upgrade tools will support upgrade to AIX 7
– Clients can upgrade directly to AIX 7 from AIX 6 and AIX V5
– Free upgrade for customers with Software Maintenance Agreements (SWMA)
*See general conditions at ibm.com/systems/power/software/aix/compatibility
Open beta for AIX 7 starting July 13Open beta for AIX 7 starting July 13
28
© 2010 IBM Corporation
IBM Power Systems
Binary Compatibility Guarantee
29
© 2010 IBM Corporation
IBM Power Systems
AIX Scalability Evolution
AIX/6000
UniprocessorUniprocessor
2424
ThreadsThreads
44--8 8
ThreadsThreads
128128
ThreadsThreads
3232--64 64
ThreadsThreads
10241024
ThreadsThreads
30
© 2010 IBM Corporation
IBM Power Systems
AIX 7 Hardware Enablement and Support
� Terabyte Segment support
� AIX kernel memory pinning
� Hardware acceleration for Encrypting Filesystems, IPSec and Trusted Execution
� LVM Solid State Disk Support
� topas enhancements for Active Memory Expansion
� Shared Memory interface to Barrier Synchronous Register
31
© 2010 IBM Corporation
IBM Power Systems
AIX 5.2 WPARs for AIX 7
� Customer Value– Minimize effort to consolidate old environments
on new, more efficient hardware
– Allows clients who must stay on AIX V5.2 to move up to POWER7
� Features– Allows a legacy AIX 5.2 environment to be run
inside a WPAR on POWER7 processor-based systems with AIX 7
– Simply back up existing environment and restore inside of an AIX 7 WPAR
– This offering will also provide how-to and limited defect support for the AIX 5.2 operating system
– Managed via IBM Systems Director Workload Partitions Manager
New offering that enables consolidation of existing AIX 5.2 environments inside
of an AIX 7 Workload Partition on POWER7
*All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some features require the purchase of additional software components.
AIX 5.2 WPARs for AIX 7 will be a separately charged product buiAIX 5.2 WPARs for AIX 7 will be a separately charged product built on AIX 7lt on AIX 7
POWER7
AIX 5.2 VersionedEnvironment
5.2 syscall compatibility layer
AIX 7 Native Environment
AIX 7 native syscalls
WPARA
/ /var/tmp /home
WPARB
/ /var/tmp /home
WPARD
/ /var/tmp /home
WPARC
/ /var/tmp /home
AIX 7 Kernel
/usr/opt
/usr/opt /usr
/opt
mksysbbackup
fromAIX 5.2legacysystem
32
© 2010 IBM Corporation
IBM Power Systems
Other WPAR Enhancements
� Export of Fibre channel adapters to WPARs
� Kernel Extensions for WPARs
� Support for VIOS disks in WPARs
33
© 2010 IBM Corporation
IBM Power Systems
Cluster Aware AIX
� Easily create clusters of AIX instances for scale-out computing or high
availability
� Designed to:
– Significantly simplify cluster configuration, construction, and maintenance
– Designed to improve availability by reducing the time to discover failures
– Capabilities such as common device naming help simplify administration
– Built in event management and monitoring
� A foundation for future AIX capabilities and the next generation of
PowerHA SystemMirror
Designed to simplify construction and management of clusters of AIX
systems for scale-out computing and high availability
34
© 2010 IBM Corporation
IBM Power Systems
Cluster Aware AIX Exploiters
Legacy AIX
PowerHASystem Mirror
TSAPower LPAR Management
IBM Storage
HPC
DB2IBM
Director
VIOS
Monitoring API
ClusterMonitoring
Group Services
Cluster Admin UI
Cluster CFGRepository
Resource Mgr Services
Bundled Resource Managers
ClusterMessaging
Messaging API
Legacy RSCT
RSCT Consumers
Monitoring API
ClusterMonitoring
Group Services
Cluster Admin UI
Cluster CFGRepository
Resource Mgr Services
Bundled Resource Managers
ClusterMessaging
Messaging API
RSCT With Cluster Aware AIX
Cluster Aware AIX
ClusterRepository
ClusterMessaging
ClusterMonitoring
ClusterEvents
CAA APIs and UIs
Redesigned Layers Integrated to CAA Capabilities
� RSCT and Cluster Aware AIX together provide the foundation of strategic Power Systems SW
� RSCT-CAA integration enables compatibility with a diverse set of dependent IBM products
� RSCT integration with CAA extends simplified cluster management along with optimized and robust cluster monitoring, failure detection, and recovery to RSCT exploiters on Power / AIX
35
© 2010 IBM Corporation
IBM Power Systems
System N
AIX 7 Profile Manager (Formerly AIX Runtime Expert)
System A System N System C
SetExtract Compare
Simplified configuration using the AIX Profile Manager
Systems Director plug-in that is designed to simplify consistent AIX
configuration across multiple systems
*All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some features require the purchase of additional software components.
Traditional server configuration
OS Configuration and Tuning
Environment Variables
Configuration Files
Boot LV Settings
CLI Utilities
Apply and maintain approaches
Scripts, ftp, rsh, ssh, documentation,3rd party tools, mksysb, etc.
System A System NSystem BSystem A System NSystem B
XML Profiles
Env var XYZ=“Yes”AIX security profile
.tuneable N
Env var XYZ=“Yes”AIX security profile tuneable N
Env var XYZ=“Yes”AIX security profile tuneable N
Env var XYZ=“Yes”AIX security profile tuneable N
System AdministratorSystem Administrator
Systems N
36
© 2010 IBM Corporation
IBM Power Systems
Configuration Elements managed by AIX Profile Manager
acctctl
alog
authzcfg
authent
chcons
Chdev.sys0
chlicense
chservices
chsys
class
dumpctrl
errdaemon
ewlm
ffdc
filter
ioo
krecovery
lvmo
nfso
mktcpip
nis
probevue
tcp_nw
udp_nw
ip_nw
arp_nw
stream
raso
role
ruser
namerslv
nfs
shconf
schedo
privcmd
privdev
privfile
smtctl
syscorepath
sysdumpdev
traces
tsd
trustchk
vmo
aix.secexpert
mkuser.defuser
chuser
login
chsubserver
gen.param
etc.env
misc.other
probeview
restrictedtrcctlfile.data
37
© 2010 IBM Corporation
IBM Power Systems
AIX Role Based Access Control (RBAC) with Domains
�Can reduce the cost and complexity of security administration by allowing secure delegation of administrative tasks to non-privileged users
�Enables a more secure IT infrastructure by reducing the need for so many privileged administrators
�Assigning roles to programs can reduce the need for security exposures such as the use of setuid for programs
�Allows for new ways to delegate administration duties between system administrators and non-administrative users
�A capability of AIX that allows privileged administration tasks to be delegated to non-privileged users
�Access to system resources are associated with roles that are assigned to non-privileged users
�Many roles are predefined which can reduce the effort of implementing RBAC
�Roles can also be associated with programs
�Domain access can further limit administrators to only work with resources for a particular organization (AIX 7 / 6.1 TL6)
How it can help?What is it?
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
UsersUsers Roles
Company Z
Data
BACKUPCompany Z
AIX
Resources
AIX
Resources
BACKUP
Company A
DBA
Company Z
DBACompany A
Company A
Data
38
© 2010 IBM Corporation
IBM Power Systems
AIX & Power Systems Security Certifications
AIX 5200-06 CAPP/EAL4+Application: 01/11/05Final report: 10/26/05Certificate: 12/14/05
AIX 5L 5200-05 andPitbull LSPP/EAL4+
Application :01/11/05Certificate issued: 05/16/06
AIX 5300-05 LSPP/EAL4+
Pitbull product Supports P5, P4Certificate issued: 12/19/06
Pitbull MLS Ported to AIX 5300-03
Pitbull product available to customers Dec 31, 05
AIX 5300-04 CAPP/EAL4+Supports P5, P4Certificate issued: 12/19/06
AIX 7100-00) CAPP/RBACPP/LSPP/EAL4+
Supports P7, P6, P5, P4
Legend
AIX V5.2AIX V5.3 AIX 6AIX 7 (Planned)VIOSPOWER6
Certification History
AIX 4.2 C2: Apr 24, 1997AIX 4.3 C2: May 6, 19987AIX 5.2 CAPP/EAL4+ : Nov 4, 2002POWER4 HW CAPP/EAL4+ : Apr 2003AIX 5.2 ML1 CAPP/EAL4+ : Sept 8, 2003AIX 5.2 ML6 CAPP/EAL4+ : Dec 14, 2005AIX 5.2 ML5 and Pitbull LSPP: May 16, 2006AIX 5.3 TL5 and Pitbull LSPP: May 16, 2006AIX 5.2 TL4 & VIOS CAPP/EAL4+: Dec 16, 2006POWER6: Dec, 2007AIX 6: May 26, 2008
*All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only
VIOS EAL4+Included with AIX 53.00-04 CAPP/EAL4+
POWER6 Hardware EAL4+
Dynamic LPAR with MicroPartitioning
AIX 6100-00) CAPP/RBACPP/LSPP/EAL4+
MLS capabilities integrated into standard AIX product
One certification for 3 Protection Profiles
Supports P6, P5, P4
2006 2007 20102005
39
© 2010 IBM Corporation
IBM Power Systems
AIX 7 Editions
¹Requires IBM Systems Director
²Requires “AIX 5.2 WPAR for AIX 7” product
������������Run AIX 5.2 in a WPAR ²
������������Available on all Power Systems servers
����Includes WPAR Manager and Systems Director Enterprise Edition
��������Management target only
AIX Profile Manager ¹
����
����
Only with PowerHA
4 cores
8GB per core
Express
��������Full Exploitation of POWER7
��������Workload Partitions
��������Cluster Aware AIX
256 cores
1024 Threads
256 cores
1024 ThreadsVertical Scalability
EnterpriseStandardAIX 7 Features
40
© 2010 IBM Corporation
IBM Power Systems
AIX and Power Systems
ibm.com/aix
� Innovative features for virtualization, security, continuous availability, and systems management
�Mainframe-inspired technologies
�Strong future roadmap and IBM commitment
The Future of UNIXThe Future of UNIX®®
41
© 2010 IBM Corporation
IBM Power Systems
This document was developed for IBM offerings in the United States as of the date of publication. IBM may not make these offerings available in other countries, and the information is subject to change without notice. Consult your local IBM business contact for information on the IBM offerings available in your area.
Information in this document concerning non-IBM products was obtained from the suppliers of these products or other public sources. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. Send license inquires, in writing, to IBM Director of Licensing, IBM Corporation, New Castle Drive, Armonk, NY 10504-1785 USA.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
The information contained in this document has not been submitted to any formal IBM test and is provided "AS IS" with no warranties or guarantees either expressed or implied.
All examples cited or described in this document are presented as illustrations of the manner in which some IBM products can be used and the results that may be achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions.
IBM Global Financing offerings are provided through IBM Credit Corporation in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type and options, and may vary by country. Other restrictions may apply. Rates and offerings are subject to change, extension or withdrawal without notice.
IBM is not responsible for printing errors in this document that result in pricing or information inaccuracies.
All prices shown are IBM's United States suggested list prices and are subject to change without notice; reseller prices may vary.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
Many of the features described in this document are operating system dependent and may not be available on Linux. For more information, please check: http://www.ibm.com/systems/p/software/whitepapers/linux_overview.html
Any performance data contained in this document was determined in a controlled environment. Actual results may vary significantly and are dependent on many factors including system hardware configuration and software design and configuration. Some measurements quoted in this document may have been made on development-level systems. There is no guarantee these measurements will be the same on generally-available systems. Some measurements quoted in this document may have been estimated through extrapolation. Users of this document should verify the applicable data for their specific environment.
Revised January 19, 2006
Special notices
42
© 2010 IBM Corporation
IBM Power Systems
The following terms are registered trademarks of International Business Machines Corporation in the United States and/or other countries: AIX, AIX/L, AIX/L(logo), alphaWorks, AS/400, BladeCenter, Blue Gene, Blue Lightning, C Set++, CICS, CICS/6000, ClusterProven, CT/2, DataHub, DataJoiner, DB2, DEEP BLUE, developerWorks, DirectTalk, Domino, DYNIX, DYNIX/ptx, e business(logo), e(logo)business, e(logo)server, Enterprise Storage Server, ESCON, FlashCopy, GDDM, i5/OS, IBM, IBM(logo), ibm.com, IBM Business Partner (logo), Informix, IntelliStation, IQ-Link, LANStreamer, LoadLeveler, Lotus, Lotus Notes, Lotusphere, Magstar, MediaStreamer, Micro Channel, MQSeries, Net.Data, Netfinity, NetView, Network Station, Notes, NUMA-Q, Operating System/2, Operating System/400, OS/2, OS/390, OS/400, Parallel Sysplex, PartnerLink, PartnerWorld, Passport Advantage, POWERparallel, Power PC 603, Power PC 604, PowerPC, PowerPC(logo), PowerPC 601, Predictive Failure Analysis, pSeries, PTX, ptx/ADMIN, RETAIN, RISC System/6000, RS/6000, RT Personal Computer, S/390, Scalable POWERparallel Systems, SecureWay, Sequent, ServerProven, SpaceBall, System/390, The Engines of e-business, THINK, Tivoli, Tivoli(logo), Tivoli Management Environment, Tivoli Ready(logo), TME, TotalStorage, TURBOWAYS, VisualAge, WebSphere, xSeries, z/OS, zSeries.
The following terms are trademarks of International Business Machines Corporation in the United States and/or other countries: Advanced Micro-Partitioning, AIX 5L, AIX PVMe, AS/400e, Chipkill, Chiphopper, Cloudscape, DB2 OLAP Server, DB2 Universal Database, DFDSM, DFSORT, e-business(logo), e-business on demand, eServer, Express Middleware, Express Portfolio, Express Servers, Express Servers and Storage, GigaProcessor, HACMP, HACMP/6000, I5/OS (logo), IBMLink, IBM TotalStorage Proven, IMS, Intelligent Miner, iSeries, Micro-Partitioning, NUMACenter, ON DEMAND BUSINESS logo, OpenPower, POWER, Power Architecture, Power Everywhere, Power Family, Power PC, PowerPC Architecture, PowerPC 603, PowerPC 603e, PowerPC 604, PowerPC 750, POWER2, POWER2 Architecture, POWER3, POWER4, POWER4+, POWER5, POWER5+, POWER6, POWER6+, Redbooks, Sequent (logo), SequentLINK, Server Advantage, ServeRAID, Service Director, SmoothStart, SP, System i, System i5, System p, System p5, System Storage, System z, System z9, S/390 Parallel Enterprise Server, Tivoli Enterprise, TME 10, TotalStorage Proven, Ultramedia, VideoCharger, Virtualization Engine, Visualization Data Explorer, X-Architecture, z/Architecture, z/9.
A full list of U.S. trademarks owned by IBM may be found at: http://www.ibm.com/legal/copytrade.shtml.
UNIX is a registered trademark in the United States, other countries or both.
Linux is a trademark of Linus Torvalds in the United States, other countries or both.
Microsoft, Windows, Windows NT and the Windows logo are registered trademarks of Microsoft Corporation in the United States and/or other countries.
Intel, Intel Xeon, Itanium and Pentium are registered trademarks or trademarks of Intel Corporation in the United States and/or other countries.
AMD Opteron is a trademark of Advanced Micro Devices, Inc.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States and/or other countries.
TPC-C and TPC-H are trademarks of the Transaction Performance Processing Council (TPPC).
SPECint, SPECfp, SPECjbb, SPECweb, SPECjAppServer, SPEC OMP, SPECviewperf, SPECapc, SPEChpc, SPECjvm, SPECmail, SPECimap and SPECsfs are trademarks of the Standard Performance Evaluation Corp (SPEC).
NetBench is a registered trademark of Ziff Davis Media in the United States, other countries or both.
AltiVec is a trademark of Freescale Semiconductor, Inc.
Other company, product and service names may be trademarks or service marks of others.
Revised January 19, 2006
Special notices (cont.)