Feeds

IBM's AIX 6 drops 'L,' adds 'S'

Sun worshippers

Next gen security for virtualised datacentres

Goodbye, AIX 5L Version 5.4. Hello, AIX 6 – soon shipping with less L and more S.

Just a couple days after revealing its first Power6-based servers, IBM has handed customers an outline of the expected features in AIX 6 – or the operating system formerly known as AIX 5.4. The Unix OS, IBM confirmed this week, will enjoy a public beta in the third quarter and honest to god shipment in the fourth quarter. IBM apparently refuses to call AIX 6 by its given name and will introduce the software as AIX Version 6.1. Go figure.

Customers can expect IBM to place emphasis on a host of new virtualization tools when bragging about the fresh OS.

For example, IBM has started plugging Workload Partition (WPAR), which is a software-based virtualization feature that lets customers cut back on the number of OS images needed per physical server. Basically, customers can use WPAR to run numerous applications on a single AIX instance with the expected security and administrative isolation between apps. IBM sees WPAR as a complement to logical partitions.

WPAR sounds an awful lot like the Solaris Containers Sun has shipped for a long time.

In either case, customers benefit by managing fewer copies of the OS per server, while still getting pretty sturdy divisions between the application compartments.

To complement WPARs, IBM has a brand new software package called Workload Partitions Manager. Pick up this beauty, and you can ship a running WPAR from one physical server to another without application restarts via a feature aptly called Application Mobility.

According to a report from Timothy Prickett Morgan, IBM managed to pass an Oracle 10g database between a pair of Power6-based p570s, during a demonstration, using this technology.

"These machines were linked together using a 10 Gigabit Ethernet network," Timothy tells us. "Because the I/O is already virtualized in the servers, it is easy enough to move the pointers from a storage area network from one physical box to another one. The real trick with the Application Mobility feature in AIX 6.1 is grabbing the state of main memory and moving all that data across the 10 GE network in real time in such a way that end users do not see a blip in application performance."

IBM has copied Sun once again with a planned version of its OS called Trusted AIX. Sun has long pushed its Trusted Solaris, which boasts tons of access-based controls, on government customers, and IBM now plans to do so as well.

Also on the security front, IBM has the Encrypting filesystem – a hardened version of the Journaled Filesystem Extended (JFS2). "The encrypted data can be backed up in encrypted format, reducing the risk of data being compromised if backup media is lost or stolen," IBM said. "The JFS2 encrypting filesystem can also prevent the compromise of data even to root-level users."

You'll also see additions to AIX Security Expert, which IBM rolled out via a Technology Level 5 update to Version 5.3 of AIX. A new piece of Security Expert will let customers store security templates in an LDAP directory.

Still not feeling secure enough?

Then meet Trusted Execution and Secure by Default – the last security buzzword pairing found in AIX 6. With TE, "a signature (SHA256/RSA) database for the important system files is created automatically as part of regular AIX install," IBM said. "Also administrators can define policies such that the loads of files listed in the database are monitored and execution/loads not allowed if hashes do not match. Additionally, administrators can lock the signature database or the files in the database from being modified by any one in the system, including root."

And with Secure by Default customers will see a new option during the installation process that lets them trim the number of running services.

If you thought IBM was done copying Sun, you'd be wrong. AIX 6 ships with a fresh dynamic tracing package called probevue, which funny enough shares its name with a new device my proctologist employed last week. Like Sun's DTrace, probevue let you slot probes into running code to capture system data and help with tuning.

Speaking of proctologists, IBM's got a Live Dump tool as well, which "allows selected subsystems to dump their memory state and traces to the filesystem for subsequent service analysis, without requiring a full system dump and outage."

[God, you're crass. – Ed]

Also on the Live front, IBM will offer Concurrent AIX updates where customers can obtain some kernel fresheners without rebooting their systems.

Those of you who already think AIX 6 is old hat will be pleased to know that IBM has plugged in dates for AIX 7. According to a roadmap making its way around the web, IBM sees the even newer OS arriving in October of 2010.

Given past performances, it would seem that Power7 chips are expected to ship a few months before that AIX 7 release.

That should give IBM's developers plenty of time to examine Solaris 11. ®

Next gen security for virtualised datacentres

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.