|
Resource management
AIX 5L V5.3 supports micro-partitioning which enables flexible and
efficient use of system hardware resources by allowing physical
processors to be shared by up to 10 separate LPARs. pSeries micro-
partitioning support is provided for POWER5 processor-based systems by
means of the Advanced POWER Virtualization feature.
Among the key customer environments where micro-partitioning is
beneficial are ones in which multiple system images are needed due to
isolation requirements (security, software fault), each with generally
low processor requirements, but capable of requiring more. Historically,
each of these system images ran on separate hardware systems, each able
to handle spikes in processor requirements, but generally each hardware
system was under utilized.
Micro-partitioning enables these system images
to be consolidated onto a single set of physical processors, which allows
more efficient use of hardware resources. The Advanced POWER
Virtualization hardware feature is required to run virtualization on
eServer p5 servers.
Advanced accounting provides a framework in which charge back and
capacity planning activities can be performed. Advanced accounting
produces resource usage-based information for processes, file systems,
transactions, and hardware resources like processors, memory, disks, and
network adapters. Applications and middleware may be instrumented to
provide transaction data by means of APIs which are provided for this
purpose.
NFS
NFS V4 adds support for core features of the NFS V4 protocol described
in IETF RFC 3530. This initial support places an emphasis on security
with support of the optional NFS V4 ACL model when using the AIX Enhanced
Journaled Filesystem. Support for managing accesses from foreign NFS V4
domains is also included. The NFS V4 provided RPCSEC-GSS RPC
authentication flavor supporting the Kerberos V5 security mechanism (may
also be used with the NFS V3 protocol).
Reliability, availability, and serviceability
The dump command has been enhanced to support the following:
System trace facility has been enhanced to support process and thread-
based tracing. You can restrict the tracing to a process and capture the
events in relation to the process for better debugging. Also the trace
mechanism supports setting of larger trace buffers for regular users.
Support for better core file management has been implemented. A
command provides for management of location of core files.
Refer to the command documentation for more detail on the trace,
trcctl, chcore, sysdumpdev commands.
Enterprise storage management
Enterprise storage management tools include:
- JFS2 to handle extended ACL attributes and finer grain permissions in
order to support NFS V4.
- Support will be provided to limit filesystem space to a specified
quota for users and/or groups.
- AIX support will enhance concurrent mode that allows only a single
host to open logical volumes with write access, thus creating an owning
host. Support is added to change the owning host so that on failover
reserves are not broken on all disks in the volume groups. HACMP would
use these to start a volume group and fail it over to another node.
- AIX support to include the limit on the number of disks in a volume
group from 128 to 1024.
LVM enhancements are designed to:
- Provide ability to shrink a JFS2 filesystem in place
- Improve LVM HotSpot Management
- Increase I/O throughput via LVM Large Block I/Os
- Implement scalable volume group types
Systems management
Service Update Management Assistant (SUMA) will provide flexible
options that will automate the download of AIX APARs, PTFs, Security
Fixes, Latest Fixes, and Maintenance Levels from the IBM eServer Support
Fix Central Web site, and move administrators away from the task of
manually retrieving maintenance updates from the Web.
When performing remote execution on clients, NIM makes use of the
remote shell server (rshd). The server provides remote execution
facilities with authentication based on privileged port numbers from
trusted hosts. AIX 5L V5.3 has a new service, NIM Service Handler
(nimsh), which will eliminate the need for rsh services during NIM client
communication.
Cluster Systems Management (CSM) V1.4 is designed for simple, low-cost
management of distributed and clustered IBM eServer, pSeries, and xSeries
servers. For organizations with both Linux and AIX applications, a
single AIX 5L V5.2 or V5.3 management console can provide management
services to AIX 5L and Linux clients in distributed and clustered
configurations.
System security
System administrator can setup AIX for supporting long user names
(longer than the traditional user name size of 8 characters) for up to
255 characters. The default limit will continue to be eight characters.
Refer to chdev command security guide for additional information.
Various functions of the operating system have been enhanced to recognize
the support for greater than 8 character user name size.
Support for Access Control Lists (ACLs) for file system objects have
been enhanced. The operating system now provides infrastructure for
support of multiple ACL types based on the underlying physical file
system. The JFS2 file system continues to support the existing AIX ACL
(now called AIXC type for AIX classical ACL) and also a new ACL type, NFS
V4. The NFS V4 ACL type provides access control as per the ACL model
described in the NFS V4 protocol. Various ACL management tools and file
management tools have been enhanced to support multiple types of ACLs on
AIX. Refer to Security Guide documentation for additional details.
LDAP based user management infrastructure on AIX has been enhanced to
support the following:
- LDAP server based authentication is supported. This allows system
administrator to manage the passwords on the LDAP server using one of
many encryption algorithms.
- Kerberos bind is enabled for LDAP client to server authentication.
- Increased control over generation of the directory information tree
(DIT) when configuring the server with the mksecldap command.
The csum command has been added to help calculate cryptographic hash
values for files.
Default maximum number of user logins supported on the system has been
increased to 32,767.
NIS infrastructure has been enhanced to support netgroups with LDAP.
The AIX 5L V5.3 NIS client supports the use of shadow passwords in a
passwd.adjunct file. The primary benefits are increased security for NIS
environments and increased interoperability with Solaris NIS
infrastructure.
Development and performance tools
AIX 5L V5.3 improves dbx application debugging capabilities including
additional facilities for examining process information, file
descriptors, kernel threads, and core files, as well as new functionality
for suspending breakpoints and managing loaded modules.
AIX 5L V5.3 introduces a new memory allocation algorithm,
MALLOCTYPE=watson. The Watson malloc() setting can provide improvement
over the default malloc in areas of memory fragmentation and performance
in massively multi-threaded applications, particularly with respect to
small requests. New features have been added to the malloc debugging
facility to aid in the diagnosis of memory allocation problems, and
malloc debugging capabilities have been integrated into the dbx symbolic
debugger.
Added support for using copy-on-write semantics for fork(). This
implementation helps reduce overall virtual memory consumption on a
system and improve fork() as well as exec() performance for some
workloads.
New performance tools are added to AIX 5L V5.3. Enhancements to
performance tools and libraries supporting new POWER5 and PowerPC
processors have been included as well as micro-partitioning and
Simultaneous Multi-threading (SMT).
The following programs are the fully supported versions:
- VisualAge C++ Professional for AIX, V6.0
- C for AIX, V6.0
- XL Fortran for AIX, V8.1.1
The IBM 32-bit SDK for AIX, Java 2 Technology Edition, V1.4 ships with
AIX 5L V5.3. The IBM 64-bit SDK for AIX, Java 2 Technology Edition, V1.4
is available on the AIX 5L V5.3 Expansion Pack and the AIX Java Web site:
http://www.ibm.com/developerworks/java/jdk/aix
Click on the download and service information link. For more
information, consult the User's Guide which is available from the AIX
Java Web site.
Performance Toolbox V3.1
Performance Toolbox (PTX) V3.1 adds support for new pSeries Partition
Load Manager and Advanced POWER Virtualization technology.
On system running Partition Load Manager, PTX can monitor special
load/utilization averages, active processor counts and memory allocations
that control the operation of the Load Manager. This allows customers to
visualize the system performance as Partition Load Manager dynamically
controls and adjusts resources to the system workload. For Advanced
POWER Virtualization, the PTX instrumentation can now collect over 30 new
performance metrics related to SMT and micro-partitioned environments.
These metrics include processor allocations (logical, physical, virtual
counts, and capacities), memory allocations and capacities, and defined
partition entitlements. The PTX jtopas and 3dmon applications have been
updated to provide views of the new Advanced POWER Virtualization metrics.
The 3dmon application will automatically identify the set of
partitions residing on the same pSeries hardware platform. Multiple
partitions can be viewed simultaneously in relationship to one another,
for an overall view of system utilization. Changes in partition
allocations are dynamically discovered and displayed for monitoring,
recording, and playback.
The Performance Aide V3.1 fully supports the collection and recording
of the new Partition Load Manager and Virtualization metrics identified
above.
Network technology and communications
- The AIX multi-path routing capability has been extended to add new
schemes, besides round-robin, for route selection which would allow for
more fine-grained control of the route selection policy.
- The AIX Path MTU discovery mechanism discovers PMTU using TCP packets
and UDP datagrams rather than using extra ICMP packets.
- Support has been added for the Advanced Sockets API for IP V6.
- Support has been added for the Streams Control Transmission Protocol
(SCTP) in AIX.
- AIX now supports Dynamic Host Configuration Protocol (DHCP) for IPV6
as described by RFC 3315.
- Dynamic membership in EtherChannel support allows users to add or
remove an adapter from a running EtherChannel without having to first
detach its interface. This is useful when hot-swapping adapters that
belong to an EtherChannel.
- AIX supports TCP/IP over Fibre Channel interface (IP over FC). This
is the AIX implementation of IETF's RFC 2625, which specifies
encapsulation of IP and Address Resolution Protocol (ARP) over Fibre
Channel (FC).
Network interoperability
AIX Fast Connect V3.2.0 offers the following enhancements:
- Implementation of directory change notification
- Support of direct hosting of Server Message Block (SMB) over TCP/IP
- Implementation of level II oplocks
- Support of large files
- Support of 32-bit Microsoft Windows NT status codes
- Implementation of SMB signing
- Support of long user names
- Support of complete Microsoft Windows NT ACLs and ACL inheritance
- Dynamic user creation on AIX
Base operating system
System libraries and headers incorporate APIs from the ISO/IEC
9899:1999 C language standard and the single UNIX specification Version
3.
A device mount facility, explicitly enabled, provides a mechanism to
mount CD and DVD filesystems. The facility is included in the
bos.cdmount fileset.
The Perl V5.8.2 language is installed with AIX.
System V proc commands display information in the /proc filesystem in
the System V format.
AIX 5L V5.3 provides new functionality in base commands including
tree-based process listing, time stamped shell histories, cron logging
controls, recursive file searching, restricted Korn shells, tar recursion
control, new date formats, and vi backtagging, as well as other new
capabilities for the make, find, fuser, restore, man, tar, at, nohup, and
cron commands. The awk, ed, grep, head, and vi commands can now process
lines of at least 8192 characters.
IBM eServer BladeCenter JS20
The recently announced POWER processor-based IBM eServer BladeCenter
JS20 will support AIX 5L V5.2. This enables
customers to consolidate and integrate AIX-based applications such as
database, IT infrastructure, e-mail, and Web serving onto the BladeCenter
platform. With its low price point the IBM eServer BladeCenter JS20 is
IBM's entry level POWER processor-based product into the AIX market.
Models 8842-21x are supported on the IBM eServer BladeCenter JS20.
eServer BladeCenter JS20 is in AIX 5L processor group classification E5.
The quantity of AIX 5L V5.2 licenses ordered for use on either single or
multiple BladeCenter JS20s must be equal to the number of processors on
which the AIX 5L V5.2 is intended to be used at a single end user
customer (single IBM customer number) location. Additionally, ordering
of AIX 5L V5.2 (processor group E5) licenses for BladeCenter JS20 require
order placement for either a one-year or three-year SWMA for AIX 5L
Operating Systems contract at the same time of order placement for AIX 5L
V5.2 licenses. Neither AIX 5L V5.2 licenses nor SWMA for AIX Operating
Systems contracts (processor group per processor usage) are included in
the IBM eServer BladeCenter JS20 offering price.
Accessibility by people with disabilities
Using AIX Documentation
The AIX product documentation library is available online at:
http://publib16.boulder.ibm.com/pseries/index.htm
The information center is accessible through assistive technologies,
such as screen-reader software and digital speech synthesizers, to hear
what is displayed on the screen. In addition, features of the
information center can be accessed through the keyboard. The AIX man
pages are available from the command line and are accessible through the
same assistive technologies used to access commands and output.
Using the Command Line
AIX makes all of its functions available for use through the command
line so that they can be supported by assistive technologies that support
the Emacs environment. The command interface is also accessible remotely
using assistive technologies, such as JAWS, which support Telnet or
terminal emulator environments in the Windows operating system.
Using Web-based System Manager and SMIT
Web-based System Manager supports keyboard accessibility for almost
all operations available from the graphical user interface. Limited
support for changing font sizes and background colors is also available.
Screen reader support in the Web-based System Manager Remote Client is
significantly improved in this release. Refer to the README file for
more information. The Configuration Assistant (invoked via the
configassist command) has also been modified to provide improved
accessibility support in this release.
System Management Interface Tool (SMIT) menus are accessible through
the same assistive technologies that provide command line accessibility.
The character-based version of SMIT (which is activated with the smitty
command on a graphical terminal) should be used instead of the Motif, or
GUI, version activated with the smit command.
Using X Keyboard Extensions to Increase Accessibility in the X
Windows System Environment
If you are using Telnet or a terminal emulator program to access AIX,
keyboard-accessibility features are provided by either the application or
your operating environment. For example, in the Windows operating system
you can open the Control Panel and select Accessibility Options to enable
and adjust keyboard accessibility settings. Keyboard-accessibility
options are also available on an AIX graphical console running the X
Window System software or the Common Desktop Environment (CDE). Refer to
the Accessibility link on the pSeries Information Center, or your AIX or
CDE documentation, for more information on configuring and using
accessibility features of the X Window and CDE environments.
AIX Installation
Installation menus and other screens displayed during base AIX
installation are not accessible. Use Network Installation Manager (NIM)
as an alternative means of installing AIX. IBM assumes that Section 508
applies only to normal and routine end-user operations, and not to setup
and service functions.
XPROFILER
The performance tool, xprofiler, is a Motif program that does not meet
all accessibility requirements. Use the text-based tool, gprof, to
provide the same information in tabular form.
Section 508 of the U.S. Rehabilitation act
IBM AIX 5L for
POWER V5.3 is capable as of August 20, 2004, when used in accordance with
IBM's associated documentation, of satisfying the applicable requirements
of Section 508 of the Rehabilitation Act, provided that any assistive
technology used with the product properly interoperates with it.
 Back to top
|
Technical Description
|
Resource management
Advanced accounting supports tagging of the accounting data with
system administrator-defined strings, so that the billable entity can be
directly associated with accounting data. This is accommodated through
system administrator-defined policies, which are downloaded into the
kernel. The policy mechanism supports the manual assignment of project
codes so non-privileged users with multiple clients can easily switch
back and forth between a controlled set of projects. APIs are also
provided, so application-defined projects can be established. This is
required for on demand and cluster computing environments where the set
of users is very fluid.
Advanced accounting also supports interval accounting, which may be
used to profile the use of system resources and capture accounting data
for long running jobs. Interval accounting is an important tool for
capacity planning, performance analysis, and billing.
Advanced POWER Virtualization supports virtual Ethernet as an in-
memory, point-to-point connection to help avoid a failed or misbehaving
operating system from being able to impact the communication between two
well-behaved operating systems. Each pair of partitions wishing to
communicate through this channel will need to create an additional in-
memory channel. This will require the ability for a user to request the
creation of an in-memory channel between partitions on the hardware
system console. The kernel would create a virtual device for each memory
channel indicated by the firmware. A normal AIX configuration routine
would create the device special files. This function is supported only
on future systems with POWER Hypervisor function.
Virtual Storage, supported via the Advanced POWER Virtualization
hardware feature, facilitates the sharing of physical resources (I/O
slots, adapters and devices) between logical partitions (LPARs). Virtual
SCSI (VSCSI) enables partitions running on AIX 5L V5.3 to access SCSI
disk devices without requiring physical resources be allocated to the
partition.
Advanced POWER Virtualization partitions maintain a client/server
relationship in the VSCSI environment. Partitions that contain virtual
SCSI devices are referred to as client partitions while the partitions
that own the physical resources (adapters, devices) are the server
partitions. AIX 5L V5.3 supports booting from virtual SCSI disks.
A fairly common business model is to allocate a partition to a single
account and to charge only for the resources that are actually used.
Interval accounting supports this model by collecting system level
resource utilization information for processors, memory, network
adapters, and disks. The accounting subsystem is highly tuned to
efficiently deal with large amounts of data. For example, the subsystem
internally buffers accounting data and uses asynchronous I/O to write to
the accounting file, which is pre-allocated to ensure that disk blocks
are contiguously allocated. The system administrator can also configure
advanced accounting in different ways to minimize the overhead of running
advanced accounting. The administrator can select the type of accounting
data to be collected and can specify that it should be automatically
aggregated to minimize the volume of data that is produced.
Modern wide issue superscalar processors have the ability to execute
numerous instructions in a single cycle. However, the execution of
single real life code sequences rarely comes close to using the full
bandwidth of these processors.
Scalability
AIX 5L V5.3 supports Simultaneous Multi-threading (SMT) which is a
processor technology that allows the simultaneous execution of multiple
thread contexts within a single processor core.
SMT offers a way to leverage the parallelization of multi-threaded
software to achieve a higher use of the processor by dispatching
instructions from more than one instruction stream simultaneously.
To the operating system, each hardware thread is treated as an
independent logical processor. The result is a natural mapping of the
existing SMP capabilities of the operating system to the multi-threaded
execution capabilities of the processor. There are two hardware threads
per processor. System administrators may enabled or disable SMT at the
partition level and it may be used with either dedicated or shared
partitions.
- Dynamic Reconfiguration (DR) support for large pages allows customers
to change the size of large page memory without rebooting.
- The virtual memory pager is enhanced to release paging space blocks
earlier, so that paging space may be more efficiently used when a large
number of pages have to be paged out at the same time like in a memory
removal operation.
- The memory algorithm is enhanced to page out large blocks of memory.
This provides more flexibility for scientific and technical computing and
enhances high availability.
Standards
AIX 5L V5.3 is designed to conform to the following:
- Single UNIX Specification V3 (SUS V3)
- ISO/IEC 9899:1999 international standard for the C programming
language, commonly referred to as C99.
- SUS V3 Realtime Option Group, which consists of the following options
from within IEEE Standard 1003.1-2001:
- POSIX_ASYNCHRONOUS_IO
- POSIX_FSYNC
- POSIX_MAPPED_FILES
- POSIX_MEMLOCK
- POSIX_MEMLOCK_RANGE
- POSIX_MEMORY_PROTECTION
- POSIX_MESSAGE_PASSING
- POSIX_PRIORITY_SCHEDULING
- POSIX_REALTIME_SIGNALS
- POSIX_SEMAPHORES
- POSIX_SHARED_MEMORY_OBJECTS
- POSIX_SYNCHRONIZED_IO
- POSIX_TIMERS
- SUS V3 Realtime Threads Option Group, which consists of the following
options from within IEEE Standard 1003.1-2001:
- POSIX_THREAD_PRIO_INHERIT
- POSIX_THREAD_PRIO_PROTECT
- POSIX_THREAD_PRIORITY_SCHEDULING
- SUS V3 Advanced Realtime options from within IEEE Standard
1003.1-2001:
- POSIX_ADVISORY_INFO
- POSIX_BARRIERS
- POSIX_CLOCK_SELECTION
- POSIX_CPUTIME
- POSIX_MONOTONIC_CLOCK
- POSIX_SPIN_LOCKS
- POSIX_THREAD_CPUTIME
- POSIX_TIMEOUTS
AIX Expansion Pack and Web Download Pack
The AIX Expansion Pack and the AIX Web Download Pack complements the
AIX Operating System with the benefit of additional packaged software at
no additional cost. For detailed information, visit:
http://www-1.ibm.com/servers/aix/expansionpack/
The service and support terms and conditions of the products shipped
on the Expansion Pack may be different than the terms and conditions for
AIX 5L V5.3.
Enterprise storage management
Extension to the chfs command will allow a JFS2 filesystem to be
shrunk in place, without taking it offline and without requiring a
reboot. This will eliminate unused filesystem space. This also includes
the Logical Volume Manager (LVM) necessary to shrink a logical volume in
place. This implementation replaces the need to copy the data, take the
old version offline (which may require a reboot), and delete the old
version.
System management
A new RPM Package Manager (RPM) will allow customers to perform
network installations of AIX and a limited set of maintenance operations
from a Linux server.
New support provides basic language enablement and localization for
the following languages:
- TA_IN - Tamil
- TE_IN - Telugu
- GU_IN - Gujarati
- MR_IN - Marathi
- KK_KZ - Kazakh
The Unicode 4.0 standard contains many new character definitions to
support the various language scripts of the world. This provides support
for all defined Unicode 4.0 characters to the AIX UTF-8 locale set.
New system enablements and functions for existing applications use
Web-based System Manager in addition to availability through SMIT, or
standalone applications. Enhancements or new functions include:
- Functionality for Web-based System Manager
- Resource sets
- Jobs scheduling
- A VTERM emulator to execute the topas command in pc-client mode for
the wsmperf/monitoring Web-based System Manager application
- Functionality in System Environment Culture object to "Select a set
of primary language environment elements"
- Automatic refresh of "All Processes" plugin
- Functionality to Web-based System Manager application System
Environments:
- System hang detection options
- Remote reboot facility
- Ability for SysVprint to create a local device when selecting "New
Printer" and no device exists
- Accessibility enhancements:
- General Web-based System Manager changes to facilitate accessibility
enablement
- Improved color/contrast on overview panels
- ConfigAssist ported to AUIML to facilitate accessibility enablement.
Base Operating System Install now offers a choice to have the hard
disk being installed to, erased of all data, with selectable erasure
patterns. This choice is available for New and Complete Overwrite
installs from CD and available for Network (NIM) installs using new
variables in the bosinst_data NIM resource. Other disks can be erased by
entering the maintenance mode in the BOS Install menus.
Support for multiple NIM masters. Customers will be able to define an
alternate NIM master, synchronize the NIM database between masters, and
failover between masters. This provides a basic way for customers to
create a more reliable NIM environment.
The NIM client daemon will have its service ports registered as well-
known ports (3901 and 3902) and will install as part of the
bos.sysmgt.nim.client fileset. The daemon will serve two purposes:
- Receive/process NIM master service requests
- Receive/process NIM master registration requests by passing machine
information necessary for defining a client in a NIM environment
While nimsh eliminates the need for rsh and interactive shell
environment access, it does not provide a trusted authentication approach
based on key encryption. If users wish to have cryptographic
authentication during nimsh usage, OpenSSL may be configured within the
NIM environment. When OpenSSL is installed on NIM clients, SSL socket
connections are established during nimsh service authentication. Options
are provided for SSL key generation and includes all cipher suites
supported in SSL V3.
In addition to cryptography options, nimsh allows customers the
flexibility of 'querying' network machines by hostname. The NIM Service
Handler processes query requests and returns NIM client configuration
parameters used for defining hosts within a NIM environment. Using
nimsh, customers may define NIM clients without knowing any system or
network specific information.
Web-based system manager support for LVMs are enhanced to:
- Reduce the number of icons used in volume group
- Clearly show the type of volume group in the properties
- Suppress inappropriate columns in the volume group sub-plugin
- Hide FS specific properties in the logical volume plugin
CSM is also a key element of the IBM eServer Cluster 1600 and Cluster
1350, platforms that are ideal for workload consolidation or for
achieving high degrees of scalability and performance for applications
that take advantage of clustered systems architectures. Primary examples
are computational modeling in high-performance computing or multi-
terabyte data warehouses in large corporations.
CSM is enabled on AIX 5L V5.3 on a trial basis. For production use of
CSM, obtain a valid license and key by ordering CSM for AIX 5L
(5765-F67).
Documentation technology
Starting with AIX 5L V5.3, IBM eServer pSeries and AIX documentation
will be available in one of two information centers:
- IBM eServer pSeries and AIX Information Center on the Web
- AIX Information Center on the documentation CD
The pSeries and AIX Information Center is more than a portal to
documentation. From this Web site,
http://publib16.boulder.ibm.com/pseries/index.htm
you can access the following tools and resources:
- A message database that shows what error messages mean and, in many
cases, how you can recover. This database also provides information for
LED codes and error identifiers.
- How-to tips with step-by-step instructions for completing system
administrator and user tasks.
- FAQs for quick answers to common questions.
- The entire AIX software documentation library for V5.1, V5.2, and
V5.3. Each publication is available in PDF format and abstracts are
provided for books for V5.2 and V5.3.
- Centralized information, previously located throughout the library,
allows easier access to information about some new AIX functions:
- A new selection in the navigation bar centralizes all partitioning
information, including planning, installation, and implementation
information for partitioned-system operations.
- Understanding the Advanced Accounting subsystem provides system
administrators with conceptual and procedural information about how to
set up, administer, and manage Advanced Accounting. Information about
projects, policies, transactional accounting, interval accounting, and
data aggregation is included in this topic. This publication is also
available on the documentation CD that is shipped with the operating
system.
- A new "Partition Load Manager for AIX Guide and Reference" provides
experienced system administrators with information about how to perform
such tasks as installing, configuring, and managing Partition Load
Manager for AIX. This guide also provides the administrator with
reference information about commands and files that are used to run and
manage Partition Load Manager for AIX.
- Links to the entire pSeries hardware documentation library.
- A resources page that links users to other IBM and non-IBM Web sites
proven useful to system administrators, application developers, and
users.
- Links to related documentation from IBM, including white papers, IBM
Redbooks, and technical reports on topics such as RS/6000, SP, and HACMP
for AIX. Release Notes and readme files are also available through the
information center.
- Several new videos are available for customer-installable features
and customer-replaceable parts.
A new application, the AIX Information Center, will be available for
installation beginning with AIX 5L V5.3. The information center will
provide navigation and search capabilities for all installed AIX 5L V5.3
publications and will be included on the AIX Documentation CD. It can be
installed and used on a local system or installed on a documentation
server for intranet use. The information center is powered by Eclipse
technology.
To order publications included in the AIX documentation library for
AIX 5L V5.3, go to the IBM Publications Center at:
http://www.elink.ibmlink.ibm.com/public/
applications/publications/cgibin/pb
The IBM Publications Center offers customized search functions to help
you find the publications that you need. A growing number of
publications is available for you to view or download free of charge. In
a number of countries or regions, you can also order publications listed
on the site.
System security
Pluggable Authentication Module (PAM) infrastructure has been enhanced
to include additional authentication modules. Use of PAM as an
authentication mechanism is now a system wide decision rather than per
user. Many native operating system applications have been PAM enabled to
recognize this configuration choice.
Even though it is possible to increase or decrease the size of the
user name, it is advised that the user name size should never be
decreased. However if there is a need to decrease the user name, current
user names on the system be studied carefully to make sure that the none
of the user have names greater the size being planned to be set. If this
is not done, system behavior in regards to login and other functions in
regards to these users will be unpredictable.
IBM Tivoli Security Clients/Agents for IBM eServer pSeries AIX
5L
Tivoli security-ready clients and agents will be pre-installed on
pSeries POWER5 servers running AIX 5L V5.2 beginning in August 2004.
Pre-installed Tivoli security-ready clients and agents for pSeries
POWER4+ and POWER4 servers running AIX 5L V5.2 will also be available
beginning in August 2004. IBM intends to pre-install security-ready
clients and agents on pSeries POWER servers that support AIX 5L V5.3 in
the future.
The Tivoli security clients and agents software when coupled with
optional corresponding and extra cost server-based IBM Tivoli security
management solution offerings can provide pSeries customers with security
capabilities to help address a fundamental and heightened customer need
for more secure on demand systems.
Tivoli security (identity) management solutions provide two critical
layers of additional defense beyond the traditional perimeter defense
provided by firewalls, anti-virus software and intrusion detection
software� a security control layer and a security policy compliance
layer.
The Tivoli control layer determines which server users can access and
what users may view and do. The Tivoli security compliance layer helps
to ensure that customers are, and remain in, compliance with security
policies while helping assess security risk and initiating responses to
security events.
The Tivoli security-ready client and agent software available for
pSeries POWER5, POWER4+, and POWER4 server with AIX 5L V5.2 is:
- Client for IBM Tivoli Access Manager for Operating System AIX
- Agent for IBM Tivoli Identity Manager
- Agent for IBM Tivoli Risk Manager
- Client for IBM Tivoli Security Compliance Manager
To use each Tivoli security-ready client or agent, acquisition of the
following corresponding server-based Tivoli security management product
offering is required.
- IBM Tivoli Access Manager for Operating System AIX
- IBM Tivoli Identity Manager
- IBM Tivoli Risk Manager
- IBM Tivoli Security Compliance Manager
When pre-installed, the security-ready clients/agents help simplify
the implementation and enablement of Tivoli security management
solutions. These Tivoli security management solutions enable a
consistent enforcement of security management policies across pSeries and
AIX 5L as well as across heterogeneous server environments running UNIX,
Linux, and Microsoft Windows operating systems.
Optional IBM Tivoli Security Management Offerings for pSeries AIX
5L
Tivoli security-ready clients and agents for pSeries AIX 5L servers
provide the means for Tivoli security management software running on a
pSeries AIX 5L server to provide and manage two different layers of
security (a control layer and/or a security policy compliance layer) for
each connected and enabled server "client". One Tivoli security
management server can manage up to thousands of pSeries AIX 5L server
"clients". Security management capabilities include:
- Secure and manage the pSeries AIX 5L server: IBM Tivoli
Access Manager for Operating System AIX is optional extra cost server-
based enablement software that provides multiple pSeries AIX 5L server
clients with IBM main-frame class security. Access Manager can lock down
and harden the AIX 5L operating system at the root level thereby helping
to secure applications and protect data, meet customer security audit
requirements and reduce security administration costs.
- Setup and manage the users: IBM Tivoli Identity Manager
is optional extra cost server-based enablement software that automates
the creation and management of multiple user accounts. Identity Manager
helps to significantly shorten the time for provisioning users from weeks
to minutes and automatically discovers invalid user accounts.
- Manage security operations: IBM Tivoli Risk Manager is
optional extra cost server-based enablement software that centrally
monitors, reports and manages security events. Risk Manager helps to
radically improve the administration of the whole security management
environment.
- Audit security policies for compliance: IBM Tivoli
Security Compliance Manager is optional extra cost server-based
enablement software that checks the server system, middleware and
applications for vulnerability and adherence to customer security
policies. Security Compliance Manager determines violations against
security policies that are provided by IBM or modified or written by the
customer.
Complementary (Security) Offering -- IBM Tivoli Directory
Server
Store Users and Their Identities: IBM Tivoli Directory
Server is server-based enablement software. Directory Server is
foundation service software for building security-rich and standards
compliant identity infrastructure solutions. It provides a robust and
light weight directory access protocol (LDAP) and offers a choice of
providing simple user ID and password authentication or robust digital
certificate-based authentication. Directory Server is provided as a part
of the AIX 5L V5.2 Expansion Pack.
Customer Value
Tivoli security management solutions for pSeries AIX 5L can
significantly help meet the heightened and growing customer need for a
more secure on demand IT and server operating environment.
Tivoli security-ready client and agent software provides customer
value when pre-installed. Pre-installation with AIX 5L will help save
installation planning and implementation time when the clients/agents are
security enabled by Tivoli security management (server) offerings.
Significant additional customer value is provided when the Tivoli
security-ready clients/agents are connected to and enabled by Tivoli
security management (server) software:
- Helps protect and optimize IT resources by controlling "who has
access to what"
- Helps reduce the cost of security administration and support
- Helps manage complexity with a single user sign-on and unified user
experience
- Helps validate compliance against security policies and audits
requirements
IBM Value
SOSWOS (Sell Our Stuff With Our Stuff)... Tivoli security-ready
clients/agents and Tivoli security management solution offerings help to
further differentiate the value of pSeries and AIX 5L when compared to
UNIX-based competitors such as HP and Sun Microsystems. HP and Sun do
not have the security management solution portfolio capabilities of IBM.
When marketed and sold together as an integrated security management
solution, pSeries, AIX 5L and Tivoli is a winning combination.
Development and performance tools
The following performance tools and libraries have been enhanced:
- PMAPI library now supports threaded applications running in M to N
mode, and the new POWER5 and PowerPC970 processors.
- The perfstat library, and the vmstat, iostat, sar, topas, curt, and
splat tools have been enhanced to support micro-partitioning and SMT.
Filemon, netpmon, and pprof have been enhanced to support micro-
partitioning. Support for SMT will be added to those three tools in a
future release.
- Iostat, vmstat, and sar now detect and tolerate dynamic configuration
changes
- Using the -d option of the sar command, average queue size, and
service and wait time can now be monitored for selected disk types.
- The gprof tool now supports multi-process and multi-threaded
applications
- Trace now support single process and thread tracing.
The following new tools are available:
- Lparstat which displays partition configuration information and
allows monitoring of a set of partition level performance metrics.
- Mpstat which can be used to monitor a large set of detailed
performance metrics at the logical processor level
Network technology and communications
Additional route selection policies will include Random, Weighted
Random, Lowest Utilization, Weighted Round-Robin, and Hash based on
destination IP address.
The discovered PMTU information is stored in a dedicated table and has
a method to manage the table. Separating the PMTU and the routing table
makes multi-path routing work better with PMTU discovery.
Wake on LAN technology is used to remotely wake up a machine by
sending the machine a specific packet of information, called a Magic
Packet. AIX provides a command (wol) to construct and send a Magic
Packet frame to wake up a remote machine.
Upgrades to the AIX tcpdump and the libpcap library improve the
network traffic debugging capabilities of AIX.
Support has been added for the Service Location Protocol client side
API on AIX. Service Location Protocol is described by RFC 2608 and the
client side API is described by RFC 2614.
New functions include socket options, ancillary data, library
functions, macros to manipulate ancillary data, structure, and constant
definitions based on the RFC standard 3542.
Support has been added for the Streams Control Transmission Protocol
(SCTP) in AIX. SCTP is a reliable transport layer protocol which runs
over IP and is described in RFC 2960. A socket API for applications to
communicate using SCTP is also provided.
Support is provided for both the DHCP server (dhcpsdv6) and client
(dhcpcdv6) and retains much of the flexibility and ease of configuration
that users are accustomed to in the AIX DHCP for IP V4. The DHCP relay
agent (dhcprd) has been enhanced to support both IP V4 and IP V6
environments.
AIX TCP/IP remote commands continue to support Kerberos V5 for
authentication. Support for Kerberos V4 used by PSSP software on SP
systems will be withdrawn.
Fibre Channel is a high-speed, networking technology primarily used
for Storage Area Networking (SAN). Currently with AIX, Fibre Channel is
only used for communication between storage devices and servers using the
SCSI protocol (FCP). This AIX feature adds the support to enable IP
packets to be sent over a physical Fibre Channel connection as well.
When a Fibre Channel adapter's IP protocol driver is configured and the
IP over FC properties are assigned, the Fibre Channel adapter may also be
used as a LAN device. Its network activity will function just as if an
Ethernet or Token-Ring adapter were being used. In a SAN environment,
this will allow servers and storage systems to communicate and perform
networking type of management services without additional LAN equipment
and infrastructure.
IP over FC is only supported on the IBM 2 Gigabit Fibre Channel
Adapter for 64-bit PCI Bus (#6228) and the IBM 2 Gigabit Fibre Channel
PCI-X Adapter (#6239) with the configuration of an IP enabled Fibre
Channel switch. The Fibre Channel switches that have been verified to
work with this feature are: both 1 GB and 2 GB Fibre Channel switches
manufactured by Brocade and Cisco.
AIX EtherChannel feature allows Ethernet bandwidth aggregation from
several Ethernet adapters. EtherChannel feature is currently available.
Dynamic Membership feature allows systems administrators to add or remove
adapters from a running EtherChannel and change EtherChannel attributes
except Ethernet frame size without having to first detach its interface.
This enables the dynamic reallocation or deallocation of adapters,
particularly useful when hot-swapping adapters that belong to an
EtherChannel.
The maximum number of Fibre Channel logical units supported per target
was increased from 1023 to 4095 in AIX 5L V5.2. In FC, each end point is
referred to as an N_Port. If that N_Port supports SCSI protocol, then it
is also referred to as a target. Each target is composed of one or more
logical units.
The iSCSI protocol driver is included as part of AIX Base Operating
System. It allows the access of storage devices over gigabit Ethernet
TCP/IP networks. The iSCSI driver has been verified to work with the
Cisco MDS 9000 IPS module as the iSCSI target, using IBM TotalStorage ESS
F20 and IBM TotalStorage ESS 800 storage devices.
The current iSCSI driver is based on IETF RFC 3720 iSCSI standard,
with certain limits and functional limitations as described in AIX 5L
V5.2 and AIX 5L V5.3 release notes.
The configuration of EtherChannel and Virtual IP Address (VIPA)
network interfaces will be added to the NIM secondary adapter support.
Network interoperability
AIX Fast Connect offers file and print services for Windows clients on
AIX 5L. It includes the following enhancements:
- Implementation of directory change notification support to improve
the performance of the server. Some applications like biztalk can be
installed on Fast Connect shares with this feature.
- Support of direct hosting of SMB over TCP/IP (aka NetBIOS-less
connection support). It simplifies the transport of SMB traffic, removes
WINS and NetBIOS broadcast as a means of name resolution and standardizes
name resolution on DNS for file and printer sharing.
- Implementation of level II Oplocks helps improve the performance of
the server by allowing multiple clients to access files in
Read/Deny-Write lock-mode.
- Support of large files, large sends and large receives are added.
Now Fast Connect can handle the file sizes and file offsets supported by
AIX.
- Support of 32-bit NT status codes is added, which improves the
communication between server and client and supports newly defined return
codes.
- Implementation of SMB signing in Fast Connect supports mutual
authentication of client and server, reduces the "man-in-the-middle"
attacks.
- Fast Connect supports long user names, a new feature of AIX 5.3,
which can eliminate the Windows to AIX users name mapping.
- Support of NT ACLs is implemented. Windows clients can add users or
groups to grant NT ACL permissions to files/folders of Fast Connect
server. The key/basic NT ACLs are supported prior to AIX 5L V5.3 levels,
and complete NT ACLs and ACL inheritance are supported on AIX 5L V5.3.
- Fast Connect users can be dynamically created in passthrough
authentication configuration by reducing the administrative overhead.
- Windows 2003 clients are supported, in addition to existing support
for Windows 98, Windows NT, Windows 2000, and Windows XP.
New system support
- IBM eServer p5 Model 520 (9111-520) - AIX 5L processor group E5
- IBM eServer p5 Model 550 (9113-550) - AIX 5L processor group E5
- IBM eServer p5 Model 570 (9117-570) - AIX 5L processor group F5
- IBM eServer i5 Model 520 (9406-520) - AIX 5L processor group E5
- IBM eServer i5 Model 570 (9406-570) - AIX 5L processor group F5
Existing systems supported
AIX 5L V5.3 also runs on existing IBM hardware system models that
support AIX 5L V5.2 software.
New I/O support
AIX 5L V5.3 includes support for:
- 10 Gigabit Ethernet-SR PCI-X adapter. This adapter is designed to
provide LAN connections for pSeries systems. The adapter has a 128 K x
8-bit boot FLASH ROM to support NIM functions.
- 1.44 MB external USB 1.1 diskette drive with an integrated USB
attachment cable.
- DVD media as a dump device. System administrators can configure a
DVD RAM as the dump device and the dump will be written out to the DVD
media directly.
- AIX device driver for ATAPI (IDE) optical for write capability. This
is important for support of IDE attached DVD-RAM.
AIX 5L V5.3 support removal
The AIX 5L operating system previously contained both a uni-processor
kernel and a multi-processor kernel. Effective with this AIX 5L V5.3
release, the operating system will only support the multi-processor
kernel. The AIX 5L V5.3 multi-processor kernel will support the
following systems: RS/6000, IBM eServer pSeries, or
OEM hardware based on
the Common Hardware Reference Platform (CHRP) architecture, regardless of
the number of processors.
AIX 5L V5.2 will be the last release of AIX that will support the uni-
processor kernel.
Removal of obsolete locales
The following is a list of obsolete locales:
Locale Language Territory
------ -------- ---------
Ca_ES Catalan Spain
Da_DK Danish Denmark
De_CH German Switzerland
De_DE German Germany
En_GB English Great Britain
En_US English United States
Es_ES Spanish Spain
Fi_FI Finnish Finland
Fr_BE French Belgium
Fr_CA French Canada
Fr_CH French Switzerland
Fr_FR French France
Is_IS Icelandic Iceland
It_IT Italian Italy
Nl_BE Dutch Belgium
Nl_NL Dutch Netherlands
No_NO Norwegian Norway
Pt_PT Portuguese Portugal
Sv_SE Swedish Sweden
AIX 5L V5.3 supports the following systems that implement the CHRP
architecture:
- PowerPC systems
- POWER3 systems
- POWER4 systems
- POWER5 systems
Systems operating on AIX 5L for POWER V5.3 are supported only when
used within the system operating environments described in the
appropriate hardware announcements and when used within the specified
operating environment. When systems operating on AIX 5L V5.3 are used
with other software or software in later announcements, other limitations
may be included.
AIX 5L V5.3 supports systems and/or partitions with at least 128 MB of
physical memory and a disk size of at least 2.2 GB.
IBM Tivoli Directory Server V5.2 software requirements:
To install the IBM Tivoli Directory Server, your computer must meet
the following minimum system requirements.
- IBM Tivoli Directory client
For the latest information on supported
versions of AIX, refer to the client README file in
/usr/ldap/doc/(lang)/client.txt.
A minimum of 128 MB RAM is required; (256 MB is strongly recommended).
Note: The client is 32-bit.
- IBM Tivoli Directory Server (including the client)
For the latest information on supported versions of AIX, refer to the
server README file in /usr/ldap/doc/(lang)/server.txt.
In addition to the client requirements, the server requires the
following:
- A minimum of 512 MB of RAM is required (1 GB or more is strongly
recommended).
- DB2(TM) Universal Database for AIX Version 8.1 Enterprise Server
Edition with Fixpack 2 is included with the IBM Tivoli Directory Server.
No previous versions of DB2 are supported. If You already have DB2
installed, You need approximately 45 MB of disk space to create the empty
database and start the server. DB2 requires about 300-500 MB of disk
space. IBM Tivoli Directory Server (including the client and the server)
requires about 160 MB of disk space. Disk space required for data
storage is dependent upon the number and size of database entries.
- A 64-bit kernel on 64-bit hardware
The following programs are the fully supported versions:
- VisualAge C++ Professional for AIX, V6.0
Install V6.0 by using your existing V6.0 CD, then apply APARs IY57427,
IY57430, IY57431, IY57433, and IY57434.
- C for AIX, V6.0
Install V6.0 by using your existing V6.0 CD, then apply APARs IY57427,
IY57430, IY57431, and IY57434.
- XL Fortran for AIX, V8.1.1
- Install V8.1.1 by using your existing V8.1.1 CD, then apply APARs
IY57427, IY57430, IY57435, IY57436, and IY57434.
- XL Fortran Run-Time Environment for AIX, V8.1.1 is a fully supported
version of this product. Install V8.1.1 by using your existing V8.1.1
CD, then apply APAR IY57436.
Back to top
|
Planning Information
|
Customer Responsibilities
Not applicable.
Compatibility
Applications from earlier AIX Version 5 Releases
AIX 5L V5.1 and V5.2 applications written for RS/6000 POWER3-,
POWER4-, POWER5-, and PowerPC-based models can be executed on AIX 5L V5.3
without recompilation for the same and newer models in that processor
family (POWER3, POWER4, POWER5, or PowerPC). Exceptions are applications
compiled using POWER3-, POWER4-, POWER5-or PowerPC-specific compiler
options but executed on models other than POWER3, POWER4, POWER5, or
PowerPC, respectively, or applications using:
- Non-shared compiles of AIX-shared libraries
- Features explicitly described as nonportable by IBM in the AIX V4 or
V5 reference manuals
- Undocumented AIX internal features
- X11R5 Server Extensions
- Locales based on IBM-850 codesets
- Legacy security library interfaces executing on AIX Version 5 systems
with long usernames enabled
Any program that must run in all environments -- POWER3, POWER4,
POWER5, and PowerPC (601 and newer PowerPC processors) -- must be
compiled using the common mode or PowerPC option of the compiler.
Programs compiled to exploit:
- POWER5 technology must be run on POWER5 processor types
- POWER4 technology must be run on POWER4 or POWER5 processor types
- POWER3 technology may be run on POWER3, POWER4, or POWER5 processor
types, though there may be some performance penalty when running on
POWER4 or POWER5
- PowerPC-based technology must be run on PowerPC-based processors
Existing binaries need not be recompiled to operate on the target
processors.
Applications running on AIX Version 5 Releases with long
usernames enabled
AIX 5L V5.3 systems can be configured to accommodate user and group
names exceeding eight characters. Applications which have not been
specifically structured to handle long user and group names and which use
legacy security library interfaces with 8-character name limits or which
depend on user and group names not exceeding 8 characters in length may
not work correctly on systems which have been enabled for long user and
group names. AIX 5.3 commands which display user and group names will
truncate user and group names to 8 characters to accommodate existing use
unless command-specific options are utilized to display long user and
group names.
Legacy Security Library Interface Long Username-Enabled Alternative
ckuserID() authenticatex()
cuserid() getpwuid()
getuinfo() getuinfox()
getuinfo_r() getuinfox()
getuserpw() getuserpwx()
newpass() newpassx()
putuserpw() putuserpwx()
putuserpwhist() putuserpwxhist()
AIX 5L V5.3 systems running applications using security library
interfaces should not be configured for long usernames unless the
applications have been tested successfully for long username support.
32-bit Applications from AIX Version 4 Releases
AIX V4.1, 4.2, or 4.3 applications written for RS/6000 POWER3-,
POWER4-, and PowerPC-based models can be executed on AIX 5L V5 without
recompilation for same and newer models in that processor family (POWER3,
POWER4, POWER5, or PowerPC). Exceptions are applications compiled using
POWER3-, POWER4-, or PowerPC-specific compiler options executed on models
other than POWER3, POWER4, POWER5, or PowerPC, respectively, or
applications using:
- Non-shared compiles of AIX shared libraries
- Features explicitly described as nonportable by IBM in the AIX V4 or
V5 reference manuals
- Undocumented AIX internal features
- X11R5 Server Extensions
- Locales based on IBM-850 codesets
- Legacy security interfaces executing on AIX Version 5 systems with
long usernames enabled
Programs compiled to exploit:
- POWER5 technology must be run on POWER5 processor types
- POWER4 technology must be run on POWER4 or POWER5 processor types
- POWER3 technology may be run on POWER3, POWER4, or POWER5 processor
types, though there may be some performance penalty when running on
POWER4 or POWER5
- PowerPC-based technology must be run on PowerPC-based processors
Existing binaries need not be recompiled to operate on the target
processors.
64-bit Applications from AIX Version 4 Releases
Any 64-bit applications produced using AIX V4 will not execute on AIX
5L V5. These applications need to be recompiled from the source on AIX
5L V5 to execute on this version of AIX. The 64-bit applications
produced using AIX 5L V5 on any of the 32-bit or 64-bit processor models
will execute without recompilation on the 64-bit processor models. The
32-bit applications produced using AIX 5L V5 on either 32-bit or 64-bit
processor models will execute without recompilation on both models.
X11R5/X11R6 Compatibility Issues on AIX Version 5
The AIX V5 X-server uses the X-Consortium release 6 of X (commonly
known as X11R6). The libraries shipped by IBM with X11R6 are backward
compatible and the client applications that access these libraries work
as on AIX V4. As on AIX V4, IBM will also ship X11R3, X11R4, X11R5
compatibility installation options for maximum flexibility.
The majority of applications using X fall into this category and will
not cause any difficulty. However, a small number of X-applications use
the loadable extension facility provided by the X-server.
The X-server allows for the addition of new functionality through its
extension mechanism. For each extension, part of the extension is loaded
into the X-server before it can be executed. X11R6 has modified how this
mechanism works in the course of improvements to X, and it is this part
of the extension that must be made compatible with X11R6 to execute
properly. All extensions supplied by IBM have been made compatible. In
some circumstances, you may have an extension that does not work with
X11R6, for example:
- Sample extension downloaded from the X-Consortium FTP site
- Customer-developed extension
- Third-party extension
In these cases, the extension needs to be made compatible with X11R6
before it executes properly. Customer-developed extensions and sample X
consortium extensions need to be recompiled with the X11R6 environment.
For third-party extensions, contact the vendor for a X11R6-compatible
update.
If you use non-IBM display adapters, you may also be using vendor
supplied software specific to those devices that uses X11R6 server
capabilities. If so, this software must be compatible with X11R6 to
operate properly. Contact the vendor of the display adapter for this
software.
Between AIX Versions 3 and 5
All AIX applications using AIX V3R3.2 or later, for POWER-, POWER2-,
and PowerPC-based models that are written in accordance with the
guidelines in this announcement and other AIX announcements run on AIX 5L
V5 without recompilation for those same models. The exceptions to this
statement are applications compiled using POWER2-or PowerPC-specific
compiler options but run on models other than POWER2 or PowerPC, or
applications using the following:
- Their own loadable kernel extensions
- Certain high-function terminal control interfaces
- X11R3 input device interfaces
- The CIO LAN device driver interface
- SCSI device configuration methods (IHVs)
- The nlist() interface
- DCE threads
- Legacy security interfaces executing on AIX 5L systems with long
usernames enabled
Applications must have been created using the AIX shared libraries for
these binary compatibility statements to apply.
Limitations
- IBM Parallel System Support Programs (PSSP) for AIX is not supported
running AIX 5L V5.3
- SP Switch and the SP Switch2 are not supported running AIX 5L V5.3
- Partition Load Manager for AIX (available via a hardware feature code
of Advanced POWER Virtualization) is not targeted for customers that want
to implement very small granularity CPU resource management
(micro-partitioning) on shared-processor logical partitions. Memory
management is fully supported on these configurations, but CPU management
may not always give the desired result.
Back to top
|
Publications
| |
The following publications can be ordered from IBM immediately. To
order, contact your IBM representative.
- AIX 5L Version 5.3 AIX Installation
in a Partitioned Environment
(SC23-4926)
- AIX 5L Version 5.3 Installation Guide
and Reference
(SC23-4887)
Back to top
|
Security, Auditability, and Control
| |
AIX 5L for POWER V5.3 uses the system
and network security features for
security and auditability. These features are:
- System security:
- Native Kerberos V5 KDC Server/Client Support
- Trusted Computing Base available as an optional preinstall feature
- AIX LDAP Security Audit plug-in
- Pluggable Authentication Mechanism
- IBM SecureWay Directory Version 3.2.1
- Network security:
- PKCS support
- IP Key Encryption Security
- Directory-based resolvers
The customer is responsible for evaluation,
selection, and implementation
of security features, administrative procedures, and appropriate controls
in application systems and communication facilities.
Trademarks
(R), (TM), * Trademark or registered trademark of
International Business Machines Corporation.
** Company, product, or service name may be a trademark
or service mark of others.
Windows is a trademark of Microsoft Corporation.
UNIX is a registered trademark in the United States and other
countries licensed exclusively through X/Open Company Limited.
© IBM Corporation 2005.
Back to top
|
|
|
|
|
Operating Environment