open vision with ibm aix 6 · open vision with ibm aix 6.1 apisit sukprem advisory it specialist...
Embed Size (px)
TRANSCRIPT
Open Vision with IBM AIX 6.1
Apisit SukpremAdvisory IT SpecialistSTG, IBM (Thailand)
• Strategic
– Committed roadmap
– Wide acceptance from key ISVs
• Reliable
– Dynamic configuration changes
• Help reduce planned and unplanned outages
– Integrated Logical Volume Manager + JFS2
• Easy to Manage
– Policies for allocation of server resource using Workload Partitions
– Create system images from pre-assembled templates with NIM
– Role-based Access Control and Integrated Systems Console
• High performance
– Scalability
Why AIX on POWER?
“We’re going to continue to invest in AIX and continue to enhance it” – Ross Mauri, General Manager, Power Systems
3
20+ Years of AIX Progress
Network CentricComputing
AIX V2 & V3Establishment in the market:- RISC Support- UNIX credibility- Open Sys. Stds..- Dynamic Kernel- JFS and LVM- SMIT
AIX V3.2.5Maturity:- Stability- Quality
AIX V4.1/4.2SMP Scalability:- POWERPC spt.- 4-8 way SMP- Kernel Threads- Client/Server pkg- NFS V3- CDE- UNIX95 branded- NIM- > 2GB filesystems-HACMP Clustering- POSIX 1003.1, 1003.2, XPG4- Runtime Linking - Java 1.1.2
AIX V4.3Higher levels of
scalability:- 24-way SMP- 64-bit HW support- 96 GB memory- UNIX98 branded- TCP/IP V6- IPsec- Web Sys. Mgr.- LDAP Dir. Server. - Workload Mgr- Java JDT/JIT- Direct I/O- Alt. Disk Install- Exp/Bonus CDs
AIX V5.1Industry Leading
Performance:- POWER4 support- Static LPAR- Linux Affinity- New 64bit kernel- 32-way SMP- 256GB mem- JFS2 - Networking enh.- Java 2 support- Dynamic CPU
Deallocation- Cluster Mgt (CSM)- GRID Toolkit
Distributed Client-Server
19861986--19921992 19941994--19961996 19971997--19991999
AIX V5.2Flexible Resource
Management:- POWER4+ spt.- Dynamic LPAR- Dynamic CUoD- Dyn. CPU Sparing- 512GB mem- 16 TB filesystems- UNIX03 branded- Concurrent I/O- MultiPath I/O- Mobile IP V6- System UE Gard- Flex LDAP Client- XSSO PAM spt
e-Business Computing
Open Systems Workstations
�
Uni-processor 4-8 way SMP 24-way SMP 32-way SMP
AIX V5.3Advanced
Virtualization:- POWER5 spt.- 64-way SMP- SMT- MicroPartitions™- Virt I/O Server- Partition Load Mgr- NFS Version 4- Adv. Accounting- Scaleable VG- JFS2 Shrink- SUMA - SW RAS features- POSIX Realtime
20042004--20072007
On DemandBusiness
2002200220012001
64/way SMP 32-way SMP
AIX V6.1PowerVM
Virtualization:- POWER6 spt.- 64-way SMP- Enhanced SMT- MicroPartitions™- Virt I/O Server- Workload Partitions- Variable Pages- Storage Keys- App Mobility- Hot Patch- Tracing Facilities- Dec Floating Point- Improved Dumps
20082008
POWER of 6
4
POWER6 Delivers with Your Choice of AIX or Linux
Linux on POWERPOWER and x86 apps [2H07]
PowerVM
Reliability, Availability, Serviceability features
Scalability to 128 threads
AIX 6*Virtualization
Workload PartitionsLive Application Mobility
SecurityAvailabilityManageabilityBinary compatible**
Broad application selectionReduced ComplexityPotential cost savings with consolidationLive Partition Mobility
Linux, AIX V5.3 and AIX V6.1
Binary compatible with existing applications on POWER6*Micro-PartitioningMainframe-inspired RAS features hardware and operating systemScalability up to 128 threads
AIX 5L V5.2/5.3
*Complete details on AIX binary compatibility can be found at http://www.ibm.com/servers/aix/os/compatibility/
5
Smooth Upgrade to AIX 6
• AIX 6 is binary compatible with AIX 5L– Current applications will continue to run
– Runs on POWER4, POWER5, POWER6
– Open beta will provide early access to AIX 6
– Binary compatibility letter from Ross Mauri –
• General Manager Power Systems
– Other compatibility activity planned
• No charge upgrade for current AIX 5L clients with SWMA– No additional out of pocket expense for clients
• Upgrade process– Tools like alt disk installation and NIM minimize client risk
6
AIX Binary Compatibility Guarantee
*Complete details on AIX binary compatibility can be found at http://www.ibm.com/servers/aix/os/compatibility/
7
AIX 6 Processor Support….AIX 6 will not support 32 bit hardware and older 64 bit hardware
Processors no longer supported:All 32-bit processors i.e. F50, E30, etc.RS64 family of servers i.e. S80, H80, M80, etc.POWER3™ servers i.e. p610, p640, etc.
Processors supported:POWER4POWER5POWER6
AIX 6 will support both 32-bit & 64-bit libraries & applicationsFull support for 32-bit applications
*Complete details on AIX binary compatibility can be found at http://www.ibm.com/servers/aix/os/compatibility/b
8
AIX 6 is binary compatible* with AIX 5L™It is named to reflect its unity with POWER6
The Power of SIX – AIX 6 and POWER6
•Workload Partitions•Live Application Mobility• Firmware assisted Dump• Dynamic, variable page size• Kernel Storage Keys
• Live Partition Mobility • Application Storage Keys• Hardware Decimal Floating-Point • Shared Dedicated processor• Improved SMT• Energy Management
IBM Power Systems Innovation and PowerVM
Provide Unique Features for ISV and Client Exploitation
AIX 6
Introducing AIX 6
*Complete details on AIX binary compatibility can be found at http://www.ibm.com/servers/aix/os/compatibility/
POWER6
9
• POWER6 Exploitation
• Enhancements to existing Virtualization Technologies
• Workload Partitions ( Software based Virtualization )
• Application Mobility ( Cross system Workload Mobility )
• 64-bit Kernel only
• Role Base Access Control ( Partial Root base )
• Encrypted File system
• CAPP EAL4+ and LSPP Security Certification
• Solution Performance Tuning
• AIX Kernel Hot-Patching
• Dynamic Tracing for AIX
AIX 6 Hi-Lights Features….
Manageability
NearContinuous Availability
Security
Virtualization
AIX 6: The Next Step in the Evolution of UNIX *
POWER Hypervisor
AIX
Lin
ux
Lin
ux
EthernetSharing
Virtual I/O Server Partition
StorageSharing
Virtual I/O paths
POWER Hypervisor
AIX
Lin
ux
EthernetSharing
Virtual I/O Server Partition
StorageSharing
Virtual I/O paths
WebServer
AppServer
CRMPayroll
AIX
DataBase
POWER Hypervisor
AIX
Lin
ux
Lin
ux
EthernetSharing
Virtual I/O Server Partition
StorageSharing
Virtual I/O paths
WebServer
AppServer
AIX
POWER Hypervisor
AIX
Lin
ux
EthernetSharing
Virtual I/O Server Partition
StorageSharing
Virtual I/O paths
CRMPayroll
AIX
DataBase
POWER6
POWER4
POWER5/5+
POWER6
Live Partition Mobility Live Application Mobility
Two WPAR AIX Offerings
• AIX 6
– Workload Partitions (WPAR) included in base AIX 6
– Element (single system) WPAR Management
• Workload Partitions Manager
– Enablement for Live Application Mobility
– Cross System Management for Workload Partitions
– Automated, Policy-based Application Mobility
– Part of the IBM System Director Family
WPAR Manager
AIX
AIX Workload Partitions
• Software partitioned system capacity –Each Workload Partition obtains a regulated share of system resources
–Each Workload Partition can have unique network, filesystems and security
• Two types of Workload Partitions–System Partitions–Application Partitions
• Separate administrative control–Each System Workload partition is a separate administrative and security domain
• Shared system resources–Operating System, I/O, Processor, Memory
WorkloadPartition
ApplicationServer
WorkloadPartition
WebServer
WorkloadPartitionBilling
WorkloadPartition
Test
WorkloadPartition
BI
Separate regions of application space within a single AIX image• Improved administrative efficiency by reducing the number of AIX
images to maintain
AIX
WorkloadPartition
Test
Manageability
NearContinuous Availability
Security
Virtualization
AIX 6: The Next Step in the Evolution of UNIX *
AIX & Power Systems Security Certifications
AIX 5200-06 CAPP/EAL4+Application: 01/11/05Final report: 10/26/05Certificate: 12/14/05
AIX 5L 5200-05 andPitbull LSPP/EAL4+
Application :01/11/05Certificate issued: 05/16/06
AIX 5300-05 LSPP/EAL4+
Pitbull product Supports P5, P4Certificate issued: 12/19/06Pitbull MLS Ported to
AIX 5300-03Pitbull product available to
customers Dec 31, 05
AIX 5300-04 CAPP/EAL4+Supports P5, P4Certificate issued: 12/19/06
AIX 6100-00) CAPP/RBACPP/LSPP/EAL4+
MLS capabilities integrated into standard AIX product
One certification for 3 Protection Profiles
Supports P6, P5, P4
Legend
AIX V5.2AIX V5.3 AIX V6.1 VIOSPOWER6
Certification HistoryAIX 4.2 C2: Apr 24, 1997AIX 4.3 C2: May 6, 19987AIX 5.2 CAPP/EAL4+ : Nov 4, 2002POWER4 HW CAPP/EAL4+ : Apr 2003AIX 5.2 ML1 CAPP/EAL4+ : Sept 8, 2003AIX 5.2 ML6 CAPP/EAL4+ : Dec 14, 2005AIX 5.2 ML5 and Pitbull LSPP: May 16, 2006AIX 5.3 TL5 and Pitbull LSPP: May 16, 2006AIX 5.2 TL4 & VIOS CAPP/EAL4+: Dec 16, 2006POWER6: Dec, 2007AIX 6: May 26, 2008
VIOS EAL4+Included with AIX 53.00-04 CAPP/EAL4+
POWER6 Hardware EAL4Dynamic LPAR with MicroPartitioning
20
AIX 6.1 Role Based Access Control
• Improved Administrative Security– Improved security by reducing the need for
many root users
– Reduced administration cost thought delegation
Users Roles
DBA
BACKUP
AIX Resources
Binary
Privilege XPrivilege YPrivilege Z
System Level Operations
aix
Improved Program SecurityAllows programs to do system level operations without running as root or having setuid root capabilityOnly allow program to perform restricted set of needed operations
devicefsnetworkprocrassecuritysystemwpar
bootconfiginstallstat
create “create boot image”Halt “halt the system”Info “display boot informationReboot “reboot the system”Shutdown “shutdown the system”
auth = aix.system.boot.create
21
AIX V6.1 Security Expert
Can reduce the cost and complexity of security administration by allowing federated management of security profiles across multiple servers
Enables a more secure IT infrastructure by reducing the effort of maintaining system security
“Check” functionality can provide additional security by validating that the security profile for each system matches the actual security settings
A centralized security management tool that can control over 300 security settings from a single console
Administrators can start from a “Low”, “Medium”, “High” or “Sarbanes-Oxley” security template and customize settings to met business requirements
Security settings can be exported and imported as a security profile to multiple systems
On AIX V6.1, security profiles can be stored in an LDAP directory for ease of distribution
AIX Security Expert was first included in AIX V5.3 TL5
AIX Security Expert Enhancements
•
• Single control point for over 300 AIX security settings
• Security settings can be exported and used by multiple systems via LDAP
• Security Hardening focus areas–Password Administration–Login Policy–Remove SUID –Network Tuning –IP Security (firewall) port scans–Audit –/etc/inittab–/etc/rc.tcpip–/etc/inetd.conf–Miscellaneous
First included with AIX 5.3 Technology Level 5 in August 2006
AIX
23
AIX 6.1 Encrypted File System
Always encrypted on disk
Data in clear in memory.
VMM
J2
Filesystem
CLiC
Crypto Lib
User and Group Key Stores
Crypto Kernext
Kernel ucred open key store
Login Authentication Module
Key Store
Mgt Cmds
BOS Cmds
Backup/Restore
Cp, mv, crfs, etc
The capability to automatically encrypt data in a JFS2 filesystem
Data can be protected from access by privileged users
Backup in encrypted or clear formats
Automated key management - key store open on login, integrated into AIX security authentication
Each file encrypted with a unique key
No keys stored in clear in kernel memory
A variety of AES, and RSA cryptography keys supported
Enables improved security by reducing unauthorized access to data, even by privileged users
Secure backups reduces the exposure of data compromised when backup media is taken outside of secure facilities
Automatic management of protection keys can reduce the administrative effort of using encrypted data
Encrypted File System• Backup in encrypted or clear formats
• Can be protected from root access to encrypted data
• Integrated into user and group administration
• Automatic key store creation on user creation
• Key store open on login, integrated into AIX security Loadable Authentication Module
• Each file encrypted with unique key
• No keys stored in clear in kernel memory
• Key stores in PKCS12 format.
• AES, and RSA Cryptography Always encrypted on disk
Data in clear in memory.
VMM
J2
Filesystem
CLiC
Crypto Lib
User and Group Key Stores
Crypto Kernext
Kernel ucred open key store
Login Authentication Module
Key Store
Mgt Cmds
BOS Cmds
Backup/Restore
Cp, mv, crfs, etc
AIX
Manageability
Security
Virtualization
NearContinuous Availability
AIX 6: The Next Step in the Evolution of UNIX *
26
•According to a recent Yankee Group study* of 400 Windows, Linux and UNIX users, AIX was the most reliable server
operating system:
* Source: “Unix, Linux Uptime and Reliability Increase; Patch Management Woes Plague Windows” © 2008 Yankee Group Research, Inc. All rights reserved
“IBM’s AIX achieved the highest level of reliability, with
corporate enterprises reporting and average of only 36 minutes of downtime per server in a 12-month period”
Unsurpassed Reliability
0
1
2
3
4
5
6
7
8
9
AIX HP-UX Solaris Windows
Hours of downtime per year*
29
Kernel Space
User Space
Interim Fix
Concurrent update
vmmove() patchemgr
vmmove()
getgidx()
sleepx()
Non-disruptive fixes to executable code in a running AIX kernelBase AIX Kernel (/unix), kernel extension, or device driver
No downtime (reboot) required to apply fix and make it activeConcurrent updates will be packaged as Interim FixesMaintenance can be backed off without an outage
Fix selected AIX kernel problems without a service outage
vmmove()
AIX 6.1 Concurrent Maintenance
30
AIX V6.1 POWER6 Storage Keys
Can provide for higher AIX availability by reducing the
number of unplanned outages due to intermittent memory
overlay
Exploitation of a POWER6 processor hardware feature to provide additional isolation of kernel and application data
Storage keys can prevent invalid changes to memory cause by programming errors
Application use of POWER6 storage keys is enabled in AIX V5.3
AIX kernel exploitation of POWER6 storage keys is included in AIX V6.1
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
UserCode
UserData
Files
WS DB2
KernelCode
KernelData
JFS2 LVM VMM . . . SCSI ENT FC
ApplicationAddress Space
AIX DriversAIX Kernel
UNIX Kernel Address Space
UserCode
UserData
Files
WS DB2
KernelCode
KernelData
JFS2 LVM VMM . . . SCSI ENT FC
ApplicationAddress Space
AIX DriversAIX Kernel
UNIX Kernel Address Space
UserCode
UserData
Files
WS DB2
KernelCode
KernelData
JFS2 LVM VMM . . . SCSI ENT FC
ApplicationAddress Space
AIX DriversAIX Kernel
AIX Kernel Address Space
UserCode
UserData
Files
WS DB2
KernelCode
KernelData
JFS2 LVM VMM . . . SCSI ENT FC
ApplicationAddress Space
AIX DriversAIX Kernel
AIX Kernel Address Space
After POWER6 Storage Keys
Before POWER6 Storage Keys
31
AIX 6.1 Dynamic Tracing With probevueDynamically extract information about a program as it is running
Trace existing programs without recompiling
Dynamic placement of trace probes without restarting the program
For debugging and performance analysis
AIX system calls, application functions, and application calls to library functions traceable
Dynamic tracing language called Vue
Initial support for “C” programs
#!/usr/bin/probevue/* countreads.v */
@@syscall.$1.read.entry {
count++;}@@interval.*.clock.100{
printf(“Number of reads = %d\n”, count);count = 0;
}
# countreads.v 404Number of reads = 22Number of reads = 0Number of reads = 1Number of reads = 17…..
Formatted I/O
User Kernel
Probe Location
User Process CodeSome thread
hits probe point (1)
Branches to probe code (2)
Probe code
(3)Returns to probe point
(4)
Thread continues
execution(5)
Trace Consumer
Trace Fileor
Trace Output
Trace Buffers
E-code
“Vue” probe code example
Manageability
NearContinuous Availability
Security
Virtualization
AIX 6: The Next Step in the Evolution of UNIX*
IBM Tivoli Monitoring – System Edition
Key Features• “Virtualization aware” health and
availability monitoring of multiple systems
• Monitoring support for AIX 5L and AIX 6.1, Virtual I/O Server, IVM, HMC and system (CEC)
• Quick Time to Value
• Topology display for graphical management
• One year of full support
Benefits• Single tool for monitoring
multiple System p components
• Visualization simplifies management of virtualized environments
• Upgrade to full Tivoli ITM product for even more capability http://www-306.ibm.com/software/tivoli/products/monitor-systemp/
Significantly enhances the manageability of AIX in virtualized environment by making available a no charge version of IBM Tivoli Monitoring with AIX
AIX
34
AIX V6.1 Systems Director Console for AIX
New web based management tool that provides easy access to common system administration tasksAdministrators can access Systems
Management Interface Tool (SMIT) menus from a browserGraphical user interface is fast and
consistent with IBM Systems Director look and feelAll necessary components for the
Console are included in AIXDistributed Command Execution
Manager (DCEM) feature of the Console allows an administrative task to run on multiple systems at once
Systems Director Console for AIX
Included with AIX Web access to SMITFast performanceIntegrated with IBM Systems Director
Included with AIX Web access to SMITFast performanceIntegrated with IBM Systems Director
AIX
WorkloadPartition
QA
WorkloadPartition
Data Mining
AIX Live Application Mobility
WorkloadPartition
App Server
WorkloadPartition
WebWorkloadPartition
Dev
Move a running Workload Partition from one server to anotherfor outage avoidance and multi-system workload balancing
Workload Partitione-mail
Works on any hardware supported by AIX 6, including POWER5 and POWER4
WorkloadPartitionsManager
Policy
WorkloadPartitionBilling
AIX AIX
38
AIX Editions
39
AIX Editions…..
•AIX 5.3 Management Edition bundle consisting of
–AIX V5.3
–Tivoli® Application Dependency Discovery Manager
–IBM Tivoli Monitoring
–IBM Usage & Accounting Mgr Virtualization Edition for Power Systems
AIX 6.1 Enterprise Management bundle consisting ofAIX V6.1PowerVM AIX Workload Partitions ManagerTivoli® Application Dependency Discovery ManagerIBM Tivoli MonitoringIBM Usage & Accounting Mgr Virtualization Edition for Power Systems
AIX Enterprise Edition
• A virtualization management bundle consisting of–AIX V6.1
–PowerVM AIX Workload Partitions Manager
–Tivoli® Application Dependency Discovery Manager
– IBM Tivoli Monitoring
– IBM Usage and Accounting Mgr Virtualization Edition for Power Systems
Features– Manage WPARs across multiple systems
– Live Application Mobility
– Discover IT components and their relationships
– Provides a visual representation of the components
– Monitor utilization and configuration changes
– Collect and report resource usage
AIX
Key capabilities of AIX Enterprise EditionLive Application Mobility
Relocate Workload Partitions between systems with almost no client impact
Manage WPARs across multiple systems
Centralize the creation, replication, and starting of WPARs across multiple systems
Automatically discover IT components and their relationships
Ideal for managing dynamic virtualized environments
Monitor virtualized resources
Efficient management begins with comprehensive performance information
Provides a visual representation of the components
Assists understanding of complex application dependencies
Monitor utilization and configuration changes
Useful for problem determination and failure analysis
Collect and report resource usage
Understand IT resource consumption by workload or area
AIX
42
Common Installation Console
ME for AIX Solution Components
43
IBM Tivoli Application Dependency Discovery Manager initiates and assists planning for consolidation by providing best-of-breed discovery capabilities
Discovers the COMPONENTS in a Data Center Environment
CENTRALIZES and VISUALIZES the CONFIGURATION of the Components in a Data Center Environment
Discovers the RELATIONSHIP of the Components in a Data Center Environment
DISCOVERS AND TRACKS THE CHANGESin a Data Center Environment
Can Feed this Information to other IBM Tivoli® Products
IBM Tivoli Application Dependency Discovery Manager (TADDM)
AIX Editions Solution Components: Discovery
44
System 1
TADDM discovery of Power System Topology via Hardware Management
Console (HMC)
Power System Discovery - Topology View
AIX Editions Solution Components: Discovery
45
Power System Discovery – Server details
AIX Editions Solution Components: Discovery
46
AIX Editions Solution Components: DiscoveryPower System Discovery – LPAR View
47
•IBM Tivoli Monitoring helps prioritize consolidation decisions by visualizing the actual virtual server utilization against historical trends. It automates a clients best practices in response to system events
– Improves mean-time-to-recovery byvisualizing the virtual world to solve“virtual performance problems”
– Side-by-side real-time and historical dataassists in separating intermittent problemsfrom reoccurring problems from peakworkloads
– Out-of-the-box reporting allowsclients to quickly provide executivelevel reports and identify resourcebottlenecks
AIX Editions– Monitoring IBM Tivoli Monitoring
IBM Tivoli Monitoring
48
Global CPU & Memory
allocation
Total CPU & Memory allocated to LPARs
Power System Monitoring – Hypervisor View
49
CPU, Memory, Disk, Network Info per LPAR
Power System Monitoring - AIX LPAR View
50
Shows how network
interfaces are mapped to
LPARS
Monitoring - VIOS View Network / Disk Mapping / Utilization
51
Power System Monitoring: Sample Heat Chart / CPU Utilization
52
• AIX Editions Solution Component – Virtualization Edition• Apportion usage by account, department or organization
– Accountability and usage tracking ensures optimized usage byeach department
– Easily forecast growth by department to justify year-to-year budgetchanges
• Single hardware system metrics and reports• Data collectors
– AIX, Linux® and AIX Advanced Accounting –• Processor, server, LPAR, I/O, and VIO
– OS File System – allocated and used• Usability – Power System tailored:
– Administration Console– JobRunner GUI
• Reporting– Business Intelligence Reporting Tool Reports– Reports will be provided, with aggregation by
userid within a given server
– “Pre-Defined” Accounting Schema– Export to spreadsheet, comma delimited, and CSB
IT Expenses by AccountIT Expenses by Account
Usage IBM Usage & Accounting Manager
53
Example of Resource Usage Trend report over a period of time
Available for AIX, AIX Advance Accounting, Linux
Power System Usage Trend Sample Reports
AIX
Innovative features for virtualization, security, continuous availability, and systems management
Mainframe-inspired technologies
Strong future roadmap and IBM commitment
Thank YouThank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
Hebrew
English
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Hindi
Tamil Korean
Thai
TesekkurlerTurkish
23 February 2009 57