AIX 6 Preview

    IBM System p

    2007 IBM Corporation

    This document is for IBM and IBM Business Partner education only. It is not for client distribution.

    AIX 6 Preview

    Satya Sharma

    Distinguished Engineer IBM Systems and Technology Group

    I n t r o d u c i n g A I X 6

    T h e N e x t S t e p i n t h e

    E v o l u t i o n o f U N I X

    ys em p

    2007 IBM Corporation


    NearContinuous Availability



    AIX 6: The Next Step in the Evolution of UNIX *

    *All statements regarding IBM's future direction and intent are subjectto change or withdrawal without notice, and represent goals and objectives only.

    IX 6 Preview

    Jay Kruemcke

    AIX Program Director IBM UNIX Marketing

    I n t r o d u c i n g A I X 6

    T h e N e x t S t e p i n t h e

    E v o l u t i o n o f U N I X

    ys em p

    2007 IBM Corporation

    AIX 6 is binary compatible* with AIX 5LIt is namedto reflect it's unity with POWER 6

    The P O W E R of SIX AIX 6 and POWER6

    Workload Partitions Live Application Mobility

    Live Partition Mobility

    Storage Keys

    Hardware Decimal Floating-Point

    Dynamic Variable Page Size

    IBM System p Innovation and

    Advanced POWER Virtualization

    Provide Unique Features for ISV and

    Customer Exploitation

    AIX 6

    POWER 6

    Introducing AIX 6

    *Complete details on AIX binary compatibility can be found at
    ys em p

    Planned Smooth Upgrade to AIX 6

    AIX 6 is binary compatible with AIX 5LCurrent applications will continue to run

    Runs on POWER4, POWER5, POWER6


    Open beta will provide early access to AIX 6

    Other activities planned to assure ISVs

    No charge upgrade for current AIX 5L clients with SWMANo additional out of pocket expense for clients

    Upgrade processTools like alt disk installation and multi-bos minimize client risk

    ys em p

    2007 IBM Corporation



    VirtualizationWorkload PartitionsApplication Mobility

    Workload Partitions Manager

    LPAR Enhancements

    AIX 6: The Next Step in the Evolution of UNIX

    NearContinuous Availability

    ys em p

    2007 IBM Corporation


    Application A OLTP

    Application B (Lower Priority)

    Application C (Lower Priority)

    drive higher system utilization

    rapidly respond to changing needs

    while providing a high degree of isolation


    PARs and Micropartitions Increase Server Efficiency

    xcellent server partitioning for server consolidation and flexible resource management

    and . . .

    Application A (Highest Priority)

    Application B (Lower Priority)

    Application C (Lower Priority)


    - automatically

    - for less

    - and, with fewer headaches

    ys em p

    Planned AIX Workload Partitions

    Software partitioned system capacity

    Each Workload Partition obtains a regulated shareof system resources

    Each Workload Partition can have unique network,filesystems and security

    Two types of Workload Partitions System Partitions

    Application Partitions

    Separate administrative control

    Each System Workload partition is a separateadministrative and security domain

    Shared system resources

    Operating System, I/O, Processor, Memory









    AIX instance




    . . . Workload Partitions provide even more capabilityproved administrative efficiency by reducing the number of AIX images to maintain

    ys em p

    AIX Workload Partitions can be Used in LPARs





    Micropartition Processor PoolDedicatedProcessor




    POWER Hypervisor

    WPAR #1Bus Dev

    WPAR #1


    WPAR #2


    WPAR #1


    WPAR #2


    WPAR #3Billing

    ys em p

    Planned IBM System p Flexible Resource Managemen

    AIX Workload Partitions Complement System p Logical Partitions

    Workload Isolation




    MicropartitionsAIX V5.3 on POWER5 or later


    AIX 6 on POWER4or later

    AIX WorkloadManager

    AIX V4.3.3 on POWER3or later

    ys em p

    orkload Partitions provide Simplified System Management

    One button install and configuration

    Installs in minutes

    Highly configurable and flexible

    Command line, SMIT interface, or template

    One button startup/boot Workload Partition boots in seconds

    One button stop/shutdown

    ys em p

    ys em p

    Workload Partitions Manager

    Management of WPARS across multiple systems

    Lifecycle operations

    Single Console for:

    Graphical Interface Create & Remove

    Start & stop

    Checkpoint & Restart

    Monitoring & Reporting

    Manual Relocation

    Automated Relocation

    Policy driven change

    Infrastructure Optimization

    Load Balancing

    WPAR Agent

    Global Level

    System/Application WPARs

    WPAR Agent

    Global Level

    System/Application WPARs

    WPAR Agent

    Global Level

    System/Application WPARs




    Web Service


    ys em p

    ys em p

    AIX # 2


    Data Mining

    Planned AIX Live Application Mobility


    App Server



    AIX # 1



    Move a running Workload Partition from one server to anotherfor outage avoidance and multi-system workload balancing


    Works on any hardware supported by AIX 6, including POWER5




    ys em p

    ys em p

    Two Planned WPAR AIX Offerings in 2007

    AIX 6 Workload Partitions (WPAR) included in base AIX 6

    Element (single system) WPAR Management

    Workload Partitions Manager Enablement for Live Application Mobility

    Cross System Management for Workload Partitions

    Automated, Policy-based Application Mobility

    Part of the IBM System Director Family WPARManager

    *All statements regarding IBM's future direction and intent are subjectto change or withdrawal without notice, and represent goals and objectives only.

    ys em p

    ys em p

    What About SUN Containers?

    -+System commands are WPAR / container ready*

    -+WPAR Resource isolation thread, process, paging*

    ==WPAR Processor regulation based on Fair Share*

    -+WPAR Processor regulation based on Percentage*

    ==WPAR Resource isolation memory and processor*

    -+Policy based relocation of WPAR / container*-+Multi-system management of WPAR / container* ==

    Single system management of WPAR / container*

    -+Application WPAR / container*==System WPAR / container*-+Live relocation of a WPAR / container*-+Live relocation of a LPAR to another system*-+LPAR available across entire product line-+Highest isolation with Logical Partitions

    SUN SolarisSystem p AIXCapability


    ys em p

    ys em p

    Server Consolidation Pain Points

    Workload PartitionsClient needs to consolidate multiple workloads on asingle system for highest efficiency and minimize thenumber of AIX operating systems to manage

    Application Mobility

    Partition Mobility

    Partition Mobility or

    Application Mobility


    Micropartitions orWorkload Partitions


    Planned AIX Technology

    Client needs automatic, policy based relocation of

    workloads between systems

    Client needs to balance workloads by relocatingworkloads between systems with minimum delay

    Client needs to balance workloads by relocating

    workloads between systems

    Client needs to consolidate multiple workloads on asingle system for highest efficiency and maximize theflexibility to support different environments

    Client needs to consolidate multiple workloads on asingle system for highest efficiency

    Client workload requires the maximum amount ofisolation between workloads on a single server

    Pain point

    ys em p

    ys em p

    NearContinuous Availability

    SecurityRole Based Access Control

    Trusted AIXEncrypting Filesystem

    Secure by Default

    VirtualizationWorkload PartitionsApplication Mobility

    Workload Partitions Manager

    LPAR Enhancements

    AIX 6: The Next Step in the Evolution of UNIX

    ys em p

    y p

    AIX Planned Enterprise Security

    Role Based Access Control

    Trusted AIX

    Encrypting Filesystem

    Secure by Default

    Trusted Execution

    Filesystem Access Tool for SUID

    AIX Security Expert Enhancements

    Planned CAPP/RBACPP/LSPP/EAL4+ Certifications

    ys em p

    y p

    Planned Role Based Access Control

    Improved Administrative Security Improved security by reducing the need for many root users

    Reduced administration cost thought delegation Users Roles







    Privilege XPrivilege YPrivilege Z

    System LevelOperations


    Improved Program Security Allows programs to do system level operations without running as

    root or having setuid root capability

    Only allow program to perform restricted set of needed operations



    create create boot imageHalt halt the systemInfo display boot informationReboot reboot the systemShutdown shutdown the system

    auth = aix.system.boot.create

    ys em p

    AIX Security Expert Enhancements

    Single control point for over 300 AIX security settings

    Security settings can be exported and used by multiple systems via LDAP

    Security Hardening focus areasPassword Administration

    Login Policy

    Remove SUID

    Network Tuning

    IP Security (firewall) port scans





    irst included with AIX 5.3 Technology Level 5 in August 2006

    ys em p

    Encrypted File System

    Backup in encrypted or clear formats

    Can be protected from root access to encrypted data

    Integrated into user and group administration

    Automatic key store creation on user creation

    Key store open on login, integrated into AIX security

    Loadable Authentication Module

    Each file encrypted with unique key

    No keys stored in clear in kernel memory

    Key stores in PKCS12 format.

    AES, and RSA CryptographyAlways encrypted on disk

    Data in clear in memory.





    Crypto Lib

    User and GroupKey Stores

    Crypto Kernext

    Kernel ucred openkey store

    Login Authentication Module

    Key Store

    Mgt Cmds

    BOS Cmds


    Cp, mv, crfs, etc

    ys em p

    Security Pain Points

    Role Based Access Control orTivoli Access Manager for OS

    Client needs to securely delegate administrativeduties to non-root users across multipleheterogeneous systems

    Encrypting JFS2 FilesystemClients data needs maximum protection, includingprotection from stolen backup copies or root usercompromise.

    Secure by Default

    Filesystem Permissions tool andRole Based Access Control

    AIX Security Expert

    Trusted AIX

    Role Based Access Control orTivoli Access Manager for OS

    Planned AIX Technology

    Client needs to set up a server outside the DMZ

    Client is concerned about SUID programs.

    Client needs provide consistent security across theirentire landscape of AIX systems.

    Client workload requires the highest level ofmultilevel security including particularly for sensitivegovernment or financial applications

    Client needs to securely delegate administrativeduties to non-root users

    Pain point

    ys em p

    SecurityRole Based Access Control

    Trusted AIXEncrypting Filesystem

    Secure by Default

    VirtualizationWorkload PartitionsApplication Mobility

    Workload Partitions Manager

    LPAR Enhancements

    AIX 6: The Next Step in the Evolution of UNIX

    NearContinuous Availability

    Concurrent AIX UpdatesKernel Storage Keys

    Dynamic Tracing

    ys em p

    UNIX Reliability, Availability and ServiceabilityThe Number One Client Requirement


    PlannedAIX - 2007

    AIX - 2006

    AIX 2005





    AIX Functionality

    Kernel Storage KeysConcurrent AIX updatesCross System Workload Mobility

    Dynamic Tracing with probevue

    Functional Recovery Routines

    Component TraceMemory Overlay ProtectionParallel Dump

    Lightweight Malloc debug

    Lightweight Memory TraceConsistency CheckersComponent RAS infrastructure

    AIX errorlogSubsystem Resource Controller

    ys em p

    Planned Live Partition Mobility with POWER6

    Allows migration of a running LPAR to another physical server Reduce impact of planned outages Relocate workloads to enable growth Provision new technology with no disruption to service

    Save energy by moving workloads off underutilized servers

    Movement to

    a different

    server with

    no loss of


    V i r t u a l i z e d S A N a n d N e t w o r k I n f r a s t r u c t u r e

    V i r t u a l i z e d S A N a n d N e t w o r k I n f r a s t r u c t u r e

    ys em p

    AIX Planned Concurrent Maintenance

    Kernel Space

    User Space

    Interim Fix

    Concurrent updatevmmove() patch





    Non-disruptive fixes to executable code in a running AIX kernel

    Base AIX Kernel (/unix), kernel extension, or device driver

    No downtime (reboot) required to apply fix and make it active

    Concurrent updates will be packaged as Interim Fixes

    ix selected AIX kernel problems without a service outage


    ys em p

    WS DB2



    JFS2 LVM VMM . . . SCSI ENT FC . . . PPath Artic VxFS . . .

    ApplicationAddress Space

    AIX Drivers Third Party DriversAIX Kernel

    UNIX Kernel Address Space

    AIX Planned Storage Keys

    In current UNIX implementations, any kernel routine can overwrite any kernel memor Memory overlay can cause subtle, intermittent problems

    ys em p

    WS DB2



    JFS2 LVM VMM . . . SCSI ENT FC . . . PPath Artic VxFS . . .

    ApplicationAddress Space

    AIX Drivers Third Party DriversAIX Kernel

    UNIX Kernel Address Space

    AIX Planned Storage Keys

    POWER6 Storage Keys will isolate data and protect against corruption Enabled through POWER6 H/W & provides isolation between subsystems or subsystems classes

    Initially provide eight keys w/POWER6 More keys brings finer-grain isolation and better protection

    Extensible to applications to protect against corruption within the application AIX will provide enablement to allow applications to exploit keys

    Application keys with AIX V5.3 - Kernel key exploitation with AIX 6




    WS DB2



    JFS2 LVM VMM . . . SCSI ENT FC . . . PPath Artic VxFS . . .

    ApplicationAddress Space

    AIX Drivers Third Party DriversAIX Kernel

    AIX Kernel Address Space

    In current UNIX implementations, any kernel routine can overwrite any kernel memor Memory overlay can cause subtle, intermittent problems

    ys em p

    Planned Dynamic Tracing With probevue

    Trace existing programs without recompiling

    Dynamic placement of trace probes

    For debugging and performance analysis

    AIX system calls, application functions, andapplication calls to library functions traceable

    Dynamic tracing language called Vue

    Initial support for C programs

    #!/usr/bin/probevue/* countreads.v */



    printf(Number of reads = %d\n, count);

    count = 0;}

    # countreads.v 404Number of reads = 22Number of reads = 0Number of reads = 1Number of reads = 17..


    User Kernel

    Probe Location

    User Process CodeSome thread

    hits probe point(1)

    Branches to probecode (2)


    (3)Returns toprobe point




    Trace Consumer

    Trace Fileor

    Trace Output

    Trace Buffers

    E-code V u e p r o b e c o d e e x a m p l e

    ys em p

    ManageabilitySystem Director for AIXWPAR manageability

    Integrated Filesystem SnapshotGraphical Install

    NearContinuous Availability

    Concurrent AIX UpdatesKernel Memory Protection keys

    Dynamic Tracing

    SecurityRole Based Access Control

    Trusted AIXEncrypting Filesystem

    Secure by Default

    VirtualizationWorkload PartitionsApplication Mobility

    Workload Partitions Manager

    LPAR Enhancements

    AIX 6: The Next Step in the Evolution of UNIX

    ys em p

    Planned AIX Enhanced Manageability

    Systems Director Console for AIX

    WPAR Management

    Integrated Filesystem Snapshot

    IBM Director enablement

    Tivoli Integration

    ys em p

    Planned Systems Director Console for AIX

    Included with AIX

    Web access to SMITFast performanceIntegrated with IBM Systems Director

    Included with AIXWeb access to SMITFast performanceIntegrated with IBM Systems Director

    ys em p

    Manageability Pain Points

    Integrated Filesystem SnapshotClient is concerned about backing up a filesystembefore taking a routine administrative action


    Workload Partitions Manager

    SMIT, command line orWorkload Partitions Manager

    Graphical Installation

    System Director Console for AIX

    Planned AIX Technology

    Client wants to manage multiple, heterogeneoussystems

    Client needs to create and manage WPARs acrossmultiple systems

    Client needs to create and manage WPARs on asingle system

    Client is new to AIX and doing an install for the firsttime

    Client needs to administer AIX remotely

    Pain point

    ys em p

    Hardware Platform Support

    ys em p

    Planned POWER6 Support

    3Q07 support POWER6 by AIX 5L V5.2 and V5.3

    Technology Level 6 for AIX 5L V5.3

    Technology Level 10 for AIX 5L V5.2 (this is the last planned update for AIX V5.2)

    POWER6 is Binary Compatible* with previous POWER processors

    Exploitation of some features ofPOWER6 will require AIX 6

    Kernel Storage Keys

    Dynamic, variable page size

    But many features of POWER6will be supported by AIX 5L V5.3

    Live Partition Mobility Shared Dedicated processor

    Hardware Decimal Floating-Point

    Application Storage Keys

    POWER6*Complete details on AIX binary compatibility can be found at

    ys em p

    AIX H d S
    AIX 6 Hardware Support

    Systems based on POWER4, PPC970, Power5 and Power6 processors willbe supported

    32- and 64-bit applications will continue to run unchanged on AIX 6

    64-bit Kernel only

    *Complete details on AIX binary compatibility can be found at

    ys em p

    Pl d AIX B t P
    Planned AIX Beta Programs




    Distribution method

    Number of participants


    Questionnaire, Support


    Beta Support team

    Feedback on functionality

    Physical Media


    Select customers & ISVs

    Web feedback only

    Self help via forum

    Mind share

    Web download only


    Open to all

    AIX BetaTraditional

    AIXOpen Beta

    First ever Open Beta for an AIX release

    First ever Open Beta for an AIX release

    ys em p

    AIX Pl d O B t P

    AIX Planned Open Beta Program

    Open Beta Overview Open to everyone

    Planned availability Early 3rd

    quarter 2007

    Simple Click to accept license

    Not for production use

    Limited support Q&A and Self Help via forum

    AIX Developers will monitor forum Web download only no physical media distribution Image will be delivered as multiple ISO CD images Documentation: Quick Start Guide and early pubs No translation English only

    Open Beta Overview Open to everyone

    Planned availability Early 3rd quarter 2007 Simple Click to accept license

    Not for production use

    Limited support Q&A and Self Help via forum AIX Developers will monitor forum Web download only no physical media distribution

    Image will be delivered as multiple ISO CD images

    Documentation: Quick Start Guide and early pubs

    No translation English only

    Focus Areas Workload Partitions WPAR Manager Application Mobility Role Based Access Control AIX Security Expert probevuedynamic trace

    Director for AIX management Host Name Caching

    ys em p

    S l t Pl d AIX f t V l d S t F

    Select Planned AIX features: Value and Segment Focus

    All. Finance and Governmentfocus.

    Improved security. Data protection againstaccidental or malicious disclosure

    Encrypting Filesystem

    All. Enterprise focusImproved reliability through outage avoidance.Improved TCO through greater server utilization

    Application Mobility

    AllImproved TCO through administrative efficiencySystem Director for AIX

    Improved reliability. Quicker resolution toperformance and software bugs

    Improved reliability through reduced memoryoverlay outages

    Improved reliability by eliminating outage forcritical fixes.

    High degree of security. Required for some

    Government environments

    Improved security. Reduced securityadministration costs through reducedcomplexity. Greater administrative efficiencythrough delegation

    Lower TCO though improved efficiency throughserver consolidation.


    All. ISV focusprobevuedynamic tracing

    All. Enterprise focus,Memory Protection keys

    AllConcurrent AIX updates

    Government security agencies,

    some Finance

    Trusted AIX

    All. Finance and Governmentfocus.

    Role Based Access Control

    All.Workload Partitions

    Focus SegmentFeature

    ys em p


    AIX planned enhancements will provide a tremendous step forwardfor our clients

    Workload Partitions



    Mainframe-inspired Continuous Availability


    While providing binary compatibility* with previous releases

    AIX fully exploits the new capabilities of POWER6

    While providing exciting new capabilities for clients using POWER5

    Opens opportunities for new clients and new workloads

    Extreme server consolidation. Maximum security computing.

    *Complete details on AIX binary compatibility can be found at

    ys em p

    Innovative features for virtualization,security, continuous availability, andsystems management

    Mainframe-inspired technologies

    Strong future roadmap and IBM commitment

    ys em p

    Notes to Presenter

