|
Scalability and Capacity
- AIX 5.1 provides a scalable, 64-bit kernel capable of supporting
increased system resources and much larger application workloads on
64-bit hardware. In addition, the 64-bit kernel offers scalable kernel
extension interfaces, allowing kernel extensions and device drivers to
make full use of the kernel's system resources and capabilities.
- AIX 5.1 provides a more scalable application binary interface (ABI)
for 64-bit applications. This scalability is provided by changing the
sizes of some fundamental data types for 64-bit applications, and will
allow these applications to take advantage of the expanded capabilities
of the 64-bit kernel.
- Workload Manager has been enhanced to provide functions to manage
subsets of workload and control subsets of total system resources.
Additional features include disk I/O bandwidth, application tag API, more
application isolation and control, a fully dynamic configuration
permitting changes while running, and an accounting subsystem performing
resource usage accounting per WLM class.
- JFS2 is a new file system type providing the capability to store 1
Terabyte files. It is the default file system for the 64-bit kernel.
Further information on the AIX 5.1 64-bit kernel is available from IBM
at:
http://www.ibm.com/servers/aix/library
Networking Technology and Performance
- Multi-path routing is added to allow users the ability to specify
multiple routes to a destination.
- Offers system administrators the option of either configuring
multiple routes for load balancing or setting up alternative paths to
direct network traffic when the best route can no longer perform its
tasks
- Allows a system administrator to define multiple default gateways
- A set of APIs provided by Fast Response Cache Architecture (FRCA)
enable e-business applications to cache data such as Web content in the
Network Buffer Cache (NBC), significantly reducing the path length and
increasing the performance of the application.
- The Virtual IP Address (VIPA) function allows system administrators
to define a virtual IP address for a host and, from a TCP connection
standpoint, decouple the IP address associated with physical interfaces.
- Dynamic Feedback Protocol (DFP) is a way to provide load statistics
to a load manager so that load can be balanced by sending future
connections to available servers.
- Sendmail Version 8.11 improves performance by having multiple queues,
memory-buffered pseudo-files, and more control over resolver time-outs.
- TCP/IP performance over congested networks is improved through
increased initial windows, explicit congestion notification, and limited
transmit mechanism functions, which are configurable by a system
administrator.
- TCP splicing helps push the data-relaying function of a proxy
application (from server-side socket to the client-side socket or vice
versa) into the kernel.
- Network Interface Takeover is a new option allowing the configuration
of multiple adapters, including IBM 10/100 Mbps Ethernet PCI adapter,
Gigabit Ethernet-SX PCI adapter, and 10/100/1000 Base-T Ethernet PCI
adapter, allowing one or more to be designated as a backup.
- New libpcap APIs help enhance the robustness and ease of use in
gathering network traffic data to improve problem determination for
network applications.
- Token Ring emulation support for the AIX Multiple-protocol over ATM
(MPOA) provides improved management and performance of an ATM LAN
Emulation network by combining multiple edge routers into a single router
image.
- MPOA IP packet fragmentation support in AIX provides for cases where
there is a heterogeneous network environment with varying Maximum
Transmit Units (MTUs) and/or where there are network configurations where
normal MTU Path Discovery is not available.
- Enhancements to the ATM LANE and MPOA statistics and trace tools are
included to gain better serviceability of these products in the field.
- Virtual LAN (VLAN) provides the ability to create virtual LANs across
multiple physical LANs or segment and/or divide physical LAN segments
into virtual LANs.
- AIX 5.1 adds Gigabit support to Cisco's EtherChannel technology which
builds upon 802.3 Fast Ethernet and standard Ethernet. This enhancement
allows the aggregation of up to four Gigabit Ethernet ports.
Reliability, Availability, and Serviceability (RAS)
- A SMIT-configurable mechanism can be used to detect system hangs and
initiate pre-configured action.
- Enhancements made to error logging include detection of consecutive
duplicate errors, which is intended to help prevent the error log from
being overloaded.
- An automatic dump analysis tool enables accelerated customer support
with reduced interaction time.
- A new error log retrieval API can be used to retrieve error log data
faster, as compared to the errpt raw mode.
- System dump capability has been improved via compression and dump
size estimation to ensure that large system dumps are consistent and
reliable for easy problem determination.
- New capability is available to generate a core file for an
application without requiring application termination. This helps
increase the application availability and serviceability.
System and Networking Security
- System Security
- Network Security
- Support of API PKCS#11 Version 2.01
- Enhancement of the Internet Key Exchange protocol, providing Virtual
Private Networking (VPN) support to enable the use of Certificate
Revocation Lists (CRL) when authenticating remote users or devices.
- Name resolver routines, which include resolving host names through a
Lightweight Directory Access Protocol (LDAP) server.
Interoperability
- Enhancements to increase affinity with Linux
A set of Linux-compatible routines has been added to AIX 5.1 so that
Linux applications using these routines do not have to supply their own
libraries.
- AIX Toolbox for Linux Applications, delivered on a supplemental CD,
which contains a collection of open source and GNU software built for AIX
and packaged in RPM format
These tools provide the basis of a development environment for many
Linux application developers. The AIX Toolbox for Linux Applications is
not supported by IBM and is provided by IBM "AS IS", under the terms of
the licenses on the AIX Toolbox CD or Web site.
- AIX Fast Connect Version 3.1.0 available as a licensed program
providing file and print services for Windows and OS/2 clients on AIX
5.1.
Base Operating System
- NFS statd multithreading can be implemented as a daemon that runs on
all NFS configured machines, providing a simple protocol allowing
applications to easily monitor the status of other machines.
- Active paging spaces can be deactivated without rebooting when
changing configurations, moving paging space to another drive, or
dividing paging space up between drives.
- An optional buckets-based extension of the default memory allocator
helps improve performance for applications that issue large numbers of
small allocation requests.
- The UNIX System V file spooling subsystem is available as an option,
which can be configured by an administrator.
- System V Packaging Commands are available for customers to create and
install a package in the System V format.
- AutoFS is enhanced to support the multi-threaded automounted daemon.
- The /proc file system provides access to the state of each process
and thread in the system.
- The number of concurrent groups per process has been increased from
32 to 64.
- The argument list limit has been increased from 24 K to 512 K.
Storage
- AIX 5.1 includes the implementation of the Data Management
Application Programming (DMAPI) as defined in the Open Group's Data
Storage Management (XDSM) API specification.
- Volume group logical track group size can be specified at volume
group creation time and can be changed to different sizes including 128
K, 256 K, 512 K and 1024 K.
- The mirror write consistency (MWC) helps ensure data consistency on
logical volumes in the event of a system crash during mirrored writes.
In addition to the existing Active MWC, AIX 5.1 also supports the Passive
MWC, resulting in better random write performance on mirrored logical
volumes when compared to the Active MWC.
- Logical Volume Manager now has the option to provide hot spare disks
within a volume group and automatically synchronize stale partitions to
increase availability of mirrored data.
- The Logical Volume Manager provides an ability to move physical
partitions to any member disk of the volume group.
Development and Performance Tools
System Management
- Reliable Scalable Cluster Technology (RSCT) provides the capability
for an administrator to monitor system resources, including filesystems,
programs, processors, adapters, and kernel information. These resources
can be monitored around the clock and automatic responses run if resource
values reach certain levels or thresholds.
- Web-based System Manager
- Presents a significant advance over previous releases by providing a
new management console capable of managing multiple hosts
- Allows applications to be accessed either locally or remotely without
a Web-browser on AIX 5.1 graphical workstations
- Adds capability to run a Windows-PC client natively
- A set of Web-based System Manager plug-ins
- Accessibility enhancement to make Web-based System Manager easier to
use for all users.
- Additional ISO8859-15 locales on the code set so that certain
countries that are not part of the European Monetary Union (EMU) can
still conduct business with EMU countries
- Hindi character enablement permits entering, viewing, and printing.
- Additional locales
- Enhancements to the Input Method Editor for the GBK locale
- Korean 103 keyboard support
Graphics Enhancements
OpenGL on POWER GXT4000P and GXT6000P graphics adapters will now
support 64-bit direct window access (DWA). This is intended to boost
performance for 64-bit OpenGL applications by allowing them to render
using the OpenGL protocol directly, rather than going through the Xserver
and GLX Extension.
New System Support
- IBM eServer pSeries 620 Model 6F1 Server
- IBM eServer pSeries 660 Model 6H1 Server
AIX 5.1 has been enhanced to provide support for up to 32-way SMP
scalability and 256 GB memory.
New I/O Support
- IBM POWER GXT4000P Entry, 3D 64-Bit PCI Graphics Accelerator
- IBM POWER GXT6000P Mid-Range, 3D 64-Bit PCI Graphics Accelerator with
onboard geometry engine
- 4.7 GB SCSI-2 DVD-RAM Drive, including mksysb function
Tivoli-Ready
In support of developing systems management standards, Tivoli
Management Agent is installed from the base operating system, making AIX
Tivoli-ready.
Additional Product Information
Scalability and Capacity
64-bit Kernel
In addition to providing a 32-bit kernel, AIX 5.1 offers a scalable,
64-bit kernel capable of supporting increased system resources and much
larger application workloads on 64-bit hardware. The 64-bit kernel
offers scalable kernel extension interfaces, allowing kernel extensions
and device drivers to make full use of the kernel's system resources and
capabilities.
The expanded capabilities of the 64-bit kernel improve the ability to
run an expanding application workload on a single system. This ability
is important for a number of reasons.
- First, data sharing and I/O device sharing are simplified if multiple
applications can be run on the same system.
- Second, using more powerful systems will reduce the number of systems
needed by an organization, reducing the cost and complexity of system
administration.
Server consolidation and workload scalability will continue to require
higher capacity hardware systems that support more memory and additional
I/O devices. The 64-bit kernel is designed to support these requirements
for years to come.
Kernel extensions and device drivers must be compiled in 64-bit mode
to be loaded into the 64-bit kernel. The 64-bit kernel, combined with
header files and libraries, provides the environment for porting and
developing kernel extensions.
64-bit Application Scalability
AIX 5.1 provides a scalable application binary interface (ABI) for
64-bit applications. This scalability:
- Is provided by changing the sizes of some fundamental data types for
64-bit applications
- Will allow these applications to take advantage of the expanded
capabilities of the 64-bit kernel
The scalable 64-bit ABI is supported by the 32-bit kernel and the
64-bit kernel.
For example, the 64-bit kernel is designed to support file sizes
larger than 1 terabyte. By using the scalable 64-bit ABI, 64-bit
applications will be able to use existing interfaces to process these
large files. To take advantage of the scalability improvements to 64-bit
programs, all 64-bit programs and libraries must be recompiled for AIX
5.1. In addition, existing 32-bit kernel extensions and device drivers
used by 64-bit applications may have to be modified in order to support
the new 64-bit ABI.
Workload Manager Enhancements
Workload Manager is enhanced to:
- Provide the continuation of those functions required to manage
subsets of workload
- Control subsets of total system resources
- Add more sophistication to the externals for categorization of work
in the system and for the specification of policy
- Use an alternative approach to divide up system resources and
schedule a portion of the installation's total workload against a subset
of the system resources
Additional capabilities which, Workload Manager offers are:
These capabilities can be easily managed through Web-based System
Manager, SMIT, shell scripts, or command line interfaces. Monitoring is
available using the new wlmmon and wlmperf tools.
Very Large Program Support
AIX 5.1 offers new flexibility for 32-bit "maxdata" programs by
allowing the segments of the data heap (up to 8 256 MB segments) to be
created dynamically.
The large program support previously available did not allow data heap
segments to be used for any other purpose, even if the data heap never
grew large enough to use all the reserved segments.
The Very Large Program Support will allow the data heap segments to be
created dynamically. Until a segment is needed for the data heap, it may
be used by shmat and mmap.
In addition, when Very Large Program Support is enabled for an
application, segments allocated by shmat and mmap are allocated in
descending order instead of ascending order.
Very Large File Support
Cachefs is enhanced to work under the 64-bit kernel and will support
large file systems. It will handle files larger than 2 GB, although the
cache file does not have to be larger than 2 GB. As a result, data can
be accessed faster.
JFS2 Support
JFS2 is a new file system providing the capability to store much
larger files than the existing Journaled File System (JFS). It is the
default file system for the 64-bit kernel.
Customers have the choice of implementing JFS or taking advantage of
the additional 64-bit functionality of JFS2. The following table
provides a summary of the differences between JFS2 and JFS.
Functions JFS2 JFS
--------------------------- -------------------- --------------
Fragments/Block Size 512-4096 Block sizes 512-4096 Frags
Architectural Maximum 4 Petabytes 64 GBytes
File Size
Maximum File Size Tested 1 Terabyte 64 GBytes
Architectural Maximum File 4 Petabytes 1 Terabyte
System Size
Maximum File System Size 1 Terabyte 1 Terabyte
Number of Inodes Dynamic, limited Fixed, set at
by disk space file system creation
Directory Organization B-tree Linear
Network Technology and Performance
IP Multi-path Routing and Multiple Gateways with Dead Gateway
Detection
Multi-path routing is added to provide users the ability to specify
multiple routes to a destination.
- Allows system administrators to:
- Choose the option of either configuring multiple routes for load
balancing or setting up alternative paths to direct network traffic when
the best route can no longer perform its tasks
- Define multiple default gateways
- Increases network availability by:
- Detecting the failure of a "next-hop" gateway that is listed in its
route cache
- Routing data through alternative gateways that are specified
Web Serving Enhancements and Dynamic Content and Web Cache
Enhancements
A set of APIs provided by Fast Response Cache Architecture (FRCA)
enables e-business applications to cache data such as Web content in the
Network Buffer Cache (NBC).
Through these APIs, Web serving can be done in the kernel via FRCA and
NBC, significantly reducing the path length and increasing the
performance of e-business applications for net commerce. FRCA and NBC
are enhanced from managing static data to managing dynamically generated
data.
FRCA will support the Hypertext Transport Protocol (HTTP) Version 1.1,
a standard of IETF RFC, including the persistent connection aspect of
that protocol.
Dynamic Feedback Protocol (DFP) Support for Load Balancing
Dynamic Feedback Protocol (DFP) is a way to provide load statistics to
a load manager (Cisco LocalDirector) so that load elements can be
balanced by sending subsequent connections to servers that are more
available.
DFP helps improve server response in a Multi-node Load Balanced (MNLB)
environment.
TCP Explicit Congestion Notification (ECN)
Enhancements were made to improve performance of TCP/IP over congested
networks, especially, for Web serving. All of the following features are
configurable:
- Increased initial windows permit a larger initial window, especially
for short connections as described in RFC 2414. The larger window is
most noticeable on short connection transfers typical in the cellular
phone operation space.
- Explicit congestion notification provides benefits to high network
traffic conditions through proactive data packet management. If a router
detects congestion, and the explicit congestion notification feature is
enabled, the sending host is notified to undertake appropriate action to
reduce the data transmission rate.
- Limited transmit provides a mechanism for TCP to recover more quickly
when there is limited amount of data to send per connection.
TCP Splicing
TCP splicing helps push the data-relaying function of a proxy
application (from server side socket to the client side socket or vice
versa) into the kernel. Performance of proxy applications is improved by
reducing the pathway length through which data must travel.
Software products that are expected to take advantage of this function
include Network Dispatcher and, potentially, the Web Traffic Express
caching proxy server.
Virtual IP Address (VIPA)
This capability allows system administrator to define a virtual IP
address for a host and, from a TCP connection standpoint, decouple the IP
address associated with physical interfaces. As a result, user
connections should not be affected if some interfaces are lost.
Network Interface Takeover
This new feature allows the configuration of multiple adapters,
including IBM 10/100 Mbps Ethernet PCI adapter, Gigabit Ethernet-SX PCI
adapter, and 10/100/1000 Base-T Ethernet PCI adapters and allows one or
more to be designated as a backup. If any hardware failure (adapter or
cable) occurs, the next alternate adapter immediately takes over. This
gives has the appearance of "one network interface" to the user and
continues to keep network traffic moving with minimal delay.
Network interface takeover is an additional option to EtherChannel,
Cisco Systems Network Bandwidth Aggregation, and Load Balancing
technology, which:
- Builds upon standard and 802.3 Fast Ethernet
- Provides the functionality to aggregate multiple Ethernet interfaces
Sendmail Version 8.11
This new version of sendmail improves performance by having:
- Multiple queues
- Memory-buffered pseudo-files
- More control over resolver time-outs
Some of the other features include:
- Support for IPv6
- Berkeley DB (3.1.14)
- Message submission agents
- The capability to connect to servers running on named sockets
- Improvements for anti-spam control
- LDAP integration
- Virtual hosting support
- Addition of several new map classes
Libpcap APIs
This functionality helps enhance the robustness and ease-of-use in
gathering network traffic data to improve problem determination for
network applications.
The Packet Capture Library, libpcap, provides:
- A high-level user interface to the Berkeley Packet Filter (BPF).
- User-level subroutines that interface with the BPF to allow users
access for reading unprocessed network traffic and writing customized
applications that monitor and/or capture the network traffic that they
need or want to examine
Quality of Service (QoS)
This function is enhanced to allow system administrators the ability
to manage polices for the Quality of Service (QoS) Manager from the
command line.
- Policies can be added, removed, modified, and listed.
- Priority can be specified for a policy.
This is important when two or more overlapping policies are installed,
policies can then be enforced in order of highest priority.
AIX Multiple-protocol Over ATM (MPOA) -- Token Ring Support
Token Ring emulation support for (MPOA) provides improved management
and performance of an ATM LAN emulation network by combining multiple-
edge routers into a single router image.
- Device-specific configurations are minimized with auto-discovery and
device discovery protocol.
- Data paths are reduced from many hops between routers to a single hop
between end clients.
This support provides better interoperability between an ATM network
utilizing AIX MPOA support and Token Ring networks.
MPOA IP Fragmentation
MPOA IP packet fragmentation support provides for instances where
there is a heterogeneous network environment with varying Multiple
Transmit Units (MTUs).
This capability extends to circumstances where there are network
configurations and normal MTU path discovery is not available.
ATM LANE/MPOA RAS Enhancements
The following enhancements to the ATM LANE and MPOA statistics and
trace tools gain improved serviceability of installed products.
- Additional LAN Emulation Client (LEC) and Multiprotocol Client (MPC)
statistics
- A greater level trace granularity to allow more selective tracing
Virtual LAN (VLAN)
- Provides the ability to create virtual LANs across multiple physical
LANs or segment and/or divide physical LAN segments into virtual LANs.
- Supports the IEEE 802.1.Q standard and specifically implements the
multiple VLAN capability outlined in that standard for Ethernet
Gigabit EtherChannel Support
The Cisco System Network Bandwidth Aggregation and Load Balancing
technology, called EtherChannel, builds upon standard and 802.3 Fast
Ethernet to provide the functionality to aggregate a bandwidth of
multiple Ethernet interfaces.
AIX 5.1 adds Gigabit EtherChannel support, allowing the aggregation of
up to four Gigabit Ethernet ports and an increase of bandwidth
capabilities.
System Networking, Analysis, and Performance Pilot (SNAPP)
SNAPP provides a hand-held Personal Digital Assistant (PDA) menu-
driven interface for performing AIX administration tasks.
The primary purpose of SNAPP is to allow minimum IP address
configuration on a newly preinstalled system that does not have a monitor
or ASCII terminal and keyboard connected to it.
Once the AIX system is on the network, remote access can then be used
to further configure the system. Users can add new, customized
functionality to the SNAPP interface with minimal programming.
The SNAPP application consists of a server and a client.
- The server part of the application runs on the AIX system and is
automatically installed as part of the base AIX installation.
- The client part of the application runs on the hand-held PDA.
The client portion may be obtained from the /usr/samples/snapp
directory on an AIX system or it may be downloaded from the IBM
AlphaWorks Web site:
http://www.alphaworks.ibm.com
A README is included with the SNAPP client, which contains detailed
information about how to install and use the application.
Reliability, Availability, & Serviceability (RAS)
Recover from System Hangs
This shdaemon command function aids system administrators by providing
a SMIT-configurable mechanism to detect system hangs and initiate the
configured action. When a system hang occurs, one of the following
actions can take place:
- Error messages are displayed to notify system administrators (default
= off).
- Error messages are logged in the error report (default = off).
- A high priority login is created so that system administrator can
login and perform problem determination (default = on).
- Specific commands are executed according the configuration setup
(default = off).
- Systems are rebooted based on system configuration setup (default =
off).
System administrators can set up these actions with appropriate
priority and turn them on or off as needed.
An additional benefit of the tool is that it can be set with a
threshold low enough that when that level occurs, a log entry is
generated. The frequency of log entries can provide a measure of
saturation and resource utilization.
Error Log Scalability Enhancements and Error
Thresholding/Activity Counters
Enhancements are made to the error log to detect consecutive duplicate
errors and help prevent the error log from being overloaded.
These enhancements provide a mechanism to keep track of the number of
times an exactly identical error at the bit level occurs within a limited
time period. An entry will be added to the error log along with the
number of occurrences for this error.
Examples of this type of error include:
- Floppy drive not ready
- External drive off line
- Ethernet card unplugged
- Defective line
This function is automatically enabled.
Automatic Dump Analysis
This tool enables accelerated customer support with less customer
interaction time. The Automatic Dump Analysis tool is capable of
automatically examining a dump and pulling out (in text) relevant
information for forwarding to support entities as an e-mail attachment.
This will allow early diagnosis of dumps without having to send the
entire dump file.
Error Log Retrieval API for Diagnostics
As part of the error log analysis performed by diagnostics, the errpt
command with the -g flag is invoked to get raw data for each error log
entry. This data is parsed and then put into a data structure for use by
the calling application.
AIX 5.1 provides the calling application an application programming
interface (API) to get data directly from the error log. This new method
for obtaining data from applications is much faster when compared to the
errpt raw mode.
With this enhancement, error reports will contain both the error
report and the diagnostics analysis. Previously, the error report only
showed the error. A separate command was required to see the diagnostic
analysis.
With this change the error report will include diagnostic analysis for
errors that have been processed. This may include such errors as:
- Disk errors
- Network controller errors
- Other hardware errors
Diagnostic analysis will give an indication of whether the hardware
needs replacing or if the error may be safely ignored.
Dump Reliability Improvements
System dump capability has been improved to increase reliability.
These improvements will help ensure that system dumps are consistent
and reliable for easy problem determination.
As dumps approach 3 GB in an uncompressed state, situations arise
where dumps are incomplete or unavailable to technical support resources.
This improvement adds compression as soon as possible, and adds a cron
job to estimate dump size and send an error message recommending a larger
dump device when it is appropriate.
Because paging space is the default dump device, this enhancement
helps avoid the problem of insufficient paging space for dumps. The
"snap" command is modified to eliminate an additional copy of the dump
when it gathers files for its image. This reduces the space required to
take a snap image.
In addition, a new command, snapcore, is available to assist in the
problem determination of core dumps. This command can be used to
automatically package not only a core dump but also executable file(s)
and shared libraries, and send the complete package to technical support
personnel.
Generate Core Files Without Requiring Process Termination
AIX 5.1 provides a capability to generate a core file for an
application without requiring application termination. This capability
helps increase the application availability as well as serviceability.
Allowing the dd Command to Span Volumes
The dd command has been enhanced to allow the ability of writing data
to multiple tapes. This new feature prompts users to insert another tape
when the tape currently in the tape drive reaches its end.
ANSI Terminal
AIX 5.1 makes available an additional ANSI terminal. This addition
helps ease the work of system administrators.
Enhancements to Cron Job Logging
The cron command has been enhanced to provide a more detailed log
file, including logging tasks and processes with the crontab to launch
them. The cron command can even log the completion time and exit status
information.
New Coredump Naming
The coredump naming convention has been changed to keep as many
coredumps saved as systems allow. The coredumps will be named
"core.pid.time", where "pid" is the process id of the dump process, and
"time" is a timestamp in the form of "ddhhmmss".
Kernel Debugger (KDB) Enhancements
KDB improvements include the following options:
- Disable paging of long outputs
- Print threads and processes in a long format when the entire table is
printed
- Use command aliases
- Have multiple commands on a single line
- Use a command to display linked lists
AIX System and Networking Security
System Security
- Native Kerberos V5 KDC Server / Client Support
Network Authentication Service is the IBM implementation of the MIT
Kerberos V5 Release 1.1 Network Authentication Service. Network
Authentication Service negotiates authentication and optionally encrypted
communication between two points on the Internet or between components on
a system.
Services provided will include the Generic Security Service
Application Programming Interfaces (GSS-API) Version 2 and the key
distribution server, kadm5.
A system can be configured to use Network Authentication Service for
user password authentication, which will potentially make AIX 5.1
authentication interoperative with other systems that use the MIT
Kerberos V5 based authentication.
Services are provided to allow Kerberos to be configured as the
systems default authentication mechanism. When AIX 5.1 is configured to
use Kerberos as the default authentication mechanism, all services that
use the authentic routine to gain system access will then go to the
Kerberos server, key distribution center, to seek user authentication.
The users successfully logged in will have a Ticket Granting Ticket
(TGT). There will also be a service provided to migrate existing users
to Kerberos authenticated users.
- Trusted Computing Base
Trusted Computing Base allows maintaining an ongoing check on the
"intact-ness" of a deployed AIX operating environment and following an
initial installation or after applying an update. Installing AIX with,
or selection of, the 'Optional TCB for AIX 5.1' pre-install feature,
enables the use of the AIX 'tcbck' command for use in tracking the
'state' of system files.
The 'tcbck' executable can be run as an interactive command, or set up
as a 'cron' job, to run overnight to check the consistency of the AIX
system, as checked against the file definitions in the sysck database
(the /etc/security/sysck.cfg file.)
By specifying the ALL value to the command, all the files in the file
system tree will be checked. The Nameparameter can be used to give the
path names of individual files to be verified if users prefer to check
specific files.
The 'tcbck' command cannot repair the AIX deployment, but can point
out discrepancies in 'owner', 'group owner', mode bits, and checksum
information of the current 'state' of key AIX files.
For more information on tcbck command, visit:
- http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/
cmds/aixcmds5/tcbck.htm
- AIX LDAP Security Audit Plug-in
In addition to the Security Audit function that SecureWay Directory
provides, AIX 5.1 offers an AIX LDAP Security Audit Plug-in. This server
plug-in, located at /usr/ccs/lib/libsecldapaudit.a, is a parallel
auditing service to the IBM SecureWay Directory default audit plug-in.
The purpose of AIX LDAP Security Audit Plug-in is to provide auditing
service to the IBM SecureWay Directory server within the AIX audit
subsystem. The audit data is written into the AIX audit trails. With
the AIX auditing commands, you can:
- Turn on/off auditing of the server
- Select the LDAP operations for auditing
- Manipulate the audit trails with the AIX auditing commands
The AIX LDAP Security Audit Plug-in provides administrators, who are
familiar with the AIX system audit, a powerful tool to audit the IBM
SecureWay Directory server. The server auditing trails can be easily
combined with other AIX audit trails to help administrators to analyze
many events.
- Pluggable Authentication Mechanism
This feature is added to support the need for a native AIX
implementation of the X Single Sign-On(XSSO)/Pluggable Authentication
Mechanism (PAM). This stand-alone module library, libpam.a, is located
in /usr/lib directory.
The PAM specification defines an API to an XSSO Sign-on Service for
use by sign-on applications. The XSSO Service API is independent of the
specific authentication mechanisms used.
There are two distinct aspects to a Single Sign-on service:
- The Primary Sign-on operation in which a user signs onto the policy
domain as a whole
- The Secondary Sign-on operations in which a user signs onto a service
within the domain.
The principal objective of a Single Sign-on service is that Secondary
Sign-on operations can be transparent to the user.
- IBM SecureWay Directory Version 3.2.1
SecureWay Directory Version 3, is a 32-bit LDAP Version 3 function
that leverages the mission-critical enterprise strength of DB2 database
technology with the flexibility of the LDAP directory standard with the
following properties:
- Provides search capability; searches on individual attributes of the
objects
- Scales from the small to large networks by effectively distributing
directory data to multiple servers
- Automatically replicates data and supports replication to make your
information system more resistant to failure
- Provides extensible schema, which enables application developers and
administrators to extend the native directory schema set and implements
new and customized directory objects as needed
- Integrates with Domain Name Server (DNS) and uses DNS lookup
capability to locate the directory service information, for example,
server hostname, service port, and protocol used
Enhanced SecureWay Directory Version 3.2.1 supports the following
enhancements:
- Fine-grained Access Control
In addition to the current support of grant or deny access to a
specific directory object or an entire directory sub tree, enhancement
includes:
Ability to set Access Control Information (ACI) for a specific
attribute
Ability to allow/deny access to which subjects (using entryOwner) can
define the ACIs
Support IETF draft-ietf-ldapext-acl-model-04.txt for acl model
- Performance Enhancement
Add a true backup/restore directory content, including schema
definitions and server configuration, by using DB2 utilities to enhance
the performance of Backup/Restore. Existing import/export data to/from
LDIF format is still supported for heterogeneous directory
interoperability .
A new connection model has been implemented which enhances the
scalability with a pool of threads serving a large number of connections
(configurable). Performance is also enhanced by reducing connection time
as a list of active threads are maintained to service subsequent
connection requests.
Fast Server startup eliminates the first-time, slow-server startup
(after it is configured), through the use of the 'First Touch' mechanism
in such a way that the attribute table is not created until an entry is
added that uses that attribute.
- Event Notification Support supports the application notification of
directory events.
It can be used either for client caching functions or for any other
management applications that require a notification of directory event
unfold.
This is done by client registration to the directory event options
such as 'Add', 'Delete', 'Modify', and 'ModifyRDN', or any other
combinations. The Server will notify the client applications whenever an
event of interest is at or below the applications DN.
- Security Audit Support
Support of Directory Audit service improves the security of directory
server.
System administrators can use this log facility to examine any
suspicious pattern of activity in an attempt to detect a security
violation. With time stamp and BindDN recorded in the audit log, the
violator can be easily traced and detected.
Audit plug-in support allows any application to receive the audit data
and filter to incorporate with other audit information. This feature
allows the directory audit data to be a part of the centralized audit
facility where the enterprise application is based.
- Transaction Support
With LDAP extended support, a set of LDAP operations are performed as
a unit of work for commit or rollback.
This unit of work is committed to the database only when the
EndTransaction-Commit is returned or it is rolled to the prior operation
state. This transaction support is limited to a single connection to a
single LDAP server. A list of LDAP operations that forms a unit of work
should be limited to the moderation (less than 100) number.
- Kerberos V5 Support
Enhanced LDAP operation adds Kerberos V5 and additional authentication
mechanisms along with existing Secure Socket Layer (SSL) V3-based
authentication using x509v3 public key certificates
The Kerberos authentication option is used for not only user
authentication, but also used for the authentication option for Server
replication.
Kerberos-based authentication enables LDAP applications and AIX 5.1
users to participate in a single-signon environment within the Kerberos
realm. This enhancement will enforce network security by not
transporting the password on the wire.
Kerberos authentication is used for authenticated referrals. This
helps to secure/validate the LDAP referral operation by using
Kerberos-based authentication.
By using Kerberos cross-realm authentication support, the LDAP
application can establish a transient trust with already established
Kerberos authentication.
Network Security
- PKCS Support
AIX 5.1 offers an implementation of the cryptographic API PKCS#11
Version 2.01. PKCS#11 is a de facto industry standard for accessing
cryptographic hardware devices.
In addition, AIX 5.1 offers support for IBM 4758 Model 2 cryptographic
coprocessor under the operating system PKCS#11 shared object. The
PKCS#11 implementation is enhanced to utilize future IBM cryptographic
hardware devices through the same shared library.
Applications available to utilize PKCS#11 include the iPlanet server
suite. For additional information on PKCS11, refer to the RSA
Laboratories Web site at:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
- IP Key Encryption Security
The Internet Key Exchange protocol to provide Virtual Private
Networking (VPN) support is enhanced to enable the use of Certificate
Revocation Lists (CRL) when authenticating remote users or devices.
This is an improvement to scalability of VPNs through the use of
Digital Certificates for a large number of users. When CRLs are used,
digital certificates provide credentials for authentication, and
individual users may be revoked by specifying their certificate number to
the CRL.
This simplifies network management by allowing one policy to be
defined at the server level, and verifies that the certificate is valid
and not contained in the CRL. CRLs may be fetched through HTTP or LDAP
using socks4 or socks5 protocol.
The Web-based System Manager user interface for setting up tunnels has
been streamlined and simplified. A full-function wizard guides the user
through initial IKE tunnel definition. Policy information has been
reorganized to make IP Security tunnel configuration more intuitive and
require fewer steps.
Other IKE enhancements include the use of the commit bit to
synchronize the use of Security Associations, the definition of default
policies to simplify the configuration for networks using dynamic IP
addresses or DHCP.
System administrators can define a Virtual Private network by one
policy and a list of group members. They can also define default
policies to specify the security parameters that are to be used when the
addresses are dynamically assigned.
IKE support has also been extended to include IP Version 6 protocols.
The IP Security functions for AIX 5.1 now include the definition of
static filters for IP Versions 4 and 6, manually and dynamically defined
private tunnels using IP Security protocol over IP Version 4 and 6
networks.
IKE enhancements include VPN functionality enabling users to import
IKE tunnel configurations between Linux and AIX platforms. The
ikeconvert script will process a Linux configuration file into an XML
format suitable for loading into AIX.
User group definition in IKE databases is optimized through the use of
the new ikedb command. This command will take XML text as input to
create a group definition in the IKE databases. The group name can then
be used in a Key or Data Management tunnel definition.
Maintenance and ease-of-use in configuring IKE groups are enhanced
through the implementation of an IKE tunnel default policy. This policy,
when configured, permits a system default to be invoked in the absence of
a separate configuration.
- Directory-based Resolvers
Name resolver routines have been enhanced to include resolving
hostnames through an LDAP server. The ordering of name resolution
services can be specified in any of the following formats:
- /etc/netsvc.conf file
- /etc/irs.conf file
- NSORDER environment variable, for example, NSORDER=bind,ldap
Schema defines the rules for ordering data on a LDAP server. The
IBM-HostTable object class, the proposed schema, was accepted by the IBM
SecureWay Directory product.
A new command, hosts2ldif, was created to produce an LDIF (LDAP Data
Interchange Format) file from /etc/hosts. This LDIF file is used to
populate the hosts database on the LDAP server. The LDAP client uses
/etc/resolv.ldap to access the information from the LDAP server.
Interoperability
Enhancements to Increase Affinity with Linux
In conjunction with the AIX Toolbox for Linux Applications packaged on
separate media, new APIs are added to AIX so that Linux applications
using these routines do not have to supply their own libraries.
The goal is to have "compile and go" operability for Linux
applications. This does not extend to the kernel and device driver
layers.
AIX Toolbox for Linux Applications
The AIX Toolbox for Linux Applications provides the ability to build
and execute applications commonly found in Linux distributions. It
supports a wide variety of software, including:
- Application development tools
- Desktop environments
- System utilities
- Languages
- Graphics applications
- Text editors
- Shells
- Window managers
Featured software includes:
- RPM
- GNU tools
- GNOME
- KDE
- Samba
Other features:
- The AIX Toolbox for Linux Applications is a collection of open source
software commonly found with Linux distributions. There are over 160
different items available for installation.
These are packaged using the open source RPM package manager, which
reduces the time to produce a package for AIX since most open source
applications have already been packaged with RPM. Source RPMs are
available for customer use.
- The Toolbox applications will be installed under /opt/freeware
directory with symbolic links created where possible into standard
directory paths to make the software immediately available for use.
- If conflicts arise between identically named AIX and Toolbox commands
or libraries, the Toolbox will generate links under /usr/linux rather
than in the standard locations. Users can get Linux behavior for
commands such as make, awk, and sed by placing /usr/linux/bin ahead of
/usr/bin in their PATH.
- The AIX Toolbox for Linux Applications is packaged on separate media
and distributed as a convenience at no charge. It is also available from
the AIX Toolbox for Linux Applications Web site at:
http://www.ibm.com/servers/aix/products/aixos/linux/
Updates to the Web site are expected on a frequent basis.
- The AIX Toolbox for Linux Applications is not supported by IBM and is
provided "AS IS," under the terms and conditions of the license on the
AIX Toolbox CD or Web site.
Base Operating System
NFS Statd Multithreading
The status monitor provides a general framework for collecting network
status information. Implemented as a daemon that runs on all NFS
configured machines, the status monitor provides a simple protocol that
allows applications to easily monitor the status of other machines.
Deactivating Active Paging Spaces
This function provides new flexibility without rebooting after:
- Changing configurations
- Moving paging space to another drive
- Dividing paging space between drives
Until this release, allocated and activated paging space had to remain
active until the next re-boot. With this release, paging space can be
deactivated without rebooting by using the new "swapoff" command. A new
"shrinkps" command:
- Creates a new, temporary space
- Deactivates the original
- Changes the original to be smaller and reactivates it
- Deactivates the temporary space and returns it to logical volume
status
The use of a shell script reduces the possibility of an unbootable
state because users will not be allowed to run out of adequate paging
space. The script checks paging space actually in use and adds a buffer
for paging space warning threshold.
Malloc Enhancements
AIX 5.1 provides an optional buckets-based extension of the default
memory allocator (the malloc subsystem) that improves performance for
applications that issue large numbers of small allocation requests.
Each bucket consists of a block of memory that is subdivided into a
predetermined number of smaller allocatable blocks of uniform size.
Organizing allocatable memory in this fashion often provides faster
access for allocation requests falling within the range of sizes defined
by the buckets.
When this capability is enabled, allocation requests that fall within
a predefined range of block sizes are processed by Malloc Buckets. All
other requests (for example, those outside the defined range of sizes)
are processed in the usual manner by the default allocator. Up to 128
buckets are available per heap (refer to the Malloc Multiheap
documentation for details on this capability.)
Number of buckets, bucket sizing factor, and other configuration
values are specified via an environment variable prior to process
startup. More information on configuring the MALLOCTYPE and
MALLOCBUCKETS environment variables is available in the book "General
Programming Concepts: Writing and Debugging Programs."
SVR4 Printing Subsystem
AIX 5.1 provides the UNIX System V style file spooling subsystem and
makes it available as an administrator configurable option. Enabling
this option allows users who are more comfortable with System V printer
utilities to more easily use AIX 5.1.
System V Packaging Commands
System V Packaging Commands are available for customers to create and
install a package in the System V packaging format. These commands are:
- pkgmk: to create a package in System V packaging format
- pkgadd: to install a System V packaging format package
- pkgrm: to remove the package
- pkginfo: to display information about the package
- pkgtrans: translate package format to a datastream
- pkgparam: display package parameter values
- pkgask: store answers to a request script
Multithreaded AutoFS
AutoFS is enhanced to support the multi-threaded automountd daemon.
This allows automountd to provide more jobs than before.
In addition to fulfilling mount requests, the new automountd handles
requests such as:
- Lookup
- Unmount requests
- Autofs readdir
It is 64-bit enabled, which permits it to be run in either 32 or
64-bit kernel.
The /proc Filesystem
The /proc file system provides access to the state of each process and
thread in the system.
The file system is mounted over /proc. Standard system call
interfaces, such as open(), read(), write(), lseek(), are used to access
/proc files. Programs such a debuggers can use /proc to control a
process being debugged. /proc provides the ability to:
- Stop and start threads in a process
- Trace syscalls and signals
- Read and write virtual memory in a process
- Other capabilities
Increased Concurrent Group per Process Limit
The number of concurrent groups per process has been increased from 32
to 64. The concurrent group set is used to control access to files and
programs. Increasing this value allows users greater flexibility in
classifying and protecting system resources.
Administrators who require access to resources belonging to a large
number of groups will be able to access those resources without having to
change their concurrent group set.
Increased Argument List Limit
The argument list limit has been increased to 512 K from 24 K (24 K is
the traditional AIX limit and system default.)
Applications can specify the length of command line argument and the
length of the environment (stream length) list in bytes. Users will be
able to use the default or automatically specify an upper limit (512 K)
for their application.
Storage
DMAPI -- Data Management API
AIX 5.1 includes the implementation of the Data Management Application
Programming Interface (DMAPI), as defined in the Open Group's Data
Storage Management (XDSM) API specification.
DMAPI is a technology, which enables the development of relatively
portable data management applications, such as hierarchical storage
management (HSM), by providing the underlying JFS support and programming
interface for those applications. DMAPI is available on the 32-bit
kernel only.
LVM Scalability -- Variable LTG
The Logical Volume Manager (LVM) now has a constant max transfer size
of 128 K, which is known within LVM as the Logical Track Group (LTG).
Enhancements are provided to allow a Volume Group (VG) LTG size to be
specified at VG creation time and to change the LTG size of an existing
volume group.
Different LTG sizes of 128 K, 256 K, 512 K, and 1024 K are now
supported and verification for the sizes of 512 K and 1024 K are
underway. The different LTG sizes pend on the max transfer size of the
member disks of the volume group.
Logical Volume Manager (LVM) Mirror Write Consistency
Mirror Write Consistency (MWC) helps ensure data integrity on logical
volumes in the event of a system crash during mirrored writes.
The existing method achieves this by logging when a write operation
occurs. The LVM makes an update to a log (MWC log) that identifies what
areas of the disk are being updated prior to performing the write of the
data. This results in a performance degradation during random writes.
There are now two ways of handling MWC: Active and Passive. The
existing method is Active MWC and the new MWC is called "Passive".
The Active MWC method (existing MWC) is still supported and is the
default mode when a mirrored logical volume is created.
Passive MWC reduces the instance of having to update the MWC log on
the disk. This method logs that the logical volume has been opened but
does not log the writes. If the volume group is not deactivated before
reboot (crash), then the LVM starts a forced synchronization of the
entire logical volume when the system restarts. Data consistency exists
for reads that occur during the synchronization so that applications can
start using data as soon as the volume group is varied on.
The new Passive MWC method is intended to provide better random write
performance on mirrored logical volumes when compared to the Active MWC
method.
Hot Spare Disk Support in Volume Group
The Logical Volume Manager (LVM) previously shipped with AIX took no
action when partitions went stale or disks went missing other than
logging an error in the error log.
The new ability of LVM to optionally provide hot spare disks within a
volume group and automatically synchronize stale partitions helps to
increase the availability of mirrored data.
In addition, the Logical Volume Manager will attempt to reactivate a
missing disk. If the disk cannot be restarted, then its mirror copy will
be migrated to a hot spare disk if such disk with proper size exists.
Hot Spot Management in Logical Volume Group
LVM provides the ability to move physical partitions (smallest
possible data unit in a volume group) to any member disk of the volume
group. Sometimes it is necessary to migrate partitions to new disk for
maintenance (for example, disk replacement). This migration may also
achieve a performance gain for I/O if there happened to be high-traffic
partitions all located on a single disk and some were migrated to other
member disks.
Currently, there are no tools at LVM level that will identify the
partitions by the number of I/O structures. There are tools that provide
similar information like iostat and filemon, but they do not directly
identify the partitions at the LVM level. Hot spot management provides
two commands -- one that will identify the hot spots and another that
migrates the hot spot to a different location.
Development and Performance Tools
IBM AIX Developer Kit, Java(TM) 2 Technology Edition, Version
1.3.0
Java 2 Standard Edition Version 1.3 comes with a host of enhancements
to Java classes and APIs, including:
- User interface
- Graphics
- Sound
- Networking
- Math libraries
The IBM implementations, which are fully compliant with J2SE 1.3,
include these enhancements too. IBM AIX Developer Kit, Java 2 Technology
Edition, Version 1.3 has been engineered with the following features to
deliver high performance and scalability to the most demanding e-business
applications:
- Fully compatible with the Sun Java(TM) 2 Version 1.3.0 language,
enabling "Write Once Run Anywhere"
- The latest version of the optimizing IBM Just-In-Time (JIT) compiler
- Efficient exploitation of AIX native threads
- "Handle-less" object model
- Fast, lightweight monitors
- Efficient management of large Java heaps through optimized object
allocation and efficient garbage collection
- Thread-local heap
- Robust network support for a large number of concurrent connections
- Better scaling support for large numbers of threads and large numbers
of file handles
- Tuned class libraries, which enhance performance in important areas
-- in particular, character codepage conversions, which are heavily used
in many common types of Java applications.
Other highlights of the IBM AIX Developer Kit, Java 2 Technology
Edition, Version 1.3.0 include:
- Remote Method Invocation-Internet Inter-Object Request Broker
Protocol (RMI-IIOP) extends the base Java RMI to perform communication
using the Common Object Broker Architecture (CORBA) standard Internet
Inter-ORB Protocol.
- Java Naming and Directory Interface (JNDI) provides a unified
interface to enterprise directory services such as the CORBA Common
Object Services Naming Service, the Java RMI Registry, and Lightweight
Directory Access Protocol (LDAP).
- Tools to Build Secure Java Applications are on the AIX 5L for POWER
Version 5.1 Expansion Pack and are available worldwide. The tools
include:
- Java Cryptography Extension (JCE), Version 1.2.1
JCE provides a framework and implementations for encryption, key
generation and key agreement, and Message Authentication Code (MAC)
algorithms. Support for encryption includes symmetric, asymmetric,
block, and stream ciphers. The software also supports secure streams and
sealed objects. For a general overview of JCE, visit:
http://java.sun.com/products/jce
The IBM JCE implementation provides more cryptographic algorithms than
the Sun implementation.
- Certificate Management Protocol (CMP)
CMP provides support to online interactions between Public Key
Infrastructure (PKI) components.
For example, a management protocol might be used between a Certificate
Authority (CA) and a client system with which a key pair is associated,
or between two CAs that issue cross-certificates for each other.
For a full description of CMP, refer to RFC 2510 and 2511 for CRMF.
These RFCs are available at:
http://www.ieft.org/rfc.html.
- Public Key Cryptography Standards (PKCS)
As public-key cryptography begins to see wide application and
acceptance, interoperability standards are necessary for smooth
implementation. Even though vendors may agree on the basic public-key
techniques, compatibility between implementations is by no means
guaranteed.
Interoperability requires strict adherence to an agreed-upon standard
format for transferred data.
IBM PKCS implementation supports the following RSA standards: PKCS
#1, #3, #5, #6, #7, #8, #9, #10, and #12. For more information, visit:
http://www.rsasecurity.com/rsalabs/pkcs
- Secure Multi-Purpose Internet Mail Extensions (S/MIME)
S/MIME provides the Java classes needed to encode and decode S/MIME
messages. This implementation provides a limited S/MIME parser geared to
understanding and extracting PKCS #7 ContentInfo and PKCS #10
CertificationRequest objects from a S/MIME messages.
For more information on S/MIME, refer to RFC 2311 (S/MIME Version 2
Message Specification) at:
http://www.ieft.org/rfc.html
- Java Secure Sockets Extension (JSSE), Version 1.0.2
JSSE enables secure Internet communications and implements a Java
version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
protocols. It includes functionality for data encryption, server
authentication, message integrity, and optional client authentication.
For more information, visit:
http://java.sun.com/products/jsse
- Java Authentication and Authorization Service (JAAS) Version 1.0
JAAS provides a security model for the Java platform, which permits
access to Java-controlled resources based on the identity of the user on
whose behalf the Java program is running, rather than the source of the
code.
- Java Communications API Version 2.0 allows Java applications to
access RS232 serial ports and IEEE 1284 parallel ports. For more
information, visit:
http://www.javasoft.com/products/javacomm/.
- IBM Big Decimal Extension adds decimal floating point extension to
the Java Big Decimal class. For more information, visit:
http://www.ibm.com/java/jdk/decimal/
- JDBC/ODBC Bridge allows access to databases with ODBC drivers.
- Java Plug-In allows applets running in AIX's Netscape Communicator
4.7x Web browser to run using AIX Java Version 1.3.0.
Additional information about IBM AIX Developer Kit, Java(TM) 2
Technology Edition, Version 1.3.0 is available at:
http://www.developer.ibm.com/java/j2/index.html
IBM AIX Developer Kit, Java(TM) 2 Technology Edition, Version 1.3.0 is
also available on the Web at:
http://www.ibm.com/java/jdk/aix
Extensible Mark-up Language Parser for Java, Version 3.1.1
AIX 5.1 provides the Extensible Mark-up Language (XML) Parser for
Java, Version 3.1.1, which is packaged with IBM AIX Developer Kit, Java 2
Technology Edition, Version 1.3.0.
The XML parser can be used to parse the XML data stream for processing
applications. It contains classes and methods for parsing, generating,
manipulating, and validating XML documents.
The XML parser for Java incorporates the following:
- Public and stable support of the Document Object Model(DOM) Level 1,
and the Simple API for XML(SAX) Level 1 specification
- DOM Level 2 and SAX Level 2 implementation
- Partial implementation of World Wide Web consortium schema, which was
available on April 7, 2000
- Optimizations for performance improvement
- Thread safety robustness
For more information on XML, visit:
http://www.ibm.com/xml
Performance Analysis Tools Enhancements in AIX Base OS
Performance Analysis Tools include the following new tools:
- truss allows the tracing of all system calls made and
signals received by a command or an existing process.
- alstat is a new tool, which reports alignment exception
statistics. This tool can be used to detect performance degradations
caused by misaligned data or code.
- emstat is a new tool for reporting emulation exception
statistics. It can be used to detect performance degradation caused by
emulated code. For instance, code compiled for older systems and running
on the latest PowerPC processors.
- locktrace permits dynamic enablement of kernel lock
activity tracing. If the bosboot-L command was previously executed and
the machine rebooted, activity tracing could be turned on at the class
level to minimize the overhead of lock tracing.
- wlmmon permits analysis of workload manager class activity
by resource. It is a Java-based Graphical User Interface for generating
trend report on the last 24-hours of WLM activity.
- perfstat API is a new set of APIs, which provides easy
access to kernel performance metrics.
- PMAPI is a new set of APIs providing access to Performance
Monitor data on selected processor type, including 604, 604e, POWER3,
POWER3-II, RS64 II, and RS64 III.
In addition, the Performance Analysis Tools include the following
enhancements:
- filemon has been enhanced to process off-line trace files
to allow reports from busiest systems to be processed as well.
- gennames is a newly documented utility, which supports
off-line analysis of trace files by the filemon, netpmon, pprof and tprof
analysis tools.
- iostat now provides adapter and system level throughput
statistics.
- netpmon now can process off-line trace files to improve
usability and scalability on larger systems. This tool has also been
enhanced to support all current adapters.
- rmss is updated to support larger memory systems and the
64-bit kernel.
- svmon has been enhanced to support Workload Management
tier and superclass and subclass reports. Additionally, it has been
updated to support the 64-bit kernel.
- topas has been updated with NFS and SMP statistics,
support for Workload Manager classes, and new full screens for process
and WLM views.
- vmstat has been enhanced with a new I/O view for
displaying an alternative set of metrics focused on I/O activity.
- tprof now supports the profiling of Java applications
through the Java Virtual Machine Performance Interface (JVMPI).
The following tools have been withdrawn in AIX 5.1:
- bf (bigfoot)
- bfrpt
- stem
- syscalls
- lockstat
Consult manual pages for svmon, truss, and locktrace for similar
functionalities supported by those tools.
Inventory Scout
Inventory Scout searches the user's system for microcode levels and
compares those levels with an IBM database of latest levels. When used
with Web-based Microcode Discovery Service, an html report is generated
for the user and includes links to the latest levels of microcode for the
system (with the exception of SP systems).
Inventory Scout gathers Vital Product Information (VPD) from the
user's machine and, when used with Web-based VPD Capture Service, uploads
it to the IBM MRPD database. This VPD is useful in determining the
correct components to ship when a Miscellaneous Equipment Specification
(MES) upgrade is ordered.
Expanded tar/cpio Formats
A new archive format "pax", compatible with the proposed IEEE POSIX
1003.2b standard, is added to the existing "pax" archive utility. This
format is 64-bit ready and fully extensible and customizable by users for
their own additional file information. It supports:
- Large files with greater than 2 GB file sizes
- Meta-data for internationalization to customize handling of files
written in different code sets and character sets
- Customer-specified meta-data per file or per archive to customize
handling of file access, specify file ownership, control information
displayed in the archive's table of contents, suppress undesired
information, and govern handling of symbolic links
In addition, this archive format can even be read by older pax and tar
utilities.
Enhancements to dbx
- Enhancements to the POSIX threads debug library
- Locks owned by a particular thread or process
- Resources a thread is waiting for
- Information on fork and cleanup handlers registered to a user thread
- Pthread signal contexts
Additional Administrative Tools
Several new enhancements for administrators have been added:
- An additional option with the sar command: the -d option provides
useful statistics such as throughput and average queue depth. Many of
these statistics were previously provided with the AIX "iostat" command.
The new -d option is added to AIX 5.1 for compatibility with other UNIX
operating systems.
- The "restore" command is enhanced to maintain the non-sparseness of
the database files similar to the "tar" command. This command introduces
a new flag "e" to maintain the sparseness of database files after they
are restored. The new command option successfully generates the file(s)
as "non-sparse" on output if specified and "sparse" by default if not
specified.
- The startup and shutdown utilities have been expanded to now log
their activities in much more detail when logging is enabled. This
allows easier service and maintenance.
Enhancements to Compiler Products for AIX
Available as licensed programs, the C++, C, and FORTRAN compiler
products have been updated to support AIX 5.1. In particular, the
compilers will exploit the 64-bit large datatype (LDT) model and
execution on both 32-bit and 64-bit kernels. Support for AIX 5.1 will be
available through the following product releases:
System Management
Web-based System Manager
Web-based System Manager for AIX 5.1 represents a significant advance
over previous releases by providing a new management console capable of
managing multiple hosts.
As in previous releases, Web-based System Manager applications can be
accessed from PC-clients running Web-browsers such as Netscape Navigator
or Microsoft Internet Explorer that accept the Java plug-in. These
applications can also be accessed either locally or remotely without a
Web-browser on AIX 5.1 graphical workstations.
In addition, Web-based System Manager delivers a capability to run a
Window PC-clients natively, significantly increasing the Web-based System
Manager's performance.
New functions include:
- RSCT is the Reliable Scalable Cluster Technology offering that
provides the capability for an administrator to monitor resources on the
machine, including filesystems, programs, processors, adapters, and
kernel information such as CPU statistics and memory allocation.
These resources can be monitored around the clock and automatic
responses run if the values of resources reach certain levels or
thresholds.
The automated responses include running any command or script (for
example a user-provided pager command or a recovery script), broadcasting
a message, sending e-mail, or logging the event to a file. Different
responses can be run based on time of day and whether a particular
problem occurred or has been resolved.
There is a command line interface for this functionality and a
graphical user interface with the Web-based System Manager monitoring
application.
- A new unified management console for system administration:
Web-based System Manager provides a single console and application suite.
- Enhanced scalability of the graphical user interface: Web-based
System Manager includes a number of features to deal with large numbers
of managed objects.
- Enhanced ease of management and usability: Web-based System Manager
further simplifies administrative tasks through improvements in task
design, new user interface features, and enhanced user assistance
technology. This version also improves the accessibility of the console
to users with disabilities.
- Simplified log on: The console and management infrastructure
provides features to reduce the need to logon to multiple systems.
- Persistent and more flexible user customization options:
Administrator preferences such as the choice of managed resources that
are presented can be customized and are persistent over management
sessions.
Web-based System Manager Application Support
A set of Web-based System Manager plug-ins are available. All of the
application function of prior releases is included with new functions and
enhancements. The complete set of application functions will include:
- Host Overview
The Host Overview plug-in provides a central location for users to
quickly gather information on the status and health of a machine.
Information provided in the Host Overview contents includes static
information such as operating system level, IP address, machine type and
serial number, available processors, available memory and paging space,
and size of the base JFS filesystems.
In addition, dynamic information such as processors online, CPU cycles
used, memory and paging space utilized, and percentage used of the base
JFS file systems is provided and kept up-to-date.
- Backups
This task-oriented plug-in performs back up and restores. Supported
tasks will include backup and restore operations for the system (mksysb),
volume groups, logical volumes, file systems, and individual files.
- Custom Tools
The Custom Tools plug-in enables users to add new tools to the
Web-based System Manager console.
Two types of tools can be defined -- Web-tools and command tools.
Web-tools are defined by a URL and launch a browser when invoked.
Command tools refer to any action that can be invoked by a command on the
managed host. This could be a simple AIX command or an application
program.
Actions that generate their own user interface (for example, a
Motif-based application) can be launched as a custom tool only when the
client is running on the managed host. Once defined, tools appear as
icons in the Custom Tools container. The user can define unique icons
and descriptive text for each tool.
- Devices
The Devices plug-in displays the inventory of physical and logical
devices and their status.
Both physical (organized by system connections) and logical
(categorical) views are provided. The Devices plug-in furthers error-
free system management with significant design enhancements for RAID.
New features include an easy-to-use PCI Hot Plug configuration wizard,
which allows quick configuration of all PCI Hot Plug devices within your
system.
- File Systems
This plug-in permits the management of the Journaled File System
(JFS), JFS2, CD-ROM file systems, Network File System, and Cache File
Systems.
- Monitoring
The Web-based System Manager monitoring application is the graphical
user interface to the RSCT subsystem and allows the administrator to set
up monitoring for many resources on the managed system, including
filesystems, programs, processors, adapters, and kernel information, such
as CPU statistics and memory allocation.
These resources can be monitored around the clock and automatic
responses run if the values of resources reach certain levels or
thresholds. The automated responses include running any command or
script (for example, a user-provided pager command or a recovery script),
broadcasting a message, sending e-mail, or logging the event to a file.
Different responses can be run based on time of day and whether a
particular problem occurred or has been resolved.
A rich set of predefined conditions and responses are installed by
default to allow the administrator to begin monitoring immediately.
These predefined conditions and responses can also be adjusted or copied
to fit the individual needs of the customer environment.
In addition, the Events plug-in provides a convenient log of events
that have occurred on the managed system while the Web-based System
Manager graphical user interface is running.
The system also maintains an audit log of events that have occurred on
the managed system regardless of whether a Web-based System Manager is
running. The audit log can be viewed from either the Web-based System
Manager or the command line.
- Network
The Network plug-in provides user interfaces for configuring and
managing network communications. It includes configuration and
management of TCP/IP, PPP, NIS, NIS+, and Virtual Private Networks (VPN).
The SNMP plug-in provides both SNMP configuration and monitoring
capabilities.
- Network Install Manager (NIM)
The NIM plug-in performs network installations of the base operating
system and applications. NIM includes the ability to define groups of
machines for common install operations.
- PC Services
The PC services plug-in allows administrators to manage the IBM Fast
Connect server, file and printer sharing, and user sessions.
- Printers
Two print subsystems are provided with AIX 5.1. With the traditional
print subsystem, plug-ins are provided for managing printers, print
servers, queues, and jobs. In addition, a limited set of functions are
available for the new System V print subsystem.
- Processes
With the Processes plug-in, administrators can view details and kill
and reprioritize executing processes. Processes may be displayed in a
sortable and filterable table or in a tree that shows child-parent
relationships.
- Software
The software plug-in allows the administrator to view installed
software, reject or commit installed software, and install new software.
- System Environments
The System Environments plug-in provides access to basic operating
system properties and utilities such as time and date, language
utilities, and shutdown.
- Users and Groups
The Users and Groups plug-in provides management capabilities for
users, groups, and administrative roles. The users and groups plug-ins
can be used to define and manage disk quotas.
- Volumes
This release will include several significant enhancements, which will
allow the administrator to designate disks as "hot spares" for volume
groups.
This will minimize the need to bring the system down due to a disk
failure, manage and monitor disk I/O bottlenecks for increased system
performance with "Hot Spot Management", and dynamically de-allocate
paging spaces, which will reduce system downtime.
Additional enhancements are included in the volumes application for
those working with "Big" Volume Groups.
- Workload Manager
The Workload Manager plug-in allows administrators to define and
manage system workload configurations and classes of processes via
Web-based System Manager.
Workload Manager helps ensure that defined processes obtain the
appropriate level of system resources such as memory, CPU, and disk I/O
bandwidth. Current status of these system resources can be viewed via
Web-based System Manager.
Accessibility Enhancement to Web-based System Manager Framework
and Applications
Accessibility enhancement includes the following features:
These accessibility features can increase ease of use for all users.
For example, keyboard shortcuts speed interaction for "power" users.
Non-European Monetary Union (EMC) Support
Additional ISO8859-15 locales are added into the code set so that
certain countries which are not a part of the European Monetary Union
(EMU) may still conduct business with EMU countries.
This limited set of locales includes el_GR (Greece), Et_EE (Estonia),
Lv_LV (Latvia), Lt_LT (Lithuania), Ar_AA (Arabic), Vi_VN (Vietnam), and
Zh_TW (Traditional Chinese).
Hindi Enablement
AIX 5.1 adds basic enablement and locale support for Hindi. Hindi
characters can be entered, viewed, and printed from an AIX system. This
enablement provides printing capability for the following printers:
- 4332 Network Printer, also called as Info Print 32
- 6400 Line Matrix Printer
- 4247 Multi-Form Printer
Additional Locales
New locales are introduced in AIX 5.1.
Languages Locales
----------- ----------------------------------------------
Arabic ar_AE, ar_BH, ar_EG, ar_JO, ar_KW, ar_LB,
ar_OM, ar_QA, ar_SA, ar_SY, and ar_TN
English en_CA, en_IN, en_IE, en_IE EURO, and en_NZ
French fr_LU, and fr_LU EURO
German de_AT, de_AT EURO, de_LU, and de_LU EURO
Serbian sr_YU, and sh_YU
Spanish es_AR, es_CL, es_CO, es_MX, es_PE, es_US,
es_UY, and es_VE
Hindi HI_IN
Enhancements to Input Method Editor for GBK Locale
AIX 5.1 supports additional popular input method editors such as
Intelligent ABC, Pinyin, BiaoXing Ma, Internal Code, ZhengMa for GBK
codes on AIX GBK locale.
Korean 103 Keyboard Support
This feature provides an alternate Korean keyboard with 103 keys. It
includes the Korean / English switch key, which is called Hangul and
located between the space bar and the right Alt key. There will also be
a Chinese key, called Hanja, located between the left Alt key and the
space bar.
Graphics Enhancements
OpenGL on POWER GXT4000P and POWER GXT6000P will now support 64-bit
direct window access (DWA). This is intended to boost performance for
64-bit OpenGL applications by allowing them to render using the OpenGL
protocol directly rather than going through the Xserver and GLX Extension
System Support
AIX 5.1 adds support for:
- IBM eServer pSeries 620 Model 6F1 Server
- IBM eServer pSeries 660 Model 6H1 Server
AIX 5.1 has been enhanced to provide support for up to 32-way SMP
scalability and 256 GB memory.
I/O Support
AIX 5.1 supports the following I/O with both the 64-bit and 32-bit
kernel, unless otherwise indicated:
Storage Interfaces
- 4.7 GB SCSI-2 DVD-RAM Drive including mksysb function
- Gigabit Fibre Channel
- External Fibre disk & tape subsystems (2104-E10/E20/F10/F20,
2102-F10/D00, 2103-H07, 2108-G07/R03, 2109-S08/S16, 3590 tape, etc.)
- Ultra SCSI SE and Ultra SCSI Differential
- SCSI Disk drives
- External SCSI Disk subsystems (2104-DL1/TL1, 2104-E10/E20/F10/F20,
7134, 7137, 7135, 7131-105, 7027, 7203, 7204)
- External Ultra3 subsystem (DU3/TU3)
- External SCSI Tape and Optical subsystems (too numerous to list)
- SCSI Tape Drives (1/4 inch, 4mm, 8mm, etc.)
- SCSI CD-ROMs
- Diskette Drive
- PCI Dual Channel Ultra2 SCSI Adapter
- PCI 3-Channel Ultra2 SCSI RAID Adapter
- PCI 4-Channel Ultra3 SCSI RAID Adapter
- Older Fast/Wide SCSI adapters (2408, 2409, (32-bit kernel only),
6208, 6209)
- SCSI-2 Fast/Wide PCI RAID Adapter
- SSA Advanced SerialRAID Adapter
- SSA Advanced SerialRAID Plus Adapter
- SSA Disk drives
- Existing AIX Version 4.3.3 MCA adapters
Communications and Connectivity (PCI bus type)
- EIA RS232D/EIA RS422A
- Token-Ring PCI 4/16 Adapter
- 4-port 10/100 Mbps Ethernet
- IBM Ethernet 10/100 Mbps
- 10/100/1000 Base-T Ethernet PCI Adapter
- Gigabit Ethernet
- FDDI 100 Mbps (32-bit kernel only)
- ATM 155 Mbps
- Turboways 622 Mbps PCI MMF ATM Adapter
- SP System Attachment
- 2-port Multiprotocol PCI Adapter (32-bit kernel only when using X.25)
- Artic960Hx 4-port Selectable PCI Adapter (32-bit kernel only)
- Existing AIX Version 4.3.3 MCA adapters (except Artic960 adapters)
- Digi 8/128 port Async Card IBM PCI 8/128 RAN boxes
Specialized Adapters
- POWER GXT120P 2D PCI Graphics Accelerator
- POWER GXT130P 2D PCI Graphics Accelerator
- POWER GXT300P 2D PCI Graphics Accelerator
- POWER GXT2000P Entry, 3D 32-bit PCI Graphics Accelerator
- POWER GXT3000P Mid-range, 3D 64-bit PCI Graphics Accelerator
- POWER GXT4000P Entry, 3D 64-Bit PCI Graphics Accelerator
- POWER GXT6000P Mid-Range, 3D 64-Bit PCI Graphics Accelerator with
onboard geometry engine
- PCI Cryptographic Coprocessor (32-bit kernel only)
AIX 5L POWER V5.1 Expansion Pack
The AIX 5L V5.1 Expansion Pack contains the following programs:
- Data Encryption Standard (DES) Library Routines for AIX, V5.1, 64-bit
encryption
- Gskit V4.0, Triple DES encryption
- Gskit V5.0, Triple DES encryption
- IBM HTTP Server V1.3.12.4, 128-bit encryption
- IBM IP Security V5.1, 56-bit, Triple DES encryption
- IBM Web-based System Manager Security V5.1, 128-bit encryption
- Netscape Communicator 4.79, 128-bit encryption
- Network Authentication Service V1.2.0.1, Triple DES encryption
- SecureWay Directory Server and Client Utilities for Maximum
Encryption V3.2.2, 128-bit and Triple DES encryption
- Tools to Build Secure Java applications (contains encryption)
AIX 5L for POWER V5.1 Bonus Pack
The AIX 5L V5.1 Bonus Pack contains the following programs:
- Adobe Acrobat Reader 4.05
- AIX Developer Kit, Java 2 Technology Edition, V1.3.1, 32-bit Version
for POWER (contains encryption)
- AIX Developer Kit, Java 2 Technology Edition, V1.3.1, 64-bit Version
for POWER (contains encryption)
- AIX Fast Connect V3.1.1, Evaluation Software
- Geodesic Systems Great Circle V6.0.0.9, Evaluation Software
- Modular I/O Library V2.1.0.0
- Open Secure Shell 2.9.9, Triple DES and Blowfish encryption
- VERITAS File System V3.4.2.0, Evaluation Software
- VERITAS Volume Manager V3.2.0.0, Evaluation Software
- VERITAS Cluster Server V2.0.0.0, Evaluation Software
Encryption
Some of the programs on the Bonus Pack and Expansion Pack contain
encryption and are subject to special export licensing requirements by
the Bureau of Export Administration of the U.S. Department of Commerce.
Additionally, encryption is subject to country import restrictions, which
may limit availability. Contact your IBM representative or IBM Business
Partner to determine what encryption you are entitled to receive.
 Back to top
|
Technical Description
|
IBM Power, POWER2, Personal Computer Power Series 830 and 850 desktop
systems, IBM PowerPC systems, or POWER3 systems with the following
exceptions:
- RS/6000 7016 POWERserver Model 730
- RS/6000 7007 Notebook Workstation Model N40
- POWERnetwork Dataserver 7051
- RS/6000 7249 Models 851 and 860
- RS/6000 7247 Models 821, 822, and 823
AIX 5.1 supports system with at least 64 MB of physical memory, 128 MB
of initial disk paging space, and requires 536 MB disk storage for the
operating system for a total of 664 MB of disk storage.
All POWER graphics adapters supported on AIX 4.3.3 will also be
supported on the AIX 5.1 32-bit kernel.
Additionally, the following POWER graphics adapters will be supported
on both 32-bit and 64-bit kernels:
- POWER GXT120P
- POWER GXT130P
- POWER GXT300P
- POWER GXT2000P
- POWER GXT3000P
- POWER GXT4000P
- POWER GXT6000P
AIX 5.1 will not support the following hardware features:
- 3Com 10/100 Mbps PCI Fast Etherlink XL for Power PC Systems (#2986)
- Eicon ISDN DIVA PRO 2.0 PCI S/T Adapter (#2708)
AIX 5.1 does not support the following Graphic Input
Devices in 64-bit kernel; the devices are supported under 32-bit kernel:
- 6094-010 Dials
- 6094-020 LPFK
- 6093-011 Tablet
- 6093-012 Tablet
- 6093-021 Tablet
- AIX
AIX 5.1 supports system with at least 64 MB of physical memory, 128 MB
of initial disk paging space, and requires 536 MB disk storage for the
operating system for a total of 664 MB of disk storage.
- OPENGL and GL 3.2
- Requires disk space between 5 MB and 50 MB
- 32-bit kernel: a minimum of 64 MB of system memory
- 64-bit kernel: a minimum of 64 MB of system memory
- PHIGS
- Requires disk space between 10 MB and 120 MB
- 32-bit kernel: a minimum of 64 MB of system memory
- 64-bit kernel: a minimum of 64 MB of system memory
- SecureWay Directory Version 3.2.1
To install the IBM SecureWay Directory, your computer must meet the
following minimum system requirements.
- SecureWay Directory client:
For the latest information on supported versions of AIX, refer to the
client README file in /usr/ldap/readme/(lang)/readme/client.txt or using
a Web browser, at:
/usr/ldap/web/(lang)/readme/client.htm
A minimum of 64 MB RAM is required; (128 MB is strongly recommended).
- SecureWay Directory server (including the client):
For the latest information on supported versions of AIX, refer to the
server README file in /usr/ldap/readme/(lang)/readme/server.txt or using
a Web browser, at:
/usr/ldap/web/(lang)/readme/server.htm
In addition to the client requirements, the server requires the
following:
Program Specifications
AIX 5L Version 5.1 is a UNIX(TM) operating environment, designed to
handle the needs and requirements of a wide variety of systems and
applications. It is designed for use in technical and commercial
environments, and to be scalable on a wide variety of hardware platforms.
IBM AIX 5L Version 5.1 provides:
- Support for uniprocessors (UP) and symmetric multiprocessors (SMP)
- 32-bit and 64-bit kernel support
- 32-bit and 64-bit application support
- GUI based on the Common Desktop Environment (CDE)
- X11R5 and X11R6 windowing system
- Motif 2.1
- Conforms to the following major industry standards:
- IEEE POSIX(TM)
- POSIX 1003.1-1996, System Interfaces (including Threads) and Header
files
- POSIX 1003.2-1993, System Commands and Utilities
- X/OPEN(TM)
- UNIX98 Server Brand
- UNIX98 Base Brand
- Internet Server Product Standard
- Journaled file system (JFS)
- Journaled file system 2 (JFS2)
- Logical Volume Manager (LVM)
- Security and control facilities
- Network File Systems (NFS)
- License Use Manager (LUM)
- Network Computing System (NCS)(TM)
- System management facilities
- Performance tools
- Communications:
- UUCP
- Serial Line Internet Protocol (SLIP)
- Point to Point Protocol (PPP)
- Common Data Link Interface (CDLI)
- Data Link Protocol Interface (DLPI)
- Simple Network Management Protocol (SNMP) Agent
- ATM LAN emulation
- IPX/SPX protocols
- ATM Classical IP (C/IP)
- Multi-Protocol Over ATM (MPOA)
- Generic Data Link Control Interface (GDLC)
- Transmission Control Protocol/Internet Protocol (TCP/IP)
- Java support
- International language support:
- Unicode support
- Single-Byte Character Set (SBCS) and Multi-Byte Character Set (MBCS)
support
- Euro currency symbol support
- OpenGL and GL 3.2
- PHIGS
- HTML-based documentation
- Network Install Manager (NIM)
- Network Information Services Server Function (NIS)
- SecureWay Directory
Back to top
|
Planning Information
|
Customer Responsibilities
Not applicable.
Compatibility
AIX 5L Version 5 Binary Compatibility -- 32-bit Applications from
AIX Version 4 Releases
AIX Version 4.1, 4.2, or 4.3 applications written for RS/6000 POWER-,
POWER2-, POWER3-, and PowerPC-based models can be executed on AIX 5L
Version 5 without recompilation for same and newer models in that
processor family (POWER, POWER2, POWER3 or PowerPC). The exceptions to
this statement would be applications compiled using POWER2, POWER3, or
PowerPC specific compiler options but executed on models other than
POWER2, POWER3, or PowerPC, respectively, or applications using:
- Non-shared compiles of AIX shared libraries
- Features explicitly described as non-portable by IBM in the AIX
Version 4 or 5 reference manuals
- Undocumented AIX internal features
- X11R5 Server Extensions
Applications compiled on AIX Version 5 will not operate properly on
systems running any level of AIX Version 4.
Any program that must run in all environments -- POWER, POWER2,
POWER3, and PowerPC (601 and newer PowerPC processors) -- must be
compiled using the common mode option of the compiler. Programs compiled
to exploit POWER2 or POWER3 technology must be run on the same processor
type. Programs compiled to exploit PowerPC-based technology must be run
on PowerPC-based processors. Existing binaries need not be recompiled to
operate on the target processors.
AIX Version 5 Binary Compatibility -- 64-bit Applications from
AIX Version 4 Releases
64-bit applications produced using AIX Version 4 will not execute on
AIX Version 5. These applications will need to be recompiled from the
source on AIX Version 5 to execute on this version of AIX. 64-bit
applications produced using AIX Version 5 on any of the 32-bit or 64-bit
processor models will execute without recompilation on the 64-bit
processor models. 32-bit applications produced using AIX Version 5 on
either 32-bit or 64-bit processor models will execute without
recompilation on both models.
X11R5/X11R6 Compatibility Issues On AIX Version 5
The AIX Version 5 X-server uses the X-Consortium Release 6 of X
(commonly known as X11R6). The libraries shipped by IBM with XllR6 are
backward compatible and the client applications which access these
libraries work as on AIX Version 4. As on AIX Version 4, IBM will also
ship X11R3, X11R4, X11R5 compatibility installation options for maximum
customer flexibility.
The broad majority of applications using X fall into this category and
will not see any difficulty. However, a small minority of X-applications
use the loadable extension facility provided by the X-server.
The X-server allows for the addition of new functionality through its
extension mechanism. For each extension, part of the extension is loaded
into the X-server before it can be executed. X11R6 has modified how this
mechanism works in the course of improvements to X, and it is this part
of the extension that must be made compatible with X11R6 to execute
properly. All extensions supplied by IBM have been made compatible. In
some circumstances, a customer may have an extension which will not work
with X11R6, for example, a customer:
- Has a sample extension downloaded from the X-Consortium ftp site
- Develops his own extension
- Uses a third party extension
In these cases, the extension will need to be made compatible with
X11R6 before they will execute properly. Customer-developed extensions
and sample X-consortium extensions will need to be recompiled with the
X11R6 environment. For third-party extensions, the customer should
contact the vendor for a X11R6 compatible update.
Customers using non-IBM display adapters may also be using vendor
supplied software specific to those devices that uses X11R6 Server
capabilities. If so, this software must be compatible with X11R6 to
operate properly. The customer should contact the particular vendor of
the display adapter for this software.
Between AIX Versions 3 and 5
All AIX applications using AIX Version 3 Release 3.2 or greater, for
POWER-, POWER2-, and PowerPC-based models, that are written in accordance
with the guidelines in this announcement and other AIX announcements will
run on AIX Version 5 without recompilation for those same models. The
exceptions to this statement would be applications compiled using POWER2
or PowerPC specific compiler options but run on models other than POWER2
or PowerPC or applications using:
- Their own loadable kernel extensions
- Certain High Function Terminal control interfaces,
- X11R3 Input Device interfaces
- The CIO LAN device driver interface
- SCSI Device configuration methods (IHVs)
- The nlist() interface
- DCE Threads
Applications created on a system using AIX Version 5 may not function
properly on a system using AIX Version 3. Applications must have been
created using the AIX shared libraries for these binary compatibility
statements to apply.
Back to top
|
Publications
| |
Publications can be viewed using the Documentation Library Service,
which offers easier access to online documentation with a single
integrated graphical user interface. This user interface allows users to
read, navigate, and search online HTML documentation. The Documentation
Library Service also contains a Print Tool button. When you click this
button, you see a list of books that can be downloaded in a single
printable file for printing on your local printer. You have the option
of customizing this list to include your own book for printing. This
serves customers who want to view books online as well as read documents
in hard copy format.
Back to top
|
Security, Auditability, and Control
| |
AIX 5L for POWER Version 5.1 uses the system and network security
features for security and auditability. These features are:
- System Security
- Native Kerberos V5 KDC Server/Client Support
- Trusted Computing Base available as an optional pre-install feature
- AIX LDAP Security Audit plug-in
- Pluggable Authentication Mechanism
- IBM SecureWay Directory Version 3.2.1
- Network Security
- PKCS Support
- IP Key Encryption Security
- Directory-based Resolvers
The customer is responsible for evaluation, selection, and
implementation of security features, administrative procedures, and
appropriate controls in application systems and communication facilities.
Trademarks
(R), (TM), * Trademark or registered trademark of International
Business Machines Corporation.
** Company, product, or service name may be a trademark or service
mark of others.
Windows is a trademark of Microsoft Corporation.
UNIX is a registered trademark in the United States and other
countries licensed exclusively through X/Open Company Limited.
© IBM Corporation 2005.
Back to top
|
|
|
|
|
Operating Environment