An12 Ib

V5.
cover
Front cover
Power Systems for AIX II: AIX

Implementation and
Administration
(Course code AN12)
Instructor Guide
ERC 1.1
Instructor Guide
Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® AIX 5L™ AS/400®
DB2® Electronic Service Agent™ Everyplace®
Express™ HACMP™ Notes®
POWER® POWER2™ POWER3™
POWER4™ POWER5™ POWER5+™
POWER6™ Power Architecture® POWER Hypervisor™
Power Systems™ PowerHA™ PowerPC®
PowerVM™ pSeries® RS/6000®
System p® System Storage™ Tivoli®
WebSphere® Workload Partitions
Manager™
PS/2® is a trademark or registered trademark of Lenovo in the United States, other
countries, or both.
PostScript is either a registered trademark or a trademark of Adobe Systems Incorporated
in the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.
in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of others.
October 2009 edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
© Copyright International Business Machines Corporation 2009. All rights reserved.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictions
set forth in GSA ADP Schedule Contract with IBM Corp.
Instructor Guide
iii AIX installation © Copyright IBM Corp. 2009

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
iv AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Instructor course overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
Live partition mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Evolution of AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Overview of the POWER6 servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
Typical Power / AIX system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
Virtual I/O server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40
Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
How can we perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-45
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-47
Exercise 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-49
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-51
Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
UNIX System administration challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
System management objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
AIX administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
SMIT main menu (text based) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Dialog screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Output screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
SMIT log and script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23
Web-Based System Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26
IBM Systems Director Console for AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-28
Console interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31
©Copyright IBM Corp. 2009 Contents v

Instructor Guide
Console applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34

Console management view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-37
System health (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-40
System health (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-42
System health (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-45
Classical SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-48
DCEM portlet (1 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-50
DCEM portlet (2 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-52
DCEM portlet (3 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54
DCEM portlet (4 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-56
DCEM portlet (5 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-59
Console logging and tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-61
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-64
Exercise 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-66
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-68
Unit 3. System startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
System startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4
Managed system activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7
Start-up modes for AIX (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
Start-up modes for AIX (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11
AIX start up process overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13
AIX partition activation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15
AIX partition activation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
The alog command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19
/etc/inittab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-22
Run levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25
Directory and script control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-28
System resource controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-30
Listing subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-32
SRC Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-34
AIX partition shutdown (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-36
AIX partition shutdown (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-39
Managed system shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-42
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-44
Exercise 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-46
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-48
Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2
Installation methods for AIX 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4
AIX installation in a partition (DVD or CD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6
Installing AIX from CD/DVD (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8
Installing AIX from CD/DVD (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-10
Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12
Installation and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-14
Method of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16
vi AIX installation ©Copyright IBM Corp. 2009

V5.3
Instructor Guide
TOC Installation disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

Set Primary Language Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Software install options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Install summary and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Accept License Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
AIX installation: Post steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
Installation assistant and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
AIX installation in a partition using NIM: NIM overview . . . . . . . . . . . . . . . . . . . . . 4-36
AIX installation in a partition using NIM: Configuration steps . . . . . . . . . . . . . . . . 4-39
Network boot (1 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
Network boot (2 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
Network boot (3 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
Network boot (4 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
Network boot (5 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
Network boot (6 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
Network boot (7 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
Exercise 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
AIX media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Software packaging definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Software bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
AIX software levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
What is my AIX version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Software repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Software states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
Software listing and versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24
lslpp, filesets and files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26
Installing new software using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28
Installing software using command line, examples . . . . . . . . . . . . . . . . . . . . . . . . 5-30
Red Hat Package Manager filesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
Applying patches to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Applying patches, apply, commit, reject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36
Listing fixes (APAR's) installed on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38
Interim fix management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40
Removing installed software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42
Recovering from broken or inconsistent states . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-44
Service update management assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-46
SUMA base configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48
SUMA task configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-50
SUMA command line execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-52
Fix Central Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55
Fix Level Recommendation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-57
©Copyright IBM Corp. 2009 Contents vii

Instructor Guide
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-59
Exercise 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-61
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-63
Unit 6. System configuration and devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2
Device terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-4
System configuration and device overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-7
Device commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9
System device layout example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-11
prtconf (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13
prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-17
lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22
lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24
Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-26
/dev directory, device configuration and control . . . . . . . . . . . . . . . . . . . . . . . . . . .6-28
Device addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-30
Physical location code examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-32
Virtual location codes, example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-34
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-37
Exercise 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-39
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-41
Unit 7. System storage overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Components of AIX storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Traditional UNIX disk storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Benefits of the LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
Logical Volume Manager components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-10
Physical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-13
Volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-16
Volume group descriptor area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-19
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-22
Uses of logical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25
What is a file system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28
Why have multiple file systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31
Standard file systems in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34
/etc/filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-37
Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-40
Mounting over an empty directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-42
Mounting over files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-44
Listing file systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-46
Listing logical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-48
Checkpoint (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-50
Checkpoint (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-52
Checkpoint (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-54
viii AIX installation ©Copyright IBM Corp. 2009

V5.3
Instructor Guide
TOC Exercise 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-56

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-58
Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
SMIT volume group menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Adding a volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
Adding a scalable volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Listing volume groups and VG attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Listing PVs in a VG and VG contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
Change a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Extend and reduce a VG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
Remove a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Activate and deactivate a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25
Import and export a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27
Reorganize a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-31
LVM and RAID support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
LVM options which affect performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
Mirroring (RAID1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
Mirroring, allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39
Striping (RAID 0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41
Striping and mirroring (RAID 10 or 1+0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-44
Logical volume placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-46
Mirroring scheduling policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49
Mirror write consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-52
SMIT logical volume menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-55
Adding a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-57
Show LV characteristics (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-59
Show LV characteristics (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-62
Add copies to a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-64
Increasing the size of a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-67
Remove a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-69
List all logical volumes by volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-71
Mirroring volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-73
Physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-76
SMIT physical volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-78
List physical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-80
List logical volumes on a physical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-82
List a physical volume partition map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-84
Add or move contents of physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-86
Documenting the disk storage setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-88
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-90
Exercise 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-92
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-94
©Copyright IBM Corp. 2009 Contents ix

Instructor Guide
Unit 9. File systems administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-2
Journaled file system support in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4
Advantages of enhanced JFS (JFS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-6
JFS2 structural components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8
Listing i-node and block size information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-11
Creating a JFS2 file system (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-13
Creating a JFS2 file system (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-15
Mounting a file system and the /etc/filesystems file . . . . . . . . . . . . . . . . . . . . . . . .9-17
JFS2 logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-19
Creating a file system on a previously defined logical volume . . . . . . . . . . . . . . . .9-21
Changing the size of a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23
Removing a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-25
File system space management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-28
Listing file system utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30
Monitoring file system growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-32
Listing disk usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-34
Control growing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-37
The skulker command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-40
Block size considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-42
Fragmentation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-45
Verify and repair a file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-47
Documenting file system setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-49
System storage review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-51
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-53
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-55
Exercise 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-57
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-59
Unit 10. Paging space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
What is paging space? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-4
Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7
Sizing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-10
Paging space placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-15
Checking paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18
Adding paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21
Change paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-24
Remove paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-27
Problems with paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-30
Documenting paging space setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-32
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-34
Exercise 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-36
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-38
Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2
Backup introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-4
x AIX installation ©Copyright IBM Corp. 2009

V5.3
Instructor Guide
TOC System image backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Creating a mksysb image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10
image.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
bosinst.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
mksysb tape image format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19
Restoring a mksysb, from tape device (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-22
Restoring a mksysb, from tape device (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Restoring a mksysb, from a NIM server (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
Restoring a mksysb, from NIM sever (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
Creating a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Restoring a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33
Traditional UNIX and AIX backup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Backup by filename and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38
Backup and restore by inode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-41
tar command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-44
cpio command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-46
pax command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48
dd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-50
Compression commands (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-52
Compression commands (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-54
Good practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-56
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-59
Exercise 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-61
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-63
Unit 12. Security and user administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
12.1. Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
Group hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
User hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
Role based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18
Controlling access to the root account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21
Security logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23
File/Directory permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26
Reading permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-29
Changing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32
umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-35
Changing ownerships and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-38
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-40
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-42
12.2. User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-45
User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-46
Console login sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-48
User initialization process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-51
Message of the day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-54
©Copyright IBM Corp. 2009 Contents xi

Instructor Guide
Security & Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-56

SMIT users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-59
Listing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-62
Add a user to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-64
Change / Show Characteristics of a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-67
Remove a user from the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-69
Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-71
Regaining root's password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-74
SMIT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-76
Listing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-78
Add a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-80
Change or remove a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-83
RBAC overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-86
RBAC defined roles and authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-88
RBAC (basic) implementation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-92
RBAC example (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-94
RBAC example (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-96
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-98
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-100
12.3. Security files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-103
Security files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-104
Security files introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-106
/etc/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-109
/etc/security/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-112
/etc/security/user file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-115
Group files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-120
/etc/security/login.cfg file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-122
Validating the user environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-125
Documenting security policy and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-128
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-130
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-132
Exercise 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-134
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-136
Unit 13. Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
The cron daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
crontab files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Format of a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-10
Editing a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-13
The at and batch commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-16
Controlling at jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-19
Documenting scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-21
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-23
Exercise 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-25
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-27
xii AIX installation ©Copyright IBM Corp. 2009

V5.3
Instructor Guide
TOC Unit 14. TCP/IP networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
What is TCP/IP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4
TCP/IP layering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7
TCP/IP start-up flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10
Ethernet adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Virtual LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15
IEEE 802.1Q VLAN tagging (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17
IEEE 802.1Q VLAN tagging (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
VLAN group example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-21
AIX VLAN tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-25
IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-28
Subnetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-30
Supernetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-32
How is TCP/IP configured on AIX? (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-34
How is TCP/IP configured on AIX? (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-36
Command line TCP/IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-38
Verifying network interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-40
Name resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-42
Routing implementation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-45
Routing implementation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-48
Multipath routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-50
Additional configuration, IP aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-53
Testing for remote connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-55
Ports and sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-58
inetd daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-60
Remote UNIX commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-62
Transferring files over a network (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-64
Transferring files over a network (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-66
Network File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-68
NFS server configuration (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-70
NFS server configuration (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-73
Manual NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-76
Predefined NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-78
Virtual Network Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-81
VNC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-83
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-85
Exercise 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-87
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-89
Unit 15. Introduction to workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
Workload partition overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Workload partition overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Reasons to use workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9
WPAR is built on top of WLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
AIX workload partitions initial state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
©Copyright IBM Corp. 2009 Contents xiii

Instructor Guide
Application WPARs (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-16

Application WPARs (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-18
Creating an application WPAR: wparexec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-20
Application WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-22
System WPARs (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-24
System WPARs (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-26
System WPAR device access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-28
Creating a system WPAR: mkwpar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-30
System WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-32
Creating a system WPAR with a network definition . . . . . . . . . . . . . . . . . . . . . . .15-34
WPAR routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-36
System WPAR file systems space (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-38
System WPAR file systems space (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-41
WPAR management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-44
Specification file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-46
Starting a system WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-48
Stopping and removing a system WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-50
WPAR status: lswpar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-53
WPAR logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-55
System WPAR management: clogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-57
AIX command restrictions in WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-59
WPAR management: save and restore WPAR . . . . . . . . . . . . . . . . . . . . . . . . . .15-61
Software installation, shared /usr and /opt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-64
Software installation, non-shared /usr and /opt . . . . . . . . . . . . . . . . . . . . . . . . . .15-66
WPAR resource control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-68
Shared-based approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-70
Percentage-based approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-72
Workload Partition Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-74
Workload Partition Manager GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-76
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-78
Exercise 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-80
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-82
Appendix A. Printers and queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
Appendix B. Checkpoint solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1
xiv AIX installation ©Copyright IBM Corp. 2009

V5.3
Instructor Guide
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® AIX 5L™ AS/400®
DB2® Electronic Service Agent™ Everyplace®
Express™ HACMP™ Notes®
POWER® POWER2™ POWER3™
POWER4™ POWER5™ POWER5+™
POWER6™ Power Architecture® POWER Hypervisor™
Power Systems™ PowerHA™ PowerPC®
PowerVM™ pSeries® RS/6000®
System p® System Storage™ Tivoli®
WebSphere® Workload Partitions
Manager™
PS/2® is a trademark or registered trademark of Lenovo in the United States, other
countries, or both.
PostScript is either a registered trademark or a trademark of Adobe Systems Incorporated
in the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.
in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names may be trademarks or service marks of others.
© Copyright IBM Corp. 2009 Trademarks xv

Instructor Guide
xvi AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide
pref Instructor course overview

This is a five-day course for system administrators with little or no
knowledge of administration concepts or skills. The course requires
the students to be familiar with AIX from an end-users point of view
(for example, to be able to use the vi editor). Ideally, students will
have basic LPAR configuration knowledge, but this is not essential.
At the end of the week students should be proficient in all aspects of
AIX system administration. Students who are interested gaining more
advanced level AIX skills, should attend the AIX follow in course,
AN13.
With this release of the course, the materials AIX 6.1 compliant. The
course has been designed to reflect partitioning technology. There is
no reference to the concept of a stand-alone system.
© Copyright IBM Corp. 2009 Instructor course overview xvii

Instructor Guide
xviii AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide
pref Course description

Power Systems for AIX II: AIX Implementation and Administration
Duration: 5 days
Purpose
Learn to install, customize and administer the AIX operating system in
a multiuser POWER (System p) partitioned environment. The course
is based on AIX 6.1 running on a Power6 system managed by
Hardware Management Console version 7 and provides practical
discussions that are appropriate to earlier AIX releases.
Audience
This intermediate course is intended for system administrators or
anyone implementing and managing an AIX operating system in a
multiuser POWER (System p) partitioned environment.
Prerequisites
The students attending this course should already be able to:
• Log in to an AIX system and set a user password
• Execute basic AIX commands
• Manage files and directories
• Use the vi editor
• Use redirection, pipes, and tees
• Use the utilities find and grep
• Use the command and variable substitution
• Set and change Korn shell variables
• Write simple shell scripts
• Use a graphic Common Desktop Environment (CDE) interface
These skills can be acquired by attending AIX Basics (AU13) or
through equivalent AIX/UNIX knowledge. Also, it would be helpful, but
not mandatory if students were familiar with partitioning concepts and
technology taught in Power Systems for AIX I: LPAR Configuration
and Planning (AN11).
© Copyright IBM Corp. 2009 Course description xix

Instructor Guide
Objectives
On completion of this course, students should be able to:
• Install the AIX operating system, filesets, and RedHat Package
Manager (RPM) packages
• Perform system startup and shutdown
• Discuss and use system management tools such as System
Management Interface Tool (SMIT) and IBM systems director
console for AIX
• Manage physical and logical devices
• Discuss the purpose of the logical volume manager
• Perform logical volume and file system management
• Create and manage user and group accounts
• Perform and restore system backups
• Utilize administrative subsystems, including cron to schedule
system tasks, and security to implement customized access of files
and directories
• Configure TCP/IP networking
• Implement Workload Partitions (WPAR)
Contents
• Introduction to IBM POWER p systems, AIX, and system
administration
• AIX System Management Tools
• System startup and shutdown
• AIX installation
• AIX software installation and maintenance
• System configuration and devices
• System storage overview
• Working with the Logical Volume Manager (LVM)
• File system administration
• Paging space
• Backup and restore
• Security and user administration
• Scheduling
xx AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide
pref • TCP/IP Networking

• Workload Partitions
Curriculum relationship
This course should follow the AIX Basics course. A basic
understanding of hardware / AIX environment and simple commands
is recommended before taking this course.
© Copyright IBM Corp. 2009 Course description xxi

Instructor Guide
xxii AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide
pref Agenda
Day 1
Welcome
(01:00) Unit 1: Introduction to IBM Power Systems, AIX, and
system administration
Exercise 1
(01:00) Unit 2: AIX system management tools
Exercise 2
(01:00) Unit 3: System startup and shutdown
Exercise 3
(01:00) Unit 4: AIX installation
Exercise 4
Day 2
(01:15) Unit 5: AIX software installation and maintenance
Exercise 5
(00:45) Unit 6: System configuration and devices
Exercise 6
(00:45) Unit 7: System storage overview
Exercise 7
(01:30) Unit 8: Working with the Logical Volume Manager
Exercise 8
Day 3
(01:30) Unit 9: File systems administration
Exercise 9
(0:30) Unit 10: Paging space
Exercise 10
(01:00) Unit 11: Backup and restore
Exercise 11
Day 4
(01:30) Unit 12: Security and user administration
Exercise 12
(00:30) Unit 13: Scheduling
Exercise 13
(01:30) Unit 14: TCP/IP networking
© Copyright IBM Corp. 2009 Agenda xxiii

Instructor Guide
Day 5
Exercise 14
(01:30) Unit 15: Introduction to workload partitions
Exercise 15
xxiv AIX installation © Copyright IBM Corp. 2009

V5.2
Instructor Guide
Uempty Unit 1. Introduction to IBM Power Systems, AIX,

and system administration
Estimated time
01:00
What this unit is about

This unit provides an introduction to IBM Power Systems, AIX and
system administration.
What you should be able to do

After completing this unit, you should be able to:
• Define terminology and concepts of IBM Power System servers,
virtualization, HMC, and AIX
• Understand a typical set-up of a Power environment
• Describe the roles of the system administrator
• Obtain root access with the su command
How you will check your progress

Accountability:
• Checkpoint
• Machine exercises
References
Online AIX 6.1 Information
PSO03004-USEN-05
AIX “From Strength to Strength”
AU73G System p LPAR configuration and virtualization I
Note: References listed as “Online” above are available at the
following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp
© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Instructor Guide
Unit objectives
IBM Power Systems

• Define terminology and concepts of IBM Power system
servers, virtualization, HMC, and AIX
© Copyright IBM Corporation 2009
Figure 1-1. Unit objectives AN121.1
Notes:
1-2 AIX installation © Copyright IBM Corp. 2009

V5.2
Instructor Guide
Uempty Instructor notes:

Purpose — Introduce IBM Power (p) Systems, AIX, and system administration
Details — The purpose of this unit is to introduce Power Systems and AIX, including their
key capabilities, for new AIX system administrators.
• Define IBM Power System servers, virtualization, HMC, and AIX terminology and
concepts
Additional information — The prereq for this class will be the new basic LPAR intro
course (LPAR I). However, in reality many students will jump straight into this class. For
some students, the material in the introduction will act as a refresher. For students new to
Power p and AIX, it should help put the big picture into context before concentrating on AIX
admin.
Transition statement — Let's start by providing an overview of AIX.
Instructor Guide
AIX overview
IBM Power Systems
• IBM’s proprietary operating system based on UNIX System V

– Also has BSD compatible commands and programming interface
extensions
• Advanced Interactive Executive (AIX) runs on proprietary
hardware (H/W) called IBM Power Systems
– Sixth generation of Power, based on Reduced Instruction Set
Computer (RISC) technology
• Most Power Systems today run many instances of AIX in
partitions known as Logical Partitions (LPAR)
– This is H/W partitioning managed by the system firmware, Power
Hyperviso
LPAR:
AIX1
LPAR:
AIX2
LPAR:
AIX3
Figure 1-2. AIX overview AN121.1
Notes:
Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX
System V with 4.3BSD-compatible command and programming interface extensions.
Announcement Letter Number 286-004 dated January 21, 1986:
• “The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix,
which, in turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories.
Some portions of the modifications and enhancements were developed by IBM; others
were developed by INTERACTIVE under contract to IBM.”

V5.2
Instructor Guide

Purpose — Introduce AIX and its role in today’s POWER technology
Details — Provide an overview to set the tone and put the technology into perspective.
Differentiate the generic term partition with the more specific term of logical partition. It’s
important that students understand right from the beginning that, today, most AIX OSs live
in LPARs. This is key a message.
Additional information —
Transition statement — Let's provide an overview of logical partitions.
Instructor Guide
Logical partition (LPAR) overview

IBM Power Systems
• An LPAR is the allocation of system resources to create

logically separate systems within the same physical footprint.
• The resource allocation and isolation for a logical partition is
implemented in firmware called Power Hypervisor.
– Provides configuration flexibility
• Each partition has its own:
– Operating system
– Resources: processors, memory, devices (defined in a profile)
• Resources can be changed dynamically using Dynamic LPAR (DLPAR)
• Partitions can consist of physical (real) or virtual devices
– or a combination of both
sys1 sys2 sys3 sys4

04:42 14:42 11:42 19:42
LPAR 1 LPAR 2 LPAR 3 LPAR 4
Power Hypervisor
System Hardware (memory, processors, devices)
Figure 1-3. Logical partition overview AN121.1
Notes:
Logical partition (LPAR)
Logical partitioning is the ability to make a single system run as if it were two or more
systems. Each partition represents a division of resources in the Power System. The
partitions are logical because the division of resources is logical and not along physical
boundaries.
Hypervisor Partitions are isolated from each other by firmware (underlying software)
called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be
used interchangeably in this course.
Each partition has its own environment, for example – IP address or time of day, just as
any AIX instance.

V5.2
Instructor Guide

Purpose — Introduce the concepts of LPARs
Details — Describe what is meant by logical partitions.
The visual shows different time zones and country flags to show that because LPARs are
separate operating environments, system variables such as the time zone, can be set in
each operating system of each LPAR.
Transition statement — Now we have defined logical partitioning, let's mention a key
feature of LPAR technology called DLPAR.
Instructor Guide
Dynamic logical partitioning (DLPAR)

IBM Power Systems
• DLPAR is the ability to add, remove, and move resources

without reactivation of a partition
– Processor, memory, and I/O allocation changes
• Processors and memory quantities are bound by the minimum
and maximum profile settings
• Applications may be DLPAR-aware
Before After
LPAR 1 LPAR 1
DLPAR Operation:
(running) (running)
- Add 2.0 CPU
-Remove 4Gb Mem
2.0 CPU 4.0 CPU
-Move the DVD slot to LPAR 2 16Gb Mem 12Gb Mem
Figure 1-4. Dynamic logical partitioning AN121.1
Notes:
Dynamic Logical partitioning (DLPAR)
The term Dynamic in DLPAR means we can add, move, or remove resources without
having to reactivate the partition. If there are partitions that need more or can do with
fewer resources, you can dynamically move the resources between partitions within the
managed system without shutting down the partitions. Both the source and the
destination partitions must support the dynamic partitioning operation.
Processors and memory
Each running LPAR has an active profile which contains the resources that LPAR is
entitled to. For processor and memory settings, there is a maximum and a minimum
range. These boundaries cannot be exceeded when performing dynamic reallocation
operations.

V5.2
Instructor Guide
Uempty Applications
Some applications and utilities may not be DLPAR-aware. If they bind to a processor or
pin memory, then you may need to stop these processes before you are able to perform
the DLPAR operation. IBM provides an Application Programming Interface (API) for
third party program DLPAR support on AIX 5L and AIX 6
Instructor Guide
Instructor notes:
Purpose — Introduce the concept of DLPAR
Details — Describe what is meant by DLPAR, and go through the details provided in the
visual and notes.
Additional information — Just keep it at a high level, not to the same detail as in AN11.
Transition statement — WPAR is a key feature of AIX6. Let's provide an overview.

V5.2
Instructor Guide
Uempty
Workload partitions (WPAR)

IBM Power Systems
• Software (S/W) partitioning is managed by AIX.

– Available from AIX 6.1
• Many AIX OS images can reside within a master global AIX
image.
• Live Application Mobility allows WPAR relocation to another
box or LPAR.
• WPARs provide automatic workload balancing.
• WPAR technology is not H/W dependent.
– Support is available on Power 4, 5, and 6.
AIX1
AIX2 WPAR2 2.
1.
AIX3
WPAR1
WPAR4
WPAR5
WPAR3
WPAR6 WPAR mgr
Figure 1-5. Workload partitions AN121.1
Notes:
Workload partitions (WPAR) are virtualized, secure operating system environments,
within a single instance of the AIX operating system. Live Application Mobility is a capability
of WPAR technology which allows partitions to move between systems with limited
application downtime (for example, 20 seconds).
Instructor Guide
Instructor notes:
Purpose — Introduce WPAR technology
Details — It's important that students understand there is a bigger picture here and not just
AIX administration. This information is good for two main reasons.
1. To make students aware that the technology exists
2. To sell further advanced education
Additional information — More details will follow later in the course.
Transition statement — A key feature of Power6 technology allows partitions to be moved
from box to box. Let's provide an overview of Live partition mobility.

V5.2
Instructor Guide
Uempty
Live partition mobility

IBM Power Systems
• Live partition mobility allows running AIX partitions to be

migrated from one physical server to another without
downtime.
– For Power 6 only, LPARs must not contain any physical devices.
No
LPAR:
LPAR:
Downtime
AIX1
AIX1
• Partition Mobility provides systems management flexibility and
is designed to improve system availability.
– Can help avoid planned outages for hardware or firmware
maintenance
– Can help avoid unplanned downtime
• If a server indicates a potential failure, you can move its partitions to
another server before the failure occurs.
– Enables optimized resource use by moving workloads from server to
server
Figure 1-6. Live partition mobility AN121.1
Notes:
Live Partition Mobility is a new capability that enables users to move partitions between
systems with no application downtime. Live Partition Mobility enables organizations to
move LPARs from CPU intensive servers to improve overall throughput based on
requirements at a particular time. This also allows us to use a maintenance window on a
physical machine without the need for any application downtime. The only interruption of
service would be due to network latency. If sufficient bandwidth was available, a delay of at
most, a few seconds, could typically be expected.
Instructor Guide
Instructor notes:
Purpose — Introduce the partition mobility feature
Details — Go through the details provided in the visual.
Transition statement — Let's see how AIX has evolved over the last 20+ years.

V5.2
Instructor Guide
Uempty
Evolution of AIX
IBM Power Systems
AIX Version 6.1 Technology Level 2

(GA 14, November, 2008)
IBM Support for new IBM UNIX® Systems
New Virtualization Support
• Faster Live Application Mobility
• (with WPAR Manager V1.2
• Inactive Application Mobility
• Independent WPAR network routes
• WPAR named interface support
• IPv6 WPAR network support
• MPIO support for physical and virtual paths
• PowerVM™ n Port ID virtualization (NPIV)
• PowerVM™ Shared Memory Partitioning
OS Integration and Management
• IPv6 RFC currency
• BIND 9.4.1 support
• IPv4 tunneling in IPv6 networks
• nmon integrated into topas
• topasrec performance data recording
• topas monitoring support for PowerVM VIOS
• mpstat and sar support WPAR support
• Concurrent kernel update enhancements
• LVM support for SAN mirror pools
• Systems Director Console enhancements
Figure 1-7. Evolution of AIX AN121.1
Notes:
AIX
AIX has come a long way since 1986. The first stable version was released in 1993 with
v3.2.5. AIX 3 had key features that are still in AIX today such as smit, a logical volume
manager, the first UNIX flavour to incorporate LVM, and Journaled Filesystems. AIX 6.1
which was generally available (GA) in Nov 2007, saw the addition of many new leading
edge features into the OS. Here is a list, many of which are beyond the scope of this
course, but will be covered in detail in further education courses:
AIX Version 6.1 highlights
New Virtualization Support
• PowerVM Workload Partitions (WPAR)
• PowerVM Live Application Mobility, with the IBM PowerVM Workload Partitions
Manager for AIX
• PowerVM Live Partition Mobility enablement
Instructor Guide
Enterprise security features

• Role Based Access control
• Encrypting Filesystem
• Trusted AIX
• AIX Security Expert enhancements
• Secure by Default installation option
• Trusted Execution
• Filesystem access tool for suid
Near-continuous availability features
• Concurrent AIX kernel updates
• Kernel exploitation of POWER6 Storage Keys
• Dynamic tracing with probevue
• Functional Recovery Routines
• Live Dump
• Firmware assisted dump
Manageability features
• WPAR manageability features
• Systems Director Console for AIX
• Integrated filesystem snapshot
• Automatic, variable page size for POWER6
• Solution performance tuning
The evolution of POWER H/W
• ‘The 801’: IBM Reduced Instruction Set Computer (RISC) technology originated in
1974 in a project at the Thomas J. Watson Research Center to design a large
telephone-switching network. The computer needed was named the 801 after Building
801, where the research was taking place. The goal of the 801 was to execute one
instruction per cycle.
• ‘The RT’: The IBM RT was IBM's first RISC based UNIX (AIX) computer with a 32 bit
ROMP processor, without floating point capability that was first announced by IBM in
January 1986.
• POWER: In February 1990, IBM announces its new RISC-based computer line, the
RISC System/6000 running AIX Version 3. The architecture of the systems is given the
name POWER, now commonly referred to as POWER1, which stands for Performance
Optimization With Enhanced RISC. The systems were based on a multiple chip
implementation of the 32-bit POWER architecture. The models introduced included an

V5.2
Instructor Guide
Uempty 8 KB instruction cache (I-cache) and either a 32 KB or 64 KB data cache (D-cache).

The models had a single floating-point unit capable of issuing one compound
floating-point multiply-add (FMA) operation each cycle, with a latency of only two cycles
and optimized 3-D graphics capabilities.
The model 7013-540 (30 MHz) processed 30 million instructions per second. Its
electronic logic circuitry had up to 800,000 transistors per silicon chip. The maximum
memory size was 256 Mbytes and its internal disk storage capacity was 2.5 GBytes.
• RSC: In January 1992, an entry-level desktop workstation was announced (7011-220),
based on a single chip implementation of the POWER architecture, usually referred to
as RISC Single Chip (RSC). It was affectionately known as the “the pizza box”.
• PowerPC (601): The RISC System/6000 model 7011-250 (66 MHz) workstation, the
first to be based on the 32-bit PowerPC 601 processor, was introduced in September
1993.
The 601 was the first processor arising out of a partnership between IBM, Motorola, and
Apple. From IBM, the RISC Single Chip (RSC) microprocessor became the base design
for 601. The superscalar machine organization of the 601 was improved to achieve
greater performance. Additional custom circuit design was applied to reduce the die
size and to allow higher frequency operation. The Motorola 88110 microprocessor bus
interface formed the basis of the development of the 601 bus interface.
The 601 did not implement the full PowerPC instruction set. Some infrequently used
instruction where excluded, and some new instructions and features were added, such
as support for symmetric multiprocessor (SMP) systems. The 601 is capable of
dispatching, executing, and completing up to 3 instructions per cycle. Instructions issue
to multiple execution units (an integer unit, a branch processing unit, and a
floating-point unit), execute in parallel, and can complete out of order.
An SMP has multiple processors that have their own cache, the memory and devices
are shared.
The 601 was a bridge from POWER to the full PowerPC architecture.
• POWER2: The model 7013-590 (66 MHz) was announced in September 1993 and was
the first RS/6000 based on the 32-bit POWER2 architecture. The most significant
improvement introduced with the POWER2 architecture for scientific and technical
applications, is that the floating-point unit (FPU) contains two 64-bit execution units, so
that two floating-point multiply-add instructions may be executed each cycle. A second
fixed-point execution unit is also provided. In addition, several new hardware
instructions were introduced with POWER2: quad-word storage instructions, hardware
square root instruction, and floating-point to integer conversion instructions.
• POWER2 Super Chip: In October 1996, the RS/6000 model 7013-595 (135 MHz) was
announced with the new 32-bit POWER2 Super Chip (also known as P2SC). The P2SC
is a single chip implementation of the POWER2 architecture, containing 15 million
transistors on a single chip.
• RS64: In October 1997, the RS64 also known as Apache, was the first 64-bit PowerPC
RISC processor. The RS64 is a superscalar processor optimized for commercial
Instructor Guide
workloads. The processor has separate 64 KB L1 cache for instructions and data and
L2 cache controllers. The L2 caches run at full processor speed. The RS64 contains a
16 byte interface to 2-way set associative 4MB L2 cache. The RS64 was also used in
the AS/400, called A35.
There were 4 generations of the RS64 chip. PowerPC RS64 IV 64-bit RISC
microprocessor, also known as Sstar, using copper and SOI technology.
Then in October 2000, pSeries 680 (600 MHz), a 6 to 24-way 64-bit SMP server, with
up to 96GB of system memory, and 16MB L2 cache for each 600 MHz processor was
announced.
• POWER3: The POWER3 (64 bit) processor, announced in October 1998, unifies the
POWER2 architecture (P2SC) with the PowerPC architecture.
The SMP-capable POWER3 design allows for concurrent operation of fixed-point
instructions, load/store instructions, branch instructions, and floating-point instructions.
POWER3 is capable of executing up to four floating-point operations per cycle, two
multiply-add instructions. Integer performance has been significantly enhanced over the
P2SC with the addition of dedicated integer and load/store execution units. The chip
features eight execution units fed by a 6.4 gigabyte-per-second memory subsystem.
The core includes two high-bandwidth buses: a 128-bit 6XX architecture bus to main
memory and 256-bit bus to the L2 cache that runs at processor speed. The POWER3
also has on-chip 64KB data cache and a 32KB instruction cache.
• POWER4: The POWER4 “Gigaprocessor” copper SOI 64-bit CMP microprocessor is
based on all earlier designs.
174-million-transistor POWER4 chip, with two 1.1/1.3 GHz five-issue superscalar
microprocessor cores, a triple-level cache hierarchy, up to 256 GB memory, a
10-Gbyte/s main-memory interface, and a 45-Gbyte/s multiprocessor interface. The
POWER4 is a CMP chip, which means that it incorporates multiple processors on a
single piece of silicon.
POWER4 machines saw the introduction of LPAR technology.
• POWER5: The POWER5 processor is an improved variant of the highly successful
POWER4 chip. The principal changes are support for Simultaneous multithreading
(SMT) and an on-die memory controller. Each CPU supports 2 threads. Since it is a
multicore chip, with 2 physical CPUs, each chip supports 4 logical threads. The
POWER5 can be packaged in a DCM (dual chip module), with one dual core chip per
module, or an Multi-Chip Module (MCM) with 4 dual core chips per module. POWER5+,
presented in 3Q 2005, packages in QCM, 2 dual core chips.
• POWER6: The POWER6 processor was released in July 2008, with the model Power
570 3.5, 4.2 and 4.5 Ghz. POWER 5+ has out-of-order execution. However, POWER6
uses mostly in-order execution. An out-of-order execution core has some performance
advantages, but it takes significantly more logic to manage the execution. The extra
logic consumes electrical power. Since a key objective in the design of POWER6
systems was to conserve electrical power, the decision was made to implement the
core in-order.
The potentially lower performance is offset by the significant increase of processor

V5.2
Instructor Guide
Uempty frequency, more than 2X higher performance than p5/p5+ systems.

TPCc and other benchmarks results for POWER6 show a performance improvement
near 100%, over POWER5 systems.
POWER6 introduces many new features, with the highlight being Live Partition Mobility.
Instructor Guide
Instructor notes:
Purpose — Give a brief view of AIX/Power
Details — The intent of this visual is to show the evolution of Power Systems and AIX.
The key message is: AIX has gone and is going from strength to strength. Around the time
of versions 3.2.5, 4.1, AIX was not considered a serious rival to popular alternatives, SUN,
HP, Sco. Since the turn of the millennium, AIX and Power technology has grown from
strength to strength. The visual shows the list of new features which have been included in
the TL02 release of AIX 6.1. The actual details themselves are irrelevant and are probably
not that readable or clear on the visual, but demonstrates how AIX technology is growing.
Focus on high level details:
• 40+ years of Hypervisor technology (the original hypervisor was CP/CMS, developed at
IBM in the 1960s, an ancestor of IBM's current z/VM).
• 20+ of AIX
• 30+ RISC
Transition statement — Let's see an overview of the p6 range of H/W.

V5.2
Instructor Guide
Uempty
Overview of the POWER6 servers

IBM Power Systems
Power 520 Power 550

• Entry/Low end • Mid-range
• Deskside or Rack (4U) • Deskside or Rack (4U)
• 1,2, or 4 CPUs • 2, 4, 6 or 8 CPUs
• 1GB-64GB memory • 1GB-256GB memory
• Max. Storage, Internal + • Max. Storage, Internal +
• Expansion I/O 132TB • Expansion I/O 249TB
Power 570
Power 560
• Mid-range
• Mid-range
• Rack (4U) building block (to 16U)
• Rack (4U) building block (to 8U) • 2, 4, 8, 16 or 32 CPUs
• 4, 8 or 16 CPUs
• 1GB-768GB memory
• 8GB-384GB memory • Max. Storage, Internal +
• Max. Storage, Internal +
• Expansion I/O 604TB
Power 575
• High Performance Computing cluster Power 595
• High-end
• For highly-parallel, compute-intensive
HPC workloads (up to 64 nodes per • 42U System Frame
• 8 to 64 CPUs
cluster)
• 16GB-4TB memory
• 24” System Frame, water cooled
• 32 CPUs per nodes • Max. Storage, Internal +
• 32GB-256GB memory per node
• Max Internal storage per node 292GB
Figure 1-8. Overview of the POWER6 servers AN121.1
Notes:
IBM often introduces new models and updates the current range of servers on a frequent
basis. For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html
Instructor Guide
Instructor notes:
Purpose — Just provide a brief glance at the p6 range – do not go into too many details.
Point them to the facts and features and the LPAR class
Details —
Here are a few things that you could also mention.
Explain that POWER6 system technology is a full redesign based on:
• A new processor
• A new system architecture
• A new PHYP microcode and new HMC
• A new virtualization components set
• A new AIX version
Additional information — If students require more details point them in the direction of
the Power facts and features pdfs guides on the web.
Transition statement — Let look at a typical Power, AIX system layout.

V5.2
Instructor Guide
Uempty
Typical Power / AIX system layout

IBM Power Systems
• LPAR Configuration and Control is completed through the

Hardware Management Console (HMC).
• The HMC connects to the Service Processors and the LPARs.
– Best practice: Use a private network between the HMC and
Service Processors.
LPAR 4
Private Service
Processors Managed
Network System
Secondary HMC
‘Backup’ LPAR 1
LPAR 2
Primary HMC SAN
Public/Open
Network LPAR 3
LPAR 4
NIM Server Images
Figure 1-9. Typical Power / AIX system layout AN121.1
Notes:
The diagram above shows a typical example of a Power server set-up configuration. The
server is split into a number of Logical Partitions (LPARs) running AIX. A Network
Installation Manager (NIM) server is highly preferable to install and update the AIX LPARs
over the network. There can be a maximum of 2 HMCs connected to each system and
each system has two dedicated Ethernet ports reserved for this. It is recommended that the
HMC to Service Processor communication occurs through a private network reserved for
that purpose. The HMC also must have open network connectively to the LPARs if such
features as Connection Monitoring and Dynamic LPAR operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware
initialization during system load, monitoring of environmental and error events, and
maintenance support.
Instructor Guide
Instructor notes:
Purpose — Show the group a typical Power configuration
Details — Spend a bit of time here and introduce the big picture. There can be many
alternatives, so ask the group and be prepared for a discussion.
Transition statement — The HMC is a key box, let's provide an overview. Note, this is not
an HMC course so point them to our LPAR class if more details are required.

V5.2
Instructor Guide
Uempty
The HMC (1 of 2)
IBM Power Systems
• Intel based server (desktop or rack mount) running a web

based application on a customized version of Linux
• Access is through https (GUI) and SSH (Command line)
• Collects status health information from the managed

systems
• Mandatory on Power 570s and above
– Power 550’s and below can use Integrated Virtualization
Manager (IVM)
• Can be configured to call home to IBM
Figure 1-10. The HMC (1 of 2) AN121.1
Notes:
The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its
main purpose is to configure and control up to 48 managed systems.
The HMC also collects diagnostic and error information from the LPARs and Managed
System and logs them as Serviceable events. If configured, the HMC can send these
reports to IBM through the Electronic Service Agent (ESA).
Note: On entry level machines such as the Power 520, if the system is to be used as a
non-partitioned system an HMC is not required. An HMC is mandatory for Power 570 and
above. Power 550s and below can use Integrated Virtualization Manager (IVM) to create
and control the managed system. IVM is available through the VIOS code.
Instructor Guide
Instructor notes:
Purpose — Introduce the HMC
Details — This page introduces the HMC. The most important points on this page are that
the HMC is needed for any p6 servers that will run LPARs, and that the HMC is an
independent system.
POWER4 and POWER5 processor-based systems also use an HMC for LPAR
management, however the software stack is different.
The first diagram supports the bullet “Access is via https …”
The second diagram supports the bullet “Collects status health information …”
Transition statement — Let's see the main HMC interface.

V5.2
Instructor Guide
Uempty
The HMC (2 of 2)
IBM Power Systems
Managed
Systems
LPARs Proc &

running MEM
AIX resources
Navigation
area
Task
Pad
Figure 1-11. The HMC (2 of 2) AN121.1
Notes:
The diagram above shows the main view of a managed system – sys034. Operations such
as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by
selecting the LPAR itself. The view is highly customizable.
The navigation area offers the main features of the HMC, such as:
• Systems plans for producing or deploying system configuration plans done during
design
• HMC Management for configuring the HMC, users, roles, network setting, and other
HMC characteristics
• Updates, for updating the HMC and Managed System firmware
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a
much different interface based on Java.
Instructor Guide
Instructor notes:
Purpose — Introduce the main interface
Details — Describe the major parts of the HMC interface as shown in the foil.
Transition statement — Let's explain provide an overview of virtualization technology.

V5.2
Instructor Guide
Uempty
LPAR virtualization overview (1 of 2)

IBM Power Systems
• An AIX client partition can :

– Be virtual, have no real devices
– Use fractions of CPUs (Micro-Partitioning)
• Virtualizing LPARs has many advantages
– Flexibility in allocating resources
– More efficient use of system resources through sharing
– Consolidation (H/W, floor space, merge production and test
environments)
– Relocating partitions using Live Partition Mobility
• A key component of virtualization is the Virtual I/O Server
(VIOS)
– Implemented as special customized version of AIX
– It is not AIX. It is PowerVM software!
– Requires at minimum a PowerVM standard license
• Included on some high-end systems
Figure 1-12. LPAR virtualization overview (1 of 2) AN121.1
Notes:
Virtualizing LPARs
The main benefits of virtualized I/O are as follows:
• Partitions can be created without requiring additional physical I/O resources. The new
partitions can be configured to use virtualized I/O resources, which allows them to be
configured in a timely manner, since no physical reconfiguration of the system, that is,
moving adapter cards and cables, is required.
• Virtualized I/O allows an economical I/O model, since it allows multiple partitions to
share common resources. For example, multiple partitions can share a single physical
adapter. Without virtualized I/O, each partition would require its own adapter, even if the
full capacity of the adapter was not being utilized.
• The use of virtualized I/O facilitates server consolidation. It permits multiple client
partitions to reside on a single machine, and make efficient use of shared resources.
Instructor Guide
Virtual I/O Server (VIOS)

The IBM Virtual I/O Server software enables the creation of partitions that use the I/O
resources of another partition. In this way, it helps to maximize the utilization of physical
resources on POWER5 and POWER6 systems. Partitions can have dedicated I/O,
virtual I/O, or both. Physical resources are assigned to the Virtual I/O Server partition in
the same way physical resources are assigned to other partitions. The virtual I/O server
then provides access to these physical resources from the virtual client LPARs.
Virtual I/O Server is a separate software product, and is included as part of the standard
PowerVM feature. It supports AIX Version 5.3, 6.1 and Linux partitions as virtual I/O
clients.

V5.2
Instructor Guide

Purpose — Provide an overview of partition virtualization
Details — Introduce the information provided on the visual.
Additional information — Over two thirds of all partitions on p6 environments are virtual.
Transition statement — Let's define the two key functions of virtualization.
Instructor Guide
LPAR virtualization overview (2 of 2)

IBM Power Systems
• The two key functions of virtualization are:

– Virtual Ethernet is a standard feature of POWER5 and POWER6.
• AIX can have up to 256 virtual adapters per LPAR.
• Does not require a VIOS, unless a bridged connection to the outside
world is required
– Virtual SCSI is way of providing virtual disks to clients.
• The backend storage can be Internal disk (SCSI/SAS) or SAN
storage.
• This is a feature of the VIOS.
• Note: There are many other virtualization features which are covered in more
depth in the LPAR & virtualization curriculum / roadmap.
Figure 1-13. LPAR virtualization overview (2 of 2) AN121.1
Notes:
Virtual Ethernet Introduction
Virtual Ethernet adapters enable inter-partition communication without the need for
physical network adapters assigned to each partition. It can be used in both shared and
dedicated POWER5 or POWER6 processor partitions provided the partition is running
AIX V5.3, AIX V6.1, or Linux. This technology enables IP-based communication
between logical partitions on the same system using a VLAN Ethernet switch (POWER
Hypervisor) in POWER5 and POWER6 processor-based managed systems.
The number of partitions possible on many systems is greater than the number of I/O
slots. Therefore, virtual Ethernet is a convenient and cost saving option to enable
partitions within a single system to communicate with one another through a virtual
Ethernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and
IPv6 protocols.
Virtual SCSI Introduction

V5.2
Instructor Guide
Uempty The Virtual I/O server supports exporting disks as virtual devices. The Virtual I/O server
supports the exporting of three types of virtual SCSI disks: virtual SCSI disk backed by
a whole physical volume, virtual SCSI disk backed by a logical volume, and virtual SCSI
disk backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole
physical disk, a logical volume, or a file, all standard SCSI conventional rules apply to
the device. The device will behave as a standard SCSI compliant device. The logical
volumes and files appear as real devices, hdisks, in the client partitions and can be
used as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O
Server must be available before the client partitions are able to access it.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of virtual SCSI
Details — Remember this is an overview, do not get bogged down with too many details. In
the notes, I have introduce terms that students at this stage will probably not be familiar
with. That's OK, it was my intension to do this. If you get questions like, what is a PV or
logical volumes, explain to them that we will get to the details in the storage section later in
the course.
Transition statement — Let's introduce the VIOS appliance.

V5.2
Instructor Guide
Uempty
Virtual I/O server (VIOS) overview

IBM Power Systems
• The VIOS partition is allocated physical I/O slots containing

real adapters.
– These are used for the virtual adapters (SCSI or Ethernet) to share
amongst the client partitions
Figure 1-14. Virtual I/O server overview AN121.1
Notes:
Virtual I/O Server (VIOS) description
VIOS provides virtual storage and shared Ethernet capability to client logical partitions
on the system. It allows physical adapters with attached disks and optical devices on
the VIOS to be shared by one or more client partitions.
VIOS partitions are not intended to run applications or to have general user logins.
VIOS is installed in its own partition. Using VIOS facilitates the following functions:
• Sharing of physical resources between partitions on the system
• Creation of partitions without requiring additional physical I/O resources
• Creation of more partitions than I/O slots or physical devices, by allowing partitions to
have dedicated I/O, virtual I/O, or both
• Maximization of physical resource utilization on the system
Instructor Guide
Instructor notes:
Purpose — Introduce the VIOS appliance
Details — Introduce the VIOS as shown in the visual and notes.
Transition statement — A picture paints a thousand words so let’s have a look at an
example.

V5.2
Instructor Guide
Uempty
Virtualization example
IBM Power Systems
AIX Virtual I/O Server

LPAR LPAR
Physical
Virtual Physical Network
Virtual
Ethernet Virtual SEA Ethernet
Ethernet
ent0 Ethernet Layer 2 ent0
ent1
Switch Bridge
Virtual ent2
Ethernet
ent1
Hypervisor
Virtual
Virtual Physical
Client Device
vSCSI Server Storage
Adapter
Adapter Mapping Adapter
vtscsi0
vhost0 fcs0
SCSI, SAS, FC Physical Disks

or Logical Volumes
Figure 1-15. Virtualization example AN121.1
Notes:
VLAN
A Virtual Local Area Network (VLAN) enables an ethernet switch to create sub-groups
within a single physical network where the members of different subgroups are isolated
from each other.
Virtual Ethernet
There are two main features of virtual Ethernet. One is the inter-partition virtual switch
to provide support for connecting up to 4096 LANs. LAN IDs are used to configure
virtual Ethernet LANs and all partitions using a particular LAN ID can communicate with
each other. The other feature is a function called Shared Ethernet Adapter that bridges
networks together without using TCP/IP routing. This function enables the partition to
appear to be connected directly to an external network. The main benefit of using this
feature is that each partition need not have its own physical network adapter.
Instructor Guide
Virtual SCSI adapters

Virtual SCSI adapters provide the ability for a client partitions to see SCSI disks which
are actually SCSI, SAS, SAN disks, or logical volumes inside the VIOS.

V5.2
Instructor Guide

Purpose — Display a simple layout of VIOS and vLPAR
Details — Introduce the example as shown in the visual and notes.
Additional information — You may want to point out that the LPAR they will be using in
the exercises will be based on the AIX LPAR in the visual. IBM's goal (STG) is to implement
and transition all customers into virtualized environments.
Transition statement — Now let's point out some of the tasks the students will be
responsible for.
Instructor Guide
Role of the system administrator

IBM Power Systems
• Pre-installation planning of:

– Partitions
– User accounts/groups
– Storage allocation/paging space
– Subsystems (printing, networks, and so forth)
– Standard naming conventions
– Determine system policies
– Install and configure hardware Maintain application /
• Network configuration System uptime!
• System Backups and disaster recovery
• Create/manage user accounts
• Define and manage subsystems
• Manage system resources (for example, disk space)
• Performance monitoring
• Capacity planning
• Application license management
• Documentation - system configuration, and keep it current!
Figure 1-16. Role of the system administrator AN121.1
Notes:
Overview
There are a number of distinct tasks which the system administrator on a UNIX or AIX
system must perform. Often there is more than one system administrator in a large
organization and the tasks can be divided between the different administrators.

V5.2
Instructor Guide

Purpose — Define the role of an SA. Ensure students have a common understanding of
what the system administrator does
Details — Consider starting without the visual and ask the students what they think a
system administrator does. Build up a list on the board and then compare to the visual. As
UNIX systems get larger, the roles change and become more and more like mainframe
roles; for example, operator.
Transition statement — so who does SA tasks on a UNIX system?
Instructor Guide
Who can perform administration tasks?

IBM Power Systems
• The root user

– Exercise caution when logging in directly as root, especially
remotely.
– Keep the root password secure.
• Members of special groups such as system, or roles using the new
AIX6 feature: RBAC
• The su command enables you to obtain access to the root user
$ id; pwd $ id; pwd
uid=251(alex) gid=1(staff) uid=251(alex) gid=1(staff)
/home/alex /home/alex
$ su root $ su - root
root's Password: or root's Password:
# id; pwd # id; pwd
uid=0(root) gid=0(system) uid=0(root) gid=0(system)
/home/alex /
# set |grep USER # set |grep USER
USER=alex USER=root
Figure 1-17. Who can perform administration tasks? AN121.1
Notes:
Limiting access to administrative tasks
AIX security permissions restrict the performance of administrative tasks to the root
user, and sometimes to other users in special groups. For example, system for general
tasks, security for user administration, printq for AIX Print Subsystem printer
management, and lp for System V Print Subsystem printer management. This means
that the root user's password must be kept secure and only divulged to the few users
who are responsible for the system. AIX6 has a new feature called Role Based Access
Control (RBAC). This allows OS management tasks to be assigned to roles and then
assigned to users. RBAC is a large security topic and hence will be covered in detail in
the AIX Security course (AU47G).
A certain amount of discipline is also required when using the root ID, because typing
errors made as root could do catastrophic system damage. For normal use of the
system, a non-administrative user ID should be used. The superuser (root) privilege
should only be used when that authority is necessary to complete a system
administration task.

V5.2
Instructor Guide
Uempty Obtaining root privileges

To obtain superuser or root privileges while logged in as a normal user, you can use the
su command. This prompts you for root's password and then gives you a subshell with
root privileges so that you can perform commands. When you have performed the
required tasks, you should exit from the su subshell. For example, use <ctrl-d> or the
exit command. This prevents accidents which could damage the system.
The su command allows you to assume the permissions of any user whose password
you know.
Every time the su command is used, an entry is placed in the file /vary/adm/sulog, this
is an ASCII text file. This makes it easy to record access as the superuser. Normal
logins are recorded in the file /vary/adm/wtmp. To read the contents of this file use the
command: who /vary/adm/wtmp.
The su command can also be specified with the “-” (dash) option. The “-” specifies that
the process environment is to be set as if the user had logged into the system using the
login command. Nothing in the current environment is propagated to the new shell. For
example, using the su command without the “-” option, allows you to have all of the
accompanying permission of root while keeping your own working environment.
Instructor Guide
Instructor notes:
Purpose — Define who can perform admin tasks
Details — Explain the importance of the root ID and keeping it secure.
Transition statement — Let's see the options that are available to us when performing SA
tasks

V5.2
Instructor Guide
Uempty
How can we perform administration tasks?

IBM Power Systems
• Command line
– UNIX system administration tasks are often done from the command line,
by executing scripts, or both
• Writing and executing scripts
– Typically using Korn shell scripts (ksh is the default shell on AIX)
– Perl for more advanced users
• SMIT (smit or smitty)
– Text based tool (Graphical version also available – less popular)
• System Director for AIX (pconsole)
– New web based GUI in AIX6
• WebSM (wsm)
– Java based GUI (Requires CDE or X11 based graphics display)
– Not a popular tool to use
• IBM Systems Director
– A cross platform product for managing Power systems and AIX across a
large enterprise environment
Figure 1-18. How can we perform administration tasks? AN121.1
Notes:
There are many ways to perform administration tasks within AIX. In reality, a combination
of tools or techniques are deployed. IBM Systems Director is more flexible than the others
in the list. It supports multiple operating systems and virtualization technologies across IBM
and non-IBM platforms. It is not to be confused with Systems Director for AIX which is
based upon IBM Systems Director but runs from within AIX to managed the OS as a single
instance.
Instructor Guide
Instructor notes:
Purpose — Define how SA tasks are perform on a UNIX box
Details — Highlight the options for performing administrative tasks within AIX.
Point out the difference between Systems Directors products.
Additional information — IBM Systems Director product is free of charge.
Transition statement — It’s time for some checkpoint questions.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1.What is the name of the device which creates and controls

LPARs?________.
2.True or False: An AIX operating system can have no real devices.

_________________________________________
3.True or False: Virtualization features provided by the VIO Server

can be used by default on any Power system.
____________________________________
4.True or False: The su command enables you to get root authority

even if you signed on using another user ID.
Figure 1-19. Checkpoint AN121.1
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —
Checkpoint solutions
IBM Power Systems

LPARs? The HMC.
2. True or False: An AIX operating system can have no real

devices.
3.True or False: Virtualization features provided by the VIO

Server can be used by default on any Power system.
Lower end machines require a PowerVM license.
4. True or False: The su command enables you to get root

authority even if you signed on using another user ID.
You must also know the root password.
Transition statement —

V5.2
Instructor Guide
Uempty
Exercise 1
IBM Power Systems
Introduction to
IBM Power Systems and
AIX
Figure 1-20. Exercise 1 AN121.1
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems
Having completed this unit, you should be able to:
• Define terminology and concepts of IBM Power System

servers, virtualization, HMC, and AIX
Figure 1-21. Unit summary AN121.1
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 2. AIX system management tools
Estimated time
01:00

This unit describes the system management tools available in AIX,
with a particular focus on SMIT and the IBM systems director console.

• Describe the benefits of the system management tools available
with AIX version 6.1
• Discuss the functionality of SMIT, WebSM, and the new IBM
Systems Director Console for AIX
• Explain how system management activity is logged
• Look at how we can use IBM Systems Director Console to monitor
system health and to run commands concurrently on multiple hosts

Accountability:
• Checkpoint
References
Online AIX Version 6.1 Systems Director Console for AIX
AIX Version 6.1 Operating System and Device
Management
following address:
© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-1
Instructor Guide
Unit objectives
IBM Power Systems

• Describe the benefits of the system management tools
available with AIX version 6.1
• Discuss the functionality of SMIT, WebSM, and the new IBM
Systems Director Console for AIX
• Look at how we can use IBM Systems Director Console to
monitor system health and to run commands concurrently on
multiple hosts
Notes:

V5.2
Instructor Guide

Purpose — After completing this unit, you should be able to:
• Describe the benefits of the system management tools available with AIX version 6.1
• Discuss the functionality of SMIT, WebSM, and the new IBM Systems Director Console
for AIX
• Look at how we can use IBM Systems Director Console to monitor system health and to
run commands concurrently on multiple hosts
Details —
Transition statement — Lets start by talking about UNIX system administration
challenges.
Instructor Guide
UNIX system administration challenges

IBM Power Systems
• Lots of commands to remember

• Complex syntax
– Prone to error!
• Flat file configuration
– Most UNIX flat files have different layouts, syntax and options
– Again prone to error, sometimes causing bad things to happen.
# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes

How do I create
Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m an encrypted
Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}] [-p filesystem?
{ro|rw}] [-l Logpartitions] [-n nodename] [-a
Attribute=Value]
Figure 2-2. UNIX System administration challenges AN121.1
Notes:
UNIX Challenges
Unfortunately, the same thing that's special about UNIX is also the source of most of what's
wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons and
different flavors. As a consequence, the OS has an awful lot of inconsistencies and
overlapping functions. At times, this can be confusing and challenging even for
experienced users.

V5.2
Instructor Guide

Purpose — Explain why traditional UNIX administration is challenging
Details — Go through the details in the visual and in the notes.
Additional information — Provide some amusing unix system administration horror
stories. An example:
Our operations group, a VMS group but trying to learn UNIX, was assigned account
administration. They were cleaning up a few non-used accounts like they do on VMS -
backup and purge. When they came across the account “sccs”, which had never been
accessed, away it went. The “deleteuser” utility from DEC asks if you would like to delete all
the files in the account. Seems reasonable, huh? Well, the home directory for “sccs” is “/”.
Enough said :-(
Transition statement — OK we now know the challenges, what are the objectives to easy
and simple administration?
Instructor Guide
System management objectives

IBM Power Systems
• Minimize time and resources spent managing systems

• Maximize reliability, performance, and productivity
• Provide remote system management solutions
Figure 2-3. System management objectives AN121.1
Notes:
Minimize time and resources spent managing systems
Organizations seek to minimize the time and resources spent managing systems, that is, to
manage computer systems efficiently. AIX helps with tools such as SMIT, the Web-based
System Manager, and AIX 6.1 Systems Director.
Maximize reliability, performance, and productivity
Organizations also wish to maximize system reliability and performance in order to
maximize the productivity of the users of computer systems. AIX helps with features, such
as the logical volume manager, that help avoid the need for the system to be brought down
for maintenance.

V5.2
Instructor Guide
Uempty Provide remote system management solutions

Today's information technology environment also creates a need for remote system
management solutions. AIX supports Web-based technology with the new AIX 6.1
Systems Director console. As a result, multiple systems can be managed from one single
point over the network. This can also be done with command-based programs such as
telnet, ssh, and SMIT.
Instructor Guide
Instructor notes:
Purpose — Discuss what you are trying to achieve when you manage a system
Details — Discuss details in the visual and notes.
Transition statement — SMIT, Web-based System Manager, and Systems Director are
three tools that can help with management of AIX 6.1 systems.

V5.2
Instructor Guide
Uempty
AIX administration
IBM Power Systems
Designed to make Administration on AIX simple

New
in AIX6
System Web-based IBM
Management System Systems Director
Interface Tool Manager Console for AIX
(smit) (WebSM) (pconsole)
Text based Java GUI Web Interface
High-level commands
Low-level Intermediate-level
commands commands
System
System Kernel Resource Object Data ASCII
calls services Controller Manager files
Figure 2-4. AIX administration AN121.1
Notes:
IBM provides users on AIX with a great deal of flexibility and choice when it comes to
administering an AIX system. SMIT is a simple, but highly effective ASCII based
management tool that has been in AIX since version 3. WebSM is a Java based GUI tool
which was introduced in AIX 5.1. Some users will be familiar with the WebSM user
interface if they have used version three to six of an HMC. IBM Systems Director console is
a new attractive web based offering in AIX6.1.
Types of commands:
Commands are classified high-, medium-, or low-level:
• High-level commands: These are standard AIX commands, either shell/perl scripts, or
C programs, which can also be executed by a user. They execute multiple low-level or
intermediate-level commands to perform the system administrative functions.
Instructor Guide
• Intermediate-level commands: These commands interface with special AIX

components such as the System Resource Controller and the Object Data Manager.
These commands are rarely executed directly by a user.
• Low-level commands: These are AIX commands which correspond to AIX system calls
or kernel services. They are not normally executed directly by a user.

V5.2
Instructor Guide

Purpose — Highlight the available options
Details — Provide your own thoughts and views on the tools available. This unit focuses
on SMIT and pconsole. Because WebSM is based on java, there are difficulties in using it.
The need to install a special client application on a PC platform and keep its level
synchronized with the level of the WSM server is inconvenient. Its performance is also less
than optimal. As a result it has not been used very much, except when required, such as
when the system administrator needs graphical access to an HMC prior to version 7. The
strategic replacement for WSM is the IBM Systems Director Console for AIX.Therefore, the
course does not go into the details of administering or using WSM.'
The basic idea behind both tools is that they present the system administrator with a
menu-driven front end, with built-in help information and lists. The tools can be used to
carry out most system administrative tasks.
Depending on the menus selected and the options entered, the tools build the high-level
command with all the correct options, and then execute the command when the user
specifies this action.
High-level commands, in turn, call lower-level commands which interact directly with the
system, that is, the ODM, kernel, and so forth.
Transition statement — Let's look at SMIT
Instructor Guide
SMIT
IBM Power Systems
• An interactive application that simplifies virtually every aspect of AIX

system administration
• Part of AIX, available by default
• SMIT doesn't use any special hooks. Everything is based on standard
AIX commands and Korn shell functions.
– You can see exactly what commands it performs either before or after
execution.
– This is especially useful when you need to automate a repetitive task. You
can then use these commands in your own scripts.
• Text / ASCII based by default.
– If on a graphical display, such as the Virtual Network Computing (VNC)
viewer, and the DISPLAY variable is set, a Motif GUI version is displayed.
– Most users prefer the text based version called smitty
Figure 2-5. SMIT AN121.1
Notes:
Overview of SMIT
The System Management Interface Tool (SMIT) provides a menu-driven interface that
provides access to most of the common system management functions, within one
consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system
administration. It is a user interface that constructs high-level commands from the user's
selections, and then executes these commands on-demand. Those commands could be
entered directly by the user to perform the same tasks, or put into scripts to run over, and
over again.
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to
complete a particular system administration task. However, SMIT does make the most
frequent or complex/tedious tasks much easier with a greater degree of reliability.

V5.2
Instructor Guide

Purpose — To introduce SMIT
Details — Introduce SMIT, which is by far the most popular system management tool in
AIX.
Transition statement — Let's have a look at the main menu.
Instructor Guide
SMIT main menu (text based)

IBM Power Systems
# smit
System Management
System Management
Move cursor to desired item and press Enter.
Software Installation and Maintenance
Software Installation and Maintenance
Software License Management
Software License Management
Devices
Devices
System Storage Management (Physical & Logical Storage)
System Storage Management (Physical & Logical Storage)
Security & Users
Security & Users
Communications Applications and Services
Communications Applications and Services
Workload Partition Administration
Workload Partition Administration
Print Spooling
Print Spooling
Advanced Accounting
Advanced Accounting
Problem Determination
Problem Determination
Performance & Resource Scheduling
Performance & Resource Scheduling
System Environments
System Environments
Processes & Subsystems
Processes & Subsystems
Applications
Applications
Installation Assistant
Cluster Systems Management
Cluster Systems Management
Using SMIT (information only)
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=Do
Figure 2-6. SMIT main menu (text based) AN121.1
Notes:
Main menu selections
The SMIT main menu enables you to select the administrative functions to be performed.
You can also select online help on how to use SMIT.
Use of keys
In the ASCII mode, in order to select from the menus, you have to use the up and down
arrow keys. This moves a highlighted bar over the menu items. Press Enter to select the
highlighted item. You can also use some of the keyboard function keys to perform other
functions, such as exiting SMIT or starting a shell.
Importance of TERM environment variable
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up
distorted. That is the result of not having an appropriate TERM variable value. Setting and
exporting this variable can solve the problem. For example, executing the command
export TERM=vt320 might solve the problem.

V5.2
Instructor Guide
Uempty General syntax:

smit [-options] [ FastPath ]
Invoke ASCII version:
# smitty
or
# smit –C
Log, but do not actually run, commands:
# smit -x
Redirect the log file and script file:
# smit -s /u/team1/smit.script –l /u/team1/smit.log
# smit -s /dev/pts/1 -l /dev/pts/2
Instructor Guide
Instructor notes:
Purpose — Introduce the smit main menu and highlight the options
Details — Explain how to open smit. There is an example in the notes. It maybe helpful to
provide a demo.
Transition statement — Lets see a dialog screen example.

V5.2
Instructor Guide
Uempty
Dialog screen
IBM Power Systems
# smit date
Change / Show Day and Time
Change / Show Day and Time
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
[Entry Fields]
YEAR (00-99) [08] #
YEAR (00-99) [08] #
MONTH (01-12) [10] #
MONTH (01-12) [10] #
DAY (1-31) [08] #
DAY (1-31) [08] #
HOUR (00-23) [11] #
HOUR (00-23) [11] #
MINUTES (00-59) [23] #
MINUTES (00-59) [23] #
SECONDS (00-59) [06] #
SECONDS (00-59) [06] #
Shell exit, very

useful to check
Command Current fast path:
something prior to
preview "date"
execution
F1=Help F2=Refresh F3=Cancel F4=List

F5=Reset F6=Command F7=Edit F8=Image
Figure 2-7. Dialog screen AN121.1
Notes:
Dialog screens and selector screens
A dialog screen allows you to enter values that are used in the operation performed. Some
fields are already completed from information held in the system. Usually, you can change
this data from the default values.
A selector screen is a dialog screen on which there is only one value to change. The value
usually indicates the object which is acted upon by the subsequent dialog and AIX
command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter
a value or select one from a list. Fields that you can type in have square brackets [ ]. Fields
that have data that is larger than the field width, have angle brackets < >, to indicate that
there is data further to the left, right, or both sides of the display area.
Instructor Guide
Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
Asterisk (*): This is a required field.
Number sign (#): A numeric value is required for this field.
Forward slash (/): A pathname is required for this field.
X: A hexadecimal value is required for this field.
Question mark (?): The value entered is not displayed.
Plus sign (+): A pop-up list or ring is available.
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value
must be entered here before you can commit the dialog and execute the command. In the
ASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To
access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number of
options are available, use the Tab key to cycle through the options.
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to
display a pop-up window.
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are
only valid in particular screens. The keys that are only valid for the ASCII interface are
marked (A). The keys that are only valid for the Motif interface are marked (M).
F1 (or ESC-1) Help: Show contextual help information.
F2 (or ESC-2) Refresh: Redraw the display. (A)
F3 (or ESC-3) Cancel: Return to the previous screen. (A)
F4 (or ESC-4) List: Display a pop-up list of possible values. (A)
F5 (or ESC-5) Reset: Restore the original value of an entry field.
F6 (or ESC-6) Command: Show the AIX command that is executed.
F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up list.
F8 (or ESC-8) Image: Save the current screen to a file (A) and show the
current fastpath.
F9 (or ESC-9) Shell: Start a sub-shell. (A)
F9 Reset: all fields. (M)
F10 (or ESC-0): Exit: Exit SMIT immediately. (A)
F10: Go to the command bar. (M)
F12 Exit: Exit SMIT immediately. (M)
Ctrl-l List: Give a pop-up list of possible values. (M)

V5.2
Instructor Guide
Uempty PgDn (or Ctrl-v): Scroll down one page.

PgUp (or ESC-v): Scroll up one page.
Home (or ESC-<): Go to the top of the scrolling region.
End (or ESC->): Go to the bottom of the scrolling region.
Enter: Do the current command or select from a single-selection pop-up list.
/text: Finds the text in the output.
n: Finds the next occurrence of the text.
Instructor Guide
Instructor notes:
Purpose — Show a simple smit panel for command execution
Details — Feel free to perform a live demo of more interesting smit functions.
This is a dialog screen and not a selector screen, as there is more than one option listed on
the screen.
Go through each symbol, as documented in the student notes, and ensure that all students
are clear about the symbols such as *, #, and so forth.
Also, go through all the function keys one at a time, explaining the uses of each one.
Other helpful hints that should be mentioned are that items of a list can sometimes be
obtained with the Tab key. Also, on a screen which holds more than one page of
information, the <Ctrl-v> and <Esc-v> key sequences are used to move up and down a
page.
Ensure that all the key points in the student notes are covered.
Transition statement — When you press Enter, what happens?

V5.2
Instructor Guide
Uempty
Output screen
IBM Power Systems
Command
completed No
successfully COMMAND STATUS Standard
COMMAND STATUS
error
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Before command completion, additional instructions may appear below.
Wed 8 Oct 11:23:06 2008
Wed 8 Oct 11:23:06 2008
Standard Output
following command
execution
(Stdout)
F1=Help F2=Refresh F3=Cancel F6=Command

F1=Help F2=Refresh F3=Cancel F6=Command
F8=Image F9=Shell F10=Exit /=Find
F8=Image F9=Shell F10=Exit /=Find
n=Find Next
n=Find Next
Figure 2-8. Output screen AN121.1
Notes:
Fields on first line of output
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether
there is output produced as a result of running the command. The output is displayed in the
body section of this screen.
The value of the stderr field indicates whether there are error messages. In this case, there
are no error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand
corner of the screen is used to indicate the values of the Command field.
Body of the screen
The body of the screen holds the output or error messages from the command. In this
example, there is output, but there are no error messages.
Instructor Guide
Instructor notes:
Purpose — Review the output panels of the smit command
Details — Go through the output on the screen
Additional information — You may want to tell some amusing anecdotes about the
running person in the graphical version.
Transition statement — The best thing about smit is the log feature, lets take a look.

V5.2
Instructor Guide
Uempty
SMIT log and script files

IBM Power Systems
smit.log
smit
Command smit.script
execution
smit.transaction
• $HOME/smit.log
Records a log of all menu and dialog screens visited, all commands executed,
and their output.
Records any errors during the SMIT session.
• $HOME/smit.script
Shell script containing all AIX commands executed by SMIT
• $HOME/smit.transaction
SMIT transactions log
Records date, description and command script output of the commands
executed SMIT output will be
redirected to file: /tmp/new-
# smitty –xs /tmp/new-script script. No commands will be
run.
Figure 2-9. SMIT log and script files AN121.1
Notes:
Overview
SMIT creates three files in the $HOME directory of the user running SMIT. If these files
already exist, then SMIT appends to them. These files can grow quite large over time,
especially during installations. The user must maintain and truncate these files, when
appropriate.
The smit.log file
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog
visited, the AIX commands executed, and the output from these commands. When the
image key is pressed, the screen image is placed in the smit.log file. If there are error or
warning messages, or diagnostic or debugging messages from SMIT, then these are also
appended to the smit.log file.
The smit.script file
Instructor Guide
The smit.script file contains the AIX commands executed by SMIT, preceded by the date
and time of execution. This file can be used directly as a shell script to perform tasks
multiple times, or it can be used as the basis for more complex operations.
The smit.transaction file
SMIT since AIX 5.2 has a relatively new file, smit.transaction. This file logs all the
executed commands similar to smit.script. The difference being smit.script logs all
commands, while smit.transaction only logs command_to_executes, see smit.log file.
For example, the user backs up the system using smit.
smit.script file
#
# [Oct 13 2008, 20:00:19]
#
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
smit.transaction file
#=--------------------------------------------
# DATE: Oct 13 2008, 20:00:19
# DESCRIPTION: Back Up the System
#=--------------------------------------------
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08

V5.2
Instructor Guide

Purpose — Explain the output files from smit
Details — Explain that most AIX admins start by relying heavily on SMIT. The smit.script
file is a great way of seeing what commands it runs. Over time, customers learn more
about these commands and put them into scripts.
Additional information — Since AIX 5L V5.3, SMIT now creates an additional output file,
$HOME/smit.transaction. This new file is always created in the home directory. It is
created to provide some consistency with the Web-based System Manager which creates
a $HOME/websm.transaction file. While similar in format and usage as the smit.script
file, smit.transaction should only include the final cmd_to_exec, and none of the
cmd_to_discover, cmd_to_list, and so forth output which might be included in smit.script.
Transition statement — For those who want a graphical interface, the current choices are
Web-base System Manager and IBM Systems Director Console for AIX. We will briefly
illustrate WebSM and then move on to a discussion of pconsole
Instructor Guide
Web-Based System Manager

IBM Power Systems
• A Java based GUI, similar to SMIT in functionality

• Part of AIX (available by default), based on a client/server model
• Resource intensive and more cumbersome to use than SMIT
• For AIX6, users should consider using IBM Systems Director Console
for AIX
Figure 2-10. Web-Based System Manager AN121.1
Notes:
Web-based System Manager, offers a comprehensive suite of system management tools
for the AIX operating system. Its main aim was to allow administrators with Microsoft
Windows system administration skills to easily manage an AIX operating system. However,
because it is Java based it is more cumbersome to use than SMIT and apart from HMC
usage, never really grew in popularity.
Now with AIX6, users should consider using IBM Systems Director Console for AIX.

V5.2
Instructor Guide

Purpose — Introduce WebSM
Details — Briefly explain the role and use of WSM. Be sure to place it in perspective with
an emphasis on using pconsole when in an AIX6 environment. For students who are
running AIX 5.3 and want to use a graphical interface, such as WebSM, offer to spend
some more time with them outside of the lecture.
Additional information — WebSM was largely part of an AIX 5L marketing drive to attract
Wintel customers.
In order to remotely access WSM, the students will either need to run wsm -host <LPAR
IP-addr> from an AIX portal CDE environment, accessed through VNC, or run a VNC
viewer with the LPAR IP address as the target.
If students want to play with it to see for themselves, encourage it. It does have some uses
over SMIT but they are small and in advanced topic areas (RMC, IPSEC, AIXPERT).
Students will notice how clunky and slow it is to drive compared with smit.
Transition statement — Now, on to the new pconsole.
Instructor Guide
IBM Systems Director Console for AIX

IBM Power Systems
• New web based management interface in AIX 6.1

• Enables converged consoles
– Integrated solutions console
– Lightweight infrastructure
• Includes links to SMIT and WebSM tasks
• Requires Java v5
• Installed by default
– sysmgt.pconsole.rte
– sysmgt.pconsole.apps.wdcem
How to check
– sysmgt.pconsole.apps.websm that it is
– sysmgt.pconsole.apps.wrbac running
– sysmgt.pconsole.apps.wsmit
– lwi.runtime
# lssrc -s pconsole
# lssrc -s pconsole
Subsystem Group PID Status
pconsole pconsole 737388 active
pconsole pconsole 737388 active
# netstat -a |grep 5336
# netstat -a |grep 5336
tcp 0 0 *.5336 *.* LISTEN
tcp 0 0 *.5336 *.* LISTEN
Figure 2-11. IBM Systems Director Console for AIX AN121.1
Notes:
IBM Systems Director Console for AIX
The IBM Systems Director Console for AIX, also known as the Console, is a new
management interface that allows administrators to manage AIX 6.1 remotely through a
browser. It provides web access to common systems management tasks. The console is
included as part of AIX 6.1. The only additional component required is a web browser.
The Console is named after the IBM Systems Director because it is built on the same
graphical user interface as the IBM Systems Director. Although the Console is named after
the IBM Systems Director, it is not a prerequisite. All components necessary to run the
Console are included in AIX 6.1.
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
Web-based System Manager, and Distributed Command Execution Manager (DCEM).
DCEM is a new facility to securely execute SMIT operations or other commands on
multiple machines at one time. This can improve administrator efficiency by reducing the
need to log in to multiple systems to run the same systems management task.

V5.2
Instructor Guide
Uempty Lightweight Infrastructure (lwi.runtime)

The Lightweight Infrastructure (LWI) is a small footprint, simple to configure, a secure
infrastructure for hosting web applications, web services, and other application related
components. The LWI is based on Open Services Gateway Initiative (OSGi) architecture
and is derived from WebSphere Everyplace Deployment 6.0 (WED). The LWI is comprised
of the base OSGi/Eclipse service platform plus additional custom components and bundles
which support web applications, web services, and the building of components.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of pconsole
Details — Do not try to explain all aspects of the Console, just give them the essentials
and a feel for the tool.
Additional information — It is the same interface structure and code which IBM uses for
Systems Director, and WPAR Manager.
Transition statement — Let us look at the interface.

V5.2
Instructor Guide
Uempty
Console interface
IBM Power Systems
• Web browser-based access

– https://<hostname (or IP)>:5336/ibm/console (Defaults to SSL. Use 5335 for non-SSL)
Figure 2-12. Console interface AN121.1
Notes:
Logging into the console
IBM Systems Director Console for AIX relies on your AIX user account for user-logon
security. If the user ID that you provide is already logged into the console, the console
prompts you to choose between logging out from the other session or returning to the login
page. If you choose to log out from the other session, the console will not recover any
unsaved changes that were made by that user.
Use the Logout link in the console toolbar when you are finished using the console to
prevent unauthorized access. If there is no activity during the login session for an extended
period of time, the session expires and you must log in again to access the console. The
default session timeout period is 30 minutes.
If you encountered the login problem, please check the following items:
• No user account on the target server?
• Have the administrator create an account.
• Password expired or not set (new user account)?
Instructor Guide
• Log in through local terminal or telnet, and set the password.

• Already logged into console?
• Look for a warning message which gives you the option to terminate the previous
session.
You can log into the console as root, which gives you the authority to perform all tasks, or
you can delegate certain tasks to non-root users. If the only user that you want to authorize
as a console user is root, no further set up is required.
The root id has console administrator authorization, which authorizes them to launch any
console task. By default, console tasks are visible only to root. If you want to authorize
non-root users to perform console tasks, additional setup is required. You must authorize
each user to access one or more tasks that appear in the console navigation area and you
must assign each user the AIX authorizations (RBAC) for the actions performed by these
tasks.
Changing port values
IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If you
need to change the port numbers, modify the following properties in the
/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change
these ports:
• com.ibm.pvc.webcontainer.port=5335
• com.ibm.pvc.webcontainer.port.secure=5336
In addition, modify /pconsole/lwi/conf/webcontainer.properties. Change all occurrences
of 5336 to the secure port you wish to use.
Console security
By default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer
(SSL) certificate that enables HTTPS connections between the IBM Systems Director
Console for AIX and the Web browser client.

V5.2
Instructor Guide

Purpose — Explore the console interface and how we login
Details — Provide an overview of the console main interface. The default access is SSL,
even if non-SSL port 5335 is selected.
Additional information — The IBM corporation is very serious about developing IBM
Systems Director, and IBM System Director console for AIX. They are the future of system
management products.
Transition statement — What are the applications available with pconsole?
Instructor Guide
Console applications
IBM Power Systems
• OS Management (new SMIT-based tasks)

• Portlets/Modules
– For example, System Health
• Classical SMIT
– Classic-style smit menus for those who prefer a more traditional look
and feel
• Distributed Command Execution Manager (DCEM)
– Is used to execute commands on multiple systems in parallel.
– Is based on the standard UNIX dsh function
• On AIX, this is part of the Cluster Systems Management (CSM) product,
csm.dsh which is installed as part of a base AIX install.
– Supports groups of systems
– Supports rsh and ssh authentication
Figure 2-13. Console applications AN121.1
Notes:
Within pconsole exists a number of applications:
• OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned
new layout.
• Portlets/Modules
Are facilities within pconsole which provide system information and health details
• Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
• Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX ‘dsh' utility. It allows commands and
scripts to be executed on multiple hosts.

V5.2
Instructor Guide
Uempty For further information on dsh, see the AIX man page or the CSM documentation:
http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm
.doc/csm141/am7cm11052.html
Instructor Guide
Instructor notes:
Purpose — Go through the applications which are available
Details — Provide highlights of the main applications.
Transition statement — Spend time introducing the management options.

V5.2
Instructor Guide
Uempty
Console management view

IBM Power Systems
Define
• New look and feel Navigation
Toolbar start-up
area pages
Work area
Figure 2-14. Console management view AN121.1
Notes:
Toolbar
The toolbar and banner area displays a common image across IBM System Director
Console for AIX installations. The Console toolbar provides the following functions:
• Displays user name, for example, Welcome root
• Help
• Logout
Help is available for the entire console or for a specific module in the console. To access
console help, perform the following steps:
• Select Help on the console toolbar. The help is displayed in a separate browser
window.
• In the help navigation tree, select the help set you want to view. For example, select
Console help to view topics that provide information for new console users. Use the
console controls as needed. To access help for a module on a page, on the title bar for
Instructor Guide
the module, click the ? icon. This icon is displayed only if help is available for the
module. The help is displayed in a separate browser window.
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be
nested in multiple levels.
The navigation tree only displays tasks to which you have access. This is controlled by the
Console Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
• Welcome
• My Startup Pages
• OS Management (AIX settings
• Health
• Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you
launch a task from the navigation tree, the contents of the task are displayed in a page in
the work area. A page contains one or more console modules that are used to perform
operations. Each console module has its own navigation controls. Some pages include a
control to close the page and return to the welcome page.
Startup pages
Regular pconsole users will want to set up startup pages at login, rather than seeing the
welcome page every time. To do this, simply select the page you are interested in from the
box in the top right hand area of the screen. Select add to my start-up pages. The next
time you log in, the page will be displayed in a tab.

V5.2
Instructor Guide

Purpose — Introduce the management options and how they can create start-up pages
Details — It may be a good idea to run a live demonstration of this overview
Transition statement — System health is a big feature of this tool. Lets look at that now.
Instructor Guide
System health (1 of 3)
IBM Power Systems
• Portlets: System summary and Metric Details

Time to
refresh
Section-
specific
help
Refresh
immediately
Figure 2-15. System health (1 of 3) AN121.1
Notes:
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after
a certain time interval to ensure the information is always consistent and up-to-date. The
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
Metrics
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of
the monitored metrics for the managed server. The window provides common status
information about the memory and CPUs. The main page provides a description of the
monitored metrics with separate rows for summary information on each metric. These
include the following:
• Select: Click to determine the metric displayed in the Metric Detail feature
• Metric: Displays the name of the metric being monitored
• Trend: Displays a graphic to indicate the recent changes to the metric
• Previous: Displays the prior value for the metric
• Latest: Displays the last monitored value for the metric

V5.2
Instructor Guide

Purpose — Introduce the System health portal
Details — Provide an overview of the System health portal. Mention the Summary section
(more details on the next visual) and the metric diagram. Note: The diagram changes
depending on the metric selected. For example, a pie chart is shown for memory. A bar
chart is shown for CPU utilization.
Transition statement — Lets see the detailed information contained within the summary
section.
Instructor Guide
IBM Power Systems
• Configuration Information
Notes:
Summary Information
The summary feature provides the overall health status of the managed server. The
window provides common status information about the overall system, network, and
paging space configuration.
System Configuration
This expanded section displays information regarding the System p hardware and AIX
settings including such information as the model and serial number, processor type,
number and speed, memory size and status, and system recovery settings, like the auto
restart setting. All these values are related to the overall health and status of the server.
Some of these values may be changed in the System Environment area of the console.
Network Configuration
This expanded section displays information regarding the network settings including such
information as IP address, hostname, subnet mask, domain name, gateway, and name
server. All these values are related to the overall health and status of the network

V5.2
Instructor Guide
Uempty connections for the server. Some of these values may be changed in the Communications
area of the console.
Paging Space Configuration
This expanded section displays information regarding the operating system paging space
setting which indicates the total paging space available. This value is related to the overall
health and status of the server. The value may be changed in the System Storage
Management area of the console.
Instructor Guide
Instructor notes:
Purpose — Show the information contained in the summary section
Details — Introduce the information contained within the health summary. Keep the details
at a high level.
Transition statement — Lets see the final section of the Health portal, portlets: Top
Processes and File Systems.

V5.2
Instructor Guide
Uempty
IBM Power Systems
• Portlets: Top Processes and File Systems
Notes:
Top Processes
The process feature provides a list of the running processes in a table view. The window
provides common status information about each individual process. A table describes each
process with separate columns to view detailed information. The table is initially sorted by
the parent ID. These columns include the following:
• Process Name displays the command that initiated the process.
• Process ID displays the ID number for the process.
• Parent ID displays the process ID number for the parent process that started the
process.
• CPU % displays the percent of the total CPU available used by the process in the cycle
before the last refresh.
• Time displays the total CPU time the process has been running before the last refresh.
• User displays the user ID under which the process is running.
Instructor Guide
File System
The file system feature provides a list of the defined file systems in a table view. The
window provides common status information about each individual file system. The table
describes each individual file system with separate columns to view detailed information.
The table is sorted by the file system name. These columns include the file system name,
mount point, size, and free area.
• File System displays the file system name.
• Mount Point displays the current mount location for the file system.
• Size displays the size of the file system in Mbytes.
• Free Space displays the size of the free space available in the file system in Mbytes.
• Free % displays the percentage of the total space not in use.
• Page indicates the current page and total number of pages of file system information.

V5.2
Instructor Guide

Purpose — Show the Information contained in the final section of the health portal
Details — Introduce the information contained in the process and filesystem portlets. Keep
the details at a high level.
Additional information — Customers, over the years, have often requested SMIT
functionality through a web browser interface. A product that matches this request was
developed a number of years ago. Unfortunately, this WebSMIT product only comes with
the purchase of PowerHA.
Transition statement — Lets move onto classical SMIT.
Instructor Guide
Classical SMIT
IBM Power Systems
Figure 2-18. Classical SMIT AN121.1
Notes:
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The
classical SMIT interface features the same menu structures and dialog panels as the ASCII
SMIT.

V5.2
Instructor Guide

Purpose — Show Classical SMIT in pconsole
Details — Some students may like the idea of using pconsole, but prefer the original SMIT
structures. The visual shows classical SMIT access in pconsole.
Transition statement — Another key portal is DCEM, so let us look.
Instructor Guide
DCEM portlet (1 of 5)
IBM Power Systems
Graphical driven
UNIX dsh
functionality Commands
dsh
LPAR:
LPAR:
LPAR:
LPAR:
AIX1
AIX4
AIX2
AIX3
Figure 2-19. DCEM portlet (1 of 5) AN121.1
Notes:
DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is
based on the standard UNIX dsh (distributed shell) command.

V5.2
Instructor Guide

Purpose — Introduce the DCEM portal
Details — We are going to provide a simple example of using the DCEM console
application. Before we move through the actual example, introduce DCEM.
Additional information — This is just a wrapper for unix dsh, which in turn is just a
wrapper for concurrent rsh. It is very popular with CSM and previously PSSP (and also in
other UNIX flavors).
dsh example: In order to run the uname command on waldorf and statler hosts:
# dsh -n statler,waldorf "uname -a"
waldorf.lpar.co.uk: AIX waldorf 1 6 00CF2E7F4C00
statler.lpar.co.uk: AIX statler 1 6 00CF2E7F4C00
Transition statement — Let’s see a simple example, using the DCEM portlet.
Instructor Guide
IBM Power Systems
Enter job
name and
description.
Defaults to
standard PATH
and user root
Enter
commands to
run.
Notes:
The first task is to enter a job name and description, then work along the tabs, filling in the
information as appropriate. Starting with the Command Specification tab, the following
fields may be used when creating a distributed command:
• Name: Specify a name for the distributed task if you would like to save it for future use.
• Path: Specify the path of the command.
• Default User: Specify the user name under which the command will run.The user
currently logged in is the default value.
• Command (required): The command definition.

V5.2
Instructor Guide

Purpose — Create a task using DCEM (example 2 of 5)
Details — Explain how to create a simple DCEM job using the example shown in the
visual.
Transition statement — Let's move to DCEM example 3 of 5.
Instructor Guide
IBM Power Systems
Specify
target
machines.
Notes:
Moving to the Target Specification tab, create a set of targets on which the command will
run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and
NIM hosts and groups.
CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed
over a network. Both CSM and NIM hosts can be grouped together for ease of
management. For these fields to be used, the IBM Systems Director Console must be
running directly on either a CSM or NIM server respectively.
Groups, CSM, and NIM are concepts beyond the scope of this course.

V5.2
Instructor Guide

Purpose — Show how to create a task using DCEM (example 3 of 5)
Details — Continue with the example. Keep the focus on DSH targets only. I have included
supplemental information on groups in the notes. CSM and NIM is beyond the scope of the
class, but be prepared for questions.
Additional information — This maybe useful supplemental information. Here is a
command line example showing the underlying steps of dsh groups.
Command line example of a dsh group:
# cat /aix/tmp/dshgroup
kenny
kyle
Eric
# export DSH_NODEGROUP_PATH=/aix/tmp/
# dsh -N dshgroup "printf '$(date)'; uname -a"
kyle.lpar.co.uk: Tue 14 Oct 12:15:26 2008 AIX kyle 1 6 00CF2E7F4C00
kenny.lpar.co.uk: Tue 14 Oct 12:15:26 2008 AIX kenny 1 6
00CF2E7F4C00
eric.lpar.co.uk: Tue 14 Oct 12:15:26 2008 AIX eric 1 6 00CF2E7F4C00
To use NIM groups the host running pconsole would have to know the NIM group exists, as
follows:
# lsnim -g muppets
muppets:
class = groups
type = mac_group
member1 = kermit; ready for a NIM operation; currently running;
member2 = statler; ready for a NIM operation; currently running;
member3 = waldorf; ready for a NIM operation; currently running;
The same applies to CSM.
Transition statement — Let us move to DCEM example 4 of 5.
Instructor Guide
IBM Power Systems
Defaults to
rsh, ssh is
optional
Confirmation
that job is
running
Notes:
Moving to the Options Tab, specify:
• Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you
want to make the remote execution secure. Either way, the pconsole server must be
able to execute commands on the remote hosts without entering a password.
Otherwise, dsh commands will fail.
• Verify targets are responding: Select this check box to verify that targets are
responding before running the command.
The following options may be used when running the command:
• Run: This option runs the command on the specified targets.
• Run and Save: This option runs the command on the specified targets and saves the
current command specification as a script.
• Save: This option saves the current command specification as a script. All information
specified in the command specification tab, targets tab, and options tab will be saved.

V5.2
Instructor Guide
Uempty The Generate Script button will produce a perl command script in the /dcem/scripts
directory on the pconsole server.
The submission report, will only confirm that the job is running. To see wether the job has
completed successfully, click the View Status button.
Instructor Guide
Instructor notes:
Purpose — Show how to create a task using DCEM (example 4 of 5)
Details — Continue with the example as shown in the visual.
Transition statement — Let us move to DCEM example 5 of 5.

V5.2
Instructor Guide
Uempty
IBM Power Systems
Status:
Completed OK
or failure!
Report output.
Further host output
can be seen by
selecting the links
below.
Notes:
After selecting view status, as shown on the previous visual, the Job Status window will
appear. In the example shown above, the DCEM job was completed successfully. To obtain
further information, click the View Report button.
Instructor Guide
Instructor notes:
Purpose — To show how to create a task using DCEM (example 5 of 5)
Details — Go through the final steps as shown in the example. The screens show how to
determine if the job has been successfully executed.
Transition statement — Let’s define the location of the pconsole logs.

V5.2
Instructor Guide
Uempty
Console logging and tracing

IBM Power Systems
• Console Logs
– Location: /var/log/pconsole/logs
• Formatted using XML
– Rotated using filenames error-log-#.xml and trace-log-#.xml
## ls
ls /var/log/pconsole/logs
/var/log/pconsole/logs
error-log-0.xml
error-log-0.xml error-log-5.xml
error-log-5.xml trace-log-3.xml
trace-log-3.xml
error-log-0.xml.lck
error-log-0.xml.lck Log_Viewer.xml
Log_Viewer.xml trace-log-4.xml
trace-log-4.xml
error-log-1.xml
trace-log-0.xml trace-log-5.xml
trace-log-5.xml
error-log-2.xml
error-log-2.xml trace-log-0.xml.lck
trace-log-0.xml.lck
error-log-3.xml
trace-log-1.xml
error-log-4.xml
trace-log-2.xml
• Classical SMIT logs

– Location: $HOME/wsmit.log & wsmit.script
• DCEM log
– Location: $HOME/dcem/logs/dcem.log
Figure 2-24. Console logging and tracing AN121.1
Notes:
The Systems Director Console log file are stored in XML format in the
/var/log/pconsole/logs directory.
Console Logging and Tracing
• Error log file
The system appends log messages to a single log file. A new log file is created each time
you start Integrated Solutions Console. Logging messages are written to the file
error-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write log messages.
• Trace log file
The system appends traces messages to a single log file. A new trace file is created each
time you start Integrated Solutions Console. Trace messages are written to the file
trace-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write trace messages.
Instructor Guide
Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names, to differentiate these pconsole logs from the standard AIX
SMIT logs. There is no equivalent smit.transaction log produced through pconsole.
An example DCEM.log:
------------------------------------------------------------
Command name: Unspecified
Default user: root
Command definition:
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2008
Ended: Tue Oct 14 17:06:35 2008
Successful targets:
DSH nodes:
statler.lpar.co.uk
waldorf.lpar.co.uk
Failed targets:
none
Targets not run:
none
Status:
Command execution completed.
-----------------------------------------------------------

V5.2
Instructor Guide

Purpose — Define the location of the pconsole logs
Details — pconsole logs are not easy to read because they are written in XML. Classic
SMIT output is easier to read than the pconsole output.
Transition statement — OK, it is time to wrap up with the checkpoint questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. List the three main system management tools available on AIX.

1. ______________
2. ______________
3. ______________
2. What is the purpose of the smit.script file?

_______________________________
_______________________________
3. What information can one get from looking at the

system configuration details in IBM Systems Director
Console?
________________________________
________________________________
________________________________
________________________________
________________________________
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems
1. List the three main system management tools available on

AIX.
SMIT, WebSM, and IBM Systems Director console for AIX

To obtain the command(s) SMIT has just executed

Console?
Firmware/model information
Network configuration, IP address etc
Paging Space Information
A list of Top CPU logging processes
File system information
Instructor Guide
Exercise 2
IBM Power Systems
AIX system
management
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Unit summary
IBM Power Systems

• Describe the benefits of the system management
tools available with AIX version 6.1
• Understand the functionality of SMIT, WebSM, and
the new IBM Systems Director Console for AIX
• Look at how we can use IBM Systems Director
Console to monitor system health and to run
commands concurrently on multiple hosts
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide

V5.2
Instructor Guide
Uempty Unit 3. System startup and shutdown
Estimated time
01:00

This unit describes how to start up and shut down the managed
system and AIX partitions.

• Describe the System and AIX startup process
• Activate the System and AIX partitions
• Understand the AIX startup modes
• Describe the contents of the /etc/inittab file
• Understand the role of the System Resource Controller and how to
manage subsystems
• Explain how to shut down the system and AIX partitions

Accountability:
• Checkpoint
References
Online AIX Version 6.1 Operating System and Device
Management
following address:
© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-1
Instructor Guide
Unit objectives
IBM Power Systems

• Understand the role of the System Resource Controller and
how to manage subsystems
Notes:

V5.2
Instructor Guide

Purpose — Introduce the content of this unit
Details — After completing this unit, you should be able to:
• Describe the System / AIX startup process
• Understand the role of the System Resource Controller and how to manage
subsystems
Transition statement — Let's start by viewing the big picture of the system/AIX partition
startup process.
Instructor Guide
System startup
IBM Power Systems
Plug in managed system

Level 1: Power off Service Processor is active
Issue Power On command

All devices are initialized and powered on.
Level 2: Standby
System is ready to support partitions.
SMS mode
Start AIX - OR -
partitions
Normal mode
Level 3: Operating System is running partitions.
Figure 3-2. System startup AN121.1
Notes:
Level 1: Power Off state
The first power level is achieved by plugging in the power cord of the managed system
into a live power socket. The HMC will report that the managed system is in the Power
Off state. No additional buttons need to be pushed and no commands need to be
issued.
The service processor will be initialized and the service processor software will be
loaded and run. If your system has an Operator Panel, you'll see codes on the display
panel and after a few minutes, you will also see a steady blinking green light. The HMC
will also display the codes and status information for the managed system. At this point,
the service processor is an active host on the network. You may use the system
management (ASMI) application on the service processor. However, the rest of the
devices, such as disks, processors, and so forth, on the managed system are still
powered off.

V5.2
Instructor Guide
Uempty Level 2: Standby state

To advance to the second power on level, a power on command must be issued to the
managed system. At this point, all devices are initialized and ready to use. However, no
partitions are running yet, so their devices are not yet in use. Do not attempt to remove
hardware from the system at this level. The HMC will report that the managed system is
in the Standby state.
Level 3: Operating state
Once you start the first partition on the system, your managed system will be at the third
and highest power on level. The HMC will report the state of the managed system as
Operating. This means it has been fully powered on, initialized, and is running at least
one partition. With the proper procedures and commands, hot-pluggable devices may
be physically removed from the partitions. Once your managed system is in the
Operating state, it remains there until you issue a power off command or a system error
changes the state. If you shut down all of the partitions, but do not power off the
managed system, the HMC will still report the Operating state. However, at this point,
the system is in a state functionally equivalent to the Standby state.
Instructor Guide
Instructor notes:
Purpose — Describe the powering on process and the different power levels
Details — The focus on this unit is powering on/off AIX, but it is critical we put this into
context of a Power5/Power6 machine.
Transition statement — Now we have described the big picture, let's see how to power on
a P6 box.

V5.2
Instructor Guide
Uempty
Managed system activation

IBM Power Systems
# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o on
Figure 3-3. Managed system activation AN121.1
Notes:
Introduction
The visual above shows a managed system in the Power Off state. The HMC menu is
shown where you can choose to power on the system. This is the selected menu when
the managed system is selected. The next visual shows you the screen that appears
after choosing Power On from the menu.
HMC command for managed system power on
The chsysstate HMC command can also be used in an SSH session to change the
state of the managed system or partitions. Specific examples of power on commands
will be shown on the following pages.
Scheduling the managed system power on
You can schedule an automatic managed system power on for a particular date and
time, and it can be scheduled to repeat. This application is found under HMC
Management > HMC Configuration > Schedule Operations.
Instructor Guide
Instructor notes:
Details — This visual is an overview of powering up the system from an HMC. Emphasize
that this is the managed system power on procedure and not of a particular partition. The
managed system must be powered on before any partitions can be activated.
Additional information — In reality, experienced users, especially in enterprise
environments, control the HMC through the command line. This is why I have highlighted
the commands.
Transition statement — Let's look at the AIX startup modes.

V5.2
Instructor Guide
Uempty
Start-up modes for AIX (1 of 2)

IBM Power Systems
• The two most popular start-up modes are:

– SMS mode (the firmware menu)
– Normal mode
• SMS mode is used for :

– Selecting the boot device, for example: Network and IPL parameters
– Booting into Service (Maintenance) mode, examples:
• To fix a machine that will not boot
• Recover root password
SMS Top
Level
PowerPC Firmware
Version EL320_083 Firmware
SMS 1.7 (c) Copyright IBM Corp. 2000,2008 All rights reserved. Menu
----------------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
4. Select Console
5. Select Boot Options
Figure 3-4. Start-up modes for AIX (1 of 2) AN121.1
Notes:
System Management Services
To boot into SMS, either press the 1 key shortly after partition activation, or set the
partition to specifically SMS boot. To do this, click the Advanced button on activation
and set the boot mode to SMS.
SMS is the Power System firmware menu. The code is shipped with the hardware. This
resource can be used to select the boot device, or change the order of the bootlist and
boot the system into Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user
mode.
Instructor Guide
Instructor notes:
Purpose — Introduce the startup modes for AIX
Details — There are several startup modes for AIX. However, most of the time the system
is booted in normal mode. To build the system, or to boot into maintenance mode to fix
problems, it is often necessary to boot into SMS mode (the system firmware). The others
boot options are rarely used.
Give an overview of SMS booting and why one would want to do it.
Transition statement — Let's continue with normal mode and the other options.

V5.2
Instructor Guide
Uempty
Start-up modes for AIX (2 of 2)

IBM Power Systems
• Normal mode
– AIX boots into multi-user mode (run level 2).
– Users can log in, the system can be configured, and applications can start.
– The bootlist command can set/change the start-up boot device.
## bootlist Displays the current

bootlist -m
-m normal
normal -o
-o boot device (hdisk0)
hdisk0
hdisk0 blv=hd5
blv=hd5
## bootlist
bootlist -m
-m normal
normal ent0
ent0 bserver=10.47.1.33
bserver=10.47.1.33 client=10.47.1.101
client=10.47.1.101
Changes the current

• Other less common start-up modes: normal bootlist to boot over
the network through device
– Diagnostic with default boot list ent0 to a network install
• Used to run diagnostics using diagnostic CD server 10.47.1.33
– Diagnostic with stored boot list

• Used to run online diagnostics
– Open firmware
• Open firmware prompt. Use by service/support personnel to obtain low level
debug information
Figure 3-5. Start-up modes for AIX (2 of 2) AN121.1
Notes:
Start-up modes:
• Normal: The logical partition starts up as normal. This is the mode that you use to
perform most everyday tasks. When the machine does a normal boot, it completes the
full AIX boot sequence and start processes, enables terminals and generates a login
prompt, to make it available for multi-user access. It also activates the disks, sets up
access to the files and directories, starts networking, and completes other machine
specific configurations.
• Diagnostic with default boot list: The logical partition boots using the default boot list
that is stored in the system firmware. This mode is normally used to boot diagnostics
from the CD/DVD drive. Use this boot mode to run standalone diagnostics. The
diagnostic CD is delivered with the Power H/W.
• Diagnostic with stored boot list: The logical partition performs a service mode boot
using the service mode boot list saved in NVRAM. Use this boot mode to run online
diagnostics.
• Open Firmware OK prompt: The logical partition boots to the open firmware prompt.
This option is used by service personnel to obtain additional debug information.
Instructor Guide
Instructor notes:
Purpose — Continuation of startup modes
Details — Cover normal mode booting. Go through the bootlist command, how to view the
current normal mode bootlist and change it.
Just highlight the other boot options, rarely are they used these days as one would typically
boot into SMS, and then just select the boot device. Again booting from diagnostics CDs is
rarely performed by service personnel.
Transition statement — Now we know how to start the system and AIX. Let’s see what
happens when we boot an AIX partition.

V5.2
Instructor Guide
Uempty
AIX start up process overview

IBM Power Systems
Partition Activation
Locate AIX boot image

via firmware or bootlist
Load boot image

RAMFS created AIX Kernel is now in control
Configure Devices init process from RAMFS

Start rootvg executes rc.boot script
Start ‘real’ init process

From rootvg Process /etc/inittab, default run-level 2
LOGIN
Figure 3-6. AIX start up process overview AN121.1
Notes:
AIX start-up overview
After the partition is activated, a boot image is located from the boot device, specified
from SMS or the bootlist command, and is loaded into memory. During a normal boot,
the location of the boot image is usually a hard drive. Besides hard drives, the boot
image could be loaded from CD/DVD. This is the case when booting into maintenance
mode for service. If working with the Network Installation Manager (NIM), the boot
image is loaded through the network.
The kernel restores a RAM file system into memory by using information provided in the
boot image. At this stage, the rootvg is not available, so the kernel needs to work with
commands provided in the RAM file system. You can think of the RAM file system as a
small AIX operating system. The kernel starts the init process which was provided in the
RAM file system, not from the root file system. This init process executes a boot script
which is named rc.boot. rc.boot controls the boot process. The base devices are
configured, rootvg is activated or varied on, and the real init process starts from rootvg
which will in turn process the /etc/inittab at run level two.
Instructor Guide
Instructor notes:
Purpose — Introduce the AIX start-up process
Details — Provide high level details of the AIX booting process. Go through the details
provided in the student notes.
Transition statement — Let's look at how we start a partition from the HMC.

V5.2
Instructor Guide
Uempty
AIX partition activation (1 of 2)

IBM Power Systems
# ssh hscroot@<hmc> chsysstate -m <ms_name> -r lpar \

-o on -n <lpar> -f <profile name> -b sms
To activate
into SMS
Figure 3-7. AIX partition activation (1 of 2) AN121.1
Notes:
Activating a partition
To activate a partition from the HMC Server Management application, select the
partition name and choose Activate from the menu. An Activate Logical Partition
screen will appear from which the user can select the start-up profile.
Instructor Guide
Instructor notes:
Purpose — Show how an AIX partition is activated
Details — Go through the visual and explain how to start an AIX partition.
Transition statement — Partition activation, part 2

V5.2
Instructor Guide
Uempty
AIX partition activation (2 of 2)

IBM Power Systems
AIX
AIX Version
Version 66
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2007
2007
Console login:
Console login:
Figure 3-8. AIX partition activation (2 of 2) AN121.1
Notes:
Activating a partition (continued)
Partitions can have one or many profiles assigned, one of which will be the default.
Profiles contain the attributes of the partition such as process and memory
requirements, and assigned devices. At the time of starting the profile a virtual console
session can be optionally started. The Advanced button enables users to set the
start-up mode. A default start-up mode will be contained within the profile.
Instructor Guide
Instructor notes:
Purpose — Show how an AIX partition is activated continued
Details — Following the activate action, you must pick the profile to boot from, shown as
an02 in the visual. Explain to students that it is the profile that contains the attributes, such
as processing units, memory, and devices. Mention also the advanced button which shows
the boot mode options mentioned earlier.
Once the partition is running, we can log in, either remotely (tn, ssh, and so on) or by using
a virtual console session as shown on the visual.
Transition statement — If you take a break and are away from the console while the
system is booting, you will miss the console messages. Let’s see how we can view this
information after the system has booted.

V5.2
Instructor Guide
Uempty
The alog command

IBM Power Systems
User Boot Install

NIM
Applications Process Process
alog program
/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog
To view the boot log:

## alog
alog –o
–o –t
–t boot
boot
Figure 3-9. The alog command AN121.1
Notes:
Overview
The alog command is a BOS feature that provides a general-purpose logging facility
that can be used by any application or user to manage a log. The alog command reads
standard input, writes the output to standard out, and copies it to a fixed size file at the
same time.
The log file
The file is treated as a circular log. This means that when it is filled, new entries are
written over the oldest entries. Log files used by alog are specified on the command
line or defined in the alog configuration database maintained by the ODM. The
system-supported log types are boot, bosinst, nim, and console.
Use in boot process
Many system administrators start the boot process, and then go and get a cup of coffee.
Unfortunately, boot messages may appear on the screen, only to be scrolled and lost,
never to be seen by the user. In some instances, these messages may be important,
Instructor Guide
particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot
script and the configuration manager during the boot process to log important events.
To view the boot information, the command alog –o -t boot may be used. If the
machine does not boot, boot the machine into maintenance mode and view the boot
log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following
command:
# smit alog

V5.2
Instructor Guide

Purpose — Explain the function of the alog facility
Details — The alog is required to be a fixed-size log. Size can be configured by the user
through SMIT. A mechanism must also be provided for viewing the log files. The alog
program maintains a header containing the size of the log file, and input and output
pointers. However, the log file data only contains the data piped to the programs' STDIN.
The program does not write time stamps to the log file. In addition, the alog program does
not provide concurrency control. Therefore, if multiple processes try to write to the same
log at the same time, the contents of the log file are unpredictable. The a in alog stands for
AIX.
To record the current date and time in a log file named /tmp/mylog enter:
# date | alog -f /tmp/mylog
Additional information — alog -L can be used to see the list of alogs available on the
system.
Transition statement — As you have seen, boot messages are placed in the boot log file.
The reason for this is that when the boot scripts are executed, they are explicitly told to
make entries in the boot log. This is all controlled from the /etc/inittab file. Let's see how
this is done.
Instructor Guide
/etc/inittab
IBM Power Systems
Format of the line: id:runlevel:action:command

init:2:initdefault:
init:2:initdefault:
brc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot
brc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot
powerfail::powerfail:/etc/rc.powerfail 2>&1 | alog -tboot > /dev/console
powerfail::powerfail:/etc/rc.powerfail 2>&1 | alog -tboot > /dev/console
mkatmpvc:2:once:/usr/sbin/mkatmpvc >/dev/console 2>&1
mkatmpvc:2:once:/usr/sbin/mkatmpvc >/dev/console 2>&1
atmsvcd:2:once:/usr/sbin/atmsvcd >/dev/console 2>&1
atmsvcd:2:once:/usr/sbin/atmsvcd >/dev/console 2>&1
tunables:23456789:wait:/usr/sbin/tunrestore -R > /dev/console 2>&1 # Set tunables
tunables:23456789:wait:/usr/sbin/tunrestore -R > /dev/console 2>&1 # Set tunables
rc:23456789:wait:/etc/rc 2>&1 | alog -tboot > /dev/console # Multi-User checks
rc:23456789:wait:/etc/rc 2>&1 | alog -tboot > /dev/console # Multi-User checks
rcemgr:23456789:once:/usr/sbin/emgr -B > /dev/null 2>&1
rcemgr:23456789:once:/usr/sbin/emgr -B > /dev/null 2>&1
fbcheck:23456789:wait:/usr/sbin/fbcheck 2>&1 | alog -tboot > /dev/console
fbcheck:23456789:wait:/usr/sbin/fbcheck 2>&1 | alog -tboot > /dev/console
srcmstr:23456789:respawn:/usr/sbin/srcmstr # System Resource Controller
srcmstr:23456789:respawn:/usr/sbin/srcmstr # System Resource Controller
rctcpip:a:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
rctcpip:a:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
rcnfs:a:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons
rcnfs:a:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons
sniinst:2:wait:/var/adm/sni/sniprei > /dev/console 2>&1
sniinst:2:wait:/var/adm/sni/sniprei > /dev/console 2>&1
cron:23456789:respawn:/usr/sbin/cron
cron:23456789:respawn:/usr/sbin/cron
qdaemon:a:wait:/usr/bin/startsrc -sqdaemon
qdaemon:a:wait:/usr/bin/startsrc -sqdaemon
writesrv:a:wait:/usr/bin/startsrc -swritesrv
writesrv:a:wait:/usr/bin/startsrc -swritesrv
uprintfd:23456789:respawn:/usr/sbin/uprintfd
uprintfd:23456789:respawn:/usr/sbin/uprintfd
shdaemon:2:off:/usr/sbin/shdaemon >/dev/console 2>&1 # High availability daemon
shdaemon:2:off:/usr/sbin/shdaemon >/dev/console 2>&1 # High availability daemon
l2:2:wait:/etc/rc.d/rc 2
……………
……………
Figure 3-10. /etc/inittab AN121.1
Notes:
Introduction
The /etc/inittab file lists the processes that init starts, and it also specifies when to
start them. If this file gets corrupted, the system cannot boot properly. Because of this, it
is a good idea to keep a backup of this file. This file should never be edited directly. Use
lsitab, chitab, and mkitab commands. After editing the /etc/inittab file, force the
system to reread the file by using the telinit q command.
To list the inittab type: lsitab –a
To add an entry into the inittab type: mkitab [ -i Identifier ] { [
Identifier ] : [ RunLevel ] : [ Action ] : [ Command ] }
• Example: mkitab "tty002:2:respawn:/usr/sbin/getty /dev/tty2“
To chance an entry in the inittab type: chitab { [ Identifier ] : [ RunLevel
] : [ Action ] : [ Command ] }
• Example: chitab "tty002:4:respawn:/usr/sbin/getty /dev/tty“

V5.2
Instructor Guide
Uempty Format of entries

The individual line entries in /etc/inittab contain the following fields:
• Id: Up to 14 characters that identify the process.
• Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of
0-9. If the telinit command is used to change the run level, a SIGTERM signal is sent to
all processes that are not defined for the new run level. If, after 20 seconds, a process
has not terminated, a SIGKILL signal is sent. The default run level for the system is 2,
which is AIX multiuser mode.
• Action: How to treat the process. Valid actions are:
- respawn: If the process does not exist, start it. If the process dies then restart it.
- wait: Start the process and wait for it to finish before reading the next line.
- once: Start the process and immediately read the next line. Do not restart it if it
stops.
- sysinit: Commands to be run before trying to access the console
- off: Do not run the command.
- Command. Use the AIX command to run to start the process.
Run levels
AIX uses a default run level of 2. This is the normal multi-user mode. You may want to
perform maintenance on your system without having other users logged in. The
command shutdown -m places your machine into a single user mode terminating all
logins. Once the machine reaches the single user mode, you are prompted to enter the
root password. When you are ready to return to normal mode, type telinit 2.
Instructor Guide
Instructor notes:
Details — Explain the run levels on AIX. Go through the format of the file, explaining each
of the four fields.
Additional information — The inittab file is reread by the init daemon every 60 seconds.
The telinit q command is only needed if you cant wait for the next 60 second check. Be sure
to stress this file is read top to bottom. This is why the wait action is important. There are
dependencies in this file like rcnfs and rctcpip. NFS stands for network file system, which
allows sharing of file systems across the network. NFS cannot work if the line above it,
rctcpip which starts networking, is not started and completed. Notice that rctc pip's start
action is wait.
Transition statement — How many run levels do we have and is there an run level control
over an above inittab?

V5.2
Instructor Guide
Uempty
Run levels
IBM Power Systems
• Run levels on AIX:

– 0 and 1: Reserved for future use
– 2 default (normal): Multi-user mode
– 3 through 9: Free to be defined by the administrator
• The telinit or init command can be used to change run

levels.
– a, b, c and h can be initiated during any run level start-up, 2
through 9, without killing any existing run level processes.
– S, s, M, m, results in the system entering single user /
maintenance mode.
– Q, q, re-examines and processes the /etc/inittab file on request.
Example: To go from single user to multi-user mode, execute:

# telinit 2
Figure 3-11. Run levels AN121.1
Notes:
Run levels define the behavior of init, and by extension, those processes which run on the
system when it is at any given level. A run level is a software configuration that allows only
a selected group of processes to exist. The system can be at one of the following run
levels:
• 0-9
Tells the init command to place the system in one run level 0-9
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes associated with the new run levels.
• 0-1
Reserved for the future use of the operating system
• 2
Contains all of the terminal processes and daemons that are run in the multiuser
environment
Instructor Guide
In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set
to run at all run levels so the system can be operated with only the console active.
• 3-9
Can be defined according to the user's preferences
• S,s,M,m
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the
terminal.
• a,b,c,h
Tells the init command to process only those records in the /etc/inittab file with a,
b, c, or h in the run level field. These four arguments, a, b, c, and h, are not true run
levels. They differ from run levels in that the init command cannot request the entire
system to enter run levels a, b, c, or h. When the init command finds a record in the
/etc/inittab file with a value of a, b, c, or h in the run level field, it starts the
process. However, it does not kill any processes at the current run level. Processes with
a value of a, b, c, or h in the run level field, are started in addition to the processes
already running at the current system run level. Another difference between true run
levels and a, b, c, or h, is that processes started with a, b, c, or h are not stopped when
the init command changes run levels. There are three ways to stop a, b, c, or h
processes:
- Type off in the Action field.
- Delete the objects entirely.
- Use the init command to enter maintenance state.

V5.2
Instructor Guide

Purpose — Introduce and explain run levels
Details — Go through the details in the visual and student notes.
Transition statement — Let's see how scripts can be invoked around entry and exit of run
levels.
Instructor Guide
Directory and script control

IBM Power Systems
• Start-up and stops scripts can be defined for each run level
which are automatically invoked at entry and exit.
/etc/rc.d # ls –R
/etc/rc.d # ls –R
init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d
init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d
./init.d:
./init.d:
./rc2.d:
./rc2.d: Scripts starting with
Ksshd Kwpars Ssshd
Ksshd Kwpars Ssshd
S are invoked at
./rc3.d: boot time by
./rc3.d:
./rc4.d:
/etc/rc.d/rc
./rc4.d:
./rc5.d:
./rc5.d:
./rc6.d: Scripts starting with K are
./rc6.d:
invoked synchronously by
./rc7.d:
./rc7.d: shutdown with one argument:
./rc8.d: 'stop'. They are also called on
./rc8.d:
start-up prior to invoking the start
./rc9.d:
./rc9.d:
scripts.
Figure 3-12. Directory and script control AN121.1
Notes:
Run level control scripts
Run level scripts enable system administrators to start and stop selected applications
and services, or perform tasks during system start-up, shutdown or during run level
change. Run level scripts need to be created in the subdirectory of /etc/rc.d that is
specific to the run level. Scripts beginning with K are stop scripts, while scripts
beginning with S are start scripts.

V5.2
Instructor Guide

Purpose — Show students how scripts can be invoked around system start-up, shutdown,
or run level change
Details — Go through the details in the visual and student notes.
Transition statement — Now, let's introduce the system resource controller.
Instructor Guide
System resource controller

IBM Power Systems
• Provides a single interface to control subsystems

• Controls individual subsystems or groups of subsystems
# ps -ef |grep src
# ps -ef |grep src SRC
UID
UID
PID
PID
PPID
PPID
C
C
STIME
STIME
TTY TIME CMD
TTY TIME CMD Master
root 172178 1 0 18 Sep - 0:00 /usr/sbin/srcmstr process
root 172178 1 0 18 Sep - 0:00 /usr/sbin/srcmstr
# ps -T 172178
# ps -T 172178 Parent
PID TTY TIME CMD
PID TTY TIME CMD
172178
172178
-
-
0:00 srcmstr
0:00 srcmstr
PID = init
151672 - 0:01 |\--syslogd
151672 - 0:01 |\--syslogd
163968 - 0:00 |\--inetd
163968 - 0:00 |\--inetd
303160 - 0:00 | \--rlogind Subsystem
303160 - 0:00 | \--rlogind
512170 pts/0 0:00 | \--ksh
512170 pts/0 0:00 | \--ksh
463024 pts/0 0:00 | \--ps
463024 pts/0 0:00 | \--ps
168088 - 0:00 |\--portmap
168088 - 0:00 |\--portmap
180418 - 0:00 |\--IBM.ServiceRMd
180418 - 0:00 |\--IBM.ServiceRMd
188650
188650
-
-
1:24
1:24
|\--rmcd
|\--rmcd Subserver
200856 - 3:47 |\--clstrmgr
200856 - 3:47 |\--clstrmgr
204904 - 0:00 |\--tftpd
204904 - 0:00 |\--tftpd
176288 - 0:00 | \--tftpd
176288 - 0:00 | \--tftpd
213102 - 0:00 |\--sshd
213102 - 0:00 |\--sshd
221334 - 0:00 |\--snmpdv3ne
221334 - 0:00 |\--snmpdv3ne
254124 - 0:00 |\--IBM.DRMd
254124 - 0:00 |\--IBM.DRMd
262276 - 0:59 |\--IBM.CSMAgentRMd
262276 - 0:59 |\--IBM.CSMAgentRMd
417800 - 0:00 \--ctcasd
417800 - 0:00 \--ctcasd
Figure 3-13. System resource controller AN121.1
Notes:
Purpose of the System Resource Controller
The System Resource Controller (SRC) provides a set of commands to make it easier
for the administrator to control subsystems. A subsystem is a daemon, or server, that is
controlled by the SRC. A subserver is a daemon that is controlled by a subsystem.
Daemon commands and daemon names are usually denoted by a d at the end of the
name. For example, inetd is a subsystem and can be controlled through SRC
commands. rlogind is a subserver which is started by the inetd subsystem as shown in
the visual.

V5.2
Instructor Guide

Purpose — Introduce the SRC
Details — The information below may be helpful if students ask for further discussion on
the differences between subsystem groups, subsystems, and subservers.
Subsystem groups - A subsystem group is a group of any specified subsystems. Grouping
systems together allows the control of several subsystems at one time.
Examples are: TCP/IP, NIS, and NFS.
Subserver - A subserver is a program or process that belongs to a subsystem. A
subsystem can have multiple subservers and is responsible for starting, stopping, and
providing status of subservers.
Subservers are started when their parent subsystems are started.
Additional information — Ensure the students understand the big picture. If the students
have terminals available to them, you might want to have them type in lssrc -a to show
them the grouping. These groupings are established in the ODM.
Transition statement — Let's identify some of the commands that the SRC uses to control
the subsystems.
Instructor Guide
Listing subsystems
IBM Power Systems
• The lssrc command is used to list subsystems

# lssrc -a
# lssrc -a
syslogd ras 151672 active
syslogd ras 151672 active
portmap portmap 168088 active
portmap portmap 168088 active
inetd tcpip 163968 active
tftpd tcpip 204904 active
sshd ssh 213102 active
sshd ssh 213102 active
ctrmc rsct 188650 active
ctrmc rsct 188650 active
snmpd tcpip 221334 active
clcomdES clcomdES 225414 active
clcomdES clcomdES 225414 active
clstrmgrES cluster 200856 active
clstrmgrES cluster 200856 active
ctcas rsct 417800 active
ctcas rsct 417800 active
qdaemon spooler inoperative
qdaemon spooler inoperative
writesrv spooler inoperative
writesrv spooler inoperative
lpd spooler inoperative
lpd spooler inoperative
…. Removed for clarity …..
…. Removed for clarity …..
# lssrc –g tcpip |grep active
# lssrc –g tcpip |grep active
Figure 3-14. Listing subsystems AN121.1
Notes:
Introduction
In this section, we discuss some examples of SRC commands.
Listing SRC status
The lssrc command is used to show the status of the SRC subsystems. In the example
shown on the visual, we are checking the status of all subsystems using the -a flag and
the TCP/IP group using the -g flag.
Specifying a subsystem or subsystem group
The -s and -g flags are used to specify subsystems or subsystem groups, respectively.

V5.2
Instructor Guide

Purpose — Introduce the lssrc command
Details — Go through each example on the visual.
Transition statement — Let's see how we can stop, start, and refresh subsystems.
Instructor Guide
SRC Control
IBM Power Systems
• Controlling subsystems
## stopsrc
stopsrc -s
-s inetd
inetd
0513-044
0513-044 The /usr/sbin/inetd
The /usr/sbin/inetd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
## startsrc
startsrc -s
-s inetd
inetd
0513-059
0513-059 The inetd
The inetd Subsystem
Subsystem has
has been
been started.
started. Subsystem
Subsystem PID
PID is
is
311374.
311374.
## refresh
refresh -s
-s inetd
inetd
0513-095
0513-095 The request
The request for
for subsystem
subsystem refresh
refresh was
was completed
completed
successfully.
successfully.
Not all
subsystems
support being
refreshed.
## refresh
refresh -s
-s sshd
sshd
0513-005
0513-005 The Subsystem,
The Subsystem, sshd,
sshd, only
only supports
supports signal
signal communication.
communication.
Figure 3-15. SRC Control AN121.1
Notes:
If a change is made to a subsystem configuration, then the subsystem will need to be
refreshed. For example, if the entry for the ftp service is disabled in the inetd.conf file, then
the inetd subsystem will need to be refreshed by using refresh command. Not all
subsystems can be refreshed. If this is the case, simply use startsrc and stopsrc
commands.

V5.2
Instructor Guide

Purpose — To show how we can control subsystems
Details — Go through the examples on the visual.
Transition statement — Let's see how we shutdown an AIX partition.
Instructor Guide
AIX partition shutdown (1 of 2)

IBM Power Systems
• The shutdown command, by default

– Gracefully stops all activity on the system
– Warns users of an impending shutdown
Do a fast shutdown,
## shutdown
shutdown -Fr
-Fr bypassing the
messages to users,
SHUTDOWN
SHUTDOWN PROGRAM
PROGRAM and reboot the system.
Thu
Thu 99 Oct
Oct 20:15:49
20:15:49 2008
2008
0513-044
0513-044 The
The sshd
sshd Subsystem
Subsystem waswas requested
requested to
to stop.
stop.
Wait for 'Rebooting...' before stopping.
Wait for 'Rebooting...' before stopping.
Oct
Oct 99 2008
2008 20:15:50
20:15:50 /usr/es/sbin/cluster/utilities/clstop:
/usr/es/sbin/cluster/utilities/clstop: calledcalled with
with
flags
flags -f
-f -y
-y -s
-s -N
-N -S
-S
0513-004
0513-004 The
The Subsystem
Subsystem or or Group,
Group, clinfoES,
clinfoES, is
is currently
currently inoperative.
inoperative.
Error logging stopped...
Error logging stopped...
Advanced
Advanced Accounting
Accounting hashas stopped...
stopped...
Process accounting stopped...
Process accounting stopped...
Stopping
Stopping NFS/NIS
NFS/NIS Daemons
Daemons
Connection
Connection closed.
closed.
Figure 3-16. AIX partition shutdown (1 of 2) AN121.1
Notes:
Introduction
The SMIT shutdown fastpath or the shutdown command is used to shut the system
down cleanly. If used with no options, shutdown displays a message on all enabled
terminals (using the wall command), then (after one minute) disables all terminals, kills
all processes on the system, syncs the disks, unmounts all file systems, and then halts
the system.
Some commonly used options
You can also use shutdown with the -F option for a fast immediate shutdown (no
warning), -r to reboot after the shutdown or -m to bring the system down into
maintenance mode. The -k flag specifies a “pretend” shutdown. It appears to all users
that the machine is about to shut down, but no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode: # shutdown
-m

V5.2
Instructor Guide
Uempty Creating a customized shutdown sequence

If you need a customized shutdown sequence, you can create a file called
/etc/rc.shutdown. If this file exists, it is called by the shutdown command and is
executed first, “that is, before normal shutdown processing begins”. This is useful if, for
example, you need to close a database prior to a shutdown. If rc.shutdown fails
(non-zero return code value), the shutdown is terminated.
Instructor Guide
Instructor notes:
Purpose — To describe how to shutdown an AIX partition
Details — Describe the syntax and use of the popular options on the shutdown command.
Transition statement — Now we understand how to shutdown AIX from the command
line. Let's see how we can do this from the HMC.

V5.2
Instructor Guide
Uempty
AIX partition shutdown (2 of 2)

IBM Power Systems
• AIX shutdown can also be initiated from the HMC.

# ssh hscroot@<hmc> chsysstate -o osshutdown
Do a fast
shutdown,
shutdown -F
Figure 3-17. AIX partition shutdown (2 of 2) AN121.1
Notes:
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
• Delayed: The HMC shuts down the logical partition using the delayed power-off
sequence. This allows the logical partition time to end jobs and write data to disks. If the
logical partition is unable to shut down within the predetermined amount of time, it will
end abnormally and the next restart may be longer than normal.
• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all
active jobs immediately. The programs running in those jobs are not allowed to perform
any job cleanup. This option might cause undesirable results if data has been partially
updated. Use this option only after a controlled shutdown has been unsuccessfully
attempted.
• Operating System: The HMC shuts down the logical partition normally by issuing a
shutdown command to the logical partition. During this operation, the logical partition
performs any necessary shutdown activities. This option is only available for AIX logical
partitions.
Instructor Guide
• Operating System Immediate: The HMC shuts down the logical partition immediately
by issuing a shutdown -F command to the logical partition. During this operation, the
logical partition bypasses messages to other users and other shutdown activities. This
option is only available for AIX logical partitions.

V5.2
Instructor Guide

Purpose — Describe how to shutdown an AIX partition from the HMC
Details — Go through the options in the visual. Using your own experience, discuss the
relative merits of HMC versus command line.
Transition statement — Finally, how we shut down the managed system.
Instructor Guide
Managed system shutdown

IBM Power Systems
• Ensure all partitions have been shutdown first!

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o off
Figure 3-18. Managed system shutdown AN121.1
Notes:
Power down partitions first
Before you power off the managed system, you must first shut down the operating systems
in each of the running partitions. Otherwise, they will terminate abnormally which may lead
to file system corruption.
After selecting the Power Off item from the Managed System's Operations task menu, you
must choose between the Normal power off procedure and the Fast power off procedure.
• Normal power off: The system ends all active tasks in a controlled manner. During that
time, the service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
• Fast power-off: The system ends all active tasks immediately. The programs running in
the service processor and the POWER Hypervisor are not allowed to perform any
cleanup.

V5.2
Instructor Guide

Purpose — Describe how to shutdown the managed system
Details — Go through the example in the visual.
Transition statement — Time for some checkpoint questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. What is the first process that is created on the system

and which file does it reference to initiate all the other
processes that have to be started?
____________________________________________
____________________________________________
2. Which AIX feature can be used to stop and start

subsystems and groups of daemons ?
____________________________________________
3. True or False: You can only execute the shutdown

command from the console.
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

The initial process is ignit. The file init references is
/etc/inittab for information regarding other processes
that have to be started.

The System Resource Controller (SRC)
3. True or False: You can only execute the AIX shutdown

Instructor Guide
Exercise 3
IBM Power Systems
System startup and

shutdown
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Unit summary
IBM Power Systems

• Understand the role of the System Resource Controller
and how to manage subsystems
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide

V5.2
Instructor Guide
Uempty Unit 4. AIX installation
Estimated time
01:00

This unit describes the process of installing the AIX 6.1 operating
system.

• List the installation methods for AIX 6
• List the steps necessary to install the AIX version 6.1 base
operating system
• Install and understand all the options when installing AIX 6.1 from
optical media
• Carry out post installation tasks

Accountability:
• Checkpoint
References
Online AIX Version 6.1 Installation and migration
SG25-7559 IBM AIX Version 6.1 Difference Guide (redbook)
SC23-6629 AIX Version 6.1 Release Notes
SC23-6630 AIX Version 6.1 Expansion Pack Release Notes
following address:
© Copyright IBM Corp. 2009 Unit 4. AIX installation 4-1

Instructor Guide
Unit objectives
IBM Power Systems

• List the steps necessary to install the AIX version 6.1 base
operating system
• Install and understand all the options when installing AIX 6.1
from optical media
• Execute a network boot to use a configured NIM server
Notes:

V5.2
Instructor Guide

• List the steps necessary to install the AIX version 6.1 base operating system
• Install and understand all the options when installing AIX 6.1 from optical media
Details —
Transition statement — Let's start by defining the installation methods for AIX 6.

Instructor Guide
Installation methods for AIX 6

IBM Power Systems
• Pre-installation option (for a new system order)
• DVD (FC 3435) / CD (FC 3410)
• Network
– Network Installation Manager (NIM)
– Details covered in IBM training course: AIX Installation Management
(AU08G)
Figure 4-2. Installation methods for AIX 6 AN121.1
Notes:
When a Power system order is placed with IBM, or a business partner, there are options to
have the system preconfigured. This pre-configuration consists of LPAR creation and
installation of OS software including AIX.
AIX6 by default is delivered on DVD media. Optionally, AIX can also be ordered on CD
(one through eight disks).
In an LPAR environment, NIM is a very popular method of installing and updating AIX. NIM
is a large topic and is covered in-depth in the AU08G education class.

V5.2
Instructor Guide

Purpose — Installation options for AIX
Details — The preinstall option is good choice to ensure that the hardware is working when
the machines are delivered. Most customers choose to configure the systems upon
delivery.
Additional information — Talk briefly about NIM and be prepared to answer any
questions. The focus of this unit will be install through optical media.
Transition statement — Let's see how to build an AIX system from optical media.

Instructor Guide
AIX installation in a partition (DVD or CD)

IBM Power Systems
• Steps:
Assume a partition and partition profile has already been created.
1. Place the AIX DVD or CD in the drive.
2. Activate the partition to SMS and open terminal window.
3. Select boot device using SMS menus in the terminal window.
4. Interact with the AIX install menus.
• Note, the partition must either:

– Have PCI slot which controls a drive which will read CD-ROMs
OR
– Be allocated a CD-ROM device though a VIOS server (as a
virtual optical SCSI device)
Figure 4-3. AIX installation in a partition (DVD or CD) AN121.1
Notes:
To install AIX into a partition, the partition and profile must first be created through the
HMC. The partition must have access to a device slot which contains the optical media
drawer. If a virtualized environment is to be deployed, then the VIOS partition will probably
own the optical device. In that case, it is still possible to make this CD available to a
partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was added
which allows a media ISO image to be allocated to multiple partitions, through the
file-backed virtual optical device feature.
To install AIX from the optical drive, either boot into SMS mode and choose to boot from the
optical media device, or start the partition with the “Diagnostic with default boot list”. Then
follow and interact with the menus.

V5.2
Instructor Guide

Purpose — Introduce how to install AIX from optical media
Details — Go through the details in the foil and student notes. Obviously, in a
multi-partitioned environment, it is not really feasible to install from optical media.
Additional information — Mention, at a high level, only that in a virtual environment, the
CD or ISO image can be made available to clients.
Transition statement — Let's cover the details of how to boot from optical media.

Instructor Guide
Installing AIX from CD/DVD (1 of 2)

IBM Power Systems
• Boot partition into SMS mode and select CD/DVD.

PowerPC Firmware
PowerPC Firmware
Version SF240_338
Version SF240_338
SMS 1.6 (c) Copyright IBM Corp. 2000,2005 All rights reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main Menu
Main Menu
1. Select Language
1. Select Language
2. Setup Remote IPL (Initial Program Load) #then select the adapter & IP Parameters
4. Select Console
4. Select Console
Multiboot
Multiboot
1. Select Install/Boot Device
1. Select Install/Boot Device
Select Device Type

Select Device Type
3. CD/DVD
3. CD/DVD Select the
Select Media Type
Select Media Type CD/DVD drive
9. List All Devices
9. List All Devices from the list.
Select Device
Select Device
Device Current Device
Device Current Device
Number Position Name
Number Position Name
1. - SCSI CD-ROM
1. - SCSI CD-ROM
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
Figure 4-4. Installing AIX from CD/DVD (1 of 2) AN121.1
Notes:
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The
system will then display all devices of this type. In the visual, there is only one such device.
Select this device number and then press Enter.

V5.2
Instructor Guide

Purpose — Installing AIX from optical media – “selecting the boot device from SMS”
Details — Go through the example in the foil.
Transition statement — Let's proceed to SMS, page 2.

Instructor Guide
Installing AIX from CD/DVD (2 of 2)

IBM Power Systems
Select Task
Select Task
SCSI CD-ROM
SCSI CD-ROM
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
1. Information
1. Information
2. Normal Mode Boot
2. Normal Mode Boot
3. Service Mode Boot
3. Service Mode Boot
Are you sure you want to exit System Management Services?

Are you sure you want to exit System Management Services?
1. Yes
1. Yes
2. No
2. No
• The system will now boot from the CD/DVD.

******* Please define the System Console. *******
******* Please define the System Console. *******
Type a 1 and press Enter to use this terminal as the
Type a 1 and press Enter to use this terminal as the
system console.
system console.
>>> 1 Type 1 and press Enter to have English during install.
>>> 1 Type 1 and press Enter to have English during install.
Figure 4-5. Installing AIX from CD/DVD (2 of 2) AN121.1
Notes:
Once the optical media device is selected, we need to perform a normal boot and exit SMS
as shown in the visual. The partition will then proceed and boot from the optical media
drive. The first interactive step is to type <1>, and then press Enter to use the terminal as
the system console.

V5.2
Instructor Guide

Purpose — Installing AIX from DVD/CD, selecting the boot device from SMS
Details — Go through the example in the foil.
Transition statement — Let's see the install main menu.

Instructor Guide
Installation and Maintenance

IBM Power Systems
• Main Installation and Maintenance menu
Welcome to Base Operating System

Type the number of your choice and press Enter. Choice is indicated by >>>.
Type the number of your choice and press Enter. Choice is indicated by >>>.
>>> 1 Start Install Now with Default Settings
>>> 1 Start Install Now with Default Settings
2 Change/Show Installation Settings and Install
3 Start Maintenance Mode for System Recovery
4 Configure Network Disks (iSCSI)
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [1]: 2
>>> Choice [1]: 2
• Best practice, always look first at the install options (2)
Figure 4-6. Installation and Maintenance AN121.1
Notes:
If option 1 is selected, a default system installation will occur. However, in most cases you
may want to see and change the default settings. To do this, type a <2> and press Enter.
Select 88 to display help on this or any subsequent installation screen.

V5.2
Instructor Guide

Purpose — Introduce the Installation and Maintenance main menu
Details — The first option starts the installation using the default settings. If you want to
view or alter the current settings, then you need to select the second option, which is
discussed in this unit. The third option allows for maintenance tasks such as going into a
maintenance shell, copying the system dump, carrying out an image backup, and so forth.
Transition statement — Let's see the menu options following the selection of option 2.

Instructor Guide
Installation and Settings

IBM Power Systems
• Installation and Settings menu

Either type 0 and press Enter to install with current settings, or type the
Either type 0 and press Enter to install with current settings, or type the
number of the setting you want to change and press Enter.
number of the setting you want to change and press Enter.
1 System Settings:
1 System Settings:
Method of Installation.............New and Complete Overwrite
Method of Installation.............New and Complete Overwrite
Disk Where You Want to Install.....hdisk0
Disk Where You Want to Install.....hdisk0
2 Primary Language Environment Settings (AFTER Install):
2 Primary Language Environment Settings (AFTER Install):
Cultural Convention................English (United States)
Cultural Convention................English (United States)
Language ..........................English (United States)
Language ..........................English (United States)
Keyboard ..........................English (United States)
Keyboard ..........................English (United States)
Keyboard Type......................Default
Keyboard Type......................Default
3 Security Model.......................Default
3 Security Model.......................Default
4 More Options (Software install options)
4 More Options (Software install options)
>>> 0 Install with the current settings listed above.
>>> 0 Install with the current settings listed above.
+-----------------------------------------------------
+-----------------------------------------------------
88 Help ? | WARNING: Base Operating System Installation will
99 Previous Menu | destroy or impair recovery of ALL data on the
| destination disk hdisk0.
>>> Choice [0]:
>>> Choice [0]:
• Let's explore each option in more detail.

Figure 4-7. Installation and Settings AN121.1
Notes:
The installation and Settings menu enables you to set the key options and configuration
settings to be deployed during installation.

V5.2
Instructor Guide

Purpose — View the Installation and Settings menu
Details — Use this visual as a spring-board to the following visuals which show how the
system settings (Option 1), the primary language environment (Option 2), the security
model (Option 3), and More Options (Option 4) can be changed.
Transition statement — Let's first consider Option 1, the different methods of installation.

Instructor Guide
Method of installation
IBM Power Systems
• Choose option 1 for a fresh install.

Change Method of Installation
Change Method of Installation
Type the number of the installation method and press Enter.
Type the number of the installation method and press Enter.
>>> 1 New and Complete Overwrite
>>> 1 New and Complete Overwrite
Overwrites EVERYTHING on the disk selected for installation.
Overwrites EVERYTHING on the disk selected for installation.
Warning: Only use this method if the disk is totally empty or if there
Warning: Only use this method if the disk is totally empty or if there
is nothing on the disk you want to preserve.
is nothing on the disk you want to preserve.
2 Preservation Install
2 Preservation Install
Preserves SOME of the existing data on the disk selected for
Preserves SOME of the existing data on the disk selected for
installation. Warning: This method overwrites the usr (/usr),
installation. Warning: This method overwrites the usr (/usr),
variable (/var), temporary (/tmp), and root (/) file systems. Other
variable (/var), temporary (/tmp), and root (/) file systems. Other
product (applications) files and configuration data will be destroyed.
product (applications) files and configuration data will be destroyed.
3 Migration Install
3 Migration Install
Upgrades the Base Operating System to the current release.
Upgrades the Base Operating System to the current release.
Other product (applications) files and configuration data are saved.
Other product (applications) files and configuration data are saved.
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [1]:
>>> Choice [1]:
Figure 4-8. Method of installation AN121.1
Notes:
Changing the method of installation
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation submenu shown in the visual is
displayed. The contents of which depends on the current state of the machine.
Complete Overwrite Install
On a new machine, New and Complete Overwrite is the only possible method of
installation. On an existing machine, if you want to completely overwrite the existing
version of BOS, then you should use this method.
Preservation Install
Use the Preservation Install method when a previous version of BOS is installed on
your system and you want to preserve the user data in the root volume group. This
method removes only the contents of /usr, / (root), /var and /tmp. The Preservation
Install option preserves page and dump devices as well as /home and other

V5.2
Instructor Guide
Uempty user-created file systems. System configuration has to be done after doing a
preservation installation.
Migration Install
Use the Migration Install method to upgrade an AIX 5L to an AIX 6 or later version,
while preserving the existing root volume group. This method preserves all file systems
except /tmp, as well as the logical volumes and system configuration files. Obsolete or
selective fix files are removed.

Instructor Guide
Instructor notes:
Purpose — Define the different installation methods
Details — Explain each type of installation method. For this course, you should choose
New and Complete Overwrite.
Transition statement — The next setting to consider, is on which disks the operating
system is going to be installed.

V5.2
Instructor Guide
Uempty
Installation disks
IBM Power Systems
• Select disks to be used for the installation.

Change Disk(s) Where You Want to Install
Change Disk(s) Where You Want to Install
Type one or more numbers for the disk(s) to be used for installation and press
Type one or more numbers for the disk(s) to be used for installation and press
Enter. To cancel a choice, type the corresponding number and Press Enter.
Enter. To cancel a choice, type the corresponding number and Press Enter.
At least one bootable disk must be selected. The current choice is indicated
At least one bootable disk must be selected. The current choice is indicated
by >>>.
by >>>.
Name Location Code Size(MB) VG Status Bootable
Name Location Code Size(MB) VG Status Bootable
>>> 1 hdisk0 none 6528 rootvg Yes No
>>> 1 hdisk0 none 6528 rootvg Yes No
2 hdisk1 none 6528 rootvg Yes No
3
2 hdisk1
hdisk2
none
none
6528
6528
rootvg
none
Yes
Yes
No
No Note: Some SAN
3 hdisk2 none 6528 none Yes No
4
4
hdisk3
hdisk3
none
none
6528
6528
none
none
Yes
Yes
No
No disks may appear
non-bootable. If so,
change the setting
>>> 0 Continue with choices indicated above
>>> 0
55
Continue with choices indicated above
More Disk Options
on the disk
55 More Disk Options subsystem for the
66 Devices not known to Base Operating System Installation
66 Devices not known to Base Operating System Installation
77
77
Display More Disk Information
Display More Disk Information LUNs.
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [0]: Name Device Adapter Connection Location
>>> Choice [0]: Name Device Adapter Connection Location
or Physical Location Code
or Physical Location Code
>>> 1 hdisk0 U9113.550.65F2E7F-V11-C2-T1-L810000000000
>>> 1 hdisk0 U9113.550.65F2E7F-V11-C2-T1-L810000000000
2 hdisk1 U9113.550.65F2E7F-V11-C2-T1-L820000000000
2 hdisk1 U9113.550.65F2E7F-V11-C2-T1-L820000000000
3 hdisk2 U9113.550.65F2E7F-V11-C6-T1-L830000000000
3 hdisk2 U9113.550.65F2E7F-V11-C6-T1-L830000000000
4 hdisk3 U9113.550.65F2E7F-V11-C6-T1-L810000000000
4 hdisk3 U9113.550.65F2E7F-V11-C6-T1-L810000000000
Figure 4-9. Installation disks AN121.1
Notes:
Selecting installation disks
After you select the type of installation, you must then select the disks that are to be used
for the installation. A list of all the available disks is displayed, similar to the one shown.
This screen also gives you the option to install to an unsupported disk by adding the code
for the device first.
When you have finished selecting the disks, type <0> in the Choice field and press Enter.

Instructor Guide
Instructor notes:
Purpose — Define how disks can be selected for installation
Details — After booting from an external media or over the network, BOS install
announces its intentions to install the AIX BOS onto the default disks and asks the user if it
is acceptable. The default disks are where the operating system was previously located. If
the user does not want to use the default disk, then the user can select a target disk. All
disks that are available are displayed with a single option to use a supplemental third party
target device. If the supplemental device option is selected, the BOS install prompts the
user to load the device configuration support drivers.
Option 77 on this menu displays the Physical Volume ID, which is what is found in the
ODM. This information is provided in case a student asks what this option displays.
Transition statement — Let's look how we define the primary language environment.

V5.2
Instructor Guide
Uempty
Set Primary Language Environment

IBM Power Systems
• Default language environment is en_US (US English)

Type the number for the Cultural Convention (such as date, time, and
Type the number for the Cultural Convention (such as date, time, and
money), Language, and Keyboard for this system and press Enter, or type
money), Language, and Keyboard for this system and press Enter, or type
159 and press Enter to create your own combination.
159 and press Enter to create your own combination.
Cultural Convention Language Keyboard
Cultural Convention Language Keyboard
1 C (POSIX) C (POSIX) C (POSIX)
1 C (POSIX) C (POSIX) C (POSIX)
2 Albanian English (United States) Albanian
2 Albanian English (United States) Albanian
3 Arabic (Algeria) English (United States) Arabic (Algeria)
3 Arabic (Algeria) English (United States) Arabic (Algeria)
4 Arabic (Bahrain) English (United States) Arabic (Bahrain)
4 Arabic (Bahrain) English (United States) Arabic (Bahrain)
5 Arabic (Egypt) English (United States) Arabic (Egypt)
5 Arabic (Egypt) English (United States) Arabic (Egypt)
6 Arabic (Jordan) English (United States) Arabic (Jordan)
6 Arabic (Jordan) English (United States) Arabic (Jordan)
7 Arabic (Kuwait) English (United States) Arabic (Kuwait)
7 Arabic (Kuwait) English (United States) Arabic (Kuwait)
8 Arabic (Lebanon) English (United States) Arabic (Lebanon)
8 Arabic (Lebanon) English (United States) Arabic (Lebanon)
9 Arabic (Morocco) English (United States) Arabic (Morocco)
9 Arabic (Morocco) English (United States) Arabic (Morocco)
>>> 10 MORE CHOICES...
>>> 10 MORE CHOICES...
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [10]:
>>> Choice [10]:
Figure 4-10. Set Primary Language Environment AN121.1
Notes:
At this point in the installation process, you can change the language and cultural
convention that is used on the system after installation. This screen will display a full list of
supported languages.
It is recommended that if you are going to change the language, change it at this point
rather than after the installation is complete. Whatever language is specified at this point is
obtained from the installation media.
Cultural Convention determines the way numeric, monetary, and date and time
characteristics are displayed.
The Language field determines the language used to display text and system messages.
The Keyboard field determines the mapping of the keyboard for the selected language
convention.

Instructor Guide
Instructor notes:
Purpose — Define how the primary language environment after the installation is set
Details — The visual shows the list of language environments that can be selected. The
environment is governed by three settings:
• Cultural Conventions which governs such things as the date format, the monetary
symbol, the sorting collation order, and so forth.
• Language which sets the language for the messages.
• Keyboard which governs the character set that is available.
In reality, this screen displays many language options. Users can also create their own
specific combinations by typing 159.
If English (United States) is chosen, a second menu is displayed. On this menu, choose the
type of keyboard being used: 1 for the default keyboard and 2 for the 122-key keyboard.
Point out that “C(POSIX)” is an English based POSIX standard compliant language
environment. This is often sufficient for many systems.
Additional information — The language in which the system runs should be selected at
this point, if at all possible. If a different language is needed after installation is complete,
the install media needs to be available in order to install the appropriate new language
filesets.
Transition statement — Let's look at the options.

V5.2
Instructor Guide
Uempty
Security Models
IBM Power Systems
• These settings are beyond the scope of this class. They are
covered in IBM training course: AIX Security (AU47G).
• Security models are all set to NO by default.
Security Models
Security Models
Type the number of your choice and press Enter.
1. Trusted AIX............................................. No
1. Trusted AIX............................................. No
2. Other Security Options (Trusted AIX and Standard)

2. Other Security Options (Trusted AIX and Standard)
Security options vary based on choices.
Security options vary based on choices.
LSPP, SbD, CAP/CCEVAL, TCB
LSPP, SbD, CAP/CCEVAL, TCB
1. Secure by Default....................................... No
1. Secure by Default....................................... No
2. CAPP and EAL4+ Configuration Install.................... No
2. CAPP and EAL4+ Configuration Install.................... No
3. Trusted Computing Base Install.......................... No
3. Trusted Computing Base Install.......................... No
>>> 0 Continue to more software options.

>>> 0 Continue to more software options.
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
>>> Choice [0]:
>>> Choice [0]:
Figure 4-11. Security Models AN121.1
Notes:
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables
Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based
security.
As compared to regular AIX, Trusted AIX label-based security implements labels for all
subjects and objects in the system. Access controls in the system are based on labels that
provide for an MLS environment and include support for the following:
• Labeled objects: Files, IPC objects, network packets, and other labeled objects
• Labeled printers
• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
Note that once you choose this mode of installation, you will not be able to go back to a
regular AIX environment without performing an overwrite install of regular AIX. Evaluate
your need for a Trusted AIX environment before choosing this mode of install.

Instructor Guide
Do not forget standard AIX provides a set of security features to enable information
managers and administrators to provide a basic level of system and network security. The
primary AIX security features include the following:
• Login and password controlled system and network access
• User, group, and world file access permissions
• Access control lists (ACLs)
• Audit subsystem
• Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further
enhance and extend AIX security into the networking subsystems.
Type <2> and press Enter to continue to other security options. For Trusted AIX, the choice
will be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,
CAPP/EAL4+, and Trusted Computing Base.
ATTENTION: Evaluate your need for any security options before making your choice.
Additional information is available in your security documentation.

V5.2
Instructor Guide

Purpose — Introduce the security options available during AIX installation
Details — This section is for advanced users. You should only cover the details very briefly,
if at all!
Additional information — Some additional info, which may be of help if you get questions:
For a detailed guide into Trusted AIX, see
http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/com.ibm.aix.security/do
c/security/trusted_aix.htm
LSPP: Labeled Security Protection Profile (LSPP) is a protection profile within the common
criteria. It is a set of security, functional, and assurance requirements for IT products. The
LSPP requirements are derived from the B1 class of the US Department of Defense
security standard called Trusted Computer System Evaluation Criteria (TCSEC) which was
originally published in 1985.
EAL4: (Methodically Designed, Tested, and Reviewed). EAL4 permits a developer to gain
maximum assurance from positive security engineering based on good commercial
development practices which, though rigorous, do not require substantial specialist
knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be
economically feasible to retrofit an existing product line. EAL4 is therefore applicable in
those circumstances where developers or users require a moderate to high level of
independently assured security in conventional commodity TOEs and are prepared to incur
additional security-specific engineering costs. Commercial operating systems that provide
conventional, user-based security features are typically evaluated at EAL4.
Secure by Default is a minimal install with high security settings applied.
CAPP/EAL4+ install is a minimal install which controls access to the system.
Trusted Computing Base adds the trusted path, and enables the trusted shell and system
integrity checking.
If students are interested in security, point them to AU47G.
Transition statement — Let's look at the S/W install options.

Instructor Guide
Software install options

IBM Power Systems
• Further install / software options
Install Options
Install Options
1. Graphics Software................................................ Yes
1. Graphics Software................................................ Yes
2. System Management Client Software................................ Yes
2. System Management Client Software................................ Yes
3. Create JFS2 File Systems......................................... Yes
3. Create JFS2 File Systems......................................... Yes
4. Enable System Backups to install any system...................... Yes
4. Enable System Backups to install any system...................... Yes
(Installs all devices)
(Installs all devices)
>>> 5. Install More Software
>>> 5. Install More Software
Install More Software

Install More Software
1. Firefox (Firefox CD).............................. No
1. Firefox (Firefox CD).............................. No
2. Kerberos_5 (Expansion Pack)....................... No
2. Kerberos_5 (Expansion Pack)....................... No
3. Server (Volume 2)................................. No
3. Server (Volume 2)................................. No
0 Install with the current settings listed above.

0 Install with the current settings listed above.
88 Help ?
88 Help ?
99 Previous Menu
99 Previous Menu
Figure 4-12. Software install options AN121.1
Notes:
When Graphics Software Install option is Yes, X11, CDE, WebSM, Java, and other
software dependent on these packages is installed.
System Management Client Software includes WebSM, Java, service agent, lwi and
pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file
systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are
installed. This is the preferred option, and it is very useful if you want to clone the image to
another system which differs in type or device layout.
To install more software, select option 5 and press Enter.

V5.2
Instructor Guide

Purpose — Provide additional information on the Install options
Details — Go through the details on the foil and notes.
Additional information — The filesets included in the “Server (Volume 2)” option are:
Networking
bos.net.nfs.server
bos.net.nis.server
Performance Tools
bos.perf.diag_tool
bos.perf.tools
perfagent.tools
bos.sysmgt.trace
bos.sysmgt.quota
bos.terminfo.print.data
Accounting Services
bos.acct
Transition statement — That's all the options, let see the summary page prior to the
actual install.

Instructor Guide
Install summary and installation

IBM Power Systems
Overwrite Installation Summary

Overwrite Installation Summary
Disks: hdisk0
Disks: hdisk0
Cultural Convention: en_GB
Cultural Convention: en_GB
Language: en_US
Language: en_US
Keyboard: en_GB
Keyboard: en_GB
JFS2 File Systems Created: Yes
JFS2 File Systems Created: Yes
Graphics Software: Yes
Graphics Software: Yes
System Management Client Software: Yes
System Management Client Software: Yes
Enable System Backups to install any system: Yes
Enable System Backups to install any system: Yes
Optional Software being installed:
Optional Software being installed:
>>> 1 Continue with Install

>>> 1 Continue with Install
+-----------------------------------------------------
+-----------------------------------------------------
>>> Choice [1]:
>>> Choice [1]:
Installing Base Operating System

Please wait...
Please wait...
Approximate Elapsed time
% tasks complete (in minutes)
3 0 Making logical volumes
Figure 4-13. Install summary and installation AN121.1
Notes:
Prior to installation, a summary page is displayed. If you are ready to proceed with your
options, select 1 to continue and the system installation will begin. It takes approximately
one hour to build the partition from DVD or CD media.

V5.2
Instructor Guide

Purpose — To introduce the install summary page and BOS install
Details — As per the material
Additional information — You may add that installing AIX6 from CD (1 of 8), involves
considerable CD swapping. It is best to obtain AIX media on DVD.
Transition statement — What happens post install?

Instructor Guide
Accept License Agreements

IBM Power Systems
Software License Agreements

Software License Agreements
Show Installed License Agreements
Show Installed License Agreements

[Entry Fields]
[Entry Fields]
ACCEPT Installed License Agreements yes +
ACCEPT Installed License Agreements yes +
Software Maintenance Agreement

Software Maintenance Agreement
View Software Maintenance Terms and Conditions
View Software Maintenance Terms and Conditions
Accept Software Maintenance Terms and Conditions

[Entry Fields]
[Entry Fields]
ACCEPT Software Maintenance Agreements? yes +
ACCEPT Software Maintenance Agreements? yes +
Figure 4-14. Accept License Agreements AN121.1
Notes:
When AIX installation is complete, the end user has to accept both Software and
Maintenance License agreements, as shown in the visual.

V5.2
Instructor Guide

Purpose — Accepting license agreements
Details — They must be accepted, as per the examples shown in the foil.
Transition statement — Final step, installation assistant.

Instructor Guide
AIX installation: Post steps

IBM Power Systems
• Post-install tasks:
– Accept the license agreement.

– Optional. Using the installation assistant:
• Set root password
• Set date and time
• Configure network
– Exit from installation assistant
– Update for the operating system to the latest TL and SP level
Figure 4-15. AIX installation: Post steps AN121.1
Notes:
The installation is not finished until you complete the post setup in the operating system.
Once AIX has installed, the system will reboot. Several post installation steps are required.
Firstly, you have to accept both the software and maintenance license agreements. Finally,
the installation assistant will start. Although optional, it is recommended that you use the
installation assistant at a minimum to set the root password, date, and time, and configure
the network parameters accordingly.
One AIX is installed, you should update it to the latest technology level and service pack.
These can be downloaded from fix central: http://www.ibm.com/support/fixcentral

V5.2
Instructor Guide

Purpose — Describe the post installation steps
Details — Go through the details in the visual and notes.
Transition statement — Now let's look at the installation assistant that helps with the post
installation steps.

Instructor Guide
Installation assistant and login

IBM Power Systems
Set Date and Time
Set Date and Time
Set root Password
Set root Password
Configure Network Communications
Configure Network Communications
Install Software Applications
Install Software Applications
Tasks Completed - Exit to Login
Tasks Completed - Exit to Login
Note: No root password

AIX Version 6
AIX Version 6 is set by default, if it is
Copyright IBM Corporation, 1982, 2008.
Copyright IBM Corporation, 1982, 2008.
Console login: root
not set using the
Console login: root
Installation
*******************************************************************************
*******************************************************************************
Assistant
* *above.
* *
* *
* *
* Welcome to AIX Version 6.1! *
* Welcome to AIX Version 6.1! *
* *
* *
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* this release of the AIX Operating System. *
* *
* *
* *
* *
*******************************************************************************
*******************************************************************************
#
#
Figure 4-16. Installation assistant and login AN121.1
Notes:
After the license agreements have been accepted, the installation assistant (ASCII
console) or configuration assistant (Graphical console) will be displayed. The install
assistant is similar to a mini version of SMIT. As mentioned earlier in the UNIT, it is
recommended that one uses the installation assistant at a minimum to set the root
password, date, and time and to configure the network parameters accordingly. Another
approach, would be to exit the installation assistant immediately and use smit, command
line, or scripts to configure the system.
The installation assistance can be invoked at any time using the install_assist
command. On a graphical console, either the install_assist or configassist
commands can be used to launch the configuration assistant.

V5.2
Instructor Guide

Purpose — Introduce the install assistant
The graphic-based configuration assistant and the ASCII-based installation assistant are
menu driven utilities that assist the system administrator with final tasks that need to be
performed after the installation of the operating system. In the graphic based configuration
assistant, you just need to point and click to perform the various tasks.
When the tasks are complete, click Exit the Configuration Manager. A second screen
appears where you can choose if you want the Configuration Assistant to be initiated the
next time the root user logs in. Usually, once you have completed the tasks of the
Configuration Assistant, you choose not to have the Configuration Assistant execute upon
root login.
To access the Configuration Assistant / Installation Assistant at a later time, type
install_assist. If using AIXWindows, the command configassist can also be
used. When exiting the Configuration Assistant, if the option to Finish now, and Restart
Configuration Assistant when Restarting AIX is selected, an entry is placed in
/etc/inittab that starts Configuration Assistant. The line identifier is fbcheck.
Details —
Additional information — If you are working remotely, the DISPLAY environment variable
has to be exported for the configassist and install_assist commands to work.
Transition statement — Now that we have finished a walkthrough of the entire install
process (starting with boot from installation media), let see how the process differs if using
a NIM server.

Instructor Guide
AIX installation in a partition using NIM: NIM overview

IBM Power Systems
• What is NIM?
– Centralized Installation and Management of AIX over a network
LPAR 4 Client
Systems
LPAR 1
Public/Open LPAR 2
NIM Server network
NIM resources LPAR 3

lpp_source
SPOT LPAR 4
Client Definitions
LPAR1
LPAR2
…
Actions:
• Resources are allocated to Clients
• Clients are set for a BOS operation
Figure 4-17. AIX installation in a partition using NIM: NIM overview AN121.1
Notes:
Network Install Manager (NIM) Introduction
NIM can be used to manage the installation of the Base Operating System (BOS) and
optional software on one or more networked machines. NIM gives you the ability to
install and maintain the AIX operating system, and any additional software, and fixes
that may be applied over time. NIM allows you to customize the configuration of
machines both during and after installation. NIM eliminates the need for access to
physical media, such as tapes and optical media, once the NIM master has been
loaded. You use the NIM master to load other network “clients”. System backups can be
created with NIM, and stored on any server in the NIM environment. The advantage to
using NIM in an LPAR environment is that it solves the device allocation issue. Since
AIX may already be installed once on the system before it is shipped, you can configure
this partition to be the NIM master. Or, you could use another AIX system that is the
proper AIX version. One of the optional steps in creating a NIM master is creating a
mksysb (AIX system backup image). You could use this mksysb to install AIX in the
other partitions. The advantage to mksysb is that it copies AIX customizations from the
source system.

V5.2
Instructor Guide
Uempty NIM Resources

All operations on clients in the NIM environment require one or more resources. At a
minimum, in order to perform a BOS installation on a client there must be two resources
defined:
• SPOT includes everything that a client machine requires in a /usr file system, such as
the AIX kernel, executable commands, libraries, and applications. The SPOT is
created, controlled, and maintained from the master, even though the SPOT can be
located on another system.
• An lpp_source resource represents a directory in which software installation images
are stored. NIM uses an lpp_source for an installation operation by first mounting the
lpp_source on the client machine. The installp commands are then started on the
client using the mounted lpp_source as the source for installation images. When the
installation operation has completed, NIM automatically unmounts the resource. In
addition to providing images to install machines, lpp_source resources can also be
used to create and update SPOT resources.

Instructor Guide
Instructor notes:
Purpose — Provide a brief introduction to NIM as a prerequisite for AIX installation
Provide a brief introduction to NIM.
Define what a NIM server is, the basic SPOT and lpp_source resources, and how a BOS
installation occurs.
Do not get too involved with NIM as it is a very large topic. Refer students to the IBM
training NIM class AU08G as a means to build important NIM skills.
Transition statement — OK, that concludes the high level NIM introduction. Now, let’s
define the configuration steps required for a client BOS operation.

V5.2
Instructor Guide
Uempty
AIX installation in a partition using NIM:
Configuration steps
IBM Power Systems
Assume a partition and partition profile have been created.

• Setup and configure the NIM master to support a BOS
installation of your machine.
• Activate the partition using SMS boot mode.
• Specify the IP parameters for a network boot.
• Configure the partition to boot from the network adapter.
• Interact with AIX installation menus, if required (depends on
NIM configuration).
• Note:
– Subsequent installs and updates for the same partition can be initiated
from the NIM master.
– A mksysb restore example is provided in a later unit (Backup and

Restore).
Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN121.1
Notes:
To install a partition from a NIM server, you will need to create the partition and partition
profile, for the partition where AIX will be installed. You would complete this step if you were
installing from optical media, except that you would not have to allocate the slot for the CD
or DVD device. The partition will need to be activated in SMS boot mode. From SMS, the
NIM server network details can be entered, which will cause the client to issue a boot
request over the network. From this point, the menu steps are identical to using optical
media.

Instructor Guide
Instructor notes:
Purpose — Define the configuration steps required for a BOS installation of an AIX client
Details — Go through the details in the visual and notes. Keep the details at a high level.
Transition statement — While the details of installing and configuring a NIM server is
covered in a later course, you do need to understand how to initiate a network install using
an already configured NIM server. Let’s look at what is involved in executing a network boot
using SMS.

V5.2
Instructor Guide
Uempty
Network boot (1 of 7)
IBM Power Systems
Select the Setup Remote IPL option:
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
4. Select Console
--------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------
Figure 4-19. Network boot (1 of 7) AN121.1
Notes:
Network boot (remote IPL)

To configure a partition to boot from another system over the network, choose Setup
Remote IPL (Initial Program Load) from the main SMS menu.

Instructor Guide
Instructor notes:
Purpose — Show where to initiate a network boot.
Details — This page shows where to access the Remote IPL option (that is, network boot).
Not all SMS versions will have menus that look exactly like this. Point out that you will need
to read the menu and choose the appropriate item for “Remote IPL” or similar phrase.
Transition statement — The next visual shows the screen that you will see after choosing
option 2 from the main SMS menu.

V5.2
Instructor Guide
Uempty
IBM Power Systems
Choose the network adapter:
PowerPC Firmware
Version EL320_040
----------------------------------------------------------
NIC Adapters
Device Location Code
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-
T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-
T2
----------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
Notes:
NIC adapter
Select which network interface to use. The example in the visual shows two ports on the
integrated Ethernet controller.

Instructor Guide
Instructor notes:
Purpose — Describe what to do from the Remote IPL SMS menu.
Details — The visual shows the screen where you choose which network adapter to use to
access the NIM server.
Transition statement — After selecting the Network adapter, the following menu displays

V5.2
Instructor Guide
Uempty
IBM Power Systems
Select the Network service
PowerPC Firmware
Version EL320_040
---------------------------------------------------------
Select Network Service
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. BOOTP
2. ISCSI
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
Notes:
Select the Network service: BOOTP.

Instructor Guide
Instructor notes:
Purpose — Explain network service selection.
Details —
Transition statement — Then displays the menu where to specify the network parameters
and the network adapter configuration.

V5.2
Instructor Guide
Uempty
IBM Power Systems
Set up the IP parameters, the adapter configuration

options, then perform the ping test:
PowerPC Firmware
Version EL320_040
---------------------------------------------------------
Network Parameters
1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
Notes:
Network parameters
Choose option 1 and configure the IP parameters. This screen is shown in the next
visual.
Then choose option 2 and configure the adapter settings, such as media speed and
duplex setting.
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network
adapter as a boot device, and exit the SMS menu. This will start the network boot
process.

Instructor Guide
Instructor notes:
Purpose — Describe what to do from the Network Parameters SMS menu.
Details — At this point the procedure is to choose option 1, then 2, then 3, and then return
to the SMS main menu and exit SMS.
Transition statement — Let’s see the screen if you choose option 1, IP Parameters.

V5.2
Instructor Guide
Uempty
IBM Power Systems
IP parameters:
PowerPC Firmware
Version EL320_040
---------------------------------------------------------
IP Parameters
1. Client IP Address [10.6.103.64]
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
4. Subnet Mask [255.255.255.0]
---------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
Notes:
IP parameters
Enter the IP address of the client, which is the partition.
Enter the IP address of the server, which is the NIM server.
Enter the IP address of the gateway. This is the partition’s gateway system; so it must
be local on the partition’s subnet. This value can be a valid route on the same subnet as
the client partition or the IP address of the NIM server. Ask your network administrator
which system to use.
Enter the subnet mask that the partition is using.
Adapter configuration
Once you’ve entered this information, return to the previous screen and choose the
Adapter Configuration option. Here you will need to specify the media speed and the
duplex setting.

Instructor Guide
Ping test and network boot

After you have configured the adapter parameters, return to the main SMS menu. Run
the ping test, and if successful, select the network adapter as a boot device, then exit
the SMS menus to begin the boot process and the installation.

V5.2
Instructor Guide

Purpose — Describe what to enter on the IP Parameters SMS screen.
Details — Do not describe what a subnet mask is, or even much about gateways if the
students do not meet the prerequisite training on this topic. You do not have time for a
mini-TCP/IP lesson. Encourage them to discuss these items with their network
administrator if they are not familiar with them, or recommend that they take a TCP/IP
course.
Transition statement — Now, let’s see the adapter configuration screen.

Instructor Guide
IBM Power Systems
Adapter configuration:
PowerPC Firmware
Version EL320_040
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4
1. Speed,Duplex
Disable Spanning Tree
2. Spanning Tree Enabled
for faster operation
3. Protocol
---------------------------------------------------------
Navigation Keys:
---------------------------------------------------------
Notes:
Overview
The adapter configuration screen allows you to set parameters for the adapter itself.
Typically, you can leave it alone with the exception of optionally disabling spanning tree.
This will make the boot go much faster.
The value for option 2 will not change, that is, from Enabled to Disabled. The option
should have a question mark next to it that is answered when you choose the option.

V5.2
Instructor Guide

Purpose — Show the parameters available on the adapter configuration screen.
Details — This screen allows you to configure the adapter parameters. You can disable
spanning tree for a faster NIM or media boot.
Transition statement — What is left is the ping test.

Instructor Guide
IBM Power Systems
• When remote IPL is configured, perform the ping test

– If ping is unsuccessful:
• Is NIM server on network?
• Check IP Parameters screen for mistakes
– Is gateway correct and available?
• Try again
• Return to SMS Select Boot Options menu
– Select the network adapter as the Install/Boot Device
• Exit from SMS initiates network boot.
• AIX Install and Maintenance menu processing is the same as
previously described.
• NIM can have unattended install with no console interaction
Notes:
Ping test
This option pings the NIM server. If it fails, suspect your IP configuration or the network.

V5.2
Instructor Guide

Purpose — Describe how to perform the ping test and what might be wrong if it is
unsuccessful.
Details — There is nothing to configure on the ping test screen. Just initiate the ping. The
messages will tell you whether it is successful or if it failed.
Transition statement — Next, we’ll see where to get more information on this topic.

Instructor Guide
Checkpoint
IBM Power Systems
1. AIX 6 can be installed from which of the following?

(Select all that are correct)
a. 8 mm tape
b. optical media-ROM
c. Diskette
d. NIM Server
2. True or False: A Preservation install preserves all data

on the disks.
3. What is the console used for during the installation
process?
_____________________________________________
_____________________________________________
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems
1. AIX V6.1 can that be installed from which of the following?

a. 8 mm tape
b. CD-ROM
c. Diskette
d. NIM Server
2. True or False: A Preservation install preserves all data on the
disks.
Preserves some of the existing data on the disk selected for
installation. This method overwrites the user (/usr), variable
(/var), temporary (/tmp), and root (/) file systems. Other
product application files and configuration data are destroyed.
3. What is the console used for during the installation process?
The console is used to display all the system messages and to
interact with the installation.

Instructor Guide
Exercise 4
IBM Power Systems
AIX
installation
Notes:

V5.2
Instructor Guide

Purpose —
Details —

Instructor Guide
Unit summary
IBM Power Systems

• List the steps necessary to install the AIX version 6.1
base operating system
• Install and understand all the options when installing AIX
6.1 from optical media
• Execute a network boot to use a configured NIM server
Notes:

V5.2
Instructor Guide

Purpose —
Details —

Instructor Guide

V5.2
Instructor Guide
Uempty Unit 5. AIX software installation and maintenance
Estimated time
01:15

This unit describes how to perform software installation and
maintenance.

• Define the package definitions and naming conventions
• Understand AIX software levels and states
• Identify how software products and updates are installed and
managed on the system
• Recover from broken and inconsistent software states
• How to download fixes using Fix Central and SUMA
• Identify if all the components in the Power and AIX environment
are compatible and supported

Accountability:
• Checkpoint
References
SG24-7463 AIX 5L Differences Guide: Version 5.3 Edition
(redbook)
following address:
© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-1
Instructor Guide
Unit objectives
IBM Power Systems

– Determine the current installed level of the OS and individual filesets

• Identify if all the components in the Power and AIX
environment are compatible and supported
Notes:

V5.2
Instructor Guide

• Identify how software products and updates are installed and managed on the system
• Identify if all the components in the Power and AIX environment are compatible and
supported
Details —
Additional information — Thanks to Rosemary Killeen (EMEA VFE POWER Software
Support Specialist) for sanity checking this unit.
Transition statement — Let's start by seeing what AIX media is available.
Instructor Guide
AIX media
IBM Power Systems
AIX
AIX AIX AIX AIX 6.1 Base (DVD or CD)
AIX AIX
+ update CDs
A IX
AIX 6.1 Expansion Pack
AIX AIX 6.1 Infocenter
AIX
AIX Toolbox for Linux
AIX
Mozilla Firefox Browser
Figure 5-2. AIX media AN121.1
Notes:
Each of the products listed above has a separate order number and feature code. At the
time of publication they were:
AIX V6.1 standard edition, feature code: 5692-A6P, order number: 0967
• AIX v6.1 Base
• AIX v6.1 Expansion Pack
• AIX v6.1 InfoCenter (DVD)
• AIX Toolbox for Linux
• Mozilla Firefox Browser
For virtual environments, a PowerVM license is required. The following software is
supplied:
• Virtual I/O Server V2.1
• Virtual I/O Server Expansion Pack

V5.2
Instructor Guide
Uempty The AIX Expansion Pack is a collection of extra software that extends the base operating
system capabilities. It contains filesets such as:
• Open Secure Sockets Layer (OpenSSL)
• Java 6 32- and 64-Bit
• iSCSI Target Device Driver
• List of Open Files (LSOF) and many more
The AIX Infocenter contains a list of support guides and help documentation. It is also
available online: http://publib.boulder.ibm.com/infocenter/system
Also available on-line is the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/p/os/aix/linux/toolbox/download.html.
Instructor Guide
Instructor notes:
Purpose — Define exactly what software is available for AIX.
Details — Go through the core software stack available for p systems.
Transition statement — Let's define the structure of an LPP package.

V5.2
Instructor Guide
Uempty
Software packaging definitions

IBM Power Systems
LPP
Base Operating
System Component
bos
Package
Base Networking
package
bos.net
TCP/IP collection
of filesets
bos.net.tcp
bos.net.tcp.server
Fileset
TCP/IP Server fileset
‘the smallest unit’
Figure 5-3. Software packaging definitions AN121.1
Notes:
Licensed Program Product (LPP)
A collection of packages that form an installable product.
Package
A package contains a group of filesets with a common function. It is a single, installable
image. AIX packages are a bundle of binaries glued together with the meta-information
(name, version, dependencies).
Fileset
A fileset is the smallest, individually installable unit. Generally, it is a single subsystem.
For example, bos.net.tcp.server is a fileset in the bos.net package. This image is a
Unix Backup File Format file (BFF), created with the backup command. Files in an LPP
can be listed with: restore –Tvf <package> or extracted with restore –xvf <package>.
For example: To list the contents of bos.rte.control fileset contained in TL02 SP01:
# restore -Tvf U814098.bff
Instructor Guide
Please mount volume 1 on U814098.bff.

Press Enter to continue.
New volume on U814098.bff:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Wed 1 Oct 21:08:15 2008
Files are backed up by name.
The user is BUILD.
0 ./
6036 ./lpp_name
0 ./usr
0 ./usr/lpp
0 ./usr/lpp/bos/bos.rte.control/6.1.2.0
69252 ./usr/lpp/bos/bos.rte.control/6.1.2.0/liblpp.a
0 ./usr/lpp/bos/bos.rte.control/6.1.2.0/inst_root
14040 ./usr/lpp/bos/bos.rte.control/6.1.2.0/inst_root/liblpp.a
….note, some items removed for clarity…………..
232871 ./usr/lib/inst_updt/libwlm.a/shr_64.o
109698 ./usr/sbin/armsrvconv
43889 ./usr/sbin/shutdown
12712 ./usr/sbin/swapoff
17876 ./usr/sbin/swapon
16724 ./usr/sbin/mkitab
83954 ./usr/sbin/rsct/bin/IBM.WLMRMd
6198 ./usr/sbin/wlmassign
24462 ./usr/sbin/wlmcntrl
The total size is 25207820 bytes.
The number of archived files is 41.
Note: This is the only way, in AIX, to see which files are located within an LPP fileset,
prior to install.

V5.2
Instructor Guide

Purpose — Explain the packaging terminology.
Details — Ensure everyone understands the association of each of the definitions.
• Fileset: Smallest individual installable unit
• Package: Collection of filesets built to form one installable image, for example, bos.net
• LPP: One or more packages bundled together, for example, bos
Transition statement — Now we understand LPPs, some are grouped together as
bundles. Let's take a look.
Instructor Guide
Software bundles
IBM Power Systems
• A bundle is a collection of packages and filesets suited for a particular

environment
• There are many predefined system bundles in AIX which include:
– AllDevicesKernels
– Alt_Disk_Install
– openssh_client and openssh_server
• Full list in /usr/sys/inst.data/sys_bundles. Example:
## /usr/sys/inst.data/sys_bundles
/usr/sys/inst.data/sys_bundles ## cat
cat openssh_server.bnd
openssh_server.bnd
## MEDIA="Expansion
MEDIA="Expansion Pack"
Pack"
I:openssl.base
I:openssl.base
I:openssl.man.en_US
I:openssl.man.en_US
I:openssh.base.server
I:openssh.base.server
I:openssh.man.en_US
I:openssh.man.en_US
Figure 5-4. Software bundles AN121.1
Notes:
Since there are thousands of filesets, having to determine which individual fileset you want
on your machine could be a time-consuming task. AIX has bundles which offer a collection
of filesets that suit a particular purpose. For example, if you are developing applications,
the App-Dev bundle would be the logical choice to install.
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are
equivalent to product offerings. Often, however, they are a subset of a product offering or a
separate customized bundle. The bundles available may vary from AIX version to AIX
version.

V5.2
Instructor Guide

Purpose — Introduce how LPPs can be grouped together into bundles
Details — The standard bundle definitions that control what selections appear in SMIT or
the Web-based System Manager are stored in /usr/sys/inst.data/sys_bundles. The
following are examples of predefined bundles:
• Application Development Bundle (App-Dev)
- A collection of software packages used for developing application programs.
• Media-Defined Bundle (Media-Defined)
- Filesets from the installation media.
• Other predefined system bundles are:
- CDE
- GNOME
- KDE
- devices
- wsm_remote
Additional information — Explain to students how to create bundles if they ask, this is a
very useful feature of AIX – especially when driving a NIM server.
Transition statement — Now we understand LPPs and bundles. Let's define AIX software
levels.
Instructor Guide
AIX software levels

IBM Power Systems
• There are four distinct software levels and management for AIX.
– Base level
– Technology level (TL)
– Service pack (SP)
– Interim fixes
Fix Packs
Interim
Base Technology Service packs
+ fixes
AIX Level level
(Contain APARs)
Figure 5-5. AIX software levels AN121.1
Notes:
Base AIX level is OS version and release, as first installed.
Maintenance:
• Technology level (TL). A TL is a major maintenance update and contains fixes and
functional enhancements. TLs are released twice per year. The first TL is restricted to
hardware features and enablement, in addition to software service. The second TL
includes new hardware features and enablement, software service, and new software
features, making it the larger of the two yearly releases. Each TL is supported for up to
two years from the introduction of the update. This means that clients with a Software
Maintenance Agreement for the AIX OS will be able to contact IBM support for defect
support during that two year period without having to move up to the latest Technology
Level update. In previous versions of AIX, Technology levels were referred to as
Maintenance Levels (ML). The terms are often still used interchangeably.

V5.2
Instructor Guide
Uempty • Service pack (SP). SPs contain service-only updates, also known as Program
Temporary Fixes (PTF), that are grouped together for easier identification. SPs are
released between Technology Levels and contain fixes for highly pervasive, critical, or
security-related issues. Service Packs are cumulative.
• Interim fixes (ifix). Generally, this term refers to a certified fix that is generally available
to all customers between regularly scheduled fix packs or other releases. It can contain
fixes for one or more product defects (APARs). Specifically for AIX, the term Interim Fix
(IF) is used as a replacement for “emergency fix” or “efix”. While the term emergency fix
is still applicable in some situations (a fix given in the middle of the night with minimal
testing, for example), the term Interim Fix is more descriptive in that it implies a
temporary state until an update can be applied that has been through more extensive
testing. IF fixes often rectify security vulnerabilities.
• APARs (Authorized Problem Analysis Reports). A formal report to IBM
development, of a problem caused by a suspected defect in a current unaltered release
of an IBM program.
Instructor Guide
Instructor notes:
Purpose — Explain the tiers of AIX software levels.
Details — Explain the details in the foil and notes.
Additional information — Ensure all students are aware that once they build an AIX
system, their first task should be to bring it up to the latest TL and SP level.
Transition statement — Let's see how to discover the installed level (technology level,
maintenance level, and service pack) of the system.

V5.2
Instructor Guide
Uempty
What is my AIX version?

IBM Power Systems
• To obtain the AIX level, use the oslevel command.
## oslevel
oslevel -s
-s
6100-02-01-0847
6100-02-01-0847
Service Pack
AIX Level Release date
VRMF for example, 47th week
in 2008
Service Pack
Technology
Level
• To upgrade from one AIX version and release to another, for example,
AIX 5.3 to AIX 6.1, a migration must be performed.
• New TLs or SPs are applied through updates.
Figure 5-6. What is my AIX version? AN121.1
Notes:
The oslevel command reports the latest installed maintenance, technology level, and
service pack on the system.
The visual above shows the system is level AIX 6.1, technology level 2, service pack 1.
Service packs and technology level fixes are applied to the running system. To update the
system with a new level, for example, from AIX 5.3 to 6.1, a new migration update must
take place. This involves system downtime.
Instructor Guide
Instructor notes:
Purpose — How to report the current OS level of the system
Details — Explain the output of oslevel –s command. Ensure they understand the
difference between migrating and updating the system.
Transition statement — How do we perform software and installation maintenance?

V5.2
Instructor Guide
Uempty
Software installation and maintenance

IBM Power Systems
• All aspects of software installation and maintenance can be

performed from SMIT, the command line, or systems director
console.
• Command line interaction:
– lslpp: lists installed software
– installp: traditional AIX command for installing and maintaining
LPP packages
– rpm: redhat Linux command for installing and maintaining rpm
filesets (part of the AIX Linux affinity introduced in AIX 5L)
– geninstall: a generic installer that installs software of various
package formats: LPP, RPM, and ISMP.
Figure 5-7. Software installation and maintenance AN121.1
Notes:
The lslpp and installp commands are vital for interacting, installing, and maintaining
software on AIX.
The rpm and geninstall commands are relatively new. These commands were
introduced in AIX5L as a result of the AIX / Linux affinity and support for other software
formats like RPM and ISMP (InstallShield MultiPlatform).
Instructor Guide
Instructor notes:
Purpose — Provide an overview of software and installation maintenance.
Details — Generally speaking, most software installation and maintenance is carried out
through a combination of SMIT and command line interaction (through installp). RPM is
part of the Linux affinity and is useful when manipulating rpm packages. The command
geninstall was added at 5.1 to scope with various package types: LPP, RPM, ISMP (lots
os Tivoli software is packaged in this format).
Transition statement — Before we show how to install software, let's explain the concept
of a software repository.

V5.2
Instructor Guide
Uempty
Software repository
IBM Power Systems
• A location on disk which contains AIX software

– Default image directory is: /usr/sys/inst.images
– AIX filesets require a .toc file
• To copy software, for example from an AIX CD to disk, use the
SMIT facility, copy software to hard disk for future installation (or the
AIX command, bffcreate)
Copy
Copy Software
Software to
to Hard
Hard Disk
Disk for
for Future
Future Installation
Installation
[Entry
[Entry Fields]
Fields]
** INPUT
INPUT device
device // directory
directory for
for software
software /dev/cd0
/dev/cd0
** SOFTWARE package to copy
SOFTWARE package to copy [all]
[all] ++
** DIRECTORY
DIRECTORY for
for storing
storing software
software package
package
[/usr/sys/inst.images]
[/usr/sys/inst.images]
DIRECTORY
DIRECTORY for
for temporary
temporary storage
storage during
during copying
copying [/tmp]
[/tmp]
EXTEND file systems if space needed?
EXTEND file systems if space needed? yes
yes ++
Process
Process multiple
multiple volumes?
volumes? yes
yes
Figure 5-8. Software repository AN121.1
Notes:
Generally, it is useful and sometimes necessary, for example when building and managing
a NIM server to store software to disk. AIX refers to this as a software repository. The
default software repository is sometimes referred to as the default installation image
directory. Its location on AIX is /usr/sys/inst.images. However, it is advisable to create and
manage a repository in a separate file system that is not contained in the AIX root volume
group.
The tables of contents (.toc) file
This is a mandatory file required for installing and updating packages on AIX. If the
command line is used (installp), then the user has to manually create the .toc file. This is
done using the inutoc command. To create a .toc file in the current directory, type:
<inutoc>. SMIT automatically creates a .toc file when copying software files to disk and
prior to installing LPPs.
Instructor Guide
Instructor notes:
Purpose — Explain the concept of a software repository.
Details — Refer to the details in the visual and notes. Go through the example explaining
how to copy the contents of an AIX CD to disk.
Transition statement — Let's explain software states, apply, and commit.

V5.2
Instructor Guide
Uempty
Software states
IBM Power Systems
• The base installation of software is always in a committed

state.
– Committed is a permanent state
• When updates are installed, they can be either applied or
committed.
– Applied software can later be rejected or committed.
6.1.1.1
bos.net.tcp.adt Action: Install & Commit
Committed
6.1.1.1
AIX
6.1.1.1 Saved
6.1.1.1
bos.net.tcp.adt
Action: Apply Committed
6.1.1.2 Reject
6.1.1.2 Applied or
AIX
Commit
6.1.1.2
Committed
Figure 5-9. Software states AN121.1
Notes:
Committed state and the initial install
AIX has a number of software states. When you are installing software for the first time,
the software automatically installs to a committed state. This means there is only one
level of that software product installed on your system.
Applied state versus committed state for maintenance
When you are installing a set of fixes or upgrading to a new technology level on your
system, you have the option of installing the software either in the committed state or
the applied state. The applied state allows you to maintain two levels of the software on
your system. When software is installed in the applied state, the older version is saved
on the disk and is deactivated, while the newer version is installed and becomes the
active version.
Instructor Guide
The applied state gives you the opportunity to test the newer software before
committing to its use. If it works as expected, then you can commit the software, which
removes the old version from the disk. If the newer version is causing a problem, you
can reject, it which removes the newer version and reverts back to the old version.

V5.2
Instructor Guide

Purpose — Define the applied and committed states.
Details — Go through the process of applying, committing, and rejecting software.
A fix can only be applied to a fileset which is in a committed state. If the fileset is in an
applied state, you must first commit that previous level before applying the new level.
Transition statement — Let's see how we list the version and states of AIX installed
software.
Instructor Guide
Software listing and versioning

IBM Power Systems
• Software listing is done with the lslpp command.
## lslpp
lslpp -L
-L |grep
|grep bos.net.tcp.server
bos.net.tcp.server
bos.net.tcp.server
bos.net.tcp.server 6.1.1.1
6.1.1.1 CC FF TCP/IP
TCP/IP Server
Server
Version Release Modification Fix

AIX Migration smit update_all
State codes:
State codes:
A -- Applied.
A -- Applied.
B -- Broken.
B -- Broken.
C -- Committed.
C & F are State
C -- Committed. and Type codes.
E -- EFIX Locked.
E -- EFIX Locked.
O -- Obsolete. (partially migrated to newer version)
O -- Obsolete. (partially migrated to newer version)
? -- Inconsistent State...Run lppchk -v.
? -- Inconsistent State...Run lppchk -v.
Type codes:
Type codes:
F -- Installp Fileset
F -- Installp Fileset
P -- Product
P -- Product
C -- Component
C -- Component
T -- Feature
T -- Feature
R -- RPM Package
R -- RPM Package
E -- Interim Fix
E -- Interim Fix
Figure 5-10. Software listing and versioning AN121.1
Notes:
The lslpp command displays information about installed filesets or fileset updates. Each
fileset has a version number associated with it (in the format of
Version.Release.Modification.Fix, a state code, and a type code as shown above.

V5.2
Instructor Guide

Purpose — Explain how to list the level and states of an LPP fileset.
Details — Review the lslpp command and associated output.
Additional information — Do not forget to point out State and Type codes. You may want
to explain some other lslpp flags.
Transition statement — Let's see how to find out what files are in an lpp and what lpp a
file belongs to.
Instructor Guide
lslpp, filesets and files

IBM Power Systems
• Switches -f and -w are very useful lslpp flags.

List files in an
LPP fileset.
## lslpp
lslpp -f
-f alex.grumpy.rte
alex.grumpy.rte
Fileset
Fileset File
File
---------------------------------------------------------
---------------------------------------------------------
Path:
Path: /usr/lib/objrepos
/usr/lib/objrepos
alex.grumpy.rte
alex.grumpy.rte 1.0.0.5
1.0.0.5
/usr/local/grumpy/grumpyrecovery
/usr/local/grumpy/grumpyrecovery
/usr/local/grumpy/README
/usr/local/grumpy/README
/usr/local/grumpy/grumpystart
/usr/sbin/gfunctions
/usr/sbin/gfunctions
/usr/local/grumpy/grumpycheck
/usr/local/grumpy/grumpycheck
/usr/local/grumpy/grumpystop
/usr/local/grumpy/grumpystop To which
## lslpp
fileset does a
lslpp -w
-w /usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart file belong?
File
File Fileset
Fileset Type
Type
-----------------------------------------------------------
-----------------------------------------------------------
/usr/local/grumpy/grumpystart alex.grumpy.rte
alex.grumpy.rte File
File
Figure 5-11. lslpp, filesets and files AN121.1
Notes:
The lslpp command has many useful flags associated with it. It is also possible to see when
a particular LPP was installed using the –h flag. See lslpp man page for more information.
A situation may arise where you want to use a particular command but it is not installed on
the system and you are not sure what LPP fileset to install to be able to use the binary. To
help with this problem you can use the which_fileset command. The which_fileset
command searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command
name, and prints out the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
Example:
# which_fileset shutdown
/usr/sbin/shutdownbos.rte.control 6.1.2.0

V5.2
Instructor Guide

Purpose — Explain how to find out what files are in an lpp and what LPP a file belongs to.
Details — Introduce the –f and –w flags to the lslpp command. Some users, may find
which_fileset useful so I included it in the student notes as supplement any information
only.
Additional information — alex.grumpy.rte is an application that was originally written for
AU56 HACMP masterclass. It is now used in AU61 for Problem Determination. It is an
application written in C and packaged as an LPP fileset. Many development organizations
package their own products into LPPs. If you know how to, then explain it to the students –
it is great fun. If not, just proceed.
Transition statement — Let's see how to install new software.
Instructor Guide
Installing new software using SMIT

IBM Power Systems
• smit install_all
Install and Update from ALL Available Software

Install and Update from ALL Available Software
[Entry Fields]
[Entry Fields]
* INPUT device / directory for software .
* INPUT device / directory for software .
* SOFTWARE to install [] +
* SOFTWARE to install [] +
PREVIEW only? (install operation will NOT occur) no +
PREVIEW only? (install operation will NOT occur) no +
COMMIT software updates? yes +
COMMIT software updates? yes +
SAVE replaced files? no +
SAVE replaced files? no +
AUTOMATICALLY install requisite software? yes +
AUTOMATICALLY install requisite software? yes +
EXTEND file systems if space needed? yes +
OVERWRITE same or newer versions? no +
OVERWRITE same or newer versions? no +
VERIFY install and check file sizes? no +
VERIFY install and check file sizes? no +
DETAILED output? no +
Process multiple volumes? yes +
Process multiple volumes? yes +
ACCEPT new license agreements? no +
ACCEPT new license agreements? no +
Preview new LICENSE agreements? no +
Preview new LICENSE agreements? no +
Figure 5-12. Installing new software using SMIT AN121.1
Notes:
There are two fast paths worth remembering when it comes to software and SMIT:
• install_all – to install new software
• update_all – to update current software
Prior to the screen shown in the visual, you will be asked to select the “INPUT device /
directory for software”. The input device could be tape (/dev/rmt0), optical media
(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently
reside in.
The default behavior when installing new software is to commit. To first apply software
rather than commit, change the COMMIT software updates field to No.

V5.2
Instructor Guide

Purpose — Show how to install software on AIX.
Details — Go through the SMIT panel. Highlight the key fields:
• INPUT device / directory for software
• SOFTWARE to install
• PREVIEW only?
• COMMIT software updates?
• SAVE replaced files?
• AUTOMATICALLY install requisite software?
Additional information — Optionally, but recommended, explain that .toc files are created
automatically when using SMIT.
Transition statement — Let's see how to install software using the command line.
Instructor Guide
Installing software using command line, examples

IBM Power Systems
• installp
– a (apply), -c (commit), -p (preview), -g (apply prerequites), -X (expand
filesystems, if needed), -Y (accept license agreements), -d (device or
directory location of software)
## installp
installp -acpgXYd
-acpgXYd .. bos.rte.install
bos.rte.install
## installp
installp -acpgXYd /TL02_SP01
-acpgXYd /TL02_SP01 all
all
• geninstall
– I (use installp flags, as described above), -p (preview), -d (device or
directory location of software)
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d .. bos.rte.install
bos.rte.install
## geninstall
geninstall -I "-acgXY" -p -d /TL02_SP01
-I "-acgXY" -p -d /TL02_SP01 all
all
Figure 5-13. Installing software using command line, examples AN121.1
Notes:
The installp and geninstall commands install and update software from the
command line on AIX. They both accept a large number of flags. The popular flags are
shown in the visual.

V5.2
Instructor Guide

Purpose — Show how to install software on AIX using the command line.
Details — Go through the installp and geninstall examples in the visual.
Transition statement — Let's introduce RPM.
Instructor Guide
Red Hat Package Manager filesets

IBM Power Systems
• IBM provides strong Linux affinity within AIX

• Many useful packages for AIX come in RPM format
– Developed by Redhat, now used in many Linux flavors
– Examples (included within the Linux Toolbox for AIX):
• cdrecord
• mkiosfs
• apache Remove
List
package without
• bash packages
dependencies
## rpm
rpm –qa
–qa
## rpm
rpm --nodeps
--nodeps -e
-e cairo-1.0.2-6
cairo-1.0.2-6
## rpm
rpm -i
-i bash-3.2-1.aix.ppc.rpm
bash-3.2-1.aix.ppc.rpm Install
package
Figure 5-14. Red Hat Package Manager filesets AN121.1
Notes:
In addition to providing the ability to run a Linux operating system on IBM Power
Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity
enables faster and less costly deployment of multi-platform, integrated solutions across
AIX and Linux platforms. Linux packages can be installed and manipulated on AIX using
the Redhat Package Manager as shown in the visual.
AIX affinity with Linux includes Linux application source compatibility, compliance with
emerging Linux standards, and a GNU Linux build-time environment with GNU and other
open source tools and utilities that combine to facilitate the development and deployment
of Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs to
be easily recompiled for native execution on the AIX OS. This approach allows you to
benefit from the capabilities of Linux applications combined with the industrial strength
foundation and performance advantages afforded to native AIX applications.

V5.2
Instructor Guide

Purpose — Introduce RMP and Linux affinity within AIX.
Additional information — IBM’s goal is to enable customers to be able to select the
proper applications, operating environments, and technologies that fit the business, rather
than having customers compromise the business to fit a single environment or technology.
The rpm options shown are as follows:

-q : query
-e : erase
-i : install
--nodeps : no dependency check
Transition statement — Let’s see how to update the system.
Instructor Guide
Applying patches to the system

IBM Power Systems
• Ideally, all systems should be at the latest fix pack (TL and SP level).
• IBM recommends installing the complete fix pack.
• System updates can be applied through smit update_all or using
geninstall or installp commands.
Some items
smitty update_all
smitty update_all
removed for
* INPUT device / directory for software /updates
clarity
* INPUT device / directory for software /updates
* SOFTWARE to update _update_all
* SOFTWARE to update _update_all
PREVIEW only? (update operation will NOT occur) yes +
PREVIEW only? (update operation will NOT occur) yes +
COMMIT software updates? no +
COMMIT software updates? no +
SAVE replaced files? yes
SAVE replaced files? yes
• Updates can first be applied, then committed at a later time.

– This enables you to roll back if needed.
– Once software is committed there is no going back without removal and reinstall.
Figure 5-15. Applying patches to the system AN121.1
Notes:
In the past, AIX system administrators would often download and install individual filesets
on a system. This caused the software be at mixed levels and sometime created more
problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
• Technology level (also known as Maintenance level in previous releases)
• Service Pack
In accordance with 'Enhanced Service Strategy Releases', these generally available
updates have been tested to operate best when all updates in a fix pack are installed. IBM
recommends installing the complete fix pack. AIX updates are provided as Technology
Level packages or Service Packs. These generally available updates have been tested to
operate best when all updates in a fix pack are installed. IBM recommends installing the
complete fix pack.

V5.2
Instructor Guide

Purpose — Show how to patch an AIX system.
Details — Go through the details in the visual and the notes.
Transition statement — Let's see an update example using the command line.
Instructor Guide
Applying patches, apply, commit, reject

IBM Power Systems
• installp, example:
# lslpp -L |grep -i cluster |grep pdf

cluster.doc.en_US.es.pdf 5.4.0.0 C F HAES PDF Documentation
cluster.doc.en_US.es.pdf 5.4.0.0 C F HAES PDF Documentation Apply
# installp -aB -d . cluster.doc.en_US.es.pdf
# installp -aB -d . cluster.doc.en_US.es.pdf Update
(-aB)
cluster.doc.en_US.es.pdf 5.4.1.0 A F HAES PDF Documentation
cluster.doc.en_US.es.pdf 5.4.1.0 A F HAES PDF Documentation
Note: “installp –s # will list all Applied software on the system”
Note: “installp –s # will list all Applied software on the system”
Reject
# installp –r cluster.doc.en_US.es.pdf
# installp –r cluster.doc.en_US.es.pdf (-r)
OR ––
OR
Commit all
# installp –c all Applied
# installp –c all
software (-c)
Installation Summary
--------------------
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS
cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS
Figure 5-16. Applying patches, apply, commit, reject AN121.1
Notes:
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
could be done with system management tools like SMIT, geninstall or installp
commands. It is often very useful to remember key installp flags. The flags, -aB mean apply
and update the fileset. Once applied the update can be rejected (-r) or committed (-c).
In this example, the filesets are stored in a software repository on disk in which we are
currently located. Hence the device location (-d) is set to “dot” (the current directory).

V5.2
Instructor Guide

Purpose — Show updates from command line.
Details — Point out that it is often useful to first apply updates and test before committing
them, especially when installing TLs/SPs.
Transition statement — Let's see how we list fixes.
Instructor Guide
Listing fixes (APARs) installed on the system

IBM Power Systems
• TLs and SPs apply fixes (APARs) to AIX

• You can list these fixes with the instfix command.
– instfix is useful for listing and searching through applied
updates on the system.
# instfix –i
# instfix –i
All filesets for IY32852 were found.
…… 2244 lines removed for clarity ….
…… 2244 lines removed for clarity ….
# instfix -i |grep IY34981
# instfix -i |grep IY34981
• Interim fixes between services packs, including service

advisories, is now done through interim fix management.
– emgr command
Figure 5-17. Listing fixes (APAR's) installed on the system AN121.1
Notes:
Fixes displayed with the instfix –i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance
level releases, were installed through instfix itself. In AIX6, instfix is really a legacy
command. It is only useful for listing and searching through applied updates on the system.
Necessary fixes that are not part of a TL or SP, are handled through interim fix
management.

V5.2
Instructor Guide

Purpose — Show how to list fixes (APARs) installed on the system.
Details — Instfix is still a very useful command for listing installed fixes on the system.
Transition statement — How do we patch the system when we are at the latest TL and
SP?
Instructor Guide
Interim fix management

IBM Power Systems
Preview
# emgr -pe 744A_610.071105.epkg.Z Install
# emgr -pe 744A_610.071105.epkg.Z
….lot of output is produced, removed for clarity!
….lot of output is produced, removed for clarity!
EPKG NUMBER LABEL OPERATION RESULT
EPKG NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
=========== ============== ================= ==============
1 744A_610 INSTALL PREVIEW SUCCESS
1 744A_610 INSTALL PREVIEW SUCCESS
Install
# emgr -e 744A_610.071105.epkg.Z
# emgr -e 744A_610.071105.epkg.Z ifix
# emgr -l
# emgr -l
List
installed
ID STATE LABEL INSTALL TIME ABSTRACT
ID STATE LABEL INSTALL TIME ABSTRACT efixes
=== ===== ========== ================== ======================================
=== ===== ========== ================== ======================================
1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610
1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610
# emgr –r –L 744A_610
# emgr –r –L 744A_610
Remove
Log file is /var/adm/ras/emgr.log ifix
Log file is /var/adm/ras/emgr.log
EFIX NUMBER LABEL OPERATION RESULT
EFIX NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
=========== ============== ================= ==============
1 744A_610 REMOVE SUCCESS
1 744A_610 REMOVE SUCCESS
ATTENTION: system reboot is required. Please see the "Reboot Processing"
ATTENTION: system reboot is required. Please see the "Reboot Processing"
sections in the output above or in the /var/adm/ras/emgr.log file.
sections in the output above or in the /var/adm/ras/emgr.log file.
Return Status = SUCCESS
Return Status = SUCCESS
Figure 5-18. Interim fix management AN121.1
Notes:
The interim fix (ifix) management solution enables users to track and manage ifix packages
on a system. An ifix package might be an interim fix, debug code, or test code that contains
commands, library archive files, or scripts that run when the ifix package is installed.
The ifix management solution consists of the following commands:
• ifix packager (epkg)
• ifix manager (emgr)
The epkg command creates ifix packages that can be installed by the emgr command.
The emgr command installs, removes, lists, and verifies system efixes.
It is important to examine the state field after installing an interim fix. The codes for the
state field are documented in the AIX Installation and Migration manual. In the above
example, the state value of Q means that a reboot is necessary for this fix to be effective.

V5.2
Instructor Guide

Purpose — Introduce ifix management.
Transition statement — Let's see how we can remove software.
Instructor Guide
Removing installed software

IBM Power Systems
• smit remove
Remove Installed Software
Remove Installed Software
[Entry Fields]
[Entry Fields]
* SOFTWARE name [cluster.es.cspoc.cmds] +
* SOFTWARE name [cluster.es.cspoc.cmds] +
PREVIEW only? (remove operation will NOT occur) yes +
PREVIEW only? (remove operation will NOT occur) yes +
REMOVE dependent software? yes +
REMOVE dependent software? yes +
EXTEND file systems if space needed? no +
EXTEND file systems if space needed? no +
• Removing software from the command line

– Remove the firefox web browser
## installp
installp -u
-u Firefox.base.rte
Firefox.base.rte
– (Preview) Remove all X11 software with associated prerequisites

## installp
installp -upg
-upg X11*
X11*
Figure 5-19. Removing installed software AN121.1
Notes:
Software can be removed by using system management tools or the command line. The
installp –u flag, removes the specified software product and any of its installed updates
from the system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included in the
input list unless the -g flag is also specified. Removal of any bos.rte fileset is never
permitted.
Note: The removal of LPP filesets does not necessarily mean the process will delete all
files included in the filesets. This is dependant on how the LPP filesets are constructed.

V5.2
Instructor Guide

Purpose — Explain how to remove software from AIX
Transition statement — Let's see how to recover from broken, inconsistent filesets.
Instructor Guide
Recovering from broken or inconsistent states

IBM Power Systems
• To list broken or inconsistent filesets, use the lppchk

command.
# lslpp -L |grep Firefox.base.rte
# lslpp -L |grep Firefox.base.rte
Firefox.base.rte 1.5.0.12 ? F Firefox Web Browser
Firefox.base.rte 1.5.0.12 ? F Firefox Web Browser
Look for ?
or B.
# lppchk -v
# lppchk -v
lppchk: The following filesets need to be installed or corrected to bring
lppchk: The following filesets need to be installed or corrected to bring
the system to a consistent state:
the system to a consistent state:
Display
Firefox.base.rte 1.5.0.12
(APPLYING)
(APPLYING)
inconsistent
filesets.
# installp -C
# installp -C
installp: Cleaning up software for:
Perform a clean-up
installp: Cleaning up software for: operation. Fileset is
Firefox.base.rte 1.5.0.12 removed
--------------------
--------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS
Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS
Figure 5-20. Recovering from broken or inconsistent states AN121.1
Notes:
If the process of installing, updating, or removing software from the system is interrupted or
fails, the outcome is likely to be either broken or inconsistent filesets on the system. To
detect this, use the lppchk command. If all is OK, the command will return null, otherwise
broken or inconsistent filesets will be displayed. To clean up from any such operation, use
the installp command with the –C option (clean-up) and then retry the original operation
again. If the failed operation was an uninstall, remove the software manually, using installp
–u <fileset>.

V5.2
Instructor Guide

Purpose — Show how to recover from broken, inconsistent software states
Details — Go through the example in the visual and notes.
Transition statement — Let's introduce SUMA.
Instructor Guide
Service update management assistant

IBM Power Systems
• Excellent tool for downloading fixes

– Optional. Tasks can be automated OR driven by ksh scripts
• Access: smit suma
• Can be used to download
– By APAR Number
– By Fix Type
– Technology Level(s)
– Service Pack(s)
– All Latest Fixes
– Individual Filesets
• Internet access must available from the SUMA host.
• Many configuration parameters
– Fixserver protocols: http, https
– Download protocol: ftp, http, https
Figure 5-21. Service update management assistant AN121.1
Notes:
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an
AIX server or NIM server.
Why SUMA?
Fix automation, the ability to get maintenance fixes onto a system automatically, is
becoming a focus area for IT system administrators. As system administration becomes
more complex and time consuming, it is often a roadblock that prevents systems from
being up to date with current software fixes. Clients want the increased security and
reliability benefits, as well as the reduced downtime and total cost of ownership that comes
with keeping current fixes on a system. To meet these client demands, SUMA has
automated the process of determining which fixes are available, discovering which of the
available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to
perform these tasks.

V5.2
Instructor Guide

Purpose — Introduce SUMA
Details — SUMA is a great tool for downloading patches without using a web browser on a
PC. The only downside is security, as the server will be internet facing. This is the main
reason many customers do not use it.
Transition statement — Let's see the global base configuration.
Instructor Guide
SUMA base configuration

IBM Power Systems
• Base configuration
– # smit suma_config_base
Base Configuration
Base Configuration
[Entry Fields]
[Entry Fields]
Screen output verbosity [Info/Warnings/Errors] +
Screen output verbosity [Info/Warnings/Errors] +
Logfile output verbosity [Verbose] +
Logfile output verbosity [Verbose] +
Notification email verbosity [Info/Warnings/Errors] +
Notification email verbosity [Info/Warnings/Errors] +
Remove superseded filesets on Clean? yes +
Remove superseded filesets on Clean? yes +
Remove duplicate base levels on Clean? yes +
Remove duplicate base levels on Clean? yes +
Remove conflicting updates on Clean? yes +
Remove conflicting updates on Clean? yes +
Fixserver protocol http +
Fixserver protocol http +
Download protocol ftp +
Download protocol ftp +
Maximum log file size (MB) [1] #
Maximum log file size (MB) [1] #
Download timeout (seconds) [180] #
Download timeout (seconds) [180] #
Figure 5-22. SUMA base configuration AN121.1
Notes:
The Base Configuration menu allows SUMA global configuration settings to be viewed
or changed. These settings are used for each SUMA task that is run and allow specification
of values for items such as:
• Screen, logfile, and email verbosity levels
• Flag options for the lppmgr command to help manage the size of a download repository
• Download protocol
• Download timeout setting
A clean operation will remove unnecessary files from the repository using the lppmgr
command.
The global configuration settings can be viewed from the command line, # suma -c

V5.2
Instructor Guide

Purpose — Show SUMA base global configuration
Details — Show the configuration details. Highlight the main fields you think are of interest
and may consider changing.
Transition statement — Let's see the task configuration details.
Instructor Guide
SUMA task configuration

IBM Power Systems
• Default Task Configuration

– # smit suma_task_defaults Directory to
store
View/Change SUMA Task Defaults downloads
View/Change SUMA Task Defaults
[Entry Fields]
[Entry Fields]
Action [Download] +
Action [Download] +
Directory for item storage [/aix/FIXES]
Directory for item storage [/aix/FIXES]
Type of item to request [All Latest Fixes] +
Type of item to request [All Latest Fixes] +
Name of item to request []
Name of item to request []
Level of item to request []
Level of item to request []
Get prerequisites/corequisites? yes +
Get prerequisites/corequisites? yes +
Get ifrequisites? yes +
Get ifrequisites? yes +
Get superseding items? no +
Get superseding items? no +
Get items which fix regressions? [If Available] +
Get items which fix regressions? [If Available] +
Repository to filter against [/aix/FIXES]
Repository to filter against [/aix/FIXES]
Maintenance or Technology Level to filter against [] +
Maintenance or Technology Level to filter against [] +
System or lslpp output to filter against [localhost]
System or lslpp output to filter against [localhost]
Maximum total download size (MB) [-1] +#
Maximum total download size (MB) [-1] +#
Maximum file system size (MB) [-1] +#
Maximum file system size (MB) [-1] +#
Notify email address [root] +
Notify email address [root] +
Figure 5-23. SUMA task configuration AN121.1
Notes:
SUMA default task values can be uniquely set for each SUMA task. The visual above
shows the default settings. The possible actions are:
• Preview - SUMA performs the operations that do not directly affect the file system. The
output displayed reflects what would happen during a download. Use this option to
determine which files will be downloaded for your request.
• Download - SUMA downloads files into the directory specified in Directory for item
storage.
• Download and Clean - SUMA performs a download operation and a clean operation to
remove unnecessary files from the repository.
The task configuration settings can be viewed from the command line, # suma -D

V5.2
Instructor Guide

Purpose — Show SUMA task configuration
Details — Show the configuration details. Highlight the main fields you think are of interest
and may consider changing.
Transition statement — Let's look at some command line examples.
Instructor Guide
SUMA command line execution

IBM Power Systems
• SUMA command line examples: Request type

– Download latest service pack = service
pack
## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a RqType=SP
RqType=SP -a
-a Action=Download
Action=Download \\
-a RqName=‘6100-01-01-0823'
-a RqName=‘6100-01-01-0823'
– Download technology level 2 for AIX 6.1 on Wednesday at 11:00 PM

## /usr/sbin/suma
/usr/sbin/suma -s -s “0
“0 23
23 ** ** 3”
3” -a
-a RqType=ML
RqType=ML –a
–a Action=Download
Action=Download \\
-a RqName='6100-02’
-a RqName='6100-02’
Task
Task IDID 11 created.
created.
List all
## suma
suma -l
-l scheduled
SUMA tasks
– Download latest security fixes

## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a Action=Download
Action=Download -a
-a RqType=Security
RqType=Security
Figure 5-24. SUMA command line execution AN121.1
Notes:
SUMA tasks can be initiated through the command line. This is most useful when
producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks
are created. In the schedule example above, the following entry will be added to root's
crontab: 0 23 * * 3 _SUMA=cron /usr/suma/bin/suma -x 1
The output of command:
# suma -l
1:
DisplayName=
Action=Download
RqType=ML
RqName=6100-02
RqLevel=

V5.2
Instructor Guide
Uempty PreCoreqs=y
Ifreqs=y
Supersedes=n
ResolvePE=IfAvailable
Repeats=y
DLTarget=/aix/FIXES
NotifyEmail=root
FilterDir=/aix/FIXES
FilterML=6100-01
FilterSysFile=localhost
MaxDLSize=-1
Extend=y
MaxFSSize=-1
For further information see the SUMA main page.
Instructor Guide
Instructor notes:
Purpose — Show SUMA tasks being driven from the command line.
Details — Go through the examples in the visual.
Additional information — SUMA is an easy tool to drive. Feel free to demo further
examples and SMIT screens.
Transition statement — If you do not want to use SUMA, or cannot, then you can obtain
software maintenance directly from the IBM web site. Let us examine what we would see at
that web site.

V5.2
Instructor Guide
Uempty
Fix Central Web site

IBM Power Systems
• To download AIX fixes via the internet, go to:
Figure 5-25. Fix Central Web site AN121.1
Notes:
AIX fixes are generally available on the internet at Fix Central. Fixes cat any level, from AIX
4.3.3 to the present version, can be downloaded.
Instructor Guide
Instructor notes:
Purpose — Introduce Fix Central for downloading fixes.
Details — Introduce Fix Central website.
Transition statement — What about the big picture: support and compliance across
firmware, HMC, PowerHA, VIOS, and other components?

V5.2
Instructor Guide
Uempty
Fix Level Recommendation Tool

IBM Power Systems
http://www14.software.ibm.com/webapp/set2/flrt/home
Figure 5-26. Fix Level Recommendation Tool AN121.1
Notes:
Today's AIX environment can be complex as lots of components are required. In addition to
AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and
more. How do you know if the levels of these products are compliant and supported? The
answer is FLRT. FLRT is web driven tool that enables you to select your machine type and
software components and levels. It then produces an easy to read report which provides
recommendations, notices and status compliance as shown on the visual.
Instructor Guide
Instructor notes:
Purpose — Introduce FLRT.
Details — In a system p environment today, there are so many factors and code levels.
Many customers commented to IBM they did not know which software products were
compatible with each other.
Additional information — If you can, demonstrate an example. Maybe you can use the
software levels and hardware that the students are working with in the lab environment.
Transition statement — It’s time for some checkpoint questions.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be able
to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
2. What command is used to list all installed software on your system?
_______________
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
4. True or False: If a problem is found with the inetd subsystem, it is possible
to download and apply a fix to bos.net.tcpip.server fileset in AIX 6.1 to
correct the problem.
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems
1.Which of the following states must your software be in, in order for you
to be able to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
2.What command is used to list all installed software on your system?

lslpp –l or –L
3.Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
4.True or False: If a problem is found with the inetd subsystem, it is

possible to download and apply a fix to bos.net.tcpip.server fileset to

V5.2
Instructor Guide
Uempty
Exercise 5
IBM Power Systems
AIX software
installation and
maintenance
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

– Determine the current installed level of the OS and individual filesets

• Identify if all the components in the Power and AIX environment
are compatible and supported
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 6. System configuration and devices
Estimated time
00:45

This unit describes how to list and understand the system
configuration and manipulate devices.

• Understand device terminology
• Document the system configuration
• Use popular device commands
• Understand device configuration and control
• Identify device locations

Accountability:
• Checkpoint
References
AIX Version 6.1 Operating System and Device
Management
following address:
© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-1
Instructor Guide
Unit objectives
IBM Power Systems

– Interpret physical and virtual location codes
Notes:

V5.2
Instructor Guide

Purpose — After completing this unit, students will be able to:
- Interpret physical and virtual location codes
Details —
Transition statement — Let's start by explaining key device terminology.
Instructor Guide
Device terminology
IBM Power Systems
• Generic terminology
– Physical devices
– Ports
– Device drivers
– Logical devices
– /dev directory
– Virtual devices
• Power H/W-specific terminology

– CEC
– System planar
– RIO
– System ports
– GX+
– IVE
– PCI
Figure 6-2. Device terminology AN121.1
Notes:
Generic Device terminology
• Physical Devices are the actual hardware that is connected in some way to the system
• Ports are the physical connectors and adapters in the system to which physical devices
or cables are attached.
• RIO is a cabling system and protocol for extending the internal buses of the system
enclosure to the I/O expansion drawers. The I/O expansion drawers have PCI buses
which can support additional adapters and disks (depending upon the type of I/O
drawer. An alternative option for connecting I/O drawers (with POWER6 servers) is 12X
(based on Infini-band).
• Logical Devices. Software interfaces (special files) that present a means of accessing a
physical device to the users and application programs. Data appended to logical devices is sent
to the appropriate device driver. Data read from logical devices is read from the appropriate
device driver.

V5.2
Instructor Guide
Uempty • /dev is the directory which contains all of the logical devices that can be directly
accessed by the user. Some logical devices defined are only referenced in the ODM
customized database and cannot be accessed by users.
• Virtual Devices are the Ethernet and SCSI devices which are allocated to the client for
networking access and storage. These devices are not real.
Power H/W specific terminology
• Central electronics complex (CEC) is the main system unit that contains system
processors, memory, and remote I/O connections.
• System planar is the main component of the CEC. Where all processor cards, memory
dimms, and I/O attachments are interconnected together.
• RIO is a remote I/O drawer which consists of PCI slots/adapters disks, or both,
depending on the type of RIO drawer. The RIO drawers connect to Power boxes
through a RIO2 Hub, which is in turn connected to the GX+ adapter bus.
• System Ports are the two serial ports on the system planar has two serial ports which
are called system ports. In an operating system environment, the two system ports
become host virtual system ports and are only available for specific limited functions.
For example, the two integrated system ports on a p550 are limited to serial connected
TTY console functionality and IBM approved call-home modems. These system ports
do not support other general serial connection uses, such as UPS, HACMP heartbeat,
printers, mice, and so on, If you need multi-purpose serial port functions, optional PCI
adapters are available.
• GX+: Each POWER6 processor provides a GX+ bus which is used to connect to an I/O
subsystem or Fabric Interface card.
• IVE: The POWER6 processor-based servers extend the virtualization technologies
introduced in POWER5 by offering the Integrated Virtual Ethernet adapter (IVE). IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way
to manage the sharing of the integrated high-speed Ethernet adapter ports. It is a
standard set of features that are part of every POWER6 processor-based server.
• PCI which stand for Peripheral Component Interconnect, is an industry-standard bus for
attaching peripherals to computers.
Instructor Guide
Instructor notes:
Purpose — Explain device terminology.
Details — The slide is split into two sections. Section 1, explains generic terminology one
could apply to most other Unix platforms. Section 2, is new for this course. It explains
device terminology used sparingly when referring to Power systems.
Go through each and provide examples.
Transition statement — Now that we understand the terminology, let's provide an
overview of system configuration and devices.

V5.2
Instructor Guide
Uempty
System configuration and device overview

IBM Power Systems
• Understanding the configuration of the system is important.

– The configuration should be documented and updated on a regular
basis.
• All devices have attributes, some of which can be changed.
– lsattr, lists device attributes
– chdev, changes device attributes
• Most devices within AIX are self configured, through cfgmgr.
• Device states can be controlled using mkdev and rmdev
commands.
– Including virtual devices
• Remember! An AIX partition does not need to have any
physical devices.
Figure 6-3. System configuration and device overview AN121.1
Notes:
System configuration is important. We need to understand what devices we have at our
disposal and where these devices are physically located within each box or drawer. This is
important when devices fail, especially disks! Taking out the wrong disk in the system due
to failure could result in data corruption.
An AIX partition does not need to have any real devices. In today's Power p environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
separate LPAR and virtualization education track. It is beyond the scope of the course.
Instructor Guide
Instructor notes:
Purpose — Provide an overview into system configuration and devices.
Details — This visual provides an introduction into the rest of the unit.
Transition statement — Let's introduce our audience to the commands which are used to
list and document the system configuration.

V5.2
Instructor Guide
Uempty
Device commands
IBM Power Systems
• prtconf
– Lists major system configuration items such as system model,
firmware version, processor type, number of processors, processor
clock speed, cpu type, total memory size, network, filesystem, paging
space, and devices information
• lscfg
– Lists device information including physical location codes
• lsdev
– Lists device information including the state of the device
• lsslot
– Displays all specified hot plug slots and their characteristics
• chdev
– Changes the characteristics of a device
• lsattr
– Displays attribute characteristics and possible values of attributes for
devices in the system
Figure 6-4. Device commands AN121.1
Notes:
Instructor Guide
Instructor notes:
Purpose — Provide an overview into commands which are used to list, change, and
document system configuration and devices information.
Details — Introduce each of the commands at a high level. The finer points, like VPD
information, can be covered when we see the commands in action.
Transition statement — Before we see actual command examples to list, change or
document the sys config, let's take a high level view of the system which we most likely will
be working with; typical Power6 server in MOP/Atlanta.

V5.2
Instructor Guide
Uempty
System device layout example

IBM Power Systems
• All models have a different layout and configuration.

– The example below shows a high level look at the device layout of a Power6
p550. You may be using this machine during the lab exercises.
Power 6 p550: U8204.E8A.65BF831

Central Electronic Complex (U78A0.001.DNWGCAH)
GX+ Bus Memory Processor card(s)

PCI Bus (X & E) DIMMs (mem0) (proc0,1,2 etc)
(I/O Hub)
System planar, P1 (sysplanar0)
(pci0) (pci1)
|
IVE (lhea0) L2 Cache
SAS Adapter (sissas0)
(L2cache0)
Connection |
To I/O Drawer(s) SAS Controller (sas0)
|
SAS Planar, P2 SATA DVD Drive (cd0) PCI Card slots
|
SAS Enclosure (ses1) PCI Card slots
hdisk5
hdisk2
hdisk4
hdisk1
hdisk3
hdisk0
HMC
C1 C2 C3 C4 C5 ports
e e e x x FSP
D3 D4 D5 D6 D7 D8
Serial
ports
Figure 6-5. System device layout example AN121.1
Notes:
Each system has a unique identifier which consists of the model type and serial number, as
in this example: U8204.E8A.65BF831. Some devices, mainly virtual, will inherit this
identifier. The main component in any system is the CEC. The CEC also has a unique
identifier code. All devices within the CEC inherit this code. For example, device pci1 (on
the PCI-X) bus has the device code of U78A0.001.DNWGCAH-P1.
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means the device is attached to
the main System planar.
The p550 has two PCI buses, X (eXtended) and E (Express). They are both high-speed
buses for internal devices. PCI-X is a parallel interface and is directly backward compatible
with all standard PCI devices. PCI-E is the next generation PCI bus. It a serial bus that
offers no compatibility with older buses and is structured around point-to-point serial links.
Each PCI card slot is identified by AIX using a logical bus identifier, for example: pci1.
Device location codes will be explored in more depth as we go through this unit.
Instructor Guide
Instructor notes:
Purpose — Introduce the high level layout of the Power6 p550.
Details — Highlight the following:
• The ID of the box
• The ID of the CEC (different from the box)
- In the case of a 4 box p570 each CEC has an individual ID.
• Processor cards, memory DIMMs, L2 cache, GX+, PCI adapter slots all connect directly
to the system planar P1
• GX+, PCI-e and X slots
• SAS disk enclosure
• Serial ports and HMC ports connect to the FSP (Flexible service proc)
Note: Each PCI slot also has a pci<number> device. I could not fit this in the diagram as
there was not enough room!
Additional information — In the p550 hardware guide, there is an excellent architectural
diagram. However, it is much too complex to show in this basic class. Therefore, I have
attempted to simplify the layout as easily as I could without clouding the diagram with too
many details. You may want to refer back to this diagram when going through location
codes later in this class.
By default each p550 has 5 card slots, the first three are PCI-e, and the remaining two are
PCI-X. On the GX+ Bus, there are two adapters slots which run at different speeds.
Optionally, in each slot on the bus, either a FC5614 (Dual port RIO2 Hub) or FC5616 (Dual
port 12x Channel attach connect) can be configured. The MOP/Atlanta p6 systems have
one FC5614 which is used to connect one 7311-D20 drawer. Up to two drawers can be
connected to each Hub, which is a maximum of four per box. The addition of a RIO hub
results in losing one PCI-e slot. In case of the MOP/Atlanta systems, only two PCI-e slots
are available.
These details are important in planning. You may want to present this as an example of the
things to watch out for in class. Another good example to use is serial ports. Generally, in
Power4 and below the integrated serial ports were often used for HACMP heartbeating.
This is no longer possible with p5 and p6 boxes.
Transition statement — Let's see how we can list and document the sys config.

V5.2
Instructor Guide
Uempty
prtconf (1 of 2)
IBM Power Systems
• Shell script which collects system information

# prtconf
# prtconf
System Model: IBM,8204-E8A
System Model: IBM,8204-E8A
Machine Serial Number: 652ACD2
Machine Serial Number: 652ACD2
Processor Type: PowerPC_POWER6
Processor Type: PowerPC_POWER6
Number Of Processors: 2
Number Of Processors: 2
Processor Clock Speed: 4204 MHz
Processor Clock Speed: 4204 MHz
CPU Type: 64-bit
CPU Type: 64-bit
Kernel Type: 64-bit
Kernel Type: 64-bit
LPAR Info: 4 sys124_v2
LPAR Info: 4 sys124_v2
Memory Size: 512 MB
Memory Size: 512 MB
Good Memory Size: 2 GB
Good Memory Size: 2 GB
Firmware Version: IBM,EL320_076
Firmware Version: IBM,EL320_076 Some items were
Network Information
Network Information removed for
Host Name: sys124_v2 clarity.
Host Name: sys124_v2
IP Address: 10.6.115.44
IP Address: 10.6.115.44
Sub Netmask: 255.255.255.0
Sub Netmask: 255.255.255.0
Gateway: 10.6.115.254
Gateway: 10.6.115.254
Output is
Name Server: continued on the
Name Server:
Domain Name:
Domain Name: next page.
Total Paging Space: 1536MB
Total Paging Space: 1536MB
Percent Used: 2%
Percent Used: 2%
Volume Groups Information
Volume Groups Information
==============================================================================
==============================================================================
rootvg:
rootvg:
PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION
PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION
hdisk0 active 273 194 54..09..22..54..55
hdisk0 active 273 194 54..09..22..54..55
Figure 6-6. prtconf (1 of 2) AN121.1
Notes:
prtconf is very useful command which displays an overview of the system configuration.
This is particularly useful for documentation purposes. One should run this command on a
regular basis and save or print the output.
Instructor Guide
Instructor notes:
Purpose — Show students how to list and view the system config in one simple command
Details — Let’s start with the big picture and then drill down into the details.
Transition statement — Let's now see the continuation of the prtconf command.

V5.2
Instructor Guide
Uempty
prtconf (2 of 2)
IBM Power Systems
INSTALLED RESOURCE LIST

INSTALLED RESOURCE LIST
The following resources are installed on the machine.
The following resources are installed on the machine.
+/- = Added or deleted from Resource List. Device listing
+/- = Added or deleted from Resource List.
*
*
= Diagnostic support not available.
= Diagnostic support not available.
including “physical
location codes”
Model Architecture: chrp
Model Architecture: chrp
Model Implementation: Multiple Processor, PCI bus
Model Implementation: Multiple Processor, PCI bus
+ sys0 System Object Second half of
+ sys0 System Object
+ sysplanar0
+ sysplanar0
System Planar
System Planar the output is
+ L2cache0 L2 Cache
+ L2cache0
+ mem0
L2 Cache
Memory
identical to
+ mem0
+ proc0
Memory
Processor lscfg
+ proc0 Processor
+ proc2 Processor
+ proc2 Processor
* vsa0 U8204.E8A.652ACD2-V4-C0 LPAR Virtual Serial Adapter
* vsa0 U8204.E8A.652ACD2-V4-C0 LPAR Virtual Serial Adapter
* vty0 U8204.E8A.652ACD2-V4-C0-L0 Asynchronous Terminal
* vty0 U8204.E8A.652ACD2-V4-C0-L0 Asynchronous Terminal
* pci1 U78A0.001.DNWGGRX-P1 PCI Express Bus
* pci1 U78A0.001.DNWGGRX-P1 PCI Express Bus
+ fcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapter (df1000fe)
* fcnet0 U78A0.001.DNWGGRX-P1-C3-T1 Fibre Channel Network Protocol Device
* fscsi0 U78A0.001.DNWGGRX-P1-C3-T1 FC SCSI I/O Controller Protocol Device
* pci0 U7311.D20.6516D3C-P1 PCI Bus
+ ent0 U7311.D20.6516D3C-P1-C01-T1 2-Port 10/100/1000 Base-TX PCI-X Adapter
+ sisscsia0 U7311.D20.6516D3C-P1-C04 PCI-XDDR Dual Channel Ultra320 SCSI Adapter
+ sisscsia0 U7311.D20.6516D3C-P1-C04 PCI-XDDR Dual Channel Ultra320 SCSI Adapter
+ scsi0 U7311.D20.6516D3C-P1-C04-T1 PCI-X Dual Channel Ultra320 SCSI Adapter bus
+ hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk Drive (73400 MB)
* vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter
* vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter
* hdisk2 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
* hdisk2 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
+ ses0 U7311.D20.6516D3C-P1-C04-T2-L15-L0 SCSI Enclosure Services Device
+ ses0 U7311.D20.6516D3C-P1-C04-T2-L15-L0 SCSI Enclosure Services Device
Figure 6-7. prtconf (2 of 2) AN121.1
Notes:
The last function prtconf performs is to run the lscfg command as shown in the visual.
Although the prtconf –v flag can be used to display detailed Vital Product Data (VPD)
information, the output on the previous page is omitted. To get around this problem, simply
make a copy of the prtconf script to prtconfVPD and append a “–v” flag to the last lscfg
command at the end of the script.
As follows:
# tail `which prtconf`
done
fi
#devices information
lscfg ######## APPEND –v here !!! ###########
fi
Instructor Guide
Instructor notes:
Purpose —
Details — Highlight that the second half of prtconf is the lscfg command. However, in
reality you really want the VPD information in case you need to log a call with an IBM
hardware engineer. Tell the students they can edit the ksh script as shown in the notes.
At this stage, the meaning of the location code is not important, only that it exists and points
to the physical location of that device. The interpretation of the code will be explained later
in the unit.
Transition statement — Let's now look at the lscfg command.

V5.2
Instructor Guide
Uempty
lscfg
IBM Power Systems
• lscfg can be used to display Vital Product Data (VPD) information for
devices.
– CEs need this to order and replace failed components
Physical
location code
## lscfg
lscfg -v
-v -l
-l ent0
ent0
ent0
ent0 U7311.D20.6516D3C-P1-C01-T1
U7311.D20.6516D3C-P1-C01-T1 2-Port
2-Port 10/100/1000
10/100/1000 Base-
Base-
TX PCI-X Adapter (14108902)
TX PCI-X Adapter (14108902)
2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter:
Adapter:
Part Number.................03N5297 VPD
Part Number.................03N5297
FRU information
FRU Number..................03N5297
Number..................03N5297
EC
EC Level....................H13845
Level....................H13845
Manufacture
Manufacture ID..............YL1021
ID..............YL1021
Network
Network Address.............001A64918678
Address.............001A64918678
ROM
ROM Level.(alterable).......DV0210
Level.(alterable).......DV0210
Hardware
Hardware Location
Location Code......U7311.D20.6516D3C-P1-C01-T1
Code......U7311.D20.6516D3C-P1-C01-T1
Figure 6-8. lscfg AN121.1
Notes:
The lscfg command displays configuration, diagnostic, and vital product data (VPD)
information about the system.
Use the lscfg command to display vital product data (VPD) such as part numbers, serial
numbers, and engineering change levels. VPD data is required for hardware engineers
when they need to order replacement parts due to failures.
Instructor Guide
Instructor notes:
Purpose — Provide an overview and insight into the lscfg command
Details — lscfg command.
Transition statement — Let's look at the lsdev command.

V5.2
Instructor Guide
Uempty
lsdev
IBM Power Systems
• lsdev displays device information including the device state

Software (AIX)
location codes
# lsdev |grep ent
# lsdev |grep ent
ent0 Available 02-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent2 Available Virtual I/O Ethernet Adapter (l-lan)
ent2 Available Virtual I/O Ethernet Adapter (l-lan)
ent3 Available Shared Ethernet Adapter
ent3 Available Shared Ethernet Adapter
# lsdev -Cc disk
# lsdev -Cc disk
hdisk0 Available 03-08-01-8,0 16 Bit LVD SCSI Disk Drive
hdisk0 Available 03-08-01-8,0 16 Bit LVD SCSI Disk Drive
hdisk1 Available 01-00-02 MPIO Other FC SCSI Disk Drive
hdisk1 Available 01-00-02 MPIO Other FC SCSI Disk Drive
hdisk2 Available 00-08-00 SAS Disk Drive
hdisk2 Available 00-08-00 SAS Disk Drive -Cc : list by class
# lsdev -Cl proc2 -Cl : list by device name
# lsdev -Cl proc2
proc2 Available 00-02 Processor
proc2 Available 00-02 Processor
# lsdev -p pci5
# lsdev -p pci5
ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) child
ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) devices
Device state
Locating the
# lsdev –Cl cd1 –F parent parent
# lsdev –Cl cd1 –F parent
ide0
ide0 device
# ksh < parent.device cd1

# ksh < parent.device cd1
cd1 ide0 pci1 pci0 sysplanar0 sys0
cd1 ide0 pci1 pci0 sysplanar0 sys0 listing parent
devices recursively
Figure 6-9. lsdev AN121.1
Notes:
The lsdev command displays information about devices in the device configuration
database. You can display information about all the customized devices using the -C flag.
Any combination of the -c Class, -s Subclass, -t Type, -l Name, -p Parent, and -S
State flags, selects a subset of the customized devices. You can display information about
all devices supported by the system using the -P flag. Any combination of the -c Class,
-s Subclass, and -t Type flags selects a subset of the supported devices.
Certain device slots can be moved from partition to partition with the Dynamic LPAR
function. To do this, you first have to remove the parent pci slot of the device. In order to
discover the parent pci slot, it is useful to write a simple script, such as parent.device as
shown in the visual:
Instructor Guide
# cat parent.device
DEV=$1
while test $? -eq 0
do
printf “$DEV “; DEV=`lsdev -Cl $DEV -F parent`
done 2> /dev/null

V5.2
Instructor Guide

Purpose — Provide an overview and insight into the lsdev command
Details — lsdev command
Transition statement — Let's look at the lsslot command.
Instructor Guide
lsslot
IBM Power Systems
• Displays dynamic reconfigurable slots, such as hot plug slots,

and their characteristics
Lists all logical I/O
slots on the system
# lsslot -c slot
# lsslot -c slot
# Slot Description Device(s)
U787F.001.DPM0WB8-P1-C1 Logical I/O Slot pci7 fcs1
U787F.001.DPM0WB8-P1-C1 Logical I/O Slot pci7 fcs1
U787F.001.DPM0WB8-P1-C3 Logical I/O Slot pci4 sisscsia1
U787F.001.DPM0WB8-P1-C3 Logical I/O Slot pci4 sisscsia1
U787F.001.DPM0WB8-P1-T5 Logical I/O Slot pci5 ent0 ent1
U787F.001.DPM0WB8-P1-T5 Logical I/O Slot pci5 ent0 ent1
U787F.001.DPM0WB8-P1-T10 Logical I/O Slot pci3 sisscsia0 Lists all PCI hot
U787F.001.DPM0WB8-P1-T10 Logical I/O Slot pci3 sisscsia0
U787F.001.DPM0WB8-P1-T12 Logical I/O Slot pci2 ide0 plug slots
U787F.001.DPM0WB8-P1-T12 Logical I/O Slot pci2 ide0
U9131.52A.063412G-V1-C0 Virtual I/O Slot vsa0
U9131.52A.063412G-V1-C0 Virtual I/O Slot vsa0
# lsslot -c pci
# lsslot -c pci
U787F.001.DPM0WB8-P1-C1 PCI-X capable, 64 bit, 133MHz slot fcs1
U787F.001.DPM0WB8-P1-C3 PCI-X capable, 32 bit, 66MHz slot sisscsia1
U787F.001.DPM0WB8-P1-C3 PCI-X capable, 32 bit, 66MHz slot sisscsia1
Figure 6-10. lsslot AN121.1
Notes:
The lsslot command displays all the specified hot plug slots and their characteristics.
Hot plug slots are the plug-in points for connecting entities that can be added and removed
from the system without turning the system power off or rebooting the operating system.
The -c flag is required. It specifies the type of hot plug connector, for example, pci for hot
pluggable PCI adapters. You can display only the empty, that is, available, hot plug slots
with the -a flag, the occupied slots with the -o flag, or a specific slot by using the -s flag.
The -l flag can be used to locate the slot associated with the specified DeviceName, as
listed by the lsdev command.

V5.2
Instructor Guide

Purpose — Provide an overview and insight into the lsslot command
Details — lsslot command.
Transition statement — Now let's see how to list and change device attributes.
Instructor Guide
lsattr and chdev commands

IBM Power Systems
• Use lsattr to view and chdev change device attribute data.

– Tape example: Changing block size
# lsattr -El rmt0
# lsattr -El rmt0
block_size 1024 BLOCK size (0=variable length) True
compress yes Use data COMPRESSION True Current block
compress yes Use data COMPRESSION True
density_set_1 71
density_set_1 71
DENSITY setting #1
DENSITY setting #1
True
True size = 1KB
density_set_2 38 DENSITY setting #2 True
density_set_2 38 DENSITY setting #2 True
extfm yes Use EXTENDED file marks True
extfm yes Use EXTENDED file marks True
mode yes Use DEVICE BUFFERS during writes True
mode yes Use DEVICE BUFFERS during writes True
ret no RETENSION on tape change or reset True
ret no RETENSION on tape change or reset True True indicates
ret_error no RETURN error on tape change or reset True
ret_error no RETURN error on tape change or reset True
size_in_mb 36000 Size in Megabytes False that the attribute
size_in_mb 36000 Size in Megabytes False
is user settable
– Sometimes with tapes devices, data cannot be read because the tape
device has a different block size than the device that wrote the data.
• Changing the value to 0 (variable) can help overcome these problems.
# chdev -l rmt0 -a block_size=0 Set block

# chdev -l rmt0 -a block_size=0
rmt0 changed
rmt0 changed size to 0
# lsattr -El rmt0 |grep block_size
# lsattr -El rmt0 |grep block_size Block size
changed
Figure 6-11. lsattr and chdev commands AN121.1
Notes:
The lsattr command displays information about the attributes of a given device or type
of device.
The chdev command changes the characteristics of the specified device with the given
device logical name that is specified with the -l Name flag. The device can be in the
defined, stopped, or available state. Some changes may not be allowed when the device is
in the available state. When changing the device characteristics, you can supply the flags
either on the command line, or in the specified -f File flag.

V5.2
Instructor Guide

Purpose — Show how to list and change device attributes
Details — Provide an overview and insight into the lsattr and chdev commands
Transition statement — Now that we’ve covered the essential commands, let's explore
device states.
Instructor Guide
Device states
IBM Power Systems
• Undefined
– The device is unknown to the system.
• Defined
– The device is know to the system but it is unavailable for use.
• Available
The device is available and ready for use.
• Stopped
– The device is unavailable but remains known by its device driver.
• The mkdev and cfgmgr commands make devices available

for use.
• The rmdev command can make devices unavailable for use
and completely remove them from the system.
Figure 6-12. Device states AN121.1
Notes:
Device States
• Undefined is not a state one can see assigned in the system, more of a reference
statement. If refers to a device which is supported but is not configured.
• Defined means that the device is known to the system. It has been allocated a logical
device name, a location code, and attributes have been assigned to it. However, it is still
unavailable for use.
• Available means that the device is fully configured and is ready for use.
• Stopped mean that the device is configured, but not available for use by applications.
• When a device is first identified, it is configured and put into the Available state.
Available devices can be put into the defined or undefined state by using the rmdev
command. Devices can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into
the system. It can be run at any time.

V5.2
Instructor Guide

Purpose — Explain device states
Details — It is important that students understand that whenever a device is configured
using mkdev, cfgmgr commands it is Defined or Available. When a device is made
available the device driver is loaded into the kernel. The rmdev command without the -d
option is used to take a device from the Available to the Defined state (unloading the device
driver). When using the -d option, the rmdev command removes the device from the
system.
In the next visual, we will see these commands in action.
Additional information — The stopped device state is rarely seen. Few devices support
this state. In this case, the device resides in the customized database and the device driver
is loaded, but the application cannot use the device.
Transition statement — Let's walk through an example of how to apply these commands.
Instructor Guide
/dev directory, device configuration and control

IBM Power Systems
• On Unix platforms, access to devices is provided through special device

files that reside in /dev directory.
# lsdev -Cc tape; ls -l /dev/*rmt0*
# lsdev -Cc tape; ls -l /dev/*rmt0* Tape drive will be
/dev/*rmt0* not found
/dev/*rmt0* not found configured by loading the
# cfgmgr device into the kernel
# cfgmgr (/unix)
# lsdev -Cc tape
# lsdev -Cc tape
rmt0 Available 04-08-01-2,0 LVD SCSI 4mm Tape Drive
rmt0 Available 04-08-01-2,0 LVD SCSI 4mm Tape Drive
# ls -l /dev/*rmt0*
# ls -l /dev/*rmt0*
crw-rw-rw- 1 root system 37, 0 13 Oct 14:43 /dev/rmt0
crw-rw-rw- 1 root system 37, 0 13 Oct 14:43 /dev/rmt0
crw-rw-rw- 1 root system 37, 1 13 Oct 14:43 /dev/rmt0.1
……. Removed rmt0.2 through rmt0.6
……. Removed rmt0.2 through rmt0.6
# rmdev -l rmt0
# rmdev -l rmt0
rmt0 Defined
rmt0 Defined
Minor number.
# mkdev -l rmt0 The Kernel will Certain devices like
# mkdev -l rmt0
rmt0 Available
rmt0 Available
reference the tape tapes can behave in
device through the different ways.
# rmdev -l rmt0 -d major number (37)
# rmdev -l rmt0 -d
rmt0 deleted
rmt0 deleted
Figure 6-13. /dev directory, device configuration and control AN121.1
Notes:
The visual shows a tape drive connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device
files have been created in /dev directory. Some devices like tapes have several special
files. Each file is assigned a major and minor number. Major and minor numbers are used
by the operating system to determine the actual driver and device to be accessed by the
user-level request for the special device file.
For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0
myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewinding
after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.

V5.2
Instructor Guide

Purpose — Show cfgmgr, /dev and major/minor numbers. Also, show rmdev, mkdev
commands in action.
Details — Go through the information in the visual and notes. Students will probably notice
in place of a file size there are two numbers: major and n minor numbers). Provide them
with a simple explanation.
Additional information — The major identifies the kernel driver used to communicate with
the device. The minor number can have different functions such as which instance of the
device, and maybe special handling. In LVM storage, the major number represents the VG
and minor number the LV.
Transition statement — Let's explain device addressing.
Instructor Guide
Device addressing
IBM Power Systems
• The address of a device allows you to identify its location.

• There are two types of Device addressing.
– Physical location codes refer to a specific component.
– Assigned by the system firmware
• Example. hdisk0: U78A0.001.DNWGGRX-P2-D5 (SAS Drive)
– Operating system location codes also refer to components but use a

different convention, assigned by AIX.
– Not as useful or meaningful as Physical codes on POWER5 or
POWER6 systems
– Virtual devices do not have AIX location codes.
– Note: Address conventions differ between models and types
(adapters, SCSI, non-SCSI)
• Example. hdisk0: 00-08-00 (SAS Drive)
• Both physical and AIX codes can be seen side by side with:
– lsdev –CHF “name, status, physloc, location”
Figure 6-14. Device addressing AN121.1
Notes:
Every device is assigned a physical location code when it is attached to the system. These
codes are critical. If a device has a problem such as a disk failure, an error report is
generated which will identify the device and its location. You can use this information to
replace the failed disk drive.
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and
they remain today for legacy purposes. On newer platforms such as POWER5 and
POWER6 systems, one should use physical codes only.
Note: Virtual devices do not have OS location codes.

V5.2
Instructor Guide

Purpose — Explain device addressing
Details — OS codes are not that useful with today's technology, so ensure the focus is on
physical addressing. The physical address need to be understood in order to locate a
failing device.
Additional information — AIX location codes were developed to identify physical
locations before POWER4 appeared. AIX internal device management is still dependent on
this code structure so it will not go away. POWER4 has it own unique coding, using
different letters for different types of devices. Check the AU70 course (Unit 3) for an
explanations. Starting with POWER5, physical location codes have been standardized.
Transition statement — Let us examine and explain some physical location code
examples.
Instructor Guide
Physical location code examples

IBM Power Systems
• Physical location code format

– Unit_type.Model_no.Serial_no-additional device information
• Examples:
hdisk0 U78A0.001.DNWGGRX-P2-D5 SAS Disk Drive
hdisk0 U78A0.001.DNWGGRX-P2-D5 SAS Disk Drive
SAS
SAS Planar
Planar (P2),
(P2), Device
Device slot
slot reference
reference 5,
5, disk
disk is
is in
in the
the CEC
CEC
ent1 U78A0.001.DNWGGRX-P1-C4-T2 2-Port 10/100/1000 PCI-X Adapter

ent1 U78A0.001.DNWGGRX-P1-C4-T2 2-Port 10/100/1000 PCI-X Adapter
System nd
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 4,
4, 22nd port,
port, Adapter
Adapter is
is in
in the
the CEC
CEC
hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk

hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk
Planar nd
Planar 11 (P1),
(P1), PCI
PCI slot
slot No
No 4,
4, 22nd port,
port, SCSI
SCSI ID
ID 8,0,
8,0, Disk
Disk is
is in
in an
an
attached SCSI 7311-D 20 I/O Drawer.
attached SCSI 7311-D 20 I/O Drawer.
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk
System
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 3,
3, Port
Port 1,
1, WW == WW
WW unique
unique name
name of
of an
an
FC
FC adapter (where the FC adapter is in a remote storage subsystem), LL ==
adapter (where the FC adapter is in a remote storage subsystem),
LUN
LUN ID.
ID. The
The disk
disk is
is aa logical
logical device
device (identified
(identified by by the
the LUN
LUN ID)
ID) in
in
the remote storage subsystem.
the remote storage subsystem.
Figure 6-15. Physical location code examples AN121.1
Notes:
The visual above shows how to interpret physical location code information.
A Power System is made up of one of more CECs. An example of a system with the ability
to have multiple CECs is a Power 570. In a multiple node Power 570, what distinguishes
one system enclosure form another is the serial number of the CEC.
A Power 550 only has one CEC.
• U78A0 identifies that the unit type is a CEC belonging to a Power 550.
• The model number for a CEC is always: 001.
• DNWGGRX is the serial number of the CEC.
Power Systems usually have I/O expansion drawers, or in the case of the larger machines,
expansion frames containing I/O drawers. U7311.D20 is a popular remote I/O drawer (RIO)
for low to mid-range systems. 6516D3 is the serial number assigned to the drawer.

V5.2
Instructor Guide

Purpose — Teach students how to read physical location codes
Details — Go through the examples in the visual. You may find it useful to refer back the
p550 diagram.
Transition statement — It is likely that students will be working with virtual partitions.
Therefore, let's briefly look at a virtual devices code example.
Instructor Guide
Virtual location codes example

IBM Power Systems
– Client (AIX) partition Virtual devices are easily

recognized by the virtual ID
reference. This value is the LPAR
# uname –L ID as shown with the uname
# uname –L
2 sys124_v1_T1 command.
2 sys124_v1_T1
vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter
vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter
hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
Virtual client disk, Virtual (LPAR) ID 2, virtual card slot 12.

Virtual client disk, Virtual (LPAR) ID 2, virtual card slot 12.
– VIOS HMC profile

Virtual SCSI adapter definition
Note: In this example, the HMC profile is required to

show the client server virtual disk relationship.
– VIOS partition
vhost0 U8204.E8A.652ACD2-V1-C12 Virtual SCSI Server Adapter
vhost0 U8204.E8A.652ACD2-V1-C12 Virtual SCSI Server Adapter
Virtual Server adapter, Virtual (LPAR) ID 1, virtual card slot (Adapter ID) 12
Virtual Server adapter, Virtual (LPAR) ID 1, virtual card slot (Adapter ID) 12
Figure 6-16. Virtual location codes, example AN121.1
Notes:
Virtual devices are assigned location codes in a similar format to physical devices. The
format is:
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number
.[port].[LUN]
The visual above shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order
to do this, the first step is to create a virtual server adapter, on the HMC for the VIOS and
also a VIO client adapter for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1
represents a virtual device with an assigned ID of one. C12 represents the virtual card slot
number, which is always equal to the adapter ID as defined on the HMC.
The vscsi device on the virtual client symbolizes the client adapter. In the example, V2
again represents a virtual device with an assigned ID of two. C12 represents the virtual
card slot number, which is also equal the adapter ID as defined on the HMC. T1 specifies
the port number of the adapter.

V5.2
Instructor Guide
Uempty The client disks associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN id (L81000000000). In this example, eight
is the SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter
to be presented to the client.
Instructor Guide
Instructor notes:
Purpose — Provide an example of virtual location codes.
Details — The visual is not intended to provide a lesson in virtualization but to enable
students to identify and interpret a virtual location code. Go through the example provided.
Point out how one can recognize a virtual device by using the physical location code. In this
example, the virtual SCSI adapter HMC definition from the VIOS is required to show the
mapping between the client disk and adapter in the client partition, to the server adapter in
the VIOS partition.
Additional information — Do not get stuck here explaining virtualization beyond basic
concepts. Focus solely on the location code explanation. Virtual devices and virtualization
is generally beyond the scope of this class. Some students are going to be very curious
here and may want to ask many questions. If so, point them towards the LPAR classes.
Transition statement — Lets see who's been listening. It’s time for the checkpoint.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1. What does the following location code mean?

fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
2. What is the purpose of a device major number? How would you

locate the major number of a disk, hdisk18?
3. True or False: cfgmgr is a binary executable that runs at system

initialization time to configure devices on the system.
4. What commands can you run on AIX to document the system

configuration?
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems

fcs0
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
Port 1 of a 4Gb Fibre Card, connected to planar 1, card slot 3, in Power

550 CEC (U78A0)

The AIX Kernel can determine the actual driver and device to be
accessed for a user-level request.
Perform a long directory list of the /dev directory.


configuration? prtconf, lsdev, lscfg, lsslot, lssattr

V5.2
Instructor Guide
Uempty
Exercise 6
IBM Power Systems
System configuration
and devices
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

– Interpret physical and virtual location codes
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 7. System storage overview
Estimated time
00:45

This unit is an overview of AIX system storage.

• Describe the terminology and the concepts associated with:
- Physical volumes
- Volume groups
- Logical volumes
- Physical partitions
- Logical partitions
• Describe how file systems and logical volumes are related

Accountability:
• Checkpoint questions
• Exercise
References
Management
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (redbook)
following address:
© Copyright IBM Corp. 2009 Unit 7. System storage overview 7-1

Instructor Guide
Unit objectives
IBM Power Systems

• Describe the terminology and concepts associated with:
– Physical volumes
– Volume groups
– Logical volumes
– Physical partitions
– Logical partitions
• Describe how file systems and logical volumes are related
Notes:

V5.2
Instructor Guide

Purpose — Set student expectations for the unit
Details —
Transition statement — Let’s start by defining the components of AIX storage.

Instructor Guide
Components of AIX storage

IBM Power Systems
Physical storage
Logical storage
File systems
Directories
Files
Managed by
Logical Volume Manager (LVM)
Figure 7-2. Components of AIX storage AN121.1
Notes:
Components
The basic components or building blocks of AIX storage are:
• Files
• Directories
• File systems
• Logical storage
• Physical storage
• Logical Volume Manager (LVM)
As a user, you work with files and directories. As a system administrator, you manage
storage using the Logical Volume Manager.

V5.2
Instructor Guide

Purpose — Provide a framework of discussion for the storage units.
Details — This is meant to provide a road map of what is covered in-depth over the
storage units.
Transition statement — Before you discuss AIX storage, let's look at how UNIX systems
have traditionally handled disk storage.

Instructor Guide
Traditional UNIX disk storage

IBM Power Systems
Partition 1 Partition 4
Partition 2
Partition 5
Partition 3
Problems:
• Fixed partitions
• Expanding size of the partition
• Limitation on size of a file system and a file
• Contiguous data requirement
• Time and effort required in planning ahead
Figure 7-3. Traditional UNIX disk storage AN121.1
Notes:
Issues with traditional UNIX disk storage

Traditionally, disk partitioning has been implemented through partitions. Customers had
to select the correct size for each partition before the system could be installed.
Each file system was on a partition on the hard disk.
Changing the size of the partition, and thus the file system, was no easy task. It involved
backing up the file system, removing the partition, creating new ones, and restoring the
file system.
A major limitation to partitions was that each partition had to consist of contiguous disk
space. This characteristic limited the partition to reside on a single physical drive. It
could not span multiple hard disks. Since file systems were always contained within a
partition, no file system could be defined that would be larger than the largest physical
drive. This meant that no single file could be larger than the largest physical drive.

V5.2
Instructor Guide

Purpose — Define the problems of managing the storage space without the LVM.
Details — The visual highlights all the difficulties that can be incurred with other operating
systems. Let’s discuss how the LVM handles these problems in this unit.
A previous version of the course showed “Free Space” that was not part of a partition. This
was not accurate. The disk would be fully partitioned and some partitions may not be
assigned or the excess space would just be part of a largely under utilized partition.
Transition statement — AIX has implemented the Logical Volume Manager designed to
address the limitations of traditional UNIX storage. Let's see what the benefits are before
delving into how it provides those benefits.

Instructor Guide
Benefits of the LVM

IBM Power Systems
• Solves noncontiguous space problems

• Data can span disks
• Sizes can be dynamically increased
• Data can be mirrored for availability
• New disks are easily added to the system
• Data can be relocated
• LVM (data) statistics can be collected
These tasks can be performed dynamically!
Figure 7-4. Benefits of the LVM AN121.1
Notes:
Constraints virtually eliminated

The constraints with traditional UNIX disk storage have been virtually eliminated in AIX,
with the addition of the Logical Volume Manager.
Note that the tasks listed in the visual, can be performed while users are on the system.

V5.2
Instructor Guide

Purpose — Describe the benefits of the Logical Volume Manager so students understand
the important role it plays in AIX.
Details — Tell the students what the benefits are of the Logical Volume Manager (LVM)
and how it makes the life of the system administrator so much easier. If you have any
stories you can share with students on the difference in time it takes to reorganize
partitions and disk space in a traditional UNIX environment versus an AIX environment, do
so. Real life experiences can really bring home the benefits the facility brings to UNIX.
Be sure to mention that the benefits listed on the visual can all be accomplished while
users are on the system!
Transition statement — Let’s begin our discussion of the LVM by defining the LVM
components.

Instructor Guide
Logical Volume Manager components

IBM Power Systems
Physical Volume group

partitions (PPs) Logical
partitions (LPs)
1
2
3
4
5 write(data);
6
x
y
z Application
Logical
volume (LVs)
Physical
volumes (PVs)
Figure 7-5. Logical Volume Manager components AN121.1
Notes:
Introduction
The AIX Logical Volume Manager controls disk storage resources by mapping data
between a simple and flexible logical view of storage space and the actual physical
disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Components
A hierarchy of structures is used to manage disk storage:
• Volume groups
• Physical volumes
• Physical partitions
• Logical volumes
• Logical partitions

V5.2
Instructor Guide
Uempty Volume group (VG)

A volume group (VG) is the largest unit of storage allocation. A VG consists of a group
of one or more physical volumes (disks) all of which are accessed under one VG name.
The combined storage of all the physical volumes makes up the total size of the VG.
This space can be used by other storage entities like file systems and logical volumes.
VGs are portable and can be disconnected from one system and connected to another
system. All disks in the VG must move together.
Physical volume (PV)

A physical volume (PV) is the name for an actual disk or hard drive. A PV can be
internally or externally attached.
For a disk to be used by LVM, the disk must be added to a volume group, or a new
volume group must be set up for it.
A PV can only belong to one volume group (VG).
Physical partition (PP)

All of the physical volumes in a volume group are divided into physical partitions (PP).
All the physical partitions within a volume group are the same size, although different
volume groups can have different PP sizes.
Logical volume (LV)

Within each volume group, one or more logical volumes (LV) are defined. Logical
volumes are groups of information located on physical volumes. Data on logical
volumes appears to be contiguous to the user, but can be non-contiguous on the
physical volume, or can even be located on several physical volumes.
Logical partition (LP)

Each logical volume consists of one or more logical partitions (LP). Logical partitions
are the same size as the physical partitions within a volume group. Each logical partition
is mapped to at least one physical partition. Although the logical partitions are
numbered consecutively, the underlying physical partitions are not necessarily
consecutive or contiguous.
This allows file systems, paging space, and other logical volumes to be resized or
relocated, to span multiple physical volumes, and to have their contents replicated for
greater flexibility and availability in the storage of data.

Instructor Guide
Instructor notes:
Purpose — Give a brief overview of LVM terms.
Details —
Transition statement — Let's begin our look at the Logical Volume Manager by seeing
how physical disks are viewed by the operating system.

V5.2
Instructor Guide
Uempty
Physical storage
IBM Power Systems
PP1
Volume PV1 PP2
group A PP3
PP4 Physical
PP5 volume
PP6 /dev/hdiskn
Volume PV2 PV3 PV4 PV5
group B
PPn
Original volume groups Big volume groups

-t factor Disks (PVs) PPs per PV Disks (PVs) -t factor
1 32 1016 128 1
2 16 2032 64 2
4 8 4064 32 4
8 4 8128 16 8
16 2 16256 8 16
N/A N/A 32512 4 32
N/A N/A 65024 2 64
Figure 7-6. Physical storage AN121.1
Notes:
Introduction
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks
called physical partitions (PP). Each physical partition size is the same across all the
disks in a volume group (VG). The PP size is set at the time the VG is created. The size
is set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and
so forth). The default is 4 MB.
In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size
(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG
given the selected maximum number of PPs per PV (defaults to 1016). The smallest PP
size is 1 MB, which is supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is
a number allocated by the operating system. It is usually the next available number.
This file may be used to access the device directly but this is not often done.

Instructor Guide
Original volume group

Originally AIX supported VGs with a maximum of 32 PVs, no more than 1016 PPs per
disk, and an upper limit of 256 LVs per VG. This VG type is commonly referred to as the
original, normal, or volume group.
As disks increased in size, this meant that the PP size had to increase to use the entire
disk space and stay within the 1016 PPs per disk limit. Larger PPs means less flexibility
in allocating space for LVs, and potentially more wasted space.
For example, for an 18 GB disk, you must have a PP size of 32 MB. A PP size of 16 MB
would require 1152 PPs, over the limit.
Volume group -t factor

To handle the increase in hard disk drive capacity over time, AIX V4.3.1 implemented a
new volume group factor, which can be specified by the -t flag of the mkvg command,
that allows you to increase the maximum number of PPs per disk proportional to the
given integer multiplier value. The maximum number of PVs decreases proportional to
the specified -t factor.
For example, if you wanted to use an 8 MB PP size with our 18 GB disks, you would
need at least 2304 PPs per disk. Setting the -t factor to 4 would allow 4064 PPs per
disk, but would limit us to 8 disks in the VG.
Big volume group

AIX V4.3.2 expanded the LVM scalability by introducing big volume groups. A big VG
can have up to 128 physical volumes and a maximum of 512 LVs defined with it. The
volume group -t factor can also be used with the big VG.
Using our 18 GB disk example, setting the -t factor to 4, would allow us to have a VG
with a PP size of 8 MB and 32 disks.

V5.2
Instructor Guide

Purpose — Discuss physical storage and the limits of physical partitions (PP) per physical
volume (PV) for normal and big volume groups.
Details — Ensure the students understand that increasing the -t factor decreases the
number of PVs in the volume group.
You might want to explain why this is important. Since many older installations already exist
with volume groups using disks that are 4 GB in size or less, these were most likely set up
with 4 MB PPs. Most disks sold today are greater than 4 GB in size. If a customer wants to
add one of these larger disks to an existing volume group with 4 MB PPs, they encounter
the limitation of 1016 PPs per PV. Therefore, the choice is to backup and restore the
volume group and change the PP size or change the -t factor dynamically. Increasing the
-t factor allows the larger disk to be introduced to the VG.
The exception to the 128 PVs per VG limit is rootvg. If one disk is used at install time for
rootvg, then the maximum PVs for rootvg is 7. This maximum is incremented by one for
each additional disk used at install time. That is, 2 PVs for rootvg at install means a
maximum of eight PVs in rootvg, three used means a maximum of nine and so on. This
maximum is actually referred to as a reference number because it may be possible to add
even more disks to rootvg, depending on the size and number of disks already defined for
rootvg.
Transition statement — We can group together a number of physical volumes into a
volume group. Let's take a closer look at volume groups.

Instructor Guide
Volume groups
IBM Power Systems
• Volume group types: Volume Group Max Max LVs Max PPs per Max PP
– Original Type PVs VG Size
– Big
– Scalable Original 32 256 32512 1 GB
(1016 * 32)
Big 128 512 130048 1 GB

• Limits (1016 * 128)
Scalable 1024 4096 2097152 128 GB
• AIX contains one mandatory Volumes Group: rootvg

– rootvg is created on system install
– Contains the AIX Operating System
• Why create new volume groups?

– Separate user data from operating system files. rootvg datavg
– Disaster recovery
– Data portability PV1 PV2 PV3
– Data integrity and security
Figure 7-7. Volume groups AN121.1
Notes:
Volume group types

With successive versions of AIX, new types of volume groups have been introduced
which allow for greater capacities and greater flexibility:
• Original volume groups
When creating a volume group with SMIT or using the mkvg command, original
volume groups are the default.
• Big volume groups
Big volume groups were introduced with AIX V4.3.2. Besides increasing the number
of PVs per VG, the big volume group also doubled the maximum number of LVs per
VG from 255 to 512. Support for creating big volume groups through SMIT was
introduced in AIX 5L V5.3. Previous to 5.3 big volume groups could only be created
from the command line.

V5.2
Instructor Guide
Uempty • Scalable volume groups

Scalable volume groups were introduced with AIX 5L V5.3. A scalable VG can
accommodate a maximum of 1024 PVs and raises the limit for the number of LVs to
4096. The -t factor does not apply to the scalable VG type.
The maximum number of PPs is no longer defined on a per disk basis but applies to
the entire VG. This opens up the prospect to configure VGs with a relatively small
number of disks, but with fine grained storage allocation options, through a large
number of PPs which are small in size. The scalable VG can hold up to 2097152
(2048 KB) PPs. Optimally, the size of a physical partition, can also be configured for
a scalable VG.
Existing and new volume groups

When the system is installed, the root volume group (rootvg) is created. rootvg
consists of a base set of logical volumes and physical volumes required to start the
system, and any other logical volumes you specify to the installation script.
Additional disks can either be added to rootvg, or a new volume group can be created
for them. There can be up to 255 VGs per system.
Why create separate volume groups?

It is recommended that all user and application data be separated from the OS by
placing the data into volume groups. The data should be grouped into individual volume
groups by type or purpose (for example, Oracle data). By maintaining the user file
systems and the operating system files in distinct volume groups, the user files are not
jeopardized during operating system updates, reinstallations, and crash recoveries.
Maintenance is easier because you can update or reinstall the operating system,
without having to restore user data.
For security, you can make the volume group unavailable using varyoffvg.

Instructor Guide
Instructor notes:
Purpose — Expand on the different types of volume groups and their limits. Also, define
the advantages of separate VGs.
Details — You have not discussed how to create a volume group yet. The command mkvg
is new to the students. However, since you discussed the concept of a volume group and
the maximums for volume groups, it is important to introduce the concept of big VGs,
scalable VGs, and factors.
Existing volume groups can be converted to scalable or big volume groups and the -t factor
can be changed as well. Both of these can be done dynamically. To modify an existing VG,
the command is chvg instead of mkvg.
Discuss the main reasons for having external VGs as opposed to internal, and what
considerations have to be made when adding a new disk to the system.
The rootvg includes paging space, the journal log, boot data, and dump storage usually
each in its own logical volume. The rootvg has attributes that differ from the user-created
VGs. For example, it cannot be imported or exported (moved) like other VGs can.
Point out that VGs can contain disks of different sizes. Only the physical partitions within a
VG, must be the same size.
Additional information — Once a volume group is converted to big or scalable, it cannot
be converted back dynamically. It also cannot be used on earlier versions of AIX that do not
support big volume groups.
Transition statement — There is a portion of the disk which holds all the administrative
information related to the VG in terms of the PVs and the LVs. It is called the Volume Group
Descriptor Area (VGDA).

V5.2
Instructor Guide
Uempty
Volume group descriptor area

IBM Power Systems
Three-disk or more
One-disk VG Two-disk VG VG
VGDA VGDA VGDA

VGDA VGDA VGDA VGDA
VGDA VGDA
Figure 7-8. Volume group descriptor area AN121.1
Notes:
Volume Group Descriptor Area (VGDA)

The Volume Group Descriptor Area (VGDA) is an area of disk, at least one per PV,
containing information for the entire VG. It contains administrative information about the
volume group (for example, a list of all logical volume entries, a list of all the physical
volume entries, and so forth). There is usually one VGDA per physical volume. The
exceptions are when there is a volume group with either one or two disks (as shown in
the visual).

Instructor Guide
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it
available for use with the varyonvg command. A quorum of VGDA copies is needed to
ensure the data integrity of management data that describes the logical and physical
volumes in the volume group. A quorum is equal to 51% or more of the VGDAs
available.
A system administrator can force a volume group to varyon without a quorum. This is
not recommended and should only be done in an emergency.

V5.2
Instructor Guide

Purpose — Define the purpose of the VGDA.
Details — The way the system determines if an entire VG is going to be activated or not is
by checking the quorum for a particular VG. If more than 51% of the VGDAs are good, then
it brings the VG online. If it also notices any backdated VGDAs, and the LVM updates these
too.
Make sure the students are clear that all VGDAs within a VG should be the same.
Out of the different configurations shown, the most dangerous one out of the three is the
second one - having two disks in a volume group, because if the disk that contains the two
VGDAs goes down, the quorum is lost and the VG is taken off line. However, remember
that many students probably have a two disk setup, so try not to alarm them too much. Tell
them that when or if they bring in another disk into their two disk VG, the environment is far
more stable.
Point out the maximum number of PVs allowed per VG.
Additional information — In general, the VGDA can expand and take up as much space
on the disk as is needed. This is true for all VGs except for the rootvg, whose VGDA size is
set at installation time and cannot be changed. The VGDA is fixed at installation time to
allow it to fit into memory when booting. This is the reason why the rootvg can only be
extended by a few disks after installation, and the reason that rootvg should only contain
the operating system.
It is also possible to have a non-quorum volume group. The purpose of these types of
volume groups is to have data continuously available even when there is no quorum. This
may be desirable in a two or three disk volume group where logical volumes are mirrored.
Thus, if a disk failure occurs, the VG remains active as long as there is one logical volume
copy intact on a disk. To initially activate a non-quorum volume group, all of the volume
group's physical volumes must be accessible or the activation fails. Because non-quorum
volume groups stay online until the last disk becomes inaccessible, it is necessary to have
each disk accessible at activation time. This information is being placed in the Additional
Information section since we have not yet introduced the concept of logical volumes and
mirroring.
Transition statement — Now that you know the physical storage information, let's take a
look at the logical entities.

Instructor Guide
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
Logical Volume Manager
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
Figure 7-9. Logical storage AN121.1
Notes:
Logical partition
A physical partition is the smallest unit of disk allocation. Each logical partition maps to
a physical partition which physically stores the data.
The logical partitions within a volume group are the same size as the physical partitions
within that volume group.
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes may span physical volumes if the volume group consists of more than
one physical volume. Logical volumes do not need to be contiguous within a physical
volume, because the logical partitions within the logical volume are maintained to be
contiguous. The view the system sees is the logical one. Thus, the physical partitions
they point to can reside anywhere on the physical volumes in the volume group.

V5.2
Instructor Guide
Uempty Logical volumes may be increased in size at any time, assuming that there are sufficient
free physical partitions within the volume group. This can be done dynamically through
SMIT even when users are doing work in that logical volume. However, logical volumes
cannot easily be decreased and require a file system backup and restore to a
re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is
maintained in the VGDA for the volume group. It is both a physical view and a logical
view.
LVM mapping
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)
and the LVM subroutine interface library. The LVM controls disk resources by mapping
data between a more simple and flexible logical view of storage space, and the actual
physical disks. The LVM does this using a layer of device driver code that runs above
traditional disk device drivers.

Instructor Guide
Instructor notes:
Purpose — Define the terms LV and LP.
Details — Define the terms in connection with the physical side of things. Also point out:
• Data can be placed on any disk or partition within the VG. This obviously causes
fragmentation, as there are no restrictions as to where the data should be placed. The
operating system needs to have a contiguous view of all the data and so it creates LVs.
• The naming convention used for system defined LVs is /dev/hdx, and for user created
LVs (if a name is not specified), is /dev/lvxx.
• An LV can only contain one file system. Although you have not defined file systems yet,
it is important to mention this here and warn the students that there is more on file
systems coming up. It is very important to establish a clear relationship between an LV
and a file system and to stress that these go hand in hand.
• A LP is always the same size as a PP.
More details on the AIX physical partition enhancements are covered in the next unit.
Transition statement — Now that you know what a logical volume is, how are they used?

V5.2
Instructor Guide
Uempty
Uses of logical volumes

IBM Power Systems
• A logical volume may contain one of the following:

– Journaled (JFS) or enhanced journaled file system (JFS2)
– Journal log (/dev/hd8)
– Paging space (/dev/hd6)
– Boot logical volume (/dev/hd5)
– Dump device
– Nothing (raw logical volume)
• Examples of JFS/JFS2 logical volumes:

/dev/hd1 /home
/dev/hd2 /usr
/dev/hd3 /tmp
/dev/hd4 /
/dev/hd9var /var
/dev/hd10opt /opt
/dev/hd11admin /admin
/dev/lv00 /myfilesystem
Figure 7-10. Uses of logical volumes AN121.1
Notes:
Introduction
When you install the system, one volume group (rootvg) is automatically created which
consists of a base set of logical volumes required to start the system. rootvg contains
such things as paging space, the journal log, and boot data, each usually in its own
separate logical volume.
You can create additional logical volumes with the mklv command or go through the
SMIT menus. This command allows you to specify the name of the logical volume and
to define its characteristics.

Instructor Guide
JFS and JFS2 file systems

The native file system on AIX is the journaled file system (JFS), or the enhanced
journaled file system (JFS2). They use database journaling techniques to maintain
consistency. It is through the file system's directory structure that users access files,
commands, applications, and so forth.
Journal log
The journal log is the logical volume where changes made to the file system structure
are written until such time as the structures are updated on disk. Journaled file systems
and enhanced journaled file systems are discussed in greater detail later in the course.
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but
is not currently being maintained in real memory.
Boot logical volume

The boot logical volume is a physically contiguous area on the disk which contains the
boot image.
Dump device
When you install the operating system, the dump device is automatically configured for
you. By default, the primary device is /dev/hd6, which is the paging logical volume, and
the secondary device is /dev/sysdumpnull. For systems migrated from versions of AIX
earlier than V4.1, the primary dump device is what it formerly was, /dev/hd7.
Raw logical volume

A raw logical volume is simply an empty logical volume. Database applications, for
example Oracle, db2, recommend the use of raw logical volumes.

V5.2
Instructor Guide

Purpose — Define the uses of LVs.
Details — LVs can contain a number of different types of entities, the most common being
the journaled file system (JFS) or enhanced journaled file system (JFS2).
Encourage the students to recognize standard system-defined LV names. For example,
/dev/hd6 always contains one of the paging spaces.
Do not explain in detail each of the named LVs.
This visual is meant to be a transition to an overview of the file system. What you are trying
to accomplish is to show the connection between a logical volume and a file system early in
the storage discussion. Once students see this connection, the rest of the concepts should
make more sense to them.
Discussion Items - Ask if anyone has set up raw LVs and if so for what?
Raw LVs are usually used by databases which require empty devices for them to place and
manage the data on. Databases usually use their own data structures and do not use an
AIX file system.
Transition statement — The most common use for a logical volume is as a file system.
Let's see what that is.

Instructor Guide
What is a file system?

IBM Power Systems
• A file system is:

– Method of storing data
– Hierarchy of directories
• Seven types supported:
– Journaled File System (JFS)
– Enhanced Journaled File System (JFS2)
– CD-ROM File System (CDRFS)
– DVD-ROM File System (UDFS)
– Network File System (NFS)
– Common Internet Filesystem (CIFS)
– Proc File System (PROCFS)
• Different file systems are connected together through
directories to form the view of files that users see.
Figure 7-11. What is a file system? AN121.1
Notes:
Introduction
A file system is a directory hierarchy for storing files. It has a root directory and
subdirectories. In an AIX system, the various file systems are joined together so that they
appear as a single file tree with one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system
could be on a different area of the disk than data of another file system. Because file
systems are of a fixed size, file system full errors can occur when that file system has
become full. Free space in one file system cannot automatically be used by an alternate file
system that resides on the same physical volume.

V5.2
Instructor Guide
Uempty Supported file systems

AIX supports seven file system types:
• JFS - Journaled File System, exists within a logical volume on disk
• JFS2- Enhanced Journaled File System, exists within a logical volume on disk
• CDRFS - CD-ROM File System on a Compact Disc
• UDFS - Universal Disk Format (UDF) file system on DVD
• CIFS - Common Internet File System accessed across a network (To install CIFS
support on AIX, install the bos.cifs_fs package)
• NFS - Network File System accessed across a network
• PROCFS - Proc file system maps processes and kernel data structures to
corresponding files
• NAMEFS - NameFS provides the function of file-over-file and directory-over-directory
mounts, also called soft mounts, that allows you to mount a subtree of a file system in a
different place in the file name space. This allows a file to be accessed through two
different path names.
Although these are physically different, they appear the same to users and applications.

Instructor Guide
Instructor notes:
Purpose — Define what a file system is.
Details — You can have many different file systems connected under the hierarchical tree.
However, from an end user's point of view, everything looks the same.
The student should be familiar with the concept of files and directories.
Typically, the students use JFS or JFS2 file systems, the default types of file systems for
AIX. You can consider journaling a little later on. But, these are files that exist on your local
disks. However, there is a feature called network file systems, where remote file systems
can also be made to appear as if they belong and reside on your local disks. You should
not be discussing NFS in this course. There are also cache file systems that are related to
NFS. Students may discover this when creating file systems.
Additional information — JFS and JFS2 use journaling techniques to maintain their
structural integrity. This is discussed in more detail later in this unit. The network file system
(NFS) is a distributed file system that allows users to access files and directories located on
remote computers and use them as if they were on the local system. Further discussion of
this type of file system is beyond the scope of this course. CD-ROM file system is a type
that allows access to the contents of a CD-ROM through normal file system interfaces.
Another file system, PROCFS, is not actually on any disk but is mapped to memory for use
by the operating system in recording stats.
Transition statement — Why do we use file systems in AIX?

V5.2
Instructor Guide
Uempty
Why have multiple file systems?

IBM Power Systems
• Can strategically place it on disk for improved performance

• Some tasks are performed more efficiently on a file system
than on each directory within the file system, for example, back
up, move, secure an entire file system.
• Can limit disk usage of users by file system through quotas
• Maintain integrity of the entire file system structure, for
example, if one file system is corrupted, the others are not
affected
• Special security situations
• Organize data and programs into groups for ease of file
management and better performance
Figure 7-12. Why have multiple file systems? AN121.1
Notes:
Benefits
A file system is a structure that allows you to organize your data. It is one level in the
hierarchy of your data. By placing data in separate file systems, it allows for ease of
control and management of the data.
File systems can be placed on the disk in areas that provide the best performance.
Many times, backups and recoveries are done at a file system level.
Limit disk usage

Since the administrator determines the size of the file system, users are allocated only a
certain amount of shared disk space. This helps to control disk usage. The
administrator can also impose more granular control over that disk space by limiting
how much space an individual user can use in a file system. This is known as file
system quotas.

Instructor Guide
Data is not all in one place

By having several different file systems, all of your data is not in one place. If a file
system ever becomes corrupted, the other file systems are not affected. Also,
administrators can take a file system offline without affecting other file systems. This is
helpful when performing back ups or when limiting user access to the file system for
security reasons.

V5.2
Instructor Guide

Purpose — Describe the benefits of file systems.
Details — A file system is an entity that you can control for performance reasons by
moving it to a specific place on the disk. This is possible because a file system resides on
an LV, which in turn can be placed anywhere on the disk. Also, for security reasons you can
unmount (make inaccessible) the data at specific times.
Limits can also be set on a per file system basis, limiting the amount of disk space available
to users.
Integrity checks can be carried out on a per file system basis.
Transition statement — Let's look at the standard file systems in AIX.

Instructor Guide
Standard file systems in AIX

IBM Power Systems
hd4
/ (root)
home sbin opt lpp proc usr dev tftpboot var mnt etc tmp
hd1 hd10opt hd2 hd9var hd3
/ / / / /
csm freeware bin lib sbin spool adm tmp
Note: The drawing depicts logical, not physical volumes.

Figure 7-13. Standard file systems in AIX AN121.1
Notes:
Initial file systems

When AIX is first installed on a stand-alone system there are only seven journaled file
systems and one pseudo file system (/proc) in existence:
/ (root) = /dev/hd4
• At the top of the hierarchical file tree. It contains the files and directories critical for
system operations including the device directory and programs that complete the boot
process.
/usr = /dev/hd2
• Operating system commands, libraries, and application programs
• Can be shared across the network

V5.2
Instructor Guide
Uempty /var = /dev/hd9var

• Variable spool and log files
• The files in this file system vary considerably depending on system activity.
/home = /dev/hd1
• Users' home directories (was /u in earlier versions of AIX)
• This is traditionally where user data files are stored.
/tmp = /dev/hd3
• Space accessible to all users for temporary files and work space
• Should be cleared out frequently.
/opt = /hd10opt
• Special file system to store freeware files
/proc = /proc
• Special pseudo file system kept in memory to support threads, or light weight processes
• This file system is not designed to store user files.
• It is a type of file system which is different from a journal file system.
• AIX supports the PROCFS implementation to improve compatibility with Linux.
/admin = /hd11admin
• There are two empty directories: lost_found and tmp.
• The permissions setting on this /admin/tmp directory is 755 and the directory is owned
by root.
• This tmp directory has more security for applications to use.

Instructor Guide
Instructor notes:
Purpose — Define the standard AIX file systems.
Details — The picture shows all the default AIX file systems connected to their default
mount points. Explain that each file system connects to the tree by an empty directory
which is commonly known as the mount point.
Also, highlight that every file system must reside on a logical volume. Remind the students
of the default AIX file systems and their logical volumes which have all been labeled on the
diagram.
Have a discussion on how big the file systems are, pointing out that /usr is the largest.
As the system is customized, these file systems can be extended to hold new applications
and user data, or new file systems can be created. The choice as to when and how to do
this depends upon the users and applications on the system. The usual recommendations
are not to add user applications or data to /, /usr, or /var because these are removed if the
system is ever reinstalled, and only use /tmp as a scratch area. Create new file systems as
needed for applications and data.
Additional information — On a networked system, diskless/dataless, or in a code serving
environment, some or all of these may be remotely accessed through the Network File
System (NFS).
/lib is actually a symbolic link to /usr/lib. /bin is actually a symbolic link to /usr/bin.
Transition statement — Let’s continue by discussing the /etc/filesystems file.

V5.2
Instructor Guide
Uempty
/etc/filesystems
IBM Power Systems
/:
dev = /dev/hd4
vol = root
mount = automatic
check = false
vfs = jfs2
log = /dev/hd8
type = bootfs
/home:
dev = /dev/hd1
vol = /home
mount = true
check = true
vfs = jfs2
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false
Figure 7-14. /etc/filesystems AN121.1
Notes:
What is /etc/filesystems?
The /etc/filesystems file, documents the layout characteristics, or attributes of file
systems. It is in a stanza format which means a resource is named followed by a colon
and a listing of its attributes in the form of attributes = value.
Each stanza in the /etc/filesystems file, names the directory where the file system is
normally mounted.
File system attributes

The file system attributes specify all the parameters of the file system. They are as
follows:
dev For local mounts, identifies the block special file where the file system
resides, or the file or directory to be mounted

Instructor Guide
vol Used by the mkfs command when initiating the label on a new file
system
mount Used by the mount command to determine whether a file system
should be mounted by default. Possible values are:
automatic File system mounted automatically at system startup
true File system mounted by the mount all command.
This command is issued during system initialization to
automatically mount such file systems.
false File system is not automatically mounted
check Used by the fsck command to determine the default file systems to be
checked. True enables checking
vfs Specifies the type of mount. For example, vfs=jfs2.
log The device to which log data is written, as the file system is modified.
This option is only valid for journaled file systems.
type Used to group together related file systems which can all be mounted
with the mount -t command
account Used to determine the file systems to be processed by the accounting
subsystem.
quote Allows the system administrator to control the number of files and data
blocks that can be allocated to a user or group

V5.2
Instructor Guide

Purpose — Describe the contents of the /etc/filesystems file.
Details — The /etc/filesystems file serves two purposes:
• Documents the layout characteristics of the file system
• Frees the person who sets up the file system from having to enter and remember items
such as the device where the file system resides, because the information is defined in
this file.
Each stanza names the directory where the file system is normally mounted.
Additional information — UNIX system administrators who are familiar with other flavors
of UNIX may wish to compare this file to /etc/fstab or /etc/vfstab.
Transition statement — In the /etc/filesystems file the term mount is used. What is
mounting?

Instructor Guide
Mount
IBM Power Systems
• mount is the glue that logically connects file systems to the

directory hierarchy.
• File systems are associated with devices represented by special
files in /dev (the logical volume).
• When a file system is mounted, the logical volume and its
contents are connected to a directory in the hierarchical tree
structure.
## mount
mount /dev/fslv00
/dev/fslv00 /home/patsie
/home/patsie
What to Where to
mount mount it
Figure 7-15. Mount AN121.1
Notes:
Mounting a file system

A file system has to be mounted in order for it to be available for use. Use the mount
command or SMIT to do this. The file system can also be umounted using the umount or
unmount command, or SMIT. These commands can be executed by either the root
user or a member of the system group.
It is possible to have file systems automatically mounted at boot time. This can be
specified in the /etc/filesystems file using the mount=automatic or mount=true
parameters.
Mount points
Full path names must be used when specifying the mount point. If SMIT is used to
create the file system, the mount point is created automatically.

V5.2
Instructor Guide

Purpose — Describe what mounting is.
Details — The process of mounting is a key piece to understanding how the individual file
systems are joined to form the view of the system the user sees. A file system has to be
mounted in order for it to be available for use.
The mount command has many options. The visual shows an example of this command. In
the example, /dev/lv00 is the logical volume and /home/patsie is the mount point. This is
the mount point that you use in the examples on the next two pages. The mount point is
always a directory and it should be empty.
Additional information — mount=automatic is reserved for those file systems, such as
/ (root), which are necessary for the boot process. The attribute of mount=true is the
proper way to automatically mount a user-defined file system at system reboot.
Transition statement — Let's look at the directory tree structure before and after a file
system is mounted.

Instructor Guide
Mounting over an empty directory

IBM Power Systems
Before After
home home
liz john patsie liz john patsie
.profile .profile
.exrc data doc .exrc data doc
myscript myscript
Figure 7-16. Mounting over an empty directory AN121.1
Notes:
Accessing data in a file system

In order for users to get access to the data contained in a file system, it must be
mounted. When the file system is mounted, it becomes a part of the hierarchical tree
structure of files and directories. From the user’s perspective, there is no way to tell
where one file system ends and another begins.

V5.2
Instructor Guide

Purpose — Show how file systems are connected to form a single view to users.
Details — Discuss how even though each file system is a separate entity, they are
connected together through the mount point directories so that the system of files and
directories are seen as one large file system to end users.
In the example shown, /home/patsie is the mount point. Again, mention that the mount
point must be a directory and it should be empty. The next page illustrates what happens if
the mount point is not empty.
Additional information — While the student notes state that the user does not see the
difference between file systems, this is only true for the navigation of the tree structure.
There are situations where the user should be aware of working with separate file systems.
For example, hard links can only be built if the source and target are in the same file
system; otherwise a symbolic link must be used. Another example is the use of the mv
command with very large files. If the source and target are in the same file system, then mv
is an almost instantaneous rename. If they are in different file systems, then the data has to
be copied to the target file system before deleting the original file, and the move takes
much longer.
Transition statement — Since file systems can be mounted on a directory which has the
required permissions, they can be “mounted over” directories that have files in them. Let's
see what happens if you do this.

Instructor Guide
Mounting over files

IBM Power Systems
Before After
home home
liz john patsie liz john patsie
reports pgms .profile

.exrc
.profile
.exrc data doc
myscript
.profile
.exrc data doc
myscript
Figure 7-17. Mounting over files AN121.1
Notes:
What happens when mounting over files?

It is possible to mount over files and subdirectories. The result is that the files and
subdirectories that have been mounted over are now hidden from the users, that is,
inaccessible. They have not been lost though. They are again accessible when the
unmount command has been executed on the covering file system.
Not everyone has the authority to mount file systems randomly. Authority is based on
two things: what the default mount point is, as specified in the file /etc/filesystems, and
whether the user has write authority to that mount point. Users can issue file or directory
mounts provided they belong to the system group and have write access to the mount
point. They can do device mounts only to the default mount points mentioned in the file
/etc/filesystems. root can mount anywhere under any set of permissions.

V5.2
Instructor Guide

Purpose — Show that file systems can be mounted over existing files and directories.
Details — Simply show students how this can happen and stress that the files do not go
anywhere, they are still there. They simply can't be accessed while the file system is
mounted over the directory that contains the files.
Transition statement — How can you tell what file systems are on the system?

Instructor Guide
Listing file systems

IBM Power Systems
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 1966080 --
1966080 -- yes
yes nono
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 131072
131072 ---- yes
yes nono
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 4587520
4587520 --
-- yes
yes nono
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 655360
655360 ---- yes
yes nono
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 393216
393216 ---- yes
yes nono
/proc
/proc --
-- /proc
/proc procfs
procfs --
-- --
-- yes
yes nono
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 524288
524288 ---- yes
yes nono
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 ---- yes
yes nono
/dev/fslv00
/dev/fslv00 --
-- /db2
/db2 jfs2
jfs2 262144
262144 rwrw no
no no no
Figure 7-18. Listing file systems AN121.1
Notes:
The lsfs command

You can list the various file systems that are defined using the lsfs command. This
command displays information from /etc/filesystems and from the logical volumes in a
more readable format. The lsfs command also displays information about CD-ROM
file systems and remote NFS file systems.
The SMIT fastpath to get to the screen which accomplishes the same task as the lsfs
command is: smit fs.
The syntax for the lsfs command is:
lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]
The data may be presented in line and colon (-c) or stanza (-l) format. It is possible to
list only the file systems of a particular virtual file system type (-v), or within a particular
mount group (-u). The -q option queries the superblock for the fragment size
information, compression algorithm, and the number of bytes per inode.

V5.2
Instructor Guide

Purpose — List all the file systems defined on the system.
Details — The information displayed is as follows:
Name The device (LV or CD-ROM) or remote directory name
Nodename (NFS only) the remote system name
Mount Pt The directory which is the mount point
VFS Virtual file system type: jfs = journaled file system,
jfs2 = enhanced journaled file system, cdrfs = CD-ROM,
nfs = network file system
Size Size in 512 byte blocks (data is allocated in 4KB clusters)
Options mount options, options attribute in /etc/filesystems
Auto Mount at system startup, mount attribute in /etc/filesystems
Account Advanced accounting turned on for this file system
Please note that when the lsfs command is executed, the output of the command will be
slightly different if accounting is on as accounting information will also be shown.
Transition statement — Let's see how we can list all the logical volumes on a system.

Instructor Guide
Listing logical volume information

IBM Power Systems
• List all logical volumes for a volume group
## lsvg
lsvg -l
-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 16
16 22 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfs2log
jfs2log 11 22 22 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs2
jfs2 15
15 30
30 22 open/syncd
open/syncd //
hd2
hd2 jfs2
jfs2 35
35 70
70 22 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs2
jfs2 55 10
10 22 open/syncd
open/syncd /var
/var
hd3
hd3 jfs2
jfs2 33 66 22 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs2
jfs2 11 22 22 open/syncd
open/syncd /home
/home
loglv00
loglv00 jfs2log
jfs2log 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 44 22 open/syncd
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 44 22 closed/syncd
closed/syncd /db2
/db2
Figure 7-19. Listing logical volume information AN121.1
Notes:
Viewing logical volume information

lsvg -l rootvg
Provides information about the logical volumes in the rootvg volume group.
lslv lvname
This provides status information about the selected logical volume within the volume
group. For example, lslv hd6.

V5.2
Instructor Guide

Purpose — List the attributes of a logical volume.
Details — Do not spend too much time going through all the attributes. This is covered in
more detail in the next unit.
Transition statement — Now, it’s time for some checkpoint questions.

Instructor Guide
Checkpoint (1 of 3)
IBM Power Systems
5. V______ G______
1. V______ G______
D ______ A______
VGDA 6. P______ V______
2. P______ P ______
3. L_____ P______
4. L______ V_______
Figure 7-20. Checkpoint (1 of 3) AN121.1
Notes:
For each item in the visual, fill in the blanks to complete the correct term for the indicated
LVM component.

V5.2
Instructor Guide

Purpose — Review and test the student’s understanding of this unit.
Details — Give the students a little while to fill in the diagram in their handouts. Then
review the answers. For each item, you might provide a little prompt such as: “What is the
term for structure on the disk that holds the information about volume groups?”
Checkpoint solutions (1 of 3)
IBM Power Systems
5. Volume Group
1. Volume Group___
Descriptor Area__
VGDA 6. Physical Volume
2. Physical Partition
3. Logical Partition
4. Logical Volume
Transition statement — Let’s continue with more checkpoint questions.

Instructor Guide
Checkpoint (2 of 3)
IBM Power Systems
7. How many different physical partition (PP) sizes can be set within
a single VG? ____________
8. By default, how big are PPs?
____________________________________________
____________________________________________
9. How many volume groups (VGs) can a physical volume (PV)

belong to?
a) Depends on what you specify through SMIT
b) Only one
c) As many VGs as exist on the system
10. True or False: All VGDA information on your system is identical,
regardless of how many volume groups (VGs) exist.
Notes:

V5.2
Instructor Guide

Purpose — Review and test the students understanding of this unit.
Details —
IBM Power Systems
a single VG? One
8. By default, how big are PPs? Traditionally 4 MB, but LVM
chooses an optimal size based on the #PPs/PV and the size
of largest PV in the VG.
belong to?
b) Only one
regardless of how many volume groups (VGs) exist. All VGDAs
within a VG are the same.
Transition statement — Let’s continue with more checkpoint questions.

Instructor Guide
Checkpoint (3 of 3)
IBM Power Systems
Use the following output to answer the questions below:

## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 ---- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 --
-- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 ---- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 ---- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 ---- yes
yes no
no
11. With which logical volume is the /home file system associated?
_____________________________________________________
12. What type of file systems are being displayed?
_____________________________________________________
13. What is the mount point for the file system located on the /dev/hd4 logical
volume? _____________________________________________
14. Which file system is used primarily to hold user data and home directories?
_____________________________________________________
Notes:

V5.2
Instructor Guide

Details —
IBM Power Systems

## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 ---- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 --
-- yes
yes no
no
/dev/hd9var
/dev/hd9var ---- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 ---- yes
yes no
no
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 163840
163840 ---- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
/dev/lv00
/dev/lv00 --
-- /home/john jfs2
/home/john jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin--
/dev/hd11admin-- /admin
/admin jfs2
jfs2 262144
262144 ---- yes
yes no
no
/dev/hd1
Enhanced journaled file systems (JFS2), and CD-ROM (CDRFS)
volume?
/
/home
Transition statement — Now, let’s do an exercise.

Instructor Guide
Exercise 7
IBM Power Systems
System
storage
Figure 7-23. Exercise 7 AN121.1.
Notes:

V5.2
Instructor Guide

Purpose — Review the exercise.
Details —
Transition statement — Let’s summarize what we’ve learned in this unit.

Instructor Guide
Unit summary
IBM Power Systems

• Describe the terminology and concepts associated with:
– Volume groups
– Logical volumes
– Physical partitions
– Logical partitions
• Describe how file systems and logical volumes are

related
Notes:

V5.2
Instructor Guide

Purpose — Summarize the unit.
Details —
Transition statement — Now, on to the next unit.

Instructor Guide

V5.2
Instructor Guide
Uempty Unit 8. Working with the Logical Volume Manager
Estimated time
01:30

This unit describes how to work with logical volumes, physical
volumes, and volume groups.

• Add, change, and delete:
- Volume groups
- Logical volumes
- Physical volumes
• Describe essential LVM concepts, such as:
- Mirroring
- Striping

Accountability:
• Exercise
References
Management
AIX Version 6.1 Command References
following address:
© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-1
Instructor Guide
Unit objectives
IBM Power Systems

• Explain how to work with the Logical Volume Manager
– Volume groups
– Logical volumes
– Mirroring
– Striping
Notes:

V5.2
Instructor Guide

Purpose — Explain how to work with the Logical Volume Manager
Details — This unit covers the following areas:
• How to add, change, and delete:
- Volume groups
- Logical volumes
- Physical volumes
- Mirroring
- Striping
Additional information — This unit provides all the basic information a system
administrator needs to know to work with the AIX LVM. Where appropriate, SMIT screens
are used and are accompanied by the corresponding command.
Transition statement — Let's look at how SMIT can be used to manage the Logical
Volume Manager.
Instructor Guide

IBM Power Systems
# smit lvm
Logical
Logical Volume
Volume Manager
Manager
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Volume
Volume Groups
Groups
Logical
Logical Volumes
Volumes
Physical
Physical Volumes
Volumes
Paging
Paging Space
Space
Figure 8-2. Logical Volume Manager AN121.1
Notes:
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the
system's storage.
Volume groups
The SMIT Volume Groups menu provides facilities to manipulate the volume groups in the
system.
Logical volumes
The SMIT Logical Volumes menu provides facilities to manipulate the logical volumes in
the system. Logical volumes which contain journaled file systems, paging space, or dump
volumes can also be manipulated from their respective menus.

V5.2
Instructor Guide
Uempty Physical volumes

The SMIT Physical Volumes menu allows the user to configure the physical volumes
(fixed disks) in the system. This menu duplicates options on the Fixed Disks menu of
Devices.
Paging space
The SMIT Page Space menu allows a user to add, delete, activate, and list the paging
spaces available.
Instructor Guide
Instructor notes:
Purpose — Define the options available through SMIT for the LVM
Details — Use this visual as a roadmap for further discussion of the Logical Volume
Manager and its structure. Let's consider the first three options of the screen in this unit.
The paging space option is described in the Paging Space unit.
Additional information — Use the diagram, if required, to review the LVM and
components.
Transition statement — Let's jump in and start by exploring the VG main menu.

V5.2
Instructor Guide
Uempty
SMIT volume group menu

IBM Power Systems
Volume
Volume Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Volume
Volume Groups
Groups
Add
Add a Volume Group
a Volume Group
Set
Set Characteristics
Characteristics of of aa Volume
Volume Group
Group
List
List Contents of a Volume Group
Contents of a Volume Group
Remove
Remove aa Volume
Volume Group
Group
Activate
Activate a Volume
a Volume Group
Group
Deactivate
Deactivate aa Volume
Volume Group
Group
Import
Import aa Volume
Volume Group
Group
Export
Export aa Volume
Volume Group
Group
Mirror
Mirror a Volume Group
a Volume Group
Unmirror
Unmirror aa Volume
Volume Group
Group
Synchronize
Synchronize LVMLVM Mirrors
Mirrors
Back
Back Up
Up aa Volume
Volume Group
Group
Remake
Remake a Volume Group
a Volume Group
Preview
Preview Information
Information about
about aa Backup
Backup
Verify
Verify the Readability of
the Readability of aa Backup
Backup (Tape
(Tape only)
only)
View the Backup
View the Backup Log Log
List
List Files
Files inin aa Volume
Volume Group
Group Backup
Backup
Restore
Restore Files in a Volume Group
Files in a Volume Group Backup
Backup
Figure 8-3. SMIT volume group menu AN121.1
Notes:
The visual shows the SMIT screen that allows for the configuration of volume groups.
To get to this menu, use the SMIT fastpath, smit vg.
Instructor Guide
Instructor notes:
Purpose — Define the options available for volume groups
Details — Provide a quick overview of the items on this screen.
Additional information — In the next few visuals, we describe many of the options listed
on this screen.
Transition statement — Let's see how we can create a VG.

V5.2
Instructor Guide
Uempty
Adding a volume group to the system

IBM Power Systems
# smit mkvg mkvg –y datavg hdisk1 hdisk2

Add
Add aa Volume
Volume Group
Group
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Add
Add an
an Original
Original Volume
Volume Group
Group
Add
Add a Big Volume Group
a Big Volume Group
Add
Add aa Scalable
Scalable Volume
Volume Group
Group
Add
Add an
an Original
Original Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
Physical
Physical partition
partition SIZE
SIZE inin megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk1
[hdisk1 hdisk2] ++
hdisk2]
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY
Activate volume group AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Figure 8-4. Adding a volume group to the system AN121.1
Notes:
The mkvg command
The mkvg command is used to create a volume group. A new volume group must contain
at least one physical volume. The -y option is used to indicate the name for the new volume
group. If this is not specified, a system generated name is used.
It is best not to select a physical partition size as the system will select the best fit
automatically. The default is the smallest physical partition size consistent with the
maximum PP/PV and the largest physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to
access that volume group. This field is most often used for PowerHA where the major
number ideally should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume
group is read/write accessible to multiple machines at the same time.
Instructor Guide
Instructor notes:
Purpose — Show students how to add a volume group
Details — Go through the example of how to add a VG to a system. Point out that the big
VG panel is identical.
Transition statement — Let us look at how adding a scalable volume group differs.

V5.2
Instructor Guide
Uempty
Adding a scalable volume group to the system

IBM Power Systems
# smit mkvg mkvg –S –y db2_vg hdisk3
Add
Add aa Scalable
Scalable Volume
Volume Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.
[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg]
Physical
Physical partition
partition SIZE
SIZE inin megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk3]
[hdisk3] ++
Force
Force the
the creation
creation of of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY
Activate volume group AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Max
Max PPs
PPs per
per VG
VG in
in units
units ofof 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Figure 8-5. Adding a scalable volume group to the system AN121.1
Notes:
Additional options for scalable volume groups
There is a separate SMIT panel for adding scalable volume groups. Besides creating a
different format VGDA, the administrator has the option to set the Maximum PPs per VG,
and the Max Logical Volumes for the volume group.
With non-scalable volume groups, LVM allows tuning of the number of physical partitions
for each physical volume through the -t factor. In scalable volume groups, the physical
partitions are managed on a volume group wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume
group. Now, in scalable volume groups, the maximum is tunable.
Instructor Guide
Instructor notes:
Purpose — Explain the AIX scalable volume group creation options
Details — Warn the students not to make the maximums larger than they really need them
to be. The increased size of the control block structures can have a detrimental impact on
performance.
Transition statement — Now, let us move on to how we can list the volume groups and
attributes after they have been created.

V5.2
Instructor Guide
Uempty
Listing volume groups and VG attributes

IBM Power Systems
## lsvg
lsvg
rootvg
rootvg
datavg
datavg
db2_vg
db2_vg
## lsvg
lsvg -o
-o
datavg
datavg
rootvg
rootvg
## lsvg
lsvg rootvg
rootvg
VOLUME
VOLUME GROUP:
GROUP: rootvg
rootvg VG
VG IDENTIFIER:
IDENTIFIER:
00cf2e7f00004c000000011cec07b52e
00cf2e7f00004c000000011cec07b52e
VG
VG STATE:
STATE: active
active PP
PP SIZE:
SIZE: 64
64 megabyte(s)
megabyte(s)
VG
VG PERMISSION:
PERMISSION: read/write
read/write TOTAL
TOTAL PPs:
PPs: 130
130 (8320
(8320 megabytes)
megabytes)
MAX LVs:
MAX LVs: 256
256 FREE PPs:
FREE PPs: 54
54 (3456 megabytes)
(3456 megabytes)
LVs:
LVs: 11
11 USED
USED PPs:
PPs: 76
76 (4864
(4864 megabytes)
megabytes)
OPEN
OPEN LVs:
LVs: 99 QUORUM:
QUORUM: 22 (Enabled)
(Enabled)
TOTAL
TOTAL PVs:
PVs: 22 VG
VG DESCRIPTORS:
DESCRIPTORS: 33
STALE PVs:
STALE PVs: 00 STALE
STALE PPs:
PPs: 00
ACTIVE
ACTIVE PVs:
PVs: 22 AUTO
AUTO ON:
ON: yes
yes
MAX PPs per VG:
MAX PPs per VG: 32512
32512
MAX
MAX PPs
PPs per
per PV:
PV: 1016
1016 MAX
MAX PVs:
PVs: 32
32
LTG
LTG size
size (Dynamic):
(Dynamic): 256
256 kilobyte(s)
kilobyte(s) AUTO
AUTO SYNC:
SYNC: no
no
HOT
HOT SPARE:
SPARE: no
no BB
BB POLICY:
POLICY: relocatable
relocatable
Figure 8-6. Listing volume groups and VG attributes AN121.1
Notes:
The lsvg command, with no parameters, lists the volume groups in the system. If used with
the –o options, all varied on/active volume groups are displayed.
To further list the information about the status and content of a particular volume group, run
lsvg <Volumegroup_name>
The output provides status information about the volume group. The most useful
information here is:
• Volume group state (VG STATE - active or inactive/complete if all physical volumes are
active)
• Physical partition size
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
Instructor Guide
Instructor notes:
Purpose — Show how to list VGs and their attributes
Details — Go through the details in the visual and in the notes. Point out particular
attributes which should be of interest to the class.
Transition statement — Let’s now see how we can use lsvg to list the disks and LVs in a
VG.

V5.2
Instructor Guide
Uempty
Listing PVs in a VG and VG contents

IBM Power Systems
## lsvg
lsvg -p
-p rootvg
rootvg
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE TOTAL
TOTAL PPs
PPs FREE
FREE PPs
PPs FREE
FREE DISTRIBUTION
DISTRIBUTION
hdisk0
hdisk0 active
active 99
99 23
23 15..00..00..00..08
15..00..00..00..08
hdisk5
hdisk5 active
active 31
31 31
31 07..06..06..06..06
07..06..06..06..06
## lsvg
lsvg -l
-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
open/syncd /var
/var
hd3
hd3 jfs
open/syncd /tmp
/tmp
hd1
hd1 jfs
open/syncd /home
/home
hd10opt
hd10opt jfs
open/syncd /opt
/opt
Figure 8-7. Listing PVs in a VG and VG contents AN121.1
Notes:
The lsvg -p Volumegroup command gives information about all of the physical volumes
within the volume group. The information given is:
• Physical volume name (PV_NAME)
• Physical volume state (PV STATE - active or inactive)
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
• How the free space is distributed across the disk (FREE DISTRIBUTION)
Free distribution is the number of physical partitions allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes
within the volume group. The details given are:
• Logical volume name (LVNAME)
Instructor Guide
• Type of logical volume (TYPE, for example, file system, paging)

• Number of LPs (LPs)
• Number of physical partitions (PPs)
• Number of physical volumes (PVs)
• Logical volume state (LV STATE)
• Mount point (MOUNT POINT), if the logical volume contains a journaled file system

V5.2
Instructor Guide

Purpose — Show how to list the PV and LV information of a volume group
Details — Go through the details in the visual and in the notes.
Additional information — Ask the students if there are any mirrored logical volumes. The
answer is yes, /home.
Transition statement — Now we can create VGs, let’s see how we can change a VG.
Instructor Guide
Change a volume group

IBM Power Systems
# smit chvg chvg –a n –Q n datavg
Change
Change aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY no
no ++
at system restart?
at system restart?
** AA QUORUM
QUORUM of
of disks
disks required
required toto keep
keep the
the volume
volume no
no ++
group on-line
group on-line ? ?
Convert
Convert this
this VG
VG to
to Concurrent
Concurrent Capable?
Capable? no
no ++
Change to big VG format?
Change to big VG format? no
no ++
Change
Change to
to scalable
scalable VG VG format?
format? no
no ++
LTG Size in kbytes
LTG Size in kbytes 256
256 ++
Set
Set hotspare
hotspare characteristics
characteristics nn ++
Set
Set synchronization characteristics
synchronization characteristics of of stale
stale nn ++
partitions
partitions
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Figure 8-8. Change a volume group AN121.1
Notes:
The chvg command changes the characteristics of a volume group. In the example shown
in the visual attributes, Activate volume group AUTOMATICALLY at system
restart? and A QUORUM of disks required to keep the volume group
on-line? were set to No, which causes the following command to run: chvg –a n –Q n
datavg

V5.2
Instructor Guide

Purpose — Provide an example of how to change the characteristics of a volume group
Details — Go through the example in the visual and provide a brief explanation of the
options one can change.
One option here, LTG I would consider to be trivia. Therefore, I have removed the previous
foil in from AU14. In AIX 6.1 (and 5.3), it is set automatically during varyon to the maximum
transfer size the disk can support. It is a legacy option for older versions of AIX.
LTG: When LVM receives a request for an I/O, it breaks the I/O down into logical track
group (LTG) sizes before it passes the request down to the device driver of the underlying
disks. The LTG is the maximum transfer size of a logical volume, and is common to all the
logical volumes in the volume group, since it is a volume group attribute.
If you require further information, see man chvg.
Transition statement — Let’s see how we can expand and reduce VGs.
Instructor Guide
Extend and reduce a VG

IBM Power Systems
## extendvg
extendvg -f
-f rootvg
rootvg hdisk2
hdisk2
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active
hdisk1
hdisk1 active
active hdisk2
hdisk2
hdisk2 active
active
hdisk0 hdisk1
## reducevg
reducevg -f
-f rootvg
rootvg hdisk1
hdisk1
## lsvg
lsvg -p rootvg || awk
-p rootvg awk ‘{print
‘{print $1,
$1, $2}’
$2}’
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active hdisk1
hdisk2
hdisk2 active
active
Figure 8-9. Extend and reduce a VG AN121.1
Notes:
Add a Physical Volume to a Volume Group
To add a disk to an existing volume group, use the extendvg command or SMIT fastpath
smit extendvg. The disk must be installed in the system or connected to it externally,
and must be powered on.
extendvg formats the disk into physical partitions and then adds them to the physical
partition mapping maintained in the VGDA for the volume group. The space on the new
disk is now available to be allocated to logical volumes in the volume group. If the existing
data in the VGDA on the disk shows that it is part of another volume group, the -f option
forces the addition of the disk to the volume group, without requesting confirmation. Use
this option when adding a disk which has been previously used, but contains data which is
no longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn

V5.2
Instructor Guide
Uempty Remove a Physical Volume from a Volume Group

The reducevg command is used to remove a physical volume from a volume group. If it is
the last physical volume, the volume group is removed. To remove a disk from the volume
group, first be sure to free up all the storage on the disk by either deleting the logical
volumes or migrating them to some other disk in the volume group. Once there are no
logical volumes, on the disk, you can remove that disk from the volume group by using the
reducevg command or the SMIT fastpath smit reducevg.
The syntax for the reducevg command is:
reducevg [-d] [-f] Volumegroup hdiskn
The -d option deallocates the existing logical volume partitions, and then deletes resultant
empty logical volumes from the specified physical volumes. User confirmation is required
unless the -f flag is added.
Instructor Guide
Instructor notes:
Purpose — Explain how to extend or reduce the size of a volume group. Show how to add
and remove physical volumes in a volume group.
Details — Describe the steps that need to be taken to add or remove a physical volume
from a volume group.
Additional information — When the last physical volume has been removed from the
volume group, the volume group effectively no longer exists, since there are no more
VGDAs to define it. At that point, LVM also removes any record of the volume group from
the ODM database.
Transition statement — Let's see how we can remove a VG.

V5.2
Instructor Guide
Uempty
Remove a volume group

IBM Power Systems
# smit reducevg2 reducevg -df db2_vg hdisk2 hdisk3
Remove
Remove aa Volume
Volume Group
Group
Type
Type or
or select
select aa value
value for
for the
the entry
entry field.
field.
Press
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg] ++
Note: There is no option to input disks. In this example db2_vg was contained
on hdisk3.
Figure 8-10. Remove a volume group AN121.1
Notes:
You can use the smit reducevg2 fastpath to remove a volume group. It runs a script
which identifies what physical volumes are in the volume group and then runs the
reducevg command to remove each physical volume until there are no more physical
volumes in the volume group.
The Remove a Volume Group menu does not have a corresponding high-level
command. The correct way to remove a volume group, is to use the Remove a
Physical Volume from a Volume Group option, which calls the reducevg
command. This removes the volume group when you remove the last physical volume
within it.
The syntax of the reducevg command is:
reducevg [-d] [-f] VolumeGroup PhysicalVolume
Instructor Guide
Instructor notes:
Purpose — Show how to delete a volume group
Transition statement — Having played with altering the characteristics of the volume
group, let us look at how we can control access to the volume group.

V5.2
Instructor Guide
Uempty
Activate and deactivate a volume group

IBM Power Systems
# smit varyonvg varyonvg datavg

Activate
Activate aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
RESYNCHRONIZE
RESYNCHRONIZE stale
stale physical
physical partitions?
partitions? yes
yes ++
Activate
Activate volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT
MANAGEMENT mode?
mode?
FORCE
FORCE activation
activation of
of the
the volume
volume group?
group? no
no ++
Warning--this
Warning--this may cause loss
may cause loss of
of data
data integrity.
integrity.
Varyon VG in Concurrent Mode?
Varyon VG in Concurrent Mode? no
no ++
Synchronize
Synchronize Logical
Logical Volumes?
Volumes? no
no ++
# smit varyoffvg varyoffvg datavg
Deactivate
Deactivate aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Put
Put volume group
volume group in
in SYSTEM
SYSTEM no
no ++
MANAGEMENT mode?
MANAGEMENT mode?
Figure 8-11. Activate and deactivate a volume group AN121.1
Notes:
The varyonvg command
The varyonvg command is used to activate a volume group that is not activated at system
startup, or has been added to the system since startup.
The -f option is used to force a volume group online. It allows a volume group to be made
active that does not currently have a quorum of available disks. Any disk that cannot be
brought to an active state is put in a removed state. At least one disk must be available for
use in the volume group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes
should be open when this command is issued. Removing a disk without deactivating the
volume group could cause errors and loss of data in the volume group descriptor areas,
and the logical volumes within that volume group.
Instructor Guide
Instructor notes:
Purpose — Show how volume groups, other than the rootvg, can be activated and
deactivated.
Details — Go through the example of activating / deactivating VGs.
Transition statement — Volume groups can be moved from one system to another. Let's
see how this can be done.

V5.2
Instructor Guide
Uempty
Import and export a volume group

IBM Power Systems
# smit importvg importvg –y datavg hdisk3

Import
Import aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
** PHYSICAL
PHYSICAL VOLUME
VOLUME name
name [hdisk3]
[hdisk3] ++
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
# smit exportvg exportvg datavg
Export
Export aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Note: Volume group must be inactive before it is exported.

Figure 8-12. Import and export a volume group AN121.1
Notes:
Exporting a volume group
If you have a volume group on one or more external disks that you want to access on
another system, you must first export the volume group from the current system using the
exportvg command. This removes all information about the volume group from the
system. To export a volume group, it must be inactive.
Importing a volume group
To access an exported volume group on a system, it must be imported to the system using
the importvg command. Never attempt to import rootvg.
Instructor Guide
Instructor notes:
Purpose — Show how to export and import a volume group
Details — Explain to students how to import and export VGs between systems.
Additional information — PowerHA imports and activates VGs without them first being
exported from the target system.
Transition statement — Finally, let’s end VGs with details on how to reorganize them.

V5.2
Instructor Guide
Uempty
Reorganize a Volume Group

IBM Power Systems
# smit reorgvg
Reorganize
Reorganize aa Volume
Volume Group
Group
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [rootvg]
[rootvg] ++
## reorgvg
reorgvg rootvg
rootvg
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd5
hd5 migrated.
migrated.
0516-962
0516-962 reorgvg: Logical volume hd6 migrated.
reorgvg: Logical volume hd6 migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd8
hd8 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd4
hd4 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd2
hd2 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd9var
hd9var migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd3
hd3 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd1
hd1 migrated.
migrated.
0516-962
0516-962 reorgvg: Logical volume hd10opt migrated.
reorgvg: Logical volume hd10opt migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume loglv00
loglv00 migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume hd11admin
hd11admin migrated.
migrated.
0516-962
0516-962 reorgvg:
reorgvg: Logical
Logical volume
volume fslv00
fslv00 migrated.
migrated.
Figure 8-13. Reorganize a Volume Group AN121.1
Notes:
Reorganizing a volume group
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner
edge, and inner middle) is changed after the logical volume is created, the physical
partition does not relocate automatically. The reorgvg command is used to redistribute
the physical partitions of the logical volumes of a volume group according to their preferred
allocation policies. This should improve disk performance. Preference is given in the order
listed on the command line.
reorgvg syntax
The syntax is: reducevg [-d] [-f] Volumegroup hdiskn
For example: reorgvg rootvg hd4 hd5
Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.
Instructor Guide
Instructor notes:
Purpose — Show how data in a volume group can be reorganized
Details — The reorgvg command can be used to change the allocation of logical
volumes in a volume group, based on the allocation policy set on the logical volume. This
command tries to place the specified logical volume in the new place, or as close to the
requested place as possible. This command is only successful if there is space to
maneuver.
Transition statement — Let's take a look at logical volumes.

V5.2
Instructor Guide
Uempty
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
Figure 8-14. Logical storage AN121.1
Notes:
Logical volumes
A logical volume is a group of logical partitions which may span physical volumes, as long
as the physical volumes are in the same volume group. A file system resides on top of a
logical volume (LV). A logical volume can be dynamically extended.
Logical partitions
Logical partitions are mapped one-to-one to physical partitions unless they are being
mirrored.
Instructor Guide
Instructor notes:
Purpose — Review the logical volume structure as an introduction to a more detailed
discussion
Details — Review logical volumes and logical partitions and how they map to physical
partitions.
Review the fact that the Logical Volume Manager (LVM) is a device driver that assimilates
the physical volumes into a logical view.
Transition statement — Let’s define RAID support in LVM.

V5.2
Instructor Guide
Uempty
LVM and RAID support

IBM Power Systems
• LVM supports the following three software RAID configurations:

– RAID 0, Striping
– RAID 1, Mirroring (up to 3 copies)
– RAID 10 or 1 + 0, Striping + Mirroring
• Striping aides performance, whereas mirroring aides availability.
• In today’s environment, most data resides in SANs. Disks in a SAN are

generally grouped together into a RAID array and divided into LUNs.
– AIX sees LUNs as physical disks.
– One should not further deploy AIX RAID configurations on top of H/W (SAN)
RAID configurations.
– SAN environments provide greater levels of RAID support. (performance and
availability)
– LUNs can be increased in size, if so AIX must know about it:
# chvg -g datavg
Figure 8-15. LVM and RAID support AN121.1
Notes:
LVM supports three software RAID configurations:
• RAID 0. Striping provides improved performance and additional storage, but no fault
tolerance. Any disk failure destroys the array, which becomes more likely with more
disks in the array. A single disk failure destroys the entire array because when data is
written to a RAID 0 drive, the data is broken into fragments. The fragments are written
to their respective disks simultaneously on the same sector. This allows smaller
sections of the entire chunk of data to be read off the drive in parallel, giving this type of
arrangement huge bandwidth. RAID 0 does not implement error checking so any error
is unrecoverable. More disks in the array means higher bandwidth, but greater risk of
data loss.
• RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three
copies of the data on different drives.
• RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance
along with improved performance.
Instructor Guide
Instructor notes:
Purpose — Introduce RAID support in LVM
Details — Introduce RAID level support in LVM. Most datavgs today, are held within SAN
environments. Point out that AIX LVM is S/W RAID whereas RAID support in SAN
technology is implemented at the H/W layer. This generally has better performance
combined with greater flexibility. One should ideally not mix the two.
Transition statement — Let’s review LVM options which affect performance.

V5.2
Instructor Guide
Uempty
LVM options which affect performance

IBM Power Systems
• Inter- and intra-policy

– Logical volume placement on disk
• Scheduling policy
– Dictates how data is read/written for mirrored LVs
• Mirror write consistency
– Ensures mirrored PPs are consistent
• Write verify
– Verifies all writes with a read operation
– Default is no. Generally it is not recommended to set to yes as it will
impact system (write) performance.
Figure 8-16. LVM options which affect performance AN121.1
Notes:
The visual highlights key LVM options which affect performance.
Instructor Guide
Instructor notes:
Purpose — Introduce LVM options which affect performance
Details — Go through the details on the foil, at a high level only.
Transition statement — Let’s define each RAID level in more detail, starting with RAID 1.

V5.2
Instructor Guide
Uempty
Mirroring (RAID1)
IBM Power Systems
• Mirroring is when a logical partition maps to more than one

physical partition of the same volume group.
hdisk0
fslv00
First copy PP1
PP2 LP1
LP2
hdisk1
Second copy PP1
PP2
hdisk2
Third copy PP1
PP2
Figure 8-17. Mirroring (RAID1) AN121.1
Notes:
Mirroring of data over multiple drives protects against a potential hardware failure. The
structure of LVM enables mirroring by manipulating the relationship between the physical
partition and the logical partition. The AIX mirror function does not apply to a physical disk,
only to logical volumes. This is the most important principle to understand for the AIX LVM
mirroring function. In a normal operating environment each physical partition is mapped to
a logical partition. When you mirror data, the ratio becomes one logical partition to two
physical partitions for a two-way mirror. Or, one logical partition to three physical partitions
for a three-way mirror.
Instructor Guide
Instructor notes:
Purpose — Define mirroring (RAID 1)
Details — To increase availability, mirror the copies onto physical volumes that are
attached to separate buses, adapters, and power supplies. Upon failure of one of these
components, the copies may still be maintained, since they are not attached to the failing
device. A mirrored copy of the data can be removed. This is shown later in this unit.
Similarly, a maximum of three copies of the data can be added later on. However, in order
for the copies to be useful, they have to be synchronized.
Transition statement — Strictness is a critical option when mirroring. Let’s explain
mirroring allocation.

V5.2
Instructor Guide
Uempty
Mirroring, allocation
IBM Power Systems
• When mirroring, it is essential that all PP copies are stored on

different disks.
• This setting is controlled by the “Allocation” policy.
– Also referred to as “strictness”
• Allocation can be set to:
– No: Not recommended.
– Yes (default): Will ensure no LP copies can share the same PV
– Superstrict: Will ensure no LP copies can shares the same PV in an
LVM RAID 0 + 1 (10) configuration
Figure 8-18. Mirroring, allocation AN121.1
Notes:
When mirroring data, it is essential that all PP copies are stored on different disks. The
placement of PP is governed by the allocation policy, which by default is set to strict. Strict
policy ensures that all mirrored copies are placed on different disks. However, under LVM
RAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the
data are on the same disk. To protect against this, the system will automatically set the
allocation policy to superstrict.
Instructor Guide
Instructor notes:
Purpose — Define and explain mirroring allocation policies
Details — Strict policy, ensures the mirrored copies are stored on different PVs. However,
in certain LVM RAID 10 configurations the system will store mirrored LV copies to the same
disk, limiting resilience. Superstrict ensures that mirrored LP copies cannot share the same
disk, providing maximum protection.
Transition statement — Let’s define striping.

V5.2
Instructor Guide
Uempty
Striping (RAID 0)
IBM Power Systems
• Consecutive stripe units

1 4 LP1 are created on different
7
1 physical volumes.
Stripe hdisk0 2
Units • Striping increases
3
read/write sequential
2 LP2 4
5 8 throughput by evenly
5
distributing stripe units
6
hdisk1 among disks.
7
8
• Stripe unit size is specified
3 6 LP3 9
9 at the creation time.
Stream of – 4KB to 128MB
data
hdisk2
Figure 8-19. Striping (RAID 0) AN121.1
Notes:
Striping
Striping is a technique for spreading the data in a logical volume across several disks, so
that the I/O capacity of the disk drives can be used in parallel, so to access data on the
logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large
sequential files. Striping can also be used to distribute data evenly across a set of disks, so
that random I/O can be scattered across many drives simultaneously. In non-striped logical
volumes, data is accessed using addresses to data blocks within physical partitions. In a
striped logical volume, data is accessed using addresses to stripe units.
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB
-128 MB in powers of two.
Constraints
There are some constraints imposed by implementing striping:
Instructor Guide
• The number of physical partitions allocated to a striped logical volume must evenly
distributable among the disks.
• At least two physical volumes are required
Performance considerations
There are some considerations in configuring striping for performance:
• Use as many adapters as possible. For example, if multiple disks in the stripe width are
on the same storage adapter, a read/write of a stripe is not able to read/write the stripe
units in parallel.
• Design to avoid contention with other uses of the disks used by the striped logical
volume.
• Create on a volume group dedicated to striped logical volumes.
It is not a good idea to mix striped and non-striped logical volumes in the same physical
volume. Physical volumes should ideally be the same size within the set used for a striped
logical volume. Just because a logical volume is striped, it does not mean that the file's
data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file block
crosses a stripe boundary, the block gets split into multiple LVM I/Os.

V5.2
Instructor Guide

Purpose — Define striping (RAID 0)
Details — Go through the details on the visual and in the notes.
Transition statement — Let’s define RAID 10.
Instructor Guide
Striping and mirroring (RAID 10 or 1+0)

IBM Power Systems
1 3 5 1 3 5 1
2
hdisk2 hdisk0 3
4
2
5
2 4 6 4 6
6
Stream of
hdisk3 hdisk1 data
• Meets performance and high availability requirements

• More expensive (requires more disks, minimum 4)
• Mirroring allocation is automatically set to ‘superstrict’
Figure 8-20. Striping and mirroring (RAID 10 or 1+0) AN121.1
Notes:
RAID 10 meets performance and high availability requirements by mirroring strip sets to
different disks. However, this comes at a cost as more disks are required (minimum 4).

V5.2
Instructor Guide

Purpose — Define RAID 10
Details — RAID 10 is a combination of RAID 1 + 0 together. This gives both improved
performance and availability.
Transition statement — Let’s see how data is placed on the disks.
Instructor Guide
Logical volume placement

IBM Power Systems
• Intra-physical volume allocation policy

Middle Inner-edge
Center Inner-middle
Edge
• Inter-physical volume allocation policy

– Minimum (default)
• 1 LV copy. One (or minimum) PV should contain all PPs
• 2 or 3 LV copies. Use as many PVs as copies, keeping PV usage down
to a minimum.
– Maximum
• PPs should be spread over as many PVs as possible.
Note: These settings have little effect when used in SAN environments, whereby
LUNs are in RAID configurations.
Figure 8-21. Logical volume placement AN121.1
Notes:
Introduction
When creating or changing a logical volume you can define the way the Logical Volume
Manager decides which physical partitions to allocate to the logical volume. This affects the
performance of the logical volume.
Intra-physical volume allocation policy
The intra-disk allocation policy choices, are based on the five regions of a disk where
physical partitions can be located. The closer a given physical partition is to the center of a
physical volume, the lower the average seek time is because the center has the shortest
average seek distance from any other part of the disk. The file system log is a good
candidate for allocation at the center of a physical volume, because it is so frequently used
by the operating system. At the other extreme, the boot logical volume is used infrequently,
and is therefore allocated at the edge or middle of the physical volume. The general rule is
that the more I/Os, either absolutely or during the running of an important application, the
closer to the center of the physical volumes the physical partitions of the logical volume
need to be allocated.

V5.2
Instructor Guide
Uempty Inter-physical volume allocation policy

If the minimum inter-disk setting is selected, the physical partitions assigned to the logical
volume are located on a single disk to enhance availability. If you select the maximum
inter-disk setting (range = maximum), the physical partitions are located on multiple disks
to enhance performance.
Instructor Guide
Instructor notes:
Purpose — Define the logical volume allocation policies
Details — By default, you do not have to worry where a logical volume is placed on disk
and on which disk it is placed. The LVM handles all the policies for you. However, if you
have a specific requirement you can specify this through SMIT. Policies can also be
changed after you have set up the logical volume. However, this operation requires a little
bit of work because the volume group has to be reorganized.
Additional information — These settings have little effect when data is placed in SAN
environments
Transition statement — Let's define scheduling options.

V5.2
Instructor Guide
Uempty
Mirroring scheduling policy

IBM Power Systems
• Scheduling policies when mirroring:

– Parallel (default)
• Write operations on different physical partitions start at the same time.
• When the longest write finishes, the write operation is complete.
• Improves performance (especially RAID-Performance)
– Parallel write/sequential read
> Primary copy is read first, I f unsuccessful, the next copy is used.
– Parallel write/round robin read
> Round-robin reads alternate disks between copies.
– Sequential
• Second physical write operation is not started unless the first operation
has completed successfully.
• In case of a total disk failure, there is always a “good copy”.
• Increased availability, but decreases performance
Figure 8-22. Mirroring scheduling policy AN121.1
Notes:
Scheduling policies
The scheduling policy determines how reads and writes are conducted to a mirrored logical
volume. LVM offers several scheduling policies for mirrored volumes to control how data is
written and read from the copies.
Sequential write
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical
partitions representing the mirrored copies of a single logical partition are designated
primary, secondary, and tertiary. In sequential scheduling, the physical partitions are written
to in sequence. The system waits for the write operation for one physical partition to
complete, before starting the write operation for the next one. When all write operations
have been completed for all mirrors, the write operation is complete.
Parallel write
Instructor Guide
Parallel mirroring simultaneously starts the write operation for all the physical partitions in a
logical partition. When the write operation to the physical partition that takes the longest to
complete finishes, the write operation is completed.
Sequential read
When a sequential read is specified, the primary copy of the read is always read first. If that
read operation is unsuccessful, the next copy is read. During the read retry operation on
the next copy, the failed primary copy is corrected by LVM with a hardware relocation. This
patches the bad block for future access.
Parallel read
On each read, the system checks whether the primary is busy. If it is not busy, the read is
initiated on the primary. If the primary is busy, the system checks the secondary, and then
the tertiary. If those are also busy, the read is initiated in the copy with the least number of
outstanding I/Os.
Round-robin read
Round-robin reads alternate between copies. This results in equal utilization for reads,
even when there is more than one I/O outstanding.
Which is right for me?
Each of the scheduling policies provide benefits, as well as drawbacks. When deciding on
a method of mirroring, you need to take into consideration how critical the data is, and
performance. The trade off is performance, versus availability. In general, a mirrored logical
volume is slower than an unmirrored logical volume, because you have to write the data in
two or three places. The exception can be a mirrored LV in a high-read environment. If your
application does mostly reads, and you are using parallel or parallel/round robin
scheduling, reads may complete faster because the I/Os are spread across multiple disks,
which can occur simultaneously if the disks are on separate controllers. One of the parallel
scheduling policies usually provides the best performance in a write intensive environment,
because writes can proceed in parallel. However, there is some additional overhead, and
mirrored logical volumes are usually slower than comparable unmirrored logical volumes in
a write intensive environment. Sequential scheduling provides the worst performance, but
provides the best chance of recovering data in the event of a system crash in the middle of
a write operation. Sequential scheduling makes it more likely that you have at least one
good copy, the primary copy, of a logical partition after a crash.
Synchronization
When turning on mirroring for an existing logical volume, the copies have to be
synchronized so the new copy contains a perfect image of the existing copy, at that point in
time. This can be done by using the -k option on the mklvcopy command at the time
mirroring is turned on, or with the syncvg command at a later time. Until the copies are
synchronized, the new copy is marked stale.

V5.2
Instructor Guide

Purpose — Go through the mirror scheduling policy options
Details — Discuss the options and the relative advantages and disadvantages.
Transition statement — Let's look at an additional feature for mirroring, mirror write
consistency.
Instructor Guide
Mirror write consistency

IBM Power Systems
• Problem: If the system crashes before the write to all mirrors

is complete, the mirrors are in an inconsistent state, and the
system must distinguish between the old copy and the new
copy.
• Solution: Mirror Write Consistency

– Ensures PPs are consistent after reboot
– Three modes: off, active, and passive
– Active (default)
• Uses a cache on disk
• The physical write operation proceeds when the cache has been
updated.
– Passive. (Big VGs only)
• Logging of LV updates, but does not log writes
• If the system crashes on reboot, a forced synchronization of the LVs
takes place.
Figure 8-23. Mirror write consistency AN121.1
Notes:
The LVM always ensures data consistency among mirrored copies of a logical volume
during normal I/O processing.
For every write to a logical volume, the LVM generates a write request for every mirror
copy. A problem arises if the system crashes in the middle of processing a mirrored write,
and before all copies are written. If mirror write consistency recovery is requested for a
logical volume, the LVM keeps additional information to allow recovery of these
inconsistent mirrors. Mirror write consistency recovery should be performed for most
mirrored logical volumes. Logical volumes, such as the page space that do not use the
existing data when the volume group is re-varied on, do not need this protection.
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which
logical partitions may be inconsistent if the system is not shut down correctly. When the
volume group is varied back online, this information is used to make the logical partitions
consistent again. Note: With Mirror Write Consistency LVs, because the MWC control
sector is on the edge of the disk, performance may be improved if the mirrored logical
volume is also on the edge.

V5.2
Instructor Guide
Uempty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is
Active MWC. Active MWC provides fast recovery at reboot time after a crash has occurred.
However, this benefit comes at the expense of write performance degradation, particularly
in the case of random writes. Disabling Active MWC eliminates this write-performance
penalty, but upon reboot after a crash, you must use the syncvg -f command to manually
synchronize the entire volume group, before users can access the volume group. To
achieve this, automatic vary-on of volume groups must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty associated with
Active MWC, but logical volumes will be automatically resynchronized as the partitions are
being accessed. This means that the administrator does not have to synchronize logical
volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is that
slower read operations may occur, until all the partitions have been resynchronized.
You can select either mirror write consistency option within SMIT, when creating or
changing a logical volume. The selection option takes effect only when the logical volume
is mirrored (copies > 1).
Instructor Guide
Instructor notes:
Purpose — Describe the role of Mirror write consistency
Details — Describe MWC (as per the visual and notes). Differentiate the active and
passive options of MWC.
Transition statement — Let’s look at the LV main menu in SMIT.

V5.2
Instructor Guide
Uempty
SMIT logical volume menu

IBM Power Systems
# smit lv
Logical
Logical Volumes
Volumes
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Logical
Logical Volumes
Volumes byby Volume
Volume Group
Group
Add a Logical Volume
Set
Set Characteristic
Characteristic ofof aa Logical
Logical Volume
Volume
Show
Show Characteristics of a Logical
Characteristics of a Logical Volume
Volume
Remove
Remove aa Logical
Logical Volume
Volume
Copy
Copy aa Logical
Logical Volume
Volume
Figure 8-24. SMIT logical volume menu AN121.1
Notes:
This is the top-level SMIT menu for logical volumes. The next few pages discuss these
items.
Instructor Guide
Instructor notes:
Purpose — Define the SMIT Logical Volumes screen
Details — At a high level, review each of the items in turn
Transition statement — Let's first see how to create an LV.

V5.2
Instructor Guide
Uempty
Adding a logical volume

IBM Power Systems
mklv –y datalv –t jfs2 –c 2 \
# smit mklv datavg 10 hdisk2 hdisk3
[Entry Fields]
[Entry Fields]
Logical volume NAME [datalv]
Logical volume NAME [datalv]
* VOLUME GROUP name datavg
* VOLUME GROUP name datavg
* Number of LOGICAL PARTITIONS [100] #
* Number of LOGICAL PARTITIONS [100] #
PHYSICAL VOLUME names [hdisk2 hdisk3] +
PHYSICAL VOLUME names [hdisk2 hdisk3] +
Logical volume TYPE [jfs2] +
Logical volume TYPE [jfs2] +
POSITION on physical volume middle +
POSITION on physical volume middle +
RANGE of physical volumes minimum +
RANGE of physical volumes minimum +
MAXIMUM NUMBER of PHYSICAL VOLUMES [] #
MAXIMUM NUMBER of PHYSICAL VOLUMES [] #
to use for allocation
Number of COPIES of each logical 2 +
Number of COPIES of each logical 2 +
partition
partition
Mirror Write Consistency? active +
Mirror Write Consistency? active +
Allocate each logical partition copy yes +
Allocate each logical partition copy yes +
on a SEPARATE physical volume?
RELOCATE the logical volume during yes +
RELOCATE the logical volume during yes +
reorganization?
reorganization?
Logical volume LABEL []
Logical volume LABEL []
MAXIMUM NUMBER of LOGICAL PARTITIONS [512] #
MAXIMUM NUMBER of LOGICAL PARTITIONS [512] #
Enable BAD BLOCK relocation? yes +
Enable BAD BLOCK relocation? yes +
SCHEDULING POLICY for writing/reading parallel +
SCHEDULING POLICY for writing/reading parallel +
logical partition copies
logical partition copies
Enable WRITE VERIFY? no +
Enable WRITE VERIFY? no +
File containing ALLOCATION MAP []
File containing ALLOCATION MAP []
Stripe Size? [Not Striped] +
Stripe Size? [Not Striped] +
Serialize IO? no +
Serialize IO? no +
Figure 8-25. Adding a logical volume AN121.1
Notes:
The mklv command creates a logical volume. The name of the logical volume can be
specified or a system-generated name is used. The volume group the logical volume
belongs to, and the size (in logical partitions, must be specified. Other characteristics that
can be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.
Instructor Guide
Instructor notes:
Purpose — Show how to add a logical volume
Details — Go through and highlight / explain each attribute.
Transition statement — Now we can create LVs, let's see how to view their
characteristics.

V5.2
Instructor Guide
Uempty
Show LV characteristics (1 of 2)
IBM Power Systems
## lslv
lslv datalv
datalv
LOGICAL
LOGICAL VOLUME:
VOLUME: datalv
datalv VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
LV IDENTIFIER:
LV IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
00cf2e7f00004c000000011d68130bea.1
PERMISSION:
PERMISSION: read/write
read/write
VG STATE:
VG STATE: active/complete
active/complete LV
LV STATE:
STATE: closed/syncd
closed/syncd
TYPE:
TYPE: jfs2
jfs2 WRITE
WRITE VERIFY:
VERIFY: off
off
MAX
MAX LPs:
LPs: 512
512 PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s)
COPIES:
COPIES: 22 SCHED
SCHED POLICY:
POLICY: parallel
parallel
LPs:
LPs: 10
10 PPs:
PPs: 20
20
STALE
STALE PPs:
PPs: 00 BB
BB POLICY:
POLICY: relocatable
relocatable
INTER-POLICY:
INTER-POLICY: minimum
minimum RELOCATABLE:
RELOCATABLE: yes
yes
INTRA-POLICY:
INTRA-POLICY: middle
middle UPPER
UPPER BOUND:
BOUND: 11
MOUNT POINT:
MOUNT POINT: N/A
N/A LABEL:
LABEL: None
None
MIRROR
MIRROR WRITE
WRITE CONSISTENCY:
CONSISTENCY: on/ACTIVE
on/ACTIVE
EACH
EACH LP COPY ON AA SEPARATE
LP COPY ON SEPARATE PV
PV ?:
?: yes
yes (superstrict)
(superstrict)
## lslv
lslv -l
-l datalv
datalv
datalv:N/A
datalv:N/A
PV
PV COPIES
COPIES IN
IN BAND
BAND DISTRIBUTION
DISTRIBUTION
hdisk2
hdisk2 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
hdisk3
hdisk3 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
Figure 8-26. Show LV characteristics (1 of 2) AN121.1
Notes:
To list the characteristics of a logical volume use the command: lslv
<logicalvolume_name>
The –l flag lists the following fields for each physical volume in the logical volume:
• PV: Physical volume name.
• Copies:
- The number of logical partitions containing at least one physical partition (no copies)
on the physical volume
- The number of logical partitions containing at least two physical partitions (one copy)
on the physical volume
- The number of logical partitions containing three physical partitions (two copies) on
the physical volume
Instructor Guide
• In band: The percentage of physical partitions on the physical volume that belong to the
logical volume, and were allocated within the physical volume region specified by
Intra-physical allocation policy
• Distribution: The number of physical partitions allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge of the
physical volume

V5.2
Instructor Guide

Purpose — Show how to list the characteristics of a logical volume
Details — Explain the output provided in the visual examples.
Transition statement — Let’s continue exploring LV characteristics.
Instructor Guide
Show LV characteristics (2 of 2)
IBM Power Systems
• Show LP to PP relationship on disks

## lslv
lslv -m
-m datalv
datalv
datalv:N/A
datalv:N/A
LP
LP PP1
PP1 PV1PV1 PP2
PP2 PV2
PV2 PP3
PP3 PV3
PV3
0001
0001 0104 hdisk2
0104 hdisk2 0104
0104 hdisk3
hdisk3
0002
0002 0105
0105 hdisk2
hdisk2 0105
0105 hdisk3
hdisk3
0003
0003 0106
0106 hdisk2
hdisk2 0106
0106 hdisk3
hdisk3
0004
0004 0107
0107 hdisk2
hdisk2 0107
0107 hdisk3
hdisk3
0005
0005 0108
0108 hdisk2
hdisk2 0108
0108 hdisk3
hdisk3
0006
0006 0109
0109 hdisk2
hdisk2 0109
0109 hdisk3
hdisk3
0007
0007 0110
0110 hdisk2
hdisk2 0110
0110 hdisk3
hdisk3
0008
0008 0111
0111 hdisk2
hdisk2 0111
0111 hdisk3
hdisk3
0009
0009 0112
0112 hdisk2
hdisk2 0112
0112 hdisk3
hdisk3
0010
0010 0113
0113 hdisk2
hdisk2 0113
0113 hdisk3
hdisk3
Figure 8-27. Show LV characteristics (2 of 2) AN121.1
Notes:
The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP
number 1 for datalv, is mapped to physical partition number 104 on hdisk2, and is also
mirrored to the same physical partition number on hdisk3.

V5.2
Instructor Guide

Purpose — Show LV characteristics continued, the lslv –m flag
Details — Go through the example in the visual to show the LP to PP relationship
Transition statement — Let’s see how we can add copies to a logical volume.
Instructor Guide
Add copies to a logical volume

IBM Power Systems
# smit mklvcopy mklvcopy -k datalv 3 hdisk4
Add
Add Copies
Copies to
to aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** NEW
NEW TOTAL
TOTAL number
number ofof logical
logical partition
partition 33 ++
copies
copies
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk4]
[hdisk4] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER ofof PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
a SEPARATE physical volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
SYNCHRONIZE
SYNCHRONIZE thethe data
data in
in the
the new
new yes
yes ++
logical
logical partition
partition copies?
copies?
Figure 8-28. Add copies to a logical volume AN121.1
Notes:
Adding a copy of a logical volume
The mklvcopy command is used to add up to three copies to a logical volume. Specify the
logical volume to change and the total number of copies wanted. This only succeeds if
there are enough physical partitions to satisfy the requirements on the physical volumes
that are specified to be used. That is, if all copies are to be on different physical volumes.
Once a logical volume has been created, striping cannot be imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume has to be synchronized using the
syncvg command. This can be done with the -k option when the copy is originally started.
It can be done later, using the syncvg command.

V5.2
Instructor Guide
Uempty Removing a copy of a logical volume

The rmlvcopy command is used to reduce the total number of copies for a logical volume.
Specify the total number wanted. For example, two if you are reducing the number of
copies from three to two. The rmlvcopy command allows you to specify which disk to
remove the copy from.
Instructor Guide
Instructor notes:
Purpose — Show how to add mirrored copies to a LV
Details — Be sure to point out the importance of synchronizing the copies, either while
turning mirroring on, or after it is turned on. Until the copy is synchronized, it is marked as
stale.
Transition statement — Let's see how we can increase the size of a logical volume.

V5.2
Instructor Guide
Uempty
Increasing the size of a logical volume

IBM Power Systems
# smit extendlv extendlv datalv 20
Increase
Increase the
the Size
Size of
of aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** Number
Number ofof ADDITIONAL
ADDITIONAL logical
logical partitions
partitions [20]
[20] ##
PHYSICAL VOLUME names
PHYSICAL VOLUME names []
[] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
Figure 8-29. Increasing the size of a logical volume AN121.1
Notes:
The extendlv command increases the number of logical partitions allocated to the
LogicalVolume, by allocating the number of additional logical partitions represented by the
Partitions parameter. The LogicalVolume parameter can be a logical volume name or a
logical volume ID. To limit the allocation to specific physical volumes, use the names of one
or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physical
volumes in a volume group are available for allocating new physical partitions.
The default maximum number of partitions for a logical volume is 512. Before extending a
logical volume to more than 512 logical partitions, use the chlv command to increase the
default value.
The default allocation policy is to use a minimum number of physical volumes per logical
volume copy, to place the physical partitions belonging to a copy as contiguously as
possible, and then to place the physical partitions in the requested region specified by the
-a flag. Also by default, each copy of a logical partition is placed on a separate physical
volume.
Instructor Guide
Instructor notes:
Purpose — Show how to increase the size of a logical volume.
Details — Explain how to increase the size of an LV. Highlight the options in the visual.
Transition statement — Let’s see how to remove an LV.

V5.2
Instructor Guide
Uempty
Remove a logical volume

IBM Power Systems
# smit rmlv rmlv –f datalv2
Remove
Remove aa Logical
Logical Volume
Volume
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
LOGICAL
LOGICAL VOLUME
VOLUME name
name [datalv2]
[datalv2] ++
Figure 8-30. Remove a logical volume AN121.1
Notes:
The rmlv command removes logical volumes, and in the process, destroys all data.
The LogicalVolume parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode,
the logical volume must be closed on all the concurrent nodes on which the volume group
is varied on. For example, if the logical volume contains a file system, it must be
unmounted. However, removing the logical volume does not notify the operating system
that the file system residing on it has been destroyed.
Instructor Guide
Instructor notes:
Purpose — See how LV are deleted
Details — Explain how LVs are removed and deleted from the system.
Additional information — Before an LV can be removed, the LV_STATE has to be
closed/syncd. For example, an LV cannot be removed if its corresponding file system is
mounted.
Transition statement — Let's see how to list LVs.

V5.2
Instructor Guide
Uempty
List all logical volumes by volume group

IBM Power Systems
## lsvg
lsvg -o
-o || lsvg
lsvg -i
-i –l
–l
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
datalv
datalv jfs2
jfs2 30
30 90
90 33 closed/syncd
closed/syncd N/A
N/A
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
open/syncd /var
/var
hd3
hd3 jfs
open/syncd /tmp
/tmp
hd1
hd1 jfs
open/syncd /home
/home
hd10opt
hd10opt jfs
open/syncd /opt
/opt
loglv00
loglv00 jfs2log
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 22 11 closed/syncd
closed/syncd /db2
/db2
Figure 8-31. List all logical volumes by volume group AN121.1
Notes:
From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses
lsvg -o to find out the active volume groups, and then lsvg -il to list the logical volumes
within them. The -i option of lsvg reads the list of volume groups from standard input.
Instructor Guide
Instructor notes:
Purpose — Show how to list all LVs by VG
Details — Do not spend too much time going through all the attributes. The students
should be familiar with this type of output.
Transition statement — Let's end the LV section by showing how to mirror an entire VG.

V5.2
Instructor Guide
Uempty
Mirroring volume groups

IBM Power Systems
• Mirroring rootvg is very important.

# smit mirrorvg mirrorvg rootvg hdisk1
Mirror Can be used

Mirror aa Volume
Volume Group
Group to mirror
any VG
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name rootvg
rootvg
Mirror
Mirror sync mode
sync mode [Foreground]
[Foreground] ++
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk1]
[hdisk1] ++
Number
Number of COPIES
of COPIES ofof each
each logical
logical 22 ++
partition
partition
Keep
Keep Quorum
Quorum Checking
Checking On?
On? no
no ++
Create
Create Exact LV
Exact LV Mapping?
Mapping? no
no ++
## bosboot
bosboot -a
-a -d
-d /dev/hdisk1
/dev/hdisk1
Additional
## bootlist
bootlist -m
-m normal
normal hdisk0
hdisk0 hdisk1
hdisk1 steps
required for
## shutdown rootvg
shutdown –Fr
–Fr (not
(not required
required with
with AIX6
AIX6 and
and later)
later)
Figure 8-32. Mirroring volume groups AN121.1
Notes:
The mirrorvg command takes all the logical volumes on a given volume group and
mirrors those logical volumes. This same functionality may also be accomplished manually
if you execute the mklvcopy command for each individual logical volume in a volume
group. As with mklvcopy, the target physical drives to be mirrored with data, must already
be members of the volume group.
When mirrorvg is executed, the default behavior of the command requires that the
synchronization of the mirrors must complete before the command returns to the user. If
you wish to avoid the delay, use the –S (background Sync) or -s (disable sync) option.
The default value of two copies is always used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking
On should be set to no. Otherwise, if a disk were to fail, the entire volume group would go
offline.
Instructor Guide
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to
achieve this. When mirroring rootvg there are additional steps to perform:
• Create a boot image on the mirrored disk, using bosboot command.
• Add the newly mirrored disk to the bootlist.
• Shut down and reboot the system.

V5.2
Instructor Guide

Purpose — Show how to mirror a VG
Details — Explain how to mirror a VG using the example in the visual. It is critical rootvg is
protected. In order to do this, in most cases it is mirrored. Stress the importance of the
additional steps which must be carried out when mirroring rootvg.
Transition statement — Let's now turn our attention to PVs.
Instructor Guide
Physical volumes
IBM Power Systems
PV1 Volume group PV2
1 1 4
4
2 3 2 3
7 7 10
10 8
8 9 9
13 13 16
16 14
14 15 19 15
19 22 22
20 21 20 21
25 25 28
28 26 27
26 27 31
31 34 34
32 32 33
35 33 35
38 38
36 36 37
41 37 41 44
44 42 43
42 43 47
47 50 50
48 49 48 49
Physical partitions
• Physical volume (PV)

– Hard disk, a virtual disk or a LUN
• Physical partition (PP)
– Smallest assignable unit of allocation on a physical disk
Figure 8-33. Physical volumes AN121.1
Notes:
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
Physical partitions (PP) must be the same size across an entire volume group. However,
there may be multiple volume groups on a single system, each with a different PP size.
The limitations for each type of volume group (original, big, and scalable) such as the
number of physical volumes and size of the physical partitions, was given in the last unit,
System Storage Overview.

V5.2
Instructor Guide

Purpose — Review physical volume and physical partition concepts before going into a
greater discussion on them
Details — Simply review the basic concepts.
Additional information — Refer back to the System Storage Overview unit if you need to
review the size limitations of the LVM components.
Transition statement — Let's look at what we can do with physical volumes through SMIT.
Instructor Guide
SMIT physical volumes menu

IBM Power Systems
# smit pv
Physical
Physical Volumes
Volumes
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Physical
Physical Volumes
Volumes inin System
System
Add a Disk
Add a Disk
Change
Change Characteristics
Characteristics of of aa Physical
Physical Volume
Volume
List Contents of a Physical Volume
List Contents of a Physical Volume
Move
Move Contents
Contents of
of aa Physical
Physical Volume
Volume
Figure 8-34. SMIT physical volumes menu AN121.1
Notes:
This is the top-level menu for physical volume. Each of these items is discussed in the
following pages.

V5.2
Instructor Guide

Purpose — Define the SMIT Physical Volumes screen.
Details — At a high level, review each of the items in turn.
Transition statement — Let's first see how to list PV information.
Instructor Guide
List physical volume information

IBM Power Systems
• List all physical volumes in the system.

## lspv
lspv
hdisk0
hdisk0 00cf2e7ff02c5fc4
00cf2e7ff02c5fc4 rootvg
rootvg active
active
hdisk1
hdisk1 00cf2e7f713ca357
00cf2e7f713ca357 None
None
hdisk2
hdisk2 00cf2e7fea693331
00cf2e7fea693331 datavg
datavg active
active
hdisk3
hdisk3 00cf2e7fea6a26e0
00cf2e7fea6a26e0 datavg
datavg active
active
hdisk4
hdisk4 00cf2e7fea6a318
00cf2e7fea6a318 datavg
datavg active
active
• List the attributes of a PV.

## lspv
lspv hdisk3
hdisk3
PHYSICAL
PHYSICAL VOLUME:
VOLUME: hdisk3
hdisk3 VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
PV
PV IDENTIFIER:
IDENTIFIER: 00cf2e7fea6a26e0
00cf2e7fea6a26e0
VG
VG IDENTIFIER
IDENTIFIER 00cf2e7f00004c000000011d68130bea
00cf2e7f00004c000000011d68130bea
PV
PV STATE:
STATE: active
active
STALE
STALE PARTITIONS:
PARTITIONS: 00 ALLOCATABLE:
ALLOCATABLE: yes
yes
PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s) LOGICAL
LOGICAL VOLUMES:
VOLUMES: 11
TOTAL
TOTAL PPs:
PPs: 511 (2044 megabytes)
511 (2044 megabytes) VG
VG DESCRIPTORS:
DESCRIPTORS: 11
FREE
FREE PPs:
PPs: 481
481 (1924
(1924 megabytes)
megabytes) HOT
HOT SPARE:
SPARE: no
no
USED
USED PPs:
PPs: 30 (120 megabytes)
30 (120 megabytes) MAX
MAX REQUEST:
REQUEST: 256K
256K
FREE
FREE DISTRIBUTION:
DISTRIBUTION: 103..72..102..102..102
103..72..102..102..102
USED
USED DISTRIBUTION:
DISTRIBUTION: 00..30..00..00..00
00..30..00..00..00
Figure 8-35. List physical volume information AN121.1
Notes:
From the smit pv fastpath, the List all Physical Volumes in System option uses
the undocumented command lspv | /usr/bin/awk {print$1}'' list the physical
volumes in the system.
The lspv command with no parameters can be used to list the physical volume name,
physical volume identifier, and volume group for all physical volumes in the system.
The lspv pvname command gives status information about the physical volume. The
most useful information here is:
• State (active or inactive)
• Number of physical partition copies that are stale (are not up to date with other copies)
• Total number of physical partitions
• Number of free physical partitions
• Distribution of free space on the physical volume

V5.2
Instructor Guide

Purpose — List physical volume information
Details — Review the details in the visual.
Transition statement — Let’s see how we can list logical volumes on a physical volume.
Instructor Guide
List logical volumes on a physical volume

IBM Power Systems
## lspv
lspv -l
-l hdisk0
hdisk0
hdisk0:
hdisk0:
LV
LV NAME
NAME LPs
LPs PPs
PPs DISTRIBUTION
DISTRIBUTION MOUNT
MOUNT POINT
POINT
hd2
hd2 35
35 35
35 00..00..03..20..12
00..00..03..20..12 /usr
/usr
hd9var
hd9var 55 55 00..05..00..00..00
00..05..00..00..00 /var
/var
hd8
hd8 11 11 00..00..01..00..00
00..00..01..00..00 N/A
N/A
hd4
hd4 15
15 15
15 00..00..15..00..00
00..00..15..00..00 //
hd5
hd5 11 11 01..00..00..00..00
01..00..00..00..00 N/A
N/A
hd6
hd6 88 88 00..08..00..00..00
00..08..00..00..00 N/A
N/A
hd10opt
hd10opt 44 44 04..00..00..00..00
04..00..00..00..00 /opt
/opt
hd3
hd3 33 33 00..03..00..00..00
00..03..00..00..00 /tmp
/tmp
hd1
hd1 11 11 00..01..00..00..00
00..01..00..00..00 /home
/home
hd11admin
hd11admin 22 22 00..02..00..00..00
00..02..00..00..00 /admin
/admin
fslv00
fslv00 22 22 02..00..00..00..00
02..00..00..00..00 /db2
/db2
loglv00
loglv00 11 11 00..01..00..00..00
00..01..00..00..00 N/A
N/A
Figure 8-36. List logical volumes on a physical volume AN121.1
Notes:
The lspv -l pvname command lists all the logical volumes on a physical volume
including the number of logical partitions, physical partitions, and distributions on the disk.

V5.2
Instructor Guide

Purpose — List the contents of the disk by listing the logical volumes on it
Details — Review the details in the visual.
Transition statement — Let's look at yet another option that can be used to obtain a more
detailed partition list.
Instructor Guide
List a physical volume partition map

IBM Power Systems
## lspv
lspv -p
-p hdisk0
hdisk0
hdisk0:
hdisk0:
PP
PP RANGE
RANGE STATE
STATE REGION
REGION LV
LV NAME
NAME TYPE
TYPE MOUNT
MOUNT POINT
POINT
1-1
1-1 used
used outer
outer edge
edge hd5
hd5 boot
boot N/A
N/A
2-14
2-14 free
free outer
outer edge
edge
15-16
15-16 used
used outer
outer edge
edge fslv00
fslv00 jfs2
jfs2 /db2
/db2
17-20
17-20 used
used outer
outer edge
edge hd10opt
hd10opt jfs2
jfs2 /opt
/opt
21-28
21-28 used
used outer
outer middle
middle hd6
hd6 paging
paging N/A
N/A
29-29
29-29 used
used outer
outer middle
middle loglv00
loglv00 jfs2log
jfs2log N/A
N/A
30-31
30-31 used
used outer
outer middle
middle hd11admin
hd11admin jfs2
jfs2 /admin
/admin
32-32
32-32 used
used outer
outer middle
middle hd1
hd1 jfs2
jfs2 /home
/home
33-35
33-35 used
used outer
outer middle
middle hd3
hd3 jfs2
jfs2 /tmp
/tmp
36-40
36-40 used
used outer
outer middle
middle hd9var
hd9var jfs2
jfs2 /var
/var
41-41
41-41 used
used center
center hd8
hd8 jfslog
jfslog N/A
N/A
42-56
42-56 used
used center
center hd4
hd4 jfs2
jfs2 //
57-59
57-59 used
used center
center hd2
hd2 jfs2
jfs2 /usr
/usr
60-79
60-79 used
used inner
inner middle
middle hd2
hd2 jfs2
jfs2 /usr
/usr
80-91
80-91 used
used inner
inner edge
edge hd2
hd2 jfs2
jfs2 /usr
/usr
92-99
92-99 free
free inner
inner edge
edge
Figure 8-37. List a physical volume partition map AN121.1
Notes:
The lspv -p pvname command lists all the logical volumes on a disk, and the physical
partitions to which its logical partitions are mapped. It is listed in physical partition order and
shows what partitions are free and which are used, as well as the location; that is, center,
outer middle, outer edge, inner edge, and inner middle.

V5.2
Instructor Guide

Purpose — List the physical partitions of a physical volume.
Details — The output from this command shows, on a granular level, which physical
partitions are being used for specific logical volumes. From this listing, you can tell how
much fragmentation you have on your system, and where free physical partitions are
located.
Transition statement — Let's see now how disks can be added to the system.
Instructor Guide
Add or move contents of physical volumes

IBM Power Systems
• Today, virtually all disks are configured to AIX through

configuration manager (cfgmgr).
• Move the contents of a physical volume:
migratepv [ -l lvname ] sourcePV targetPV ..
## migratepv
migratepv -l
-l lv02
lv02 hdisk0
hdisk0 hdisk6
hdisk6
Figure 8-38. Add or move contents of physical volumes AN121.1
Notes:
Although there is an option in SMIT to add a physical volume to the system SMIT >
Devices > Add a Disk, in reality the use of this function is not required. Today,
virtually all disks can be configured to AIX using the configuration manager (cfgmgr).
Preparation to remove a physical device
The migratepv command can be used to move all partitions, or partitions from a
selected logical volume, from one physical volume, to one or more other physical
volumes in the same volume group. This would be used if the physical volume is about
to be taken out of service and removed from the machine or to balance disk usage.

V5.2
Instructor Guide

Purpose — Discuss how to add a disk to the system, and move the contents of it from one
disk to the other
Details — To configure disks to AIX, all one needs to do is run cfgmgr. For SCSI and SAS
disk, the drivers are already part of the BOS. For higher end IBM FC storage solutions,
EMC and Hitachi disks device driver S/W (inc. multi-pathing S/W), must be loaded onto the
system first prior to configuration.
Transition statement — Let's look at commands that help you to document your disk
storage setup.
Instructor Guide
Documenting the disk storage setup

IBM Power Systems
• List the volume groups:

# lsvg
• List the disks on the system (PVID and volume group):

# lspv
• List which logical volumes are contained in each volume

group:
# lsvg -l vgname
• List the logical volumes on each disk:

# lspv -l pvname
Figure 8-39. Documenting the disk storage setup AN121.1
Notes:
It is important to have your storage information readily available in case you have a
problem with your system, or in the very worst case, a system crashes. The commands in
the visual help you to get this information.

V5.2
Instructor Guide

Purpose — Document storage setup
Details — Encourage the students to have this information readily available in case they
have a problem with their system or in the very worst case, a system crashes.
You could also mention having a copy of /etc/filesystems, although this file has not yet
been discussed.
Transition statement — Before we summarize, let's consider a few questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. True or False: A logical volume can span more than one

physical volume.

volume group.
3. True or False: The contents of a physical volume can be

divided between two volume groups.
4. True or False: If mirroring logical volumes, it is not necessary

to perform a backup.
5. True or False: SMIT can be used to easily increase or decrease

the size of an enhanced JFS filesystem.
6. True or False: Striping can be combined with mirroring to

provide increased performance and availability.
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

physical volume.
volume group.
4. True or False: If mirroring logical volumes, it is not
necessary to perform a backup. False. You still need to
back up to external media.
5. True or False: SMIT can be used to easily increase or
decrease the size of an enhanced JFS filesystem.
provide increased performance and availability
Instructor Guide
Exercise 8
IBM Power Systems
Working with LVM
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Unit summary
IBM Power Systems
• Explain how to work with the Logical Volume Manager

– Volume groups
– Logical volumes
– Mirroring
– Striping
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide

V5.2
Instructor Guide
Uempty Unit 9. File systems administration
Estimated time
01:30

This unit covers important concepts and procedures related to AIX file
systems.

• Identify the components of an AIX file system
• Work with enhanced Journaled file systems
• Add, list, change, and delete
• Monitor file system disk space usage
• Manage file system growth and control growing files
• Implement basic file system integrity checks

Accountability:
• Exercise
References
Online AIX Version 6.1 Operating system and device
management
AIX Version 6.1 File Reference
following address:
© Copyright IBM Corp. 2009 Unit 9. File systems administration 9-1

Instructor Guide
Unit objectives
IBM Power Systems

– Add, list, change, and delete
Notes:

V5.2
Instructor Guide

Purpose — Explain how to work with filesystems
Details — After completing this topic, students should be able to:
- Add, list, change, and delete
Additional information — JFS2 will be the main focus of this unit.
Transition statement — Let's start by providing an overview of Journaled file systems.

Instructor Guide
Journaled file system support in AIX

IBM Power Systems
• Two types supported:

– Journaled File System (JFS)
– Enhanced JFS, commonly referred to as JFS2
• JFS is the original AIX file system.
• JFS2 was introduced in AIX 5.1 and is now the default file
system (since AIX 5.3).
• Journaling:
– Before writing actual data, a journaling file system logs the metadata
to a circular JFS log on disk.
– In the event of an OS crash, journaling restores consistency by
processing the information in the JFS log file.
• There is no migration path from JFS to JFS2.
– Conversion can only be achieved through backup and restore.
Figure 9-2. Journaled file system support in AIX AN121.1
Notes:
Journaled File Systems (JFS)
JFS was developed for transaction-oriented, high performance Power Systems. JFS is
both saleable and robust. One of the key features of the file system is logging. JFS is a
recoverable file system, which ensures that if the system fails during power outage, or
system crash, no file system transactions will be left in an inconsistent state.
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully
utilize the JFS2 features, the following steps are necessary:
1. Backup JFS file system data.
2. Create new JFS2 file systems.
3. Restore JFS file system data to new JFS2 file systems.

V5.2
Instructor Guide

Purpose — Provide an introduction to JFS
Details — Introduce JFS filesystems.
Go through the basic introduction points in the visual. Students may wonder what a
Journaled file system is as opposed to a regular file system. Provide an overview of
Journaling. Point out that only the file system metadata is journaled to a JFS log on disk.
Transition statement — Let us address the advantages of JFS2.

Instructor Guide
Advantages of enhanced JFS (JFS2)

IBM Power Systems
• Increased performance
• Increased flexibility
– Filesystems can be dynamically increased and decreased.
– Support for larger enabled filesystems
– Internal or external JFS logging
– Data encryption
– Support for snapshots
Figure 9-3. Advantages of enhanced JFS (JFS2) AN121.1
Notes:
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
JFS filesystems:
• Cannot be dynamically decreased
• Can only support large files, greater than 2GB, if created in a special large enabled
filesystem
- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2
• Only support external JFS logging
• Have no support for data encryption or snapshots. A snapshot is a point-in-time image,
like a photograph, of a JFS2 file system

V5.2
Instructor Guide

Purpose — Highlight the JFS2 advantages over regular JFS
Details — Using the visual and notes, provide an overview of the advantages of JFS2 over
JFS.
Transition statement — Let us define the key elements which make up the structure of a
JFS2 file system.

Instructor Guide
JFS2 structural components

IBM Power Systems
• Superblock
– The superblock maintains information about the entire file
system.
• i-nodes
– Each file and directory has an i-node that contains access
information such as file type, access permissions, owner's ID,
and number of links to that file.
• Data blocks
– Contains file data
– Each file system has a user settable fixed block size attribute
• 512, 1024, 2048, or 4096 bytes
• Allocation maps
– Record the location and allocation of all i-nodes and the
allocation state of each data block.
• Allocation groups
– Responsible for dividing the file system space into chunks so
related data blocks and i-nodes can be clustered together to
achieve good locality
Figure 9-4. JFS2 structural components AN121.1
Notes:
Superblock
The first addressable logical block on the file system is the superblock. The superblock
contains information such as the file system name, size, number of inodes, and date/time
of creation. The superblock is critical to the file system and, if corrupted, prevents the file
system from mounting. For this reason, a backup copy of the superblock is always written
in block 31.
Inodes
Each file and directory has an associated i-node which contains metadata such as
ownership and access times. JFS2 allocates i-nodes, as required.
Data blocks
An individual file within a file system, by default, has units allocated to it in blocks of 4096
bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A smaller
block size uses less disk space for small files, but may degrade performance. Some AIX

V5.2
Instructor Guide
Uempty commands often report file sizes in units of 512 bytes, to remain compatible with other
UNIX file systems. This is independent of the actual unit of allocation.
Allocation maps
A JFS2 file system has two allocation maps:
• The i-node allocation map records the location and allocation of all i-nodes in the file
system.
• The block allocation map records the allocation state of each file system block.
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow
JFS2 allocation policies to use well-known methods for achieving optimum I/O
performance. The allocation policies try to cluster related disk blocks and disk i-nodes to
achieve good locality for the disk, as files are often read and written sequentially, and the
files within a directory are often accessed together.

Instructor Guide
Instructor notes:
Purpose — Describe the key elements of a JFS2 file system structure.
Details — Introduce the basic file system elements as detailed on the visual and notes.
Keep the details simple. The two key elements to focus on are i-nodes and data blocks.
Transition statement — Let's see how we can view inode information and query the block
size of a file system.

V5.2
Instructor Guide
Uempty
Listing i-node and block size information

IBM Power Systems
• To view i-node information:

## ls
ls -li
-li
total 3
total 3
12309 -rw-r----- 1 adminusr security 119 12 Feb 19:43 datafile1
12309 -rw-r----- 1 adminusr security 119 12 Feb 19:43 datafile1
12307 -rwxr----- 1 adminusr security 254 27 Jan 18:19 .profile
12307 -rwxr----- 1 adminusr security 254 27 Jan 18:19 .profile
12308 -rw------- 1 adminusr security 156 28 Jan 14:31 .sh_history
12308 -rw------- 1 adminusr security 156 28 Jan 14:31 .sh_history
## istat
istat datafile1
datafile1
Inode 12309 on device 10/8 File
Inode 12309 on device 10/8 File i-node
Protection: rw-r-----
Protection: rw-r----- number
Owner: 211(adminusr) Group: 7(security)
Owner: 211(adminusr) Group: 7(security)
Link count: 1 Length 119 bytes
Link count: 1 Length 119 bytes
Last updated: Thu 12 Feb 19:44:09 2009
Last updated: Thu 12 Feb 19:44:09 2009
Last modified: Thu 12 Feb 19:43:42 2009
Last modified: Thu 12 Feb 19:43:42 2009
Last accessed: Thu 12 Feb 19:43:42 2009
Last accessed: Thu 12 Feb 19:43:42 2009
• To view file system block size information:

## lsfs
lsfs –cq
–cq /data
/data
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct Block size.
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct
/data:/dev/fslv00:jfs2:::204800:rw:no:no
/data:/dev/fslv00:jfs2:::204800:rw:no:no (Some output
(lv size 204800:fs size 204800:block size 4096
(lv size 204800:fs size 204800:block size 4096 removed for
clarity.)
Figure 9-5. Listing i-node and block size information AN121.1
Notes:
The istat command can be used to display the i-node information for a particular file or
directory. You can specify the file either by providing a file or directory name, or by
providing an i-node number using the –i flag. I-node numbers can be discovered using the
–i flag with the ls command.
The file system block size information can be discovered using the lsfs command.

Instructor Guide
Instructor notes:
Purpose — Show how to view i-node information and block size for a particular file system
Details — Go through the examples on the visual.
Additional information — There are many ways to view file system information. The
fsdb command is the most comprehensive way to view the file system structure and data.
However, this command is beyond the scope of this class.
Transition statement — Let us look at how we can create a JFS2 file system.

V5.2
Instructor Guide
Uempty
Creating a JFS2 file system (1 of 2)

IBM Power Systems
# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G –m /data
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name datavg
datavg
SIZE
SIZE of file
of file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
** Number
Number of
of units
units [1]
[1] ##
** MOUNT POINT
MOUNT POINT [/data]
[/data]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? No
No ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? no
no ++
Figure 9-6. Creating a JFS2 file system (1 of 2) AN121.1
Notes:
The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume
group: datavg. The creation is done by the crfs command.
In this example, the crfs command will create a file system on a new logical volume,
within a previously created volume group. An entry for the file system is put into the
/etc/filesystems file.
For further information, see the crfs man page.

Instructor Guide
Instructor notes:
Purpose — Describe how to create a JFS2 file system
Details — This visual shows how to create an enhanced journaled file system. The logical
volume is automatically created.
Walk through the command and the SMIT options in blue. Cover any further options at your
discretion.
Additional information — It may be prudent to provide a demo to students of the high
level FS and JFS2 SMIT panels. Log in to an AIX system and briefly show them:
• smitty fs
• smitty jfs2
Transition statement — Let's see this command in action, as it would be used by a
system administrator.

V5.2
Instructor Guide
Uempty
Creating a JFS2 file system (2 of 2)

IBM Power Systems
• When the file system is created, the lsfs command will display
the characteristics of the file system.
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data
File system created successfully.
File system created successfully.
1048340
1048340 kilobytes
kilobytes total
total disk
disk space.
space.
New File System size is 2097152
New File System size is 2097152
## lsfs
lsfs /data
/data
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto
/dev/fslv00
/dev/fslv00 --
-- /data
/data jfs2
jfs2 2097152 --
2097152 -- no
no
## lsvg
lsvg -l
-l datavg
datavg
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT
POINT
POINT
loglv00
loglv00 jfs2log
closed/syncd N/A
N/A
fslv00
fslv00 jfs2
jfs2 256
256 256
256 11 closed/syncd
closed/syncd /data
/data
JFS log automatically

created, 1 LP in size
(if one does not already
exist) for the VG.
Figure 9-7. Creating a JFS2 file system (2 of 2) AN121.1
Notes:
The visual shows the actual creation of the /data file system shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
Prior to the creation of the file system, the contents of the datavg volume group were
empty. We can see two logical volumes created, loglv and fslv00. The loglv volume acts
as the JFS log for both the /data file system and by default any other file systems that will
be created. In creating a file system this way the underlying logical volume is created using
default options. Often it is preferable to first create the logical volume (using custom values)
and then create the file system on top. We shall see this procedure later in the unit.

Instructor Guide
Instructor notes:
Purpose — Show the creation of a JFS2 file system, its characteristics and the underlying
logical volumes
Details — This visual shows the actual creation of a JFS2 file system. Explain the details
provided in the notes.
Transition statement — After creating a file system, we have to mount it to make it
available. Let us see this process and the associated stanza in /etc/filesystems.

V5.2
Instructor Guide
Uempty
Mounting a file system and the /etc/filesystems file

IBM Power Systems
• When a file system is created, the device and mount point

information is stored in the /etc/filesystems file.
## grep
grep -p
-p /data
/data /etc/filesystems
/etc/filesystems
/data:
/data:
dev
dev == /dev/fslv00
/dev/fslv00
vfs
vfs == jfs2
jfs2
log
log == /dev/loglv00
/dev/loglv00
mount
mount == false
false
account
account == false
false
The mount command reads the

stanza in the
/etc/filesystems file, so
## mount only the mount point is
mount /data
/data required.
## mount
mount |egrep
|egrep '(/data|node)'
'(/data|node)'
node mounted
node mounted mounted
mounted over
over vfs
vfs date
date options
options
/dev/fslv00 /data
/dev/fslv00 /data jfs2
jfs2 13
13 Feb 10:32 rw,log=/dev/loglv00
Feb 10:32 rw,log=/dev/loglv00
Figure 9-8. Mounting a file system and the /etc/filesystems file AN121.1
Notes:
Upon creation of a file system, a stanza in appended to the /etc/filesystems file.
The stanza includes:
• The device (dev) which is the underlying logical volume
• The virtual file system type (vfs)
• The path to the JFS log device (log)
• Whether the file system should be mounted at system start time (mount) and processed
by the AIX accounting system (account).
Before the filesystem can be used it must first be mounted, using the mount command. As
there is a stanza in the /etc/filesystems file, the only parameter required is the name of the
file system. The mount command with no options, will display all file systems which are
currently mounted and available for use.

Instructor Guide
Instructor notes:
Purpose — Show how to make a file system available for use.
Details — Explain the stanza in the /etc/filesystems file for the /data file system, and how
the file system is mounted.
Transition statement — Let us define the JFS logging options for JFS2 file systems.

V5.2
Instructor Guide
Uempty
JFS2 logging options

IBM Power Systems
• For JFS2 file systems, there are three logging options:

– Use the global JFS log for the volume group.
– Create a specific JFS log for each file system.
• 1 LP in size
• Format the log using the logform command.
## mklv
mklv –y
–y my_jfs2_log
my_jfs2_log –t
–t jfs2log
jfs2log datavg
datavg 11
## logform
logform /dev/my_jfs2_log
/dev/my_jfs2_log
logform:
logform: destroy
destroy /dev/rmy_jfs2_log
/dev/rmy_jfs2_log (y)?y
(y)?y
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=my_jfs2_log
logname=my_jfs2_log
– Create an inline log inside the file system.

• 0.4% of the file system space will be reserved for this option.
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=INLINE
logname=INLINE //
-a logsize=<value in
-a logsize=<value in MB> MB>
Figure 9-9. JFS2 logging options AN121.1
Notes:
As we have seen by default, a JFS log file is created when the first file system is created in
a volume group. This JFS log will act as the global logging device for all file systems,
unless:
• A specific external log is created for each file systems in the volume group. This
approach has several advantages. It will aide performance and availability. If the
logging device were to become corrupt, it would only affect the associated file system.
• The JFS log device is internal to the filesystem (inline). This saves time having to
create, format, and manage a separate JFS log volume. Inline logging is only available
with JFS2 file systems.

Instructor Guide
Instructor notes:
Purpose — Explain the three JFS logging options for JFS2 file systems
Details — Go through the examples in the visual and details in the notes. You may want to
go back to the “create file system” SMIT screen, and highlight the JFS logging fields.
Transition statement — Now let's look at creating a JFS2 file system on top of an existing
LV.

V5.2
Instructor Guide
Uempty
Creating a file system on a previously defined logical
volume
IBM Power Systems
# smit crfs_j2
# crfs -v jfs2 –d lv_for_data –m /data2 –A yes
Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name lv_for_data
lv_for_data ++
** MOUNT POINT
MOUNT POINT [/data2]
[/data2]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? yes
yes ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? No
No ++
Figure 9-10. Creating a file system on a previously defined logical volume AN121.1
Notes:
Adding a file system to a previously created logical volume provides greater control over
where the file system will reside on disk and provides options for availability and
performance. When creating file systems in highly available environments (for example,
using PowerHA or Veritas Cluster Services), one should always follow this method. On
creation, the size of the filesystem is set to the size of the logical volume. For example, if
the PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then
the size of the file system would be (4 x 64MB) 256MB.
After the file system is created:
• If the logical volume is expanded, the size of the file system is not increased.
• The underlying logical volume policies can be dynamically changed. However, there will
be a performance hit, especially for large file systems.

Instructor Guide
Instructor notes:
Purpose — Show how to add a JFS2 file system on an existing logical volume.
Details — This visual shows the SMIT menu for creating a standard enhanced journaled
file system on a previously defined logical volume.
Walk through the command and the SMIT options in blue. Cover any further options at your
discretion.
Transition statement — Now we can create and mount file systems, let's see how we can
both increase and shrink a file system size.

V5.2
Instructor Guide
Uempty
Changing the size of a JFS2 file system

IBM Power Systems
• To increase the size of a file system:

## chfs
chfs -a
-a size=+1G
size=+1G /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 2179072
2179072
• To shrink the size of a file system:

## chfs
chfs -a
-a size=-500M
size=-500M /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 1155072
1155072
• Using SMIT: # smit chjfs2

Change
Change // Show
Show Characteristics
Characteristics of
of an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
File
File system
system name
name /data2
/data2
NEW
NEW mount point
mount point [/data2]
[/data2]
SIZE
SIZE of
of file
file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
Number
Number of
of units
units [10]
[10] ##
Note:
Note: Advanced
Advanced options
options removed.
removed.
Figure 9-11. Changing the size of a JFS2 file system AN121.1
Notes:
JFS2 file systems can be dynamically increased or decreased in size (subject to available
space and LVM rules). You can either choose to increase or decrease by a set amount,
using + or – options respectively, or by providing a specific set number, as shown in the
SMIT example.

Instructor Guide
Instructor notes:
Purpose — Show how to dynamically increase and shrink a JFS2 file system
Details — Refer to the visual and student notes.
Transition statement — Now that we have looked at creating and modifying our file
systems, let us look at how we remove then.

V5.2
Instructor Guide
Uempty
Removing a JFS2 file system

IBM Power Systems
• The file system must first be unmounted.

• Using SMIT: # smitty rmfs2
# rmfs /data2
Remove
Remove an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
** FILE
FILE SYSTEM
SYSTEM name
name /data2
/data2 ++
Remove
Remove Mount
Mount Point
Point no
no ++
Figure 9-12. Removing a JFS2 file system AN121.1
Notes:
Ways to remove a file system
The rmfs command or SMIT can be used to remove a file system.
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this
cannot be done if the file system is in use, that is, some user or process is using the file
system or has it as a current directory.
Effects of using rmfs command
The rmfs command removes any information for the file system from the ODM and
/etc/filesystems. When the file system is removed, the logical volume on which it resides
is also removed.

Instructor Guide
Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
• r Removes the mountpoint of the file system
• i Displays warning and prompts the user before removing the file system

V5.2
Instructor Guide

Purpose — Explain how to remove a file system
Details — This operation is supported through SMIT. You can specify removal of the mount
point (the directory) as well. However, this is only possible if the directory is empty.
Transition statement — Let's talk about file system space management issues.

Instructor Guide
File system space management

IBM Power Systems
• File systems expand upon notice, not automatically.

• To keep from running into problems:
– Monitor file system growth
– Determine causes
– Control growing files
– Manage file system space usage
– Control user disk usage
– Block size considerations
– Fragmentation considerations
Figure 9-13. File system space management AN121.1
Notes:
The Resource Monitoring and Control (RMC) subsystem
You can also use the Resource Monitoring and Control (RMC) subsystem that is based on
the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based System
Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.

V5.2
Instructor Guide

Purpose — Introduce key concepts regarding management of file system usage
Details — Ensure students understand the importance of managing file system usage. If a
file system fills up, typically there is no warning to the end user or program. Sometimes you
end up with unpredictable results, such as the case when data blocks are gone but
directory space is not. You may have created a file, and the file exists, but it has zero
length, because there are no more data blocks available. This is why it is so important to
monitor the status of the file systems.
Transition statement — Now that you have explored the steps necessary to monitor our
file systems, let's take a closer look at how we can list file system usage.

Instructor Guide
Listing file system utilization

IBM Power Systems
• The df command displays information about total space and

available space on a file system.
# df [-k] [-m] [-g]
## df
df -g
-g
Filesystem
Filesystem GB
GB blocks
blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
/dev/hd4
/dev/hd4 1.44
1.44 1.10
1.10 24%24% 9896
9896 2% /
2% /
/dev/hd2
/dev/hd2 2.50
2.50 0.10
0.10 97%97% 49616
49616 8%
8% /usr
/usr
/dev/hd9var
/dev/hd9var 0.31
0.31 0.24
0.24 25%25% 1308
1308 2%
2% /var
/var
/dev/hd3
/dev/hd3 0.12
0.12 0.12
0.12 6%
6% 128
128 1%
1% /tmp
/tmp
/proc
/proc -- -- -- -- -- /proc
/proc
/dev/hd10opt
/dev/hd10opt 0.25
0.25 0.03
0.03 88%88% 4567
4567 7%
7% /opt
/opt
/dev/fslv00
/dev/fslv00 8.00
8.00 1.40
1.40 83%83% 6888
6888 3%
3% /export
/export
/dev/fslv01
/dev/fslv01 9.00
9.00 2.33
2.33 75%75% 4059
4059 1%
1% /aix
/aix
/dev/lv00
/dev/lv00 0.12
0.12 0.12
0.12 4%
4% 20
20 1%
1% /audit
/audit
/dev/hd11admin
/dev/hd11admin 0.12
0.12 0.12
0.12 4%
4% 18
18 1%
1% /admin
/admin
/dev/hd1
/dev/hd1 0.62
0.62 0.16
0.16 75%75% 270
270 1%
1% /home
/home
grumpy:/nimback
grumpy:/nimback 25.00
25.00 3.26
3.26 87%87% 99 1%
1% /mnt
/mnt
Figure 9-14. Listing file system utilization AN121.1
Notes:
Importance of the df command
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in
a file system (especially / or /tmp), system corruption could occur.
Useful df command flags
A number of flags (options) can be used with the df command. Some of the most useful of
these flags are shown below:
-i Displays the number of free and used i-nodes for the file system; this output is
the default when the specified file system is mounted
-I Displays information on the total number of blocks, the used space, the free
space, the percentage of used space, and the mount point for the file system
-k Displays statistics in units of 1024-byte blocks
-m Displays statistics in units of MB blocks
-g Displays statistics in units of GB blocks

V5.2
Instructor Guide

Purpose — Show how to identify a file system space usage
Details — Introduce the df command.
Additional information — Ensure the students understand the difference between
capacity planning on a file system versus capacity planning for a disk. For example, a file
system may be 100% full, but there may be plenty of additional physical partitions available
on disk, so you could easily expand the file system.
Transition statement — Let's see a basic example of using the df command in a script to
warn against file systems becoming full.

Instructor Guide
Monitoring file system growth

IBM Power Systems
• A simple script using the df command, which can be run at

regular intervals to warn against file systems becoming full
#!/bin/ksh
#!/bin/ksh
df
df || egrep
egrep -v
-v '(used|proc)'
'(used|proc)' || awk
awk '{print
'{print $4"
$4" "$7}'
"$7}' \\
|| sed 's:%::g' | while read
sed 's:%::g' | while read LINELINE
do
do
PERC=ècho
PERC=ècho $LINE
$LINE || awk
awk '{print
'{print $1}'`
$1}'`
FILESYSTEM=ècho
FILESYSTEM=ècho $LINE | awk
$LINE | awk '{print
'{print $2}'`
$2}'`
if
if [[ $PERC
$PERC -gt
-gt 70
70 ]]
then
then
mail
mail -s
-s "Filesystem
"Filesystem check
check on
on box:
box: `hostname`"
`hostname`" \\
admin@ibm.com <<
admin@ibm.com << EOFEOF
$FILESYSTEM
$FILESYSTEM is is $PERC%
$PERC% full,
full, please
please check
check
EOF
EOF
fi
fi
done
done
Figure 9-15. Monitoring file system growth AN121.1
Notes:
The need to monitor file system growth
Although AIX provides for dynamic expansion of a file system, it does not expand the file
system on the fly. The system administrator must continually monitor file system growth
and expand file systems as required before they get full. If a file system becomes 100% full,
then the users receive out of space messages when they try to extend files.
Regular use of the df command
One useful technique is to run the df command through cron, the job scheduler, to perform
a regular check of the space available in the file system and produce a report. cron is
covered in a later unit.

V5.2
Instructor Guide

Purpose — Show a basic script example using the df command to monitor file system
growth
Details — The visual shows a very simple script which can be run automatically through
cron to warn (through email) when file systems become more than 70% full.
The key line is the first df statement. We parse out the used header and the proc file
system, then store the percentage used and the file system name values. A simple check is
performed to determine if the percentage used value is greater than 70%, and if so, an
email is generated warning the administrator.
Transition statement — Let's see how we can list disk usage using the du command to
help locate files that might be filling a file system.

Instructor Guide
Listing disk usage

IBM Power Systems
• The du command lists the number of blocks used by a file or a

directory.
/export
/export ## du
du -sg
-sg ..
6.59 .
6.59 .
/export
/export ## du
du gethmc.sh
gethmc.sh
88 FirstBoot.sh
FirstBoot.sh
/export
/export ## du
du –sm
–sm ** || sort
sort -rn
-rn
2131.16
2131.16 mksysbaix53
mksysbaix53
1846.36
1846.36 mksysbaix61
mksysbaix61
1373.11
1373.11 mksysbaix61.light
mksysbaix61.light
248.52
248.52 spot
spot
0.01
0.01 nim
nim
0.01
0.01 bosinst.data
bosinst.data
0.00
0.00 FirstBoot.sh
FirstBoot.sh
0.00
0.00 BUILD.sh
BUILD.sh
Figure 9-16. Listing disk usage AN121.1
Notes:
Use of the du command
There may be a number of files or users that are causing the increased use of space in a
particular file system. The du command helps to determine which files, users, or both, are
causing the problem.
Specifying the units du should use
By default, du gives size information in 512-byte blocks. Use the -k option to display sizes
in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option to
display sizes in 1 GB units.
Specifying output by file
By default, du gives information by directory. With the -a option, output is displayed by file,
rather than by directory.

V5.2
Instructor Guide
Uempty Using du in conjunction with sort

If the output of du is sorted numerically and in descending order (using the -n and –r flags
of the sort command) by the value in the first column, this output can be an aid in
determining which files/directories are the largest. Then using an ls -l, you can determine
the file/directory's owner.
The -x flag
The -x flag/option is also very useful. When you use du -ax, the report only shows
information from the specified file system. This is the best way to determine what file is
filling a particular file system.
Using the find command to locate large files
The find command is useful for locating files that are over a certain size. For example, to
find all files that contain more than 1 000 000 characters, and then list them, use the
following command:
# find / -size +1000000c -exec ls -l {} ;

Instructor Guide
Instructor notes:
Purpose — Explain how to list disk usage
Details — The first example shows the entire space used (in GB) in the /export directory.
The second example shows a du listing of an individual file (in 512 bytes blocks). The final
example is useful for listing the list and directory sizes from the current directory. Note that
the disk usage command is piped into the sort command.
Transition statement — Let's identify some common files which grow.

V5.2
Instructor Guide
Uempty
Control growing files

IBM Power Systems
• /var/adm/wtmp
• /etc/security/failedlogin
• /var/adm/sulog
• /var/spool/*/*
• /var/tmp/*
• $HOME/smit*
• $HOME/websm*
Figure 9-17. Control growing files AN121.1
Notes:
Managing files that grow
Growing files should be monitored and cleaned out periodically. Some of the files that grow
are listed on the visual.
Records of login activity
The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are needed
because they contain historical data regarding login activity. Thus, these files should
always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp is
kept to a reasonable size. If accounting is not turned on, to capture the data to archive it,
use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to a
save file. Then, the log file can be purged by overwriting it with a null string. Two ways of
overwriting a log file in this way are illustrated in the following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp

Instructor Guide
Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try
to clear the queuing subsystem by executing the following commands:
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
rm /var/spool/qdaemon/*
startsrc -s qdaemon
Records of SMIT and Web-based System Manager activity
Files such as smit.log and websm.log in the home directory of the root user, and other
system administration accounts, can also become quite large. These files need to be
monitored regularly and managed appropriately.

V5.2
Instructor Guide

Purpose — Identify common types of files that grow uncontrollably. The system
administrator may want to control these on an ongoing basis.
Details — The files listed tend to grow quite large and need to be cleaned out periodically.
For example, when you do a mksysb backup through SMIT, your smit.log file grows very
large and needs to be reduced or totally erased after the operation.
Transition statement — There is a tool to help monitor these and other files that need a
periodic clean-up. Let's take a look at skulker.

Instructor Guide
The skulker command

IBM Power Systems
• The skulker command cleans up file systems by removing

unwanted or obsolete files.
• Candidate files include:
– Files older than a selected age
– Files in the /tmp, /var/spool, /var/tmp, /var/news directories
– a.out, *.bak, core, ed.hup files
• skulker is normally invoked daily by the cron command as

part of the crontab file of the root user.
– Disabled by default
• Modify the skulker shell script to suit local needs for the
removal of files.
– Test carefully !!
Figure 9-18. The skulker command AN121.1
Notes:
Function of the skulker command
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are
executed by each entry, print out or view the contents of the /usr/sbin/skulker file.
Concerns related to skulker
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to
use an old version of skulker. In addition, the skulker shell script is moderately complex.
When making modifications, you should make a copy of the shell script first - just in case!
Note that if skulker is modified, or if it is used on the incorrect version of the operating
system, it ceases to be a supported component of AIX.
Note: The skulker is disabled by default.

V5.2
Instructor Guide

Purpose — Discuss the skulker command
Details — Point out that this is an example of a task that is typically invoked periodically
(by cron).
skulker is a shell script that is shipped with AIX BOS and performs useful clean ups of the
system, removing temporary and junk files. As a template, it is suited to the operating
system at the level on which it was installed. If the operating system has been upgraded or
modified, it may be inadvisable to use an old version of skulker. The skulker shell script is
moderately complex. When making modifications, make a copy of the shell script first, just
in case!
Transition statement — If a file system is to store lots a small files, it is possible for this
file system to fill up but contain lots of free space. Let's discuss the considerations
surrounding block size.

Instructor Guide
Block size considerations

IBM Power Systems
• Default block size for a JFS2 filesystem is 4K

– Possible values are: 512, 1024, 2048, 4096 bytes
• If a directory structure is to contain many small files, it is
beneficial to store them in a separate file system with a small
block size.
– Otherwise, the file system may fill up and still contain lots of free
space.
4096 bytes 4096 bytes
2000 bytes 2000 bytes
1024 1024 1024 1024
This free space cannot These free blocks can

be used by another file. be used by other files.
Figure 9-19. Block size considerations AN121.1
Notes:
Benefits of a small block size
In JFS, as many whole blocks as necessary are used to store a file or directory's data.
Consider that we have chosen to use a block size of 4 KB, and we are attempting to store
file data which only partially fills a block. Potentially, the amount of unused or wasted space
in the partially filled block can be quite high. For example, if only 500 bytes are stored in
this block, then 3596 bytes are wasted. However, if a smaller block size, say 512 bytes,
was used, the amount of wasted disk space would be greatly reduced - to only 12 bytes. It
is, therefore, better to use small block sizes, if efficient use of available disk space is
required, in a filesystem which will consist of lots of small files.
Adverse effects of a small block size
Although small block sizes can be beneficial in reducing wasted disk space, they can have
an adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4 KB, only
one disk I/O operation would be required to either read or write the file. If the choice of the
block size was 512 bytes, a 4 KB file would only be allocated a 4 KB block if one were
available. If a single 4 KB block were not available, 512 byte blocks would be used, with a

V5.2
Instructor Guide
Uempty potential to allocate eight blocks for this file. For a read or write to complete, several
additional disk I/O operations (disk seeks, data transfers, and allocation activity) would be
required. Therefore, for file systems which use a block size of 4 KB, the number of disk I/O
operations are far less, than file systems which employ a smaller block size.

Instructor Guide
Instructor notes:
Purpose — Discuss considerations related to file system block size
Details — Although there is a distinct advantage in providing this enhancement for
ensuring optimal disk space utilization, this can sometimes be at the expense of
performance.
Transition statement — Over time, data can become fragmented. Let's discuss the
considerations of data fragmentation.

V5.2
Instructor Guide
Uempty
Fragmentation considerations
IBM Power Systems
• Over time, due to data relocation, extensions, reductions, and

deletions, contiguous free space can run out and data can
become fragmented.
File system
Used block
Free block
FileA
• There are three options to deal with this situation.

– Try to increases a file system’s contiguous free space using the
defragfs command.
– Backup, delete, recreate the file system and restore the data.
– Create a new file system and migrate the data.
Figure 9-20. Fragmentation considerations AN121.1
Notes:
Irrespective of the block size, over time data can become fragmented on disk. The defragfs
command will attempt to increases a file system's contiguous free space by reorganizing
free block allocations to be contiguous, rather than scattered across the disk. The file
system to be defragmented can be specified with the device variable, which can be the
path name of the logical volume (for example, /dev/hd4) or the name of the file system,
which is the mount point in the /etc/filesystems file.
Another approach, is to backup and restore the data in a new file system or backup the
data, delete, recreate the file system and restore. This method is certainly cleaner, but
requires some element of downtime.

Instructor Guide
Instructor notes:
Purpose — Discuss considerations related to fragmented data within file systems
Details — A fragmented file system will impact performance. There should be an attempt
to create contiguous free space using defragfs command or backup, delete and restore the
data.
Transition statement — In the unfortunate event of a system crash. What can we do to
attempt to verify and repair a file system?

V5.2
Instructor Guide
Uempty
Verify and repair a file system

IBM Power Systems
• fsck command
– Checks file system consistency and interactively repairs the file
system
– If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
/etc/filesystems.
– Orphan files are placed in the lost+found directory.
• Unmount the file system before running fsck.
## fsck
fsck /data
/data
The
The current
current volume
volume is:
is: /dev/fslv00
/dev/fslv00
Primary
Primary superblock is valid.
superblock is valid.
J2_LOGREDO:log
J2_LOGREDO:log redoredo processing
processing for
for /dev/fslv00
/dev/fslv00
***
*** Phase
Phase 11 -- Initial
Initial inode
inode scan
scan
***
*** Phase 2 - Process remaining directories
Phase 2 - Process remaining directories
***
*** Phase
Phase 33 -- Process
Process remaining
remaining files
files
***
*** Phase
Phase 44 -- Check
Check and
and repair
repair inode
inode allocation
allocation map
map
***
*** Phase 5 - Check and repair block allocation map
Phase 5 - Check and repair block allocation map
File
File system
system isis clean.
clean.
Figure 9-21. Verify and repair a file system AN121.1
Notes:
Always run the fsck command on file systems after a system malfunction. The internal
integrity of a file system should be checked before the file system is mounted. By default,
the fsck command runs interactively, prompting the administrator for the action to perform
in order to repair the file system. If orphaned files or directories (those that cannot be
reached) are found, fsck will attempt to store them file in the /lost+found directory.
For further information, see the fsck man page.

Instructor Guide
Instructor notes:
Purpose — Define how the integrity of a file system can be checked
Details — Explain how to verify the integrity of a filesystem using the fsck command.
Additional information — In HACMP clusters, logredo rather than fsck should be used.
This helps to speed up recovery following an application failover.
Transition statement — Let's see how we can document file system setup.

V5.2
Instructor Guide
Uempty
Documenting file system setup

IBM Power Systems
• Run the lsfs command.

• Save the contents of the /etc/filesystems file.
• Run the df command to check space allocation.
• Check all the mounted file systems by running the mount
command.
File System Records
Figure 9-22. Documenting file system setup AN121.1
Notes:

Instructor Guide
Instructor notes:
Purpose — List useful commands that should be run to document the file system setup
and state.
Details — Encourage students to run the commands listed on the visual, and any other
commands that they feel would be useful for documenting file system setup for their
systems. This type of participation/involvement should be encouraged during all lecture
sessions.
Transition statement — Before, we proceed to the checkpoint, let's complete a review of
system storage.

V5.2
Instructor Guide
Uempty
System storage review

IBM Power Systems
LogicalVolume
Logical volume storage
Structure
hd2
hd4 /usr hd2 free hd1 free hd1 free

/(root) /usr /home /home
hd6 hd3 hd1 hd1
Page Space /tmp /home /home
hd8 hd2
log /usr free free
hd61 lv00 lv00
hd5 free Page Space lv00 special DB lv00 special DB
hd9var
/blv /var special DB special DB
hdisk0 hdisk1 hdisk2 hdisk3

rootvg datavg
File Systems
/(root)
File System
Directories File Systems
/bin /dev /etc /lib /usr /tmp /var /home
Figure 9-23. System storage review AN121.1
Notes:
Difference between file system and simple directory
It is important to understand the difference between a file system and a directory. A file
system is a section of disk that has been allocated to contain files. This section of disk is
the logical volume. The section of disk is accessed by mounting the file system over a
directory. Once the file system is mounted, it looks like any other directory structure to the
user.
File systems on the visual
The directories on the right of the bottom portion of the visual are all file systems. These file
systems are all mounted on the directories /usr, /tmp, /var and /home. Notice the
corresponding logical volume in the graphic at the top of the visual.
Simple directories
The directories on the left of the bottom portion of the visual are strictly directories that
contain files and are part of the /(root) file system. There is no separate logical volume
associated with these directories.

Instructor Guide
Instructor notes:
Purpose — Review basic concepts regarding the Logical Volume Manager and how it
relates to the user's view of the system
Details — The important point to drive home with this visual, is the connection between the
logical volume and the file system.
Transition statement — It's time for a checkpoint.

V5.2
Instructor Guide
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. What command will display the i-node information for

a file? ____________
2. Does the size of the file system change when the size
of the logical volume it is on is increased? ________
3. If you remove a file system, is the logical volume on

which it sits removed as well? ___________
4. When a file system is created, what needs to be done

in order to make it available for use? _____________
5. What size should an external JFS log be set to?

___________
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems

a file? istat
of the logical volume it is on is increased? No

which it sits removed as well? Yes

in order to make it available for use? The file system
must be mounted using the mount command.

1 LP

V5.2
Instructor Guide
Uempty
Checkpoint (2 of 2)
IBM Power Systems
6. A file system is 2 GB. How would you do the following?

Add 1 GB _____________________________
Set the size to 5 GB ______________________
7. What command can you use to determine if a file

system is full? __________
8. What command can produce a report listing the size in

MB, of all the files and directories contained in a
specific location?
____________
9. What command checks and interactively repairs

inconsistent file systems? ______________
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems

Add 1 GB
chfs –a size=+1G <file system>
Set the size to 5 GB
chfs –a size=5G <file system>

system is full? df

specific location?
du

inconsistent file systems? fsck

V5.2
Instructor Guide
Uempty
Exercise 9
IBM Power Systems
File system
administration
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

– Add, list, change, and delete
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 10. Paging space
Estimated time
00:30

This unit presents the key concepts related to paging space.

• Define paging space
• Understand why it is required, sizing, and placement guidelines
• Add, change, and remove paging space
• List and monitor the paging space utilization
• Perform corrective actions to rectify too little or too much paging
space scenarios

Accountability:
• Exercise
References
management
following address:
© Copyright IBM Corp. 2009 Unit 10. Paging space 10-1

Instructor Guide
Unit objectives
IBM Power Systems

• Understand why it is required, sizing, and placement
guidelines
• Perform corrective actions to rectify too little or too much
paging space scenarios
Notes:

V5.2
Instructor Guide

Purpose — Present the objectives for this unit
Details —
Transition statement — So, what is paging space?

Instructor Guide
What is paging space?

IBM Power Systems
Virtual Memory
Real Memory (RAM) Paging Space
Made up of Page Frames
Active
Inactive, paged out
Memory usage
Operating System TCP/IP Applications FREE
Figure 10-2. What is paging space? AN121.1
Notes:
Use of paging space

The LVM allows a program to use a logical volume as if it was a physical disk, while
hiding the actual location of the physical partitions, thus allowing flexibility. In the same
way, Virtual Memory Management (VMM) allows a program to see its memory usage as
virtual memory, while hiding the real location of that memory. The unit of virtual memory
allocation is a page frame. For performance reasons, we would like that real location to
be in real memory. Sometimes, the total virtual memory of all the programs in the
system, exceeds the amount of real memory. In that situation, AIX VMM frees up
memory by selecting under utilized memory (the program really has not used it recently)
and making it available to programs that will make active use of it. In that case, it needs
to save the old memory contents. If the memory was being used for file caching, VMM
can just page it out to the related file. If is was just a work area for the program, it pages
it out to a special logical volume called paging space. In both cases, the real location of
that virtual memory is on disk. If a program later requests the paged out memory, it
needs to be paged in again.

V5.2
Instructor Guide
Uempty Paging space is not a substitute for sufficient real memory. A persistent shortage of real
memory can result in so much paging space page-in and page-out activity, that is will
severely impact the performance of that system. For more information about memory
and paging performance issue, attend the AIX Performance Management course.

Instructor Guide
Instructor notes:
Purpose — Define what paging space is
Details — Using the diagram in the visual, give a brief overview of how paging works.
While discussing the diagram, be sure to define the terms. Be careful not to go too deeply
into this topic. This is only meant to be a basic introduction to these terms for students who
have never heard the terms before.
Ensure you emphasize that in AIX, paging space is not intended to be used as an
extension to real memory.
Some UNIX operating systems use swap space rather than paging space, and some
people use the terms swap and page interchangeably.
Additional information — In the AIX environment, paging space is not used for
information that has a “permanent home” in file system space.
Transition statement — Now that you have an idea of what paging space is, let’s talk
about why you need it.

V5.2
Instructor Guide
Uempty
Paging space
IBM Power Systems
• Is a secondary storage area for:

– Inactive memory
– Over-committed memory
• Holds inactive pages on disk
– Page size historically has been 4KB in size.
– Power5+ and Power6, AIX will dynamically allocate either small
(4KB) or medium (64KB) page frames.
• Is not a substitute for real memory
Figure 10-3. Paging space AN121.1
Notes:
A secondary storage area

Paging space is disk storage for information that is resident in virtual memory, but is not
currently being accessed. As memory fills, inactive pages are moved to the paging
space on disk.
A temporary holding area for inactive pages

It is very important to remember that paging is a temporary holding area for inactive
pages; it is not a substitute for real memory. If your machine has many active
processes, it requires more real memory. You must ensure the machine has enough
memory to maintain all the active processes. If you run out of memory, your machine
reaches a constant state of paging called thrashing. As it attempts to make room in
memory, it completes a page-out; as soon as the page reaches the disk, it is needed
again because it is still active. Your machine's resources are wasted performing only
paging activity, and no real work gets done.

Instructor Guide
Thrashing indicates a need for additional memory

Increasing the amount of paging space when your machine is thrashing does not solve
the problem. Thrashing is a result of not enough real memory.
High performance environments

On Power4 (or later) environments, page size can be set to large enabled (16MB). This
is done through the vmo command, as follows:
# vmo -r -o lgpg_regions=10 -o lgpg_size=16777216
On Power5+ (or later), page size can be set to huge enabled (16GB). This is done on
the HMC through manage system properties.
16MB and 16GB page frames are never paged out to disk. Even if totally unused, they
remain in memory. They are mainly used in High Performance Computing (HPC)
environments.

V5.2
Instructor Guide

Purpose — Explain what paging space is and is not
Details — Cover the student notes and ensure that students understand what thrashing is.
It is not running out of paging space. The next page covers what running out of paging
space does.
Transition statement — What happens when you run out of paging space?

Instructor Guide
Sizing paging space

IBM Power Systems
• hd6 is created at installation time.

– The recommended paging space formula is long standing, but it will
likely result in having more space than is needed.
• Total paging space = 512 MB + (memory size - 256 MB) * 1.25
• However, the amount needed is dependent on applications
and system usage.
• Paging space should be continually monitored, using:
– # lsps –a or # lsps –s or # svmon
• Running low on paging space is bad.
– New processes will not start and the system may start killing
processes.
• Paging space can be dynamically increased or decreased in
size.
Figure 10-4. Sizing paging space AN121.1
Notes:
Creation of paging space

Paging space is created during AIX installation.
The initial size is dependent on various factors, particularly the amount of RAM in your
system. Currently, the initial paging space size is determined according to the following
standards:
• Paging space can use no less than 16 MB, except for hd6, which can use no less than
64 MB in AIX V4.3 and later versions.
• Paging space can use no more than 20% of total disk space.
• If RAM is greater than or equal to 256 MB, paging space is 512 MB.
• If RAM is less than 256 MB, paging space is twice the size of RAM.

V5.2
Instructor Guide
Uempty Adjusting the amount of paging space

The initial size of paging space is just a starting point. This is not necessarily the
amount of the paging space that is right for your machine. The number and types of
applications dictates the amount of paging space needed. Many sizing rules of thumb
have been published, but the only way to correctly size your machine's paging space is
to monitor the utilization of your paging space.
Monitoring paging space

Monitoring the utilization of the paging space is done with the command lsps -a. This
command and its output are covered shortly.
Results of low paging space

If your system runs low on paging space, a message is sent to the console and
sometimes to users as well. At this point, the system is unable to start until memory is
freed up, either by having processes explicitly free and release allocated memory or by
terminating processes (thus automatically freeing memory associated with those
processes). This situation should obviously be avoided. A low paging space condition
may be indicated by the appearance of one or more of the following messages on the
console, or in response to a command on any terminal:
"INIT: Paging space is low"
"ksh: cannot fork no swap space"
"Not enough memory"
"Fork function failed"
"fork () system call failed"
"unable to fork, too many processes"
"Fork failure - not enough memory available"
"Fork function not allowed. Not enough memory available."
"Cannot fork: Not enough space"

The situation can get worse. If paging space continues to fill, non-system processes are
terminated, and the system may even crash. Ensure you have enough paging space.

Instructor Guide
The vmo command manages VMM tunable parameters. One parameter which may be
of interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).
For example, if the value is set to 1, this will result in processes for user IDs lower than
this value (in this case, root) becoming exempt from getting killed due to low
page-space conditions.

V5.2
Instructor Guide

Purpose — Discuss points related to sizing of paging space
Details — The AIX VMM manages the use of system memory. It enables applications to
request more memory than there is physically installed in the system, and moves pages of
memory to disk to make room for applications. If paging space becomes full, the system is
unable to start until memory is freed up, either by having processes explicitly free and
release allocated memory or by terminating processes (thus automatically freeing memory
associated with those processes).This situation should be avoided.
Systems with large amounts of memory typically do not need to have an amount of paging
space equal to or greater than the amount of RAM. Paging space can be smaller than RAM
because, by default, paging space pages are not allocated until the data in the page frame
needs to be paged-out. This is tricky, because if paging activity begins to occur, the
machine could quickly run out of paging space. Before you size the paging area smaller
than RAM, you should monitor the machines during peak times to know how much paging
space is generally needed.
Paging space can be added or enlarged easily. Prior to AIX 5L V5.2, reducing the size of a
paging space used to be difficult (involving a reboot). Now, reducing the size of a paging
space has become fairly simple. The paging space is a logical volume and has all of the
same characteristics of a normal logical volume.
Additional information — The system monitors the number of free paging space blocks
and detects when a paging space shortage exists. When the number of free paging space
blocks falls below a threshold known as the paging space warning level, the system
informs all processes (except the kernel ones) of this condition by sending a SIGDANGER
signal. If the shortage continues and falls below a second threshold known as the paging
space kill level, the system sends a SIGKILL signal to selected processes. By default,
processes that have a signal handler for the SIGDANGER signal are not sent a SIGKILL in
this situation. However, in AIX 6.1, this default behavior can be altered by changing the
value of the low_ps_handling setting using vmo. Also, AIX 6.1 has two paging space
garbage collection (PGSC) methods to enhance paging space management.
The following information regarding paging space allocation policies is for instructor
background only. Do not try to cover this information in this class.
The following paging space allocation policies are available in AIX:
• Early Page Space Allocation (EPSA)
• Late Page Space Allocation (LPSA)
• Deferred Page Space Allocation (DPSA)
The paging space allocation policy determines when paging space is allocated for a
process. Individual processes may use the system paging space allocation policy, which
can be set to DPSA or LPSA, or override the system paging space allocation policy and
use EPSA.

Instructor Guide
When the early page space allocation (EPSA) policy is used, paging space is allocated as
soon as a memory request is made, even if the memory is not accessed. Thus, if a process
that has specified EPSA, uses the malloc() subroutine to allocate memory, paging-space
disk blocks are allocated and reserved for that process at that point. If the process needs to
page out, there are always paging space slots available for it.
When the late page space allocation (LPSA) policy is used, the disk block for a paging
space page is only allocated, when a page of a segment is used for the first time.
The deferred page space allocation (DPSA) policy is the default policy in AIX. With
deferred page space allocation, the disk block allocation of paging space is delayed until it
is necessary to page out the page. The goal of this policy is to avoid wasted paging space
allocation.
The system paging space allocation policy can be set to either LPSA or DPSA. The system
paging space allocation policy is used for any process that does not override this
system-wide setting by use of the PSALLOC environment variable. For AIX 5L and later, the
default system paging space allocation policy is DPSA.
The system paging space allocation policy can be displayed or set using the vmo
command.
The environment variable PSALLOC can be used by individual processes to override the
system paging space policy. If the value of PSALLOC is set to early, EPSA is used for
processes subsequently started in that environment. If the value of PSALLOC is set to null
or any value other than early, the system paging space policy is used.
Transition statement — As you have seen in the storage unit, paging space is contained
within a logical volume, and a logical volume can be placed at specific parts of the disk.
Let's see what considerations have to be made for paging space placement.

V5.2
Instructor Guide
Uempty
Paging space placement

IBM Power Systems
• Placement guidelines:
– Paging spaces roughly the same size
– Only one paging space per physical disk
– Use disks with the least activity.
– Do not extend “a paging space” over multiple physical volumes.
– Place on SAN disks for better performance.
hd6 paging00 paging01
Figure 10-5. Paging space placement AN121.1
Notes:
Introduction
Placement and size of your paging space does impact its performance. The following
material contains tips regarding placement and size of paging areas.
Configure only one paging space per disk

Do not have more that one paging space per disk. The paging space is allocated in a
round-robin manner, and uses all paging areas equally. If you have two paging areas on
one disk, then you are no longer spreading the activity across several disks.
Use disks with low levels of activity

Paging space performs best when it is not competing with other activity on the disk. Use
disks that do not have much activity.

Instructor Guide
Create paging spaces of roughly the same size

Paging spaces should be roughly the same size. Because of the round-robin technique
that is used, if they are not the same size, then the paging space usage is not balanced.
Smaller paging areas fill faster.
Do not span multiple physical volumes

Do not extend a paging space to span multiple physical volumes. Although you can
spread a paging area (like a regular logical volume) across several disk, the round-robin
technique treats the paging area as a single paging area. Therefore, the activity is not
evenly spread across the disks.
Use SAN disks and fibre channel controllers

Using SAN disks generally results in better throughput when reading and writing to the
disk. SAN controllers have large cache which will store the frames, when paged-out, to
disk. If the page frames are required to be paged back-in, and the data is still in cache,
the system will not have to read from disk, improving performance. However, we do
have to balance this with the exposure that we may lose connection to the SAN storage.

V5.2
Instructor Guide

Purpose — Consider the performance impact of the placement of paging space
Details — All processes started during the boot processes, are allocated to hd6. After that,
the round robin technique is used to assign paging space.
Cover the points on the visual.
The rc.boot script that controls the boot sequence, is where the reference to hd6 is
located. If hd6 ever needs to be reduced in size, the rc.boot script needs to be edited to
look for a different default boot area. This procedure is well documented in the Web-based
documentation.
Never set up two paging areas on the same disk. The two areas are used equally in the
round-robin scheme and the disk head moves back and forth to use each space equally.
This added disk head activity decreases performance.
Transition statement — Let's see how we can monitor the paging activity.

Instructor Guide
Checking paging space

IBM Power Systems
## lsps
lsps -a
-a
Page
Page Space
Space Physical
Physical Volume
Volume Volume
Volume Group
Group Size
Size %Used
%Used Active
Active Auto
Auto Type
Type
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 512MB 13
512MB 13 yes
yes yes
yes lv
lv
lsps –s
## lsps –s
Total
Total Paging
Paging Space
Space Percent
Percent Used
Used
512MB
512MB 13%
13%
## svmon
svmon
size
size inuse
inuse free
free pin
pin virtual
virtual
memory
memory 524288
524288 487242
487242 37046
37046 413337
413337 466371
466371
pg
pg space
space 131072
131072 17223
17223
...
...
PageSize
PageSize PoolSize
PoolSize inuse
inuse pgsp
pgsp pin
pin virtual
virtual
ss 44 KB
KB -- 437354
437354 2087
2087 375289
375289 400643
400643
mm 64 KB
64 KB -- 3118
3118 946
946 2378
2378 4108
4108
Paging Space Usage = (4KB * 2087) + (64KB * 946) = 68892 KB

Paging Space % Usage = (4KB * 17223) / (4KB * 131072) * 100
= 13.1%
Figure 10-6. Checking paging space AN121.1
Notes:
The lsps command

The lsps command lists detailed information regarding the paging spaces on the
system, including whether they are in use at the time and, if so, what percentage of their
total space is allocated.
Another useful option available with the lsps command, is the -s option, which
specifies the summary characteristics of all paging spaces. The information consists of
the total size of the paging spaces (in MB) and the percentage of paging spaces
currently used.
The paging space created during system installation, is named hd6. Paging spaces
created by the system administrator after system installation, are named paging00,
paging01, and so on.

V5.2
Instructor Guide
Uempty svmon is an advanced command which captures and analyzes the current snapshot of
virtual memory. It is the only system command which shows the breakdown of page
frame sizes.

Instructor Guide
Instructor notes:
Purpose — Show how to list information regarding paging spaces defined on the system
Details — The important field to notice is the %Used. The value in this field should ideally be
between 30% - 70%. Note, however, that this figure continually changes depending on the
current work load of the system. The lsps command should be regularly executed at
different times of the day, to get a feel for how well the paging space is being used. You
should not panic if the value goes over or falls below the thresholds occasionally, or at
certain times of the day (say when all the users are on the system). What you are looking
for are trends, even to the extent of identifying peak times for system activity and maybe
scheduling some jobs to be carried out when the system load is slightly less.
If throughout the day the %Used value is below 30%, then the paging space you have
defined is too large for your system, and if it is continually over 70%, then you need to
define some more. Be careful, because if this value goes over 90%, then the system starts
to kill off processes in order to rectify the problem. Generally, when paging space is low, the
system issues messages such as INIT: Paging space is low!. It is also possible that
users running applications might receive similar messages.
Also point out the names of the paging spaces shown in the example. The paging space
hd6 was created during system installation. Paging spaces created by the system
administrator after installation, are named paging00, paging01, and so forth.
The AIX 5L V5.1 documentation suggests keeping all paging spaces in rootvg until the
system administrator is thoroughly familiar with the system. Until the other volume groups
are varied-on, those non-rootvg paging areas cannot be activated.
It is also suggested that the system contain several paging areas of roughly the same size,
each on a different disk drive. For best performance, the primary paging space (hd6)
should be slightly larger (by about 16 MB) than the secondary paging spaces. The
secondary paging spaces should then be of equal size, to ensure that the VMM round-robin
algorithm works effectively.
Transition statement — Let's assume that you have identified a problem. Your system
has too little paging space. How can you add some more?

V5.2
Instructor Guide
Uempty
Adding paging space

IBM Power Systems
# smit mkps mkps –s 10 -n -a rootvg hdisk1
Add
Add Another
Another Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name rootvg
rootvg
SIZE
SIZE of paging
of paging space
space (in
(in logical
logical partitions)
partitions) [10]
[10] ##
PHYSICAL VOLUME name
PHYSICAL VOLUME name hdisk1
hdisk1 ++
Start
Start using
using this
this paging
paging space
space NOW?
NOW? yes
yes ++
Use
Use this paging space each time
this paging space each time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Figure 10-7. Adding paging space AN121.1
Notes:
Ways of adding extra paging space

To add extra paging space volumes to the system, you can use SMIT (as illustrated on
the visual), the mkps command, or the Web-based System Manager.
Using the mkps command

When using the mkps command, the syntax and options are:
mkps [-a] [-n] [-t Type] -s NumLPs Vgname [Pvname]
Vgname The volume group within which to create the paging space
Pvname Specifies the physical volume of the volume group
-s NumLPs Sets the size of the new paging space in logical partitions
-a Activate the paging space at the next restart (adds it to
/etc/swapspaces)

Instructor Guide
-n Activate the paging space immediately.

-t Type Specifies the type of paging space (lv or nfs)
When a paging space is created, the /etc/swapspaces file is also updated, if needed.

V5.2
Instructor Guide

Purpose — Describe how to add paging space
Details — Ideally, there should be several paging spaces of roughly equal size, each on
different physical volumes. If you decide to create additional paging spaces, create them
on physical volumes that have the least activity.
Additional information — When using the method shown on the visual to add paging
space, the intra-physical volume policy is set to middle. The system then tries to place the
paging area in the middle edge band as long as there is room.
This should be the only method we recommend to students to create paging space. That is,
do not recommend creating a paging lv and activating it with swapon.
Transition statement — Once paging space is installed, there are some characteristics
that can be changed. Let's look at those.

Instructor Guide
Change paging space

IBM Power Systems
# smit chps chps –d 5 paging00
Change
Change // Show
Characteristics of
of aa Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
Paging
Paging space
space name
name paging00
paging00
Volume
Volume group name
group name rootvg
rootvg
Physical
Physical volume
volume name
name hdisk1
hdisk1
NUMBER
NUMBER of
of additional
additional logical
logical partitions
partitions []
[] ##
Or
Or NUMBER of logical partitions to
NUMBER of logical partitions to remove
remove [5]
[5] ##
Use
Use this paging space each time the system
this paging space each time the system is
is yes
yes ++
RESTARTED?
RESTARTED?
# lsps -a
paging00 hdisk1 rootvg 320MB 1 yes yes lv
Figure 10-8. Change paging space AN121.1
Notes:
Characteristics that can be changed

A paging space may have its size increased or decreased and may have its autostart
options changed while it is in use (this updates /etc/swapspaces).
These changes can be made through SMIT (as illustrated on the visual) or by using the
chps command.
Decreasing paging space

The ability to dynamically decrease paging space was introduced in AIX 5L V5.1. The
argument -d to the chps command calls the shrinkps shell script to reduce the size of
an active paging space. The use of a shell script reduces the possibility of getting into
an unbootable state because users are not allowed to run out of paging space. The
script checks paging space actually in use and adds a paging space warning threshold
buffer. The SMIT fastpath is smit chps.

V5.2
Instructor Guide
Uempty The process chps decreases an active paging space as follows:
Step Action
Create a new, temporary space from the same volume group as the
1
one being reduced.
2 Deactivate the original paging space.
3 Reduce the original paging space.
4 Reactivate the original paging space.
5 Deactivate the temporary space.
The primary paging space (usually hd6) cannot be decreased below 32 MB.
When you reduce the primary paging space, a temporary boot image and a temporary
/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the
system is always in a state where it can be safely rebooted.
Activating paging space

Inactive paging spaces may be activated dynamically once they have been defined. To
do this enter: swapon /dev/pagingnn
Note: This operation is supported through SMIT as well, fastpath pgsp. Alternatively,
use: swapon -a to activate all paging spaces defined in /etc/swapspaces. This
command is run in /etc/rc at system startup.
Examples of chps command use

The following examples illustrate use of the chps command:
• Example 1: Delete one logical partition from the paging00 paging space.
# chps -d 1 paging00
• Example 2: Add one logical partition to the paging00 paging space.
# chps -s 1 paging00
Refer to the entry for chps in the online AIX 6.1 Commands Reference (or the
corresponding man page) for more information regarding the chps command.

Instructor Guide
Instructor notes:
Purpose — Describe how to change the characteristics of paging space
Details — The size of the paging space can be dynamically increased or decreased using
this method. The ability to decrease paging space was introduced in AIX 5L V5.1. In
additional to lsps -a (shown in the visual) also mention, lsps -s.
Additional information — Be aware that by default hd6 is also the dump area. If a system
is operating with less paging space than real memory, this could create a problem during a
system dump. A rule of thumb is that when a dump is created, it is about 1/4 of the size of
real memory. The command sysdumpdev -e also provides an estimate of the dump space
needed for your machine. System dumps are covered in AN13.
Transition statement — What if we have defined too much paging space? The next
operation is to remove some of the defined areas. Let's see what conditions have to be
satisfied before the remove operation can be carried out.

V5.2
Instructor Guide
Uempty
Removing paging space

IBM Power Systems
• First, deactivate the paging space. swapoff /dev/paging00
• Remove the paging space. rmps /dev/paging00
# smit rmps
Remove
Remove aa Paging
Paging Space
Space
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
PAGING
PAGING SPACE
SPACE name
name paging00
paging00 ++
# smit chps
# lsps -a
Figure 10-9. Remove paging space AN121.1
Notes:
Deletion of surplus paging space

As we have discussed, paging space can be added to the system, if necessary.
Similarly, surplus paging space can be deleted to free up the disk space for other logical
volumes.
Deactivation of paging space

Inactive paging space can be activated dynamically to meet system demand. In order to
delete paging space, it must be inactive (that is, not used by the kernel.) Beginning with
AIX 5L V5.1, active paging spaces can be deactivated while the system is running using
the swapoff command or with the SMIT fastpath swapoff.

Instructor Guide
Reasons the swapoff command may fail

The swapoff command may fail due to:
• Paging size constraints: The process to remove an active paging space is to move all
the pages of the paging space being removed to another paging space. If there is not
enough active paging space to do this, the command fails.
• I/O errors.

V5.2
Instructor Guide

Purpose — Show how to delete paging space
Details — When a paging space is removed, the corresponding entry in /etc/swapspaces
is also removed.
The paging space /dev/hd6 cannot be made inactive and therefore cannot be removed. To
remove /dev/hd6, it is necessary to update rc.boot, which is not recommended. In
general, it is not recommended that any of the default paging spaces (hd6, hd61, and so
forth) be removed except by an experienced system administrator. Removing default
paging spaces incorrectly can prevent the system from restarting.
Do not expand hd6, create other paging spaces instead.
Transition statement — Let's outline once again what should be done if there is too little,
or too much, paging space defined on the system.

Instructor Guide
Problems with paging space

IBM Power Systems
• Monitor the system carefully

– If paging space is running low or gets to 100% full, the system will
panic. Errors will be seen on the console, such as INIT: Paging space
is low!
– The kernel will randomly start to kill processes.
• UNIX version 7 manual, quote: “Absolute mayhem guaranteed”
• Paging space too small:

– Dynamically increase the size by allocating more partitions.
OR
– Add an additional paging space definition to another physical disk.
• Paging space too large:

– Dynamically decrease the size by deallocating partitions.
OR
– Remove a paging space definition.
Figure 10-10. Problems with paging space AN121.1
Notes:

V5.2
Instructor Guide

Purpose — List corrective suggestions for dealing with too much or too little paging space
Details — All ideas on this visual have already been considered. The visual simply pulls
together all the ideas discussed so far.
Transition statement — As with all the other logical volumes, the paging space setup
should be documented. Let's see what steps can be taken.

Instructor Guide
Documenting paging space setup

IBM Power Systems
• Run the lsps command.

• Have a hardcopy of the /etc/swapspaces file.
** /etc/swapspaces
/etc/swapspaces
**
** This
This file
file lists
lists all
all the
the paging
paging spaces
spaces that
that are
are automatically
automatically put
put into
into
** service on each system restart ('swapon
service on each system restart ('swapon -a‘) -a‘)
**
** WARNING:
WARNING: Only
Only paging
paging space
space devices
devices should
should be
be listed
listed here.
here.
**
** This
This file
file is
is modified
modified byby the
the chps,
chps, mkps
mkps and
and rmps
rmps commands
commands and
and
referenced by the lsps and swapon commands.
referenced by the lsps and swapon commands.
hd6:
hd6:
dev
dev == /dev/hd6
/dev/hd6
auto
auto == yes
yes
paging00:
paging00:
dev
dev == /dev/paging00
/dev/paging00
auto
auto == yes
yes
Figure 10-11. Documenting paging space setup AN121.1
Notes:
Running lsps
Run lsps to monitor paging space activity. Keep good documentation so that you know
what is normal for that system.
The /etc/swapspaces file

The file /etc/swapspaces contains a list of the paging space areas that are activated at
system startup.
Keep a copy of /etc/swapspaces so that you know what paging spaces are defined to
start at boot.

V5.2
Instructor Guide

Purpose — Show how to document the paging space setup
Details —
Transition statement — Let’s move on to some checkpoint questions.

Instructor Guide
Checkpoint
IBM Power Systems
1. What conclusions regarding potential paging space problems

can you reach based on the following listing?
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640 MB 7%
640 MB 7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
_______________________________________________
2. True or False: The size of paging00 (in the above example) can
be dynamically decreased.
Notes:

V5.2
Instructor Guide

Purpose — Present the checkpoint questions
Details —
IBM Power Systems

Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640 MB 7%
640 MB 7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
Obviously, it is difficult to come to any conclusions regarding the state of this

system just by looking at a snapshot picture like the one above. However, at first
glance, the following potential problems can be noticed:
• paging00 is underutilized
• paging01 is over utilized, and the size seems to be too small. Both user-defined
paging spaces are on the same disk.
• paging01 should be deleted. The administrator should investigate why there is a high
level of paging and possibly increase the size of hd6 and paging00.
2. True or False: The size of paging00 (in the above example)

can be dynamically decreased.
Transition statement — Let’s move on to the exercise for this unit.

Instructor Guide
Exercise 10
IBM Power Systems
Paging
space
Notes:
This lab allows you to add, decrease, monitor, and remove paging space.

V5.2
Instructor Guide

Purpose — Introduce the exercise for this unit
Details — Depending on the class, it might be a good idea to remind the students where
the instructions for the exercise are located.
Transition statement — Let’s summarize the key points covered in this unit.

Instructor Guide
Unit summary
IBM Power Systems

• Understand why it is required, sizing, and placement
guidelines
• Perform corrective actions to rectify too little or too
much paging space scenarios
Notes:

V5.2
Instructor Guide

Purpose — Summarize the key points covered in this unit
Details —
Transition statement — You have reached the end of this unit.

Instructor Guide

V5.2
Instructor Guide
Uempty Unit 11. Backup and restore
Estimated time
01:00

This unit covers how to back up and restore volume groups and file
systems using the facilities built into the AIX operating system.

• Explain how to back up the operating system
• Create and restore a mksysb image
• Explain and understand the role of both the image.data and
bosinst.data files
• Back up and restore a custom volume group
• Use standard UNIX and AIX backup, restore, and compression
utilities

Accountability:
• Exercise
References
management
AIX Version 6.1 Installation and migration
following address:
© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-1
Instructor Guide
Unit objectives
IBM Power Systems
• Explain how to back up the Operating System

• Explain and understand the role of both the image.data and
bosinst.data files
• Use standard UNIX and AIX backup, restore, and compression
utilities
Notes:

V5.2
Instructor Guide

Purpose — Explain how to back up and restore data in AIX
• Explain and understand the role of both the image.data and bosinst.data files
• Use standard UNIX and AIX backup, restore, and compression utilities.
Transition statement — Let's start by providing a back up introduction.
Instructor Guide
Backup introduction
IBM Power Systems
• Why back up?

– Data is very important, it is expensive to re-create.
– Hardware failure
– Accidental deletion
– Damage due to software installation or hardware repair
– Create a system image for installation cloning
– Long term archive
– Disaster recovery Generally handled by
enterprise backup
mgnt solutions, for
example TSM
• Types of backup:
– Volume group
• mksysb utility which records an image backup of the operating system
• savevg utility which performs a full backup of a user-created VG
– Full
• Backs up all specified data
– Incremental
• Records changes since previous backups
Figure 11-2. Backup introduction AN121.1
Notes:
Why back up your data?
The data on a computer is usually far more important and expensive to replace than the
machine itself. Data loss can happen in many ways. The most common causes are
hardware failure and accidental deletion. AIX provides several ways in which we can
back up and restore data.
• Volume group backup: AIX provides a mksysb utility which creates a back up
image of the operating system (that is, the root volume group) and the savevg
utility to backup user defined volume groups. It is very important that regular
mksysb backups are created as they allow us to reinstall a system to its original
state if it has been corrupted. If you create the backup on external media, for
example tape, the media is bootable and includes the installation programs
needed to install from the backup.
• Full backup: A full backup (sometimes referred to as level 0 backup) will back
up all files and directories in the specified location. AIX provides the backup

V5.2
Instructor Guide
Uempty command and several standard UNIX utilities for performing a full backup such
as tar, cpio and pax.
• Incremental backup: An incremental backup, backs up all the files which have
changed since the last full or incremental backup. The backup command on AIX
is capable of providing this functionality.
AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7
mission critical environments. As a result of this, often enterprise backup solutions are
deployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery
(Sysback). TSM for Sysback is designed to provide centralized, automated data
protection that can help reduce the risks associated with data loss while also helping to
reduce complexity, manage costs, and address compliance with regulatory data
retention requirements. TSM for Sysback is outside the scope of this class.
Instructor Guide
Instructor notes:
Purpose — Describe good reasons for backing up data.
Details — Introduce why backing up data is important and the types of backup available in
AIX.
Transition statement — Having listed the reasons for backing up and the different types
of backup, let's look more at system backups.

V5.2
Instructor Guide
Uempty
System image backup

IBM Power Systems
• Backs up rootvg only using the mksysb command

• Unmounted file systems are not backed up
• If device selected is tape, bootable tape is created in backup
format
• Can be completed over a network to a NIM server
• Provides facilities for a non-interactive installation
• Saves system-created paging space definitions
• Saves LV policies and file system attributes
• There should be minimal user and application activity
Figure 11-3. System image backup AN121.1
Notes:
The mksysb utility provides the following functions:
• Saves the definition of the paging space
• Provides a non-interactive installation that gives information required at installation time
through a data file
• Saves the inter-disk and intra-disk policies for the logical volumes
• Saves map files for logical volumes, if requested by the user
• Provides the ability to shrink the file system and logical volume in a volume group at
system installation or mksysb recovery time
• Saves the file system characteristics
• Allows the user to restore single or multiple files from a system image
The volume group image is saved in backup format.
Instructor Guide
System backup or clone?

If the mksysb command is used for to backup the source system, it is considered a
system backup. However, if the intent of the backup is to provide a customized system
for use on other machines, the mksysb is considered a clone. Cloning means
preserving either all or some of a system's customized information for use on a different
machine. During install, the default option is Enable System Backups to install
any system = Yes. This means that mksysb files are not system specific.
Otherwise, if the mksysb by itself, is used to clone a machine or LPAR that is not a
hardware clone, it may not work, as it cannot provide support for hardware devices
unique to the new machine or LPAR. For example, loading a mksysb image made from
a physical machine will not install correctly on a virtual LPAR because they use different
AIX filesets. However, this is an easy problem to resolve. In addition to the mksysb,
you also need to boot using the AIX installation media to provide the filesets needed by
the other machine or LPAR. If using a NIM server, a bosinst.data file must be defined
with the option INSTALL_DEVICES_AND_UPDATES = yes and the lppsource
allocated to the client machine, must also have all the possible device support.
Non-interactive installation
If a system backup is being made to install another system or to reinstall the existing
system, a customer can predefine installation information so questions at installation
time are already answered. This keeps user interaction at the target node to a
minimum. The system backup and BOS install, interact through several files. The
mksysb saves the data, used by the installation, through taking a snapshot of the
current system, and its customized state.
System backup components
The components provided as part of the system backup utility, are packaged in the
bos.sysmgt.sysbr package.

V5.2
Instructor Guide

Purpose — Explain system image backups
Details — Present the information in the visual and notes.
Make sure the students understand that unmounted file systems are ignored.
Transition statement — Let's see how we can create an mksysb.
Instructor Guide
Creating a mksysb image

IBM Power Systems
• smit mksysb /usr/bin/mksysb -i /backups/my_mksysb

Back Up the System
Back Up the System
* Backup DEVICE or FILE [/backups/my_mksysb] +/

* Backup DEVICE or FILE [/backups/my_mksysb] +/
Create MAP files? no +
EXCLUDE files? no +
EXCLUDE files? no +
List files as they are backed up? no +
Verify readability if tape device? no Backup to tape, for +
Verify readability if tape device? no +
Generate new /image.data file? yes example /dev/rmt0 is +
Generate new /image.data file? yes also popular +
EXPAND /tmp if needed? no +
Disable software packing of backup? no +
Backup extended attributes? yes +
(Leave blank to use a system default)
Location of existing mksysb image [] /
Location of existing mksysb image [] /
File system to use for temporary work space [] /
File system to use for temporary work space [] /
(If blank, /tmp will be used.)
(If blank, /tmp will be used.)
Back up encrypted files? yes +
Back up DMAPI filesystem files? No +
Back up DMAPI filesystem files? No +
• SMIT also provides facilities to do a system backup to CD and

DVD, see smit sysbackup
Figure 11-4. Creating a mksysb image AN121.1
Notes:
Introduction
The SMIT screen shown in the visual, Back Up the System, performs a a mksysb
operation and only backs up mounted file systems in rootvg.
Create MAP files?
This option generates a layout mapping of the logical-to-physical partitions for each
logical volume in the volume group. This mapping is used to allocate the same
logical-to-physical partition mapping when the image is restored.
EXCLUDE files?
This option excludes the files and directories listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.

V5.2
Instructor Guide
Uempty Verify readability if tape device?

Verifies the file header of each file on the backup tape, and reports any read errors as
they occur.
Generate new /image.data file?
If you have already generated a new /image.data file and don't want a new file created,
change the default to no. The default value is yes (-i flag) on the command line.
EXPAND /tmp if needed?
Choose yes if the /tmp file system can automatically expand if necessary during the
backup.
Disable software packing of backup?
The default is no, which means the files are packed before they are archived to tape.
Files that cannot be compressed are placed in the archive as is. Restoring the archive
automatically unpacks the files packed by this option. If the tape drive you are using
provides packing or compression, set this field to yes.
Backup extended attributes?
By default, the mksysb, savevg, and backup utilities save any extended attributes. If
you plan to restore to a back-level system which does not understand the format with
extended attributes, then this option allows you to override that default behavior.
Number of BLOCKS to write in a single output
This specifies the number of 512 bytes to write in a single output operation, referred to
as the block size. If a number is not specified, the backup command uses a default
value appropriate for the physical device selected. Larger values result in larger
physical transfers to tape devices. The block size must be a multiple of the physical
block size of the device being used.
Location of existing mksysb image
Specifies the full path name to the location of a previously-created mksysb image that
can be used to create a bootable tape backup.
File system to be used for temporary work space
Specifies the full path name to the location of a directory or file system to be used as
temporary space to create a bootable tape backup. The file system used must have at
least 100MB of available free disk space for the creation of the bootable image. If this
field is left blank, the /tmp file system is used.
Back up encrypted files?
Specifies if encrypted files should be backed up. AIX 6.1 introduces the ability to
encrypt files on a per file basis without the need of third party tools.
Back up DMAPI file system files?
Specifies if DMAPI file system files are to be backed up.
Instructor Guide
Instructor notes:
Purpose — Explain how to do a mksysb of the system
Details — Explain how to do a mksysb of the system, reviewing each of the main options in
turn. Point out that the mksysb backup file as shown in the example should not be in
rootvg. The best method to use is NFS over the network to a NIM server.
Transition statement — Let's explain more about the image.data file.

V5.2
Instructor Guide
Uempty
image.data file
IBM Power Systems
• The image.data file contains information describing the image

installed during the BOS installation process. This includes:
– Sizes, names, maps, and mount points of logical volumes and file
systems in the root volume group
• It is a large file arranged in stanza format
– Is not recommended that the user modify the file, apart from the shrink
field
• New image.data can be created during a mksysb operation or
by calling the mkszfile command.
image_data:
image_data:
IMAGE_TYPE= bff
IMAGE_TYPE= bff
DATE_TIME= Mon 20 Oct 17:54:07 2008
DATE_TIME= Mon 20 Oct 17:54:07 2008
UNAME_INFO= AIX neo 1 6 00CBE2FE4C00
UNAME_INFO= AIX neo 1 6 00CBE2FE4C00
PRODUCT_TAPE= no
PRODUCT_TAPE= no
USERVG_LIST=
USERVG_LIST=
PLATFORM= chrp
PLATFORM= chrp
OSLEVEL= 6.1.1.0 The SHINK field can be set
OSLEVEL= 6.1.1.0
OSLEVEL_R= 6100-01
OSLEVEL_R= 6100-01 to yes.
CPU_ID= 00CBE2FE4C00
CPU_ID= 00CBE2FE4C00
LPAR_ID= 4
LPAR_ID= 4
logical_volume_policy:
logical_volume_policy:
SHRINK= no
SHRINK= no
EXACT_FIT= no
EXACT_FIT= no
Figure 11-5. image.data file AN121.1
Notes:
The image.data file contains information describing the image installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of
logical volumes and file systems in the root volume group. The mkszfile command
generates the image.data file. It is not recommended that the user modify the file.
Changing the value of one field without correctly modifying any related fields, can result in
a failed installation, and a corrupted backup image. The only exception to this
recommendation is the SHRINK field, which the user may modify to instruct the BOS
installation routines to create the file systems as specified in the image.data file, or to
create the file systems only as large as is required to contain all the data in the file system.
The BOS installation process also takes input from the image.data file regarding defaults
for the machine being installed. Any default values in the image.data file will override
values obtained when the BOS installation queries the hardware topology and existing root
volume group. The image.data file resides in the / directory.
Instructor Guide
To create a mksysb backup image with a customized image.data file:

• Create a new image.data file: # mkszfile.
• Edit the image.data file as appropriate.
• Create mksysb with the customized image.data file: # mksysb /backup/my_mksysb.
This file is part of System Backup and BOS Install Utilities.

V5.2
Instructor Guide

Purpose — Explain the image.data file
Transition statement — Now let's discuss the bosinst.data file.
Instructor Guide
bosinst.data file
IBM Power Systems
• Defines defaults for variables controlling an installation

• Can be used to created non-prompted installations
• Key options below, for a full description see:
– /usr/lpp/bosinst/bosinst.template.README
control_flow:
control_flow: GRAPHICS_BUNDLE = yes
CONSOLE = Default
CONSOLE = Default MOZILLA_BUNDLE = no
INSTALL_METHOD = overwrite
INSTALL_METHOD = overwrite KERBEROS_5_BUNDLE = no
PROMPT = no
PROMPT = no SERVER_BUNDLE = yes
EXISTING_SYSTEM_OVERWRITE = yes
EXISTING_SYSTEM_OVERWRITE = yes ALT_DISK_INSTALL_BUNDLE = no
INSTALL_X_IF_ADAPTER = no
INSTALL_X_IF_ADAPTER = no
RUN_STARTUP = yes
RUN_STARTUP = yes locale:
RM_INST_ROOTS = no
RM_INST_ROOTS = no BOSINST_LANG = en_US
ERROR_EXIT =
ERROR_EXIT = CULTURAL_CONVENTION = en_GB
CUSTOMIZATION_FILE = SCREEN
CUSTOMIZATION_FILE = SCREEN MESSAGES = en_US
TCB = no
TCB = no KEYBOARD = en_GB
INSTALL_TYPE =
INSTALL_TYPE =
BUNDLES =
BUNDLES = target_disk_data:
SWITCH_TO_PRODUCT_TAPE =
SWITCH_TO_PRODUCT_TAPE = PVID =
RECOVER_DEVICES = no
RECOVER_DEVICES = no PHYSICAL_LOCATION =
BOSINST_DEBUG = no
BOSINST_DEBUG = no CONNECTION =
ACCEPT_LICENSES =
ACCEPT_LICENSES = LOCATION =
DESKTOP = CDE
DESKTOP = CDE SIZE_MB =
INSTALL_DEVICES_AND_UPDATES = yes
INSTALL_DEVICES_AND_UPDATES = yes HDISKNAME = hdisk0
IMPORT_USER_VGS =
IMPORT_USER_VGS =
ENABLE_64BIT_KERNEL = Default
ENABLE_64BIT_KERNEL = Default
CREATE_JFS2_FS = yes
CREATE_JFS2_FS = yes
ALL_DEVICES_KERNELS = no
ALL_DEVICES_KERNELS = no
ALT_DISK_INSTALL_BUNDLE = no
ALT_DISK_INSTALL_BUNDLE = no
Figure 11-6. bosinst.data file AN121.1
Notes:
/bosinst.data file
This file enables the administrator to specify the requirements at the target system and how
the user interacts with the target system. It provides flexibility by allowing unattended
installations. The system backup utilities simply copy the /bosinst.data into the second file
on the mksysb tape. If this file is not in the root directory, the
/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.
Key fields (highlight in the visual):
• PROMPT: Will determine if the installation is to be prompted (yes) or non-prompted (no)
• INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a
different hardware configuration, boot from product media to get any missing device
drivers installed. In addition, if the product media is a later level of AIX than the mksysb,
software in the mksysb image will be updated. To prevent either of these additional
installations from occurring, set this field to no. The default is yes.

V5.2
Instructor Guide
Uempty • INSTALL_METHOD: Specifies a method of installation: migrate, preserve,

erase_only, or overwrite
• CREATE_JFS2_FS: Specifies whether you want to create enhanced journaled file
systems. The choices are yes and no
• ALL_DEVICES_KERNELS: Specifies whether to install all device and kernel filesets
The choices are yes and no. If you select no, your system will be installed with the
devices and kernel specific to your system configuration. If you select yes, when you
create a system backup of your system, you can use that system backup to install any
system.
• LOCALE STANZA: Will determine:
- The language to use during installation
- Primary cultural convention to use after reboot
- Primary message catalogs to use after reboot
- Keyboard map to use after reboot
• TARGET DISK STANZA: Will determine where to create the root volume group.
Instructor Guide
Instructor notes:
Purpose — Explain the bosinsta.data file
Focus on the key options highlighted in the visual (in blue).
Transition statement — Now let's see the format of a mksysb file.

V5.2
Instructor Guide
Uempty
mksysb tape image format

IBM Power Systems
Blocksize = Blocksize = Blocksize = Tape Drive

512 512 512 Blocksize
BOS Boot mkinsttape dummy rootvg

image image backup image
.toc
1st Section 2nd Section 3rd Section 4th Section
0 1 2 3
Kernel ./image.data Dummy TOC Backup

Device Drivers ./bosinst.data by name
./tapeblksz
• To list files in the backup image on a mksysb

– tctl -f /dev/rmt0 rewind
– tctl -f /dev/rmt0.1 fsf 3
– restore -Tvf /dev/rmt0
• OR
– restore -Tv –s4 -f /dev/rmt0
Figure 11-7. mksysb tape image format AN121.1
Notes:
This visual shows the tape layout of a mksysb image.
BOS boot image
The BOS boot image contains a copy of the system's kernel and device drivers needed
to boot from the tape.
mkinsttape image
The mkinsttape image contains the following files:
• ./image.data holds the information needed to re-create the root volume group
and its logical volumes and file systems.
• ./bosinst.data contains the customizable installation procedures and dictates
how the BOS installation program behaves. This file allows for the
non-interactive installations.
• ./tapeblksz contains the block size setting of the tape drive used during the
backup. This applies to the files in the fourth section.
Instructor Guide
Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the
BOS installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved
using the backup command which is discussed shortly
Listing and extracting files in a tape mksysb image
The tctl command can be used to rewind and fast forward the tape to the start of the
fourth section (third tape mark). Then, the restore command, as shown in the visual can be
used to extract (-x) or list (-T) files on the tape. Alternatively, if the tape is already rewound,
then restore command can be used directly to extract files from the fourth section (-s4).
For further information regarding tape manipulation, see the tctl man page.

V5.2
Instructor Guide

Purpose — Show the image format for the mksysb on tape
Details — This information is important to know if you want to restore one file from the
image rather than the whole image. If the tape is positioned to the fourth file (rootvg data),
files can be retrieved using restore. restore is discussed later.
Additional information — The sections are officially referred to as files. Section was used
to avoid any ambiguity.
Transition statement — Let's see how we back up other volume groups.
Instructor Guide
Restoring a mksysb, from tape device (1 of 2)

IBM Power Systems
• From the SMS Menu, boot the system from the tape device.
• Restore mksysb image from the device, that is, tape
(/dev/rmt0), as follows:
1 Start Install Now With Default Settings
>> 3 Start Maintenance Mode for System Recovery
>> 3 Start Maintenance Mode for System Recovery
1 Access A Root Volume Group

1 Access A Root Volume Group
2 Copy a System Dump to Removable Media
3 Access Advanced Maintenance Functions
4 Erase Disks
4 Erase Disks
>> 6 Install from a System Backup
>> 6 Install from a System Backup
Tape Drive Path Name

Tape Drive Path Name
>> 1 tape/scsi/4mm/2GB /dev/rmt0
>> 1 tape/scsi/4mm/2GB /dev/rmt0
Figure 11-8. Restoring a mksysb, from tape device (1 of 2) AN121.1
Notes:
Start a mksysb restoration
To restore a mksysb image from tape, boot the machine into SMS just as if you were
performing an installation. As shown previously in the installation unit, select the device to
boot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.
The machine boots from the tape and prompts you to define the console and select a
language for installation. Once you have answered those questions, then the Installation
and Maintenance menu is presented.
You can also boot from installation media which presents the same screens. Just be sure to
put the mksysb tape in the tape drive before answering the last question.

V5.2
Instructor Guide

Purpose — Show how to recover using a mksysb image (tape)
Details — Explain how to boot the machine from tape. This should be a review from the
installation section, so ask the students how it is done.
Transition statement — You then see more screens. Let's take a look.
Instructor Guide
Restoring a mksysb, from tape device (2 of 2)

IBM Power Systems

Type the number of your choice and press Enter. Choice is indicated by >>.
Type the number of your choice and press Enter. Choice is indicated by >>.
>> 2 Change/Show Installation Settings and Install
>> 2 Change/Show Installation Settings and Install
5 Select Storage Adapters
5 Select Storage Adapters
System Backup Installation and Settings
System Backup Installation and Settings
1 Disk(s) where you want to install hdisk0
1 Disk(s) where you want to install hdisk0
Use Maps No
Use Maps No
2 Shrink Filesystems No
2 Shrink Filesystems No
3 Import User Volume Groups No
3 Import User Volume Groups No
4 Recover devices No
4 Recover devices No
0 Install with the settings listed above
0 Install with the settings listed above

Please wait...
Please wait...
Figure 11-9. Restoring a mksysb, from tape device (2 of 2) AN121.1
Notes:
Changing installation settings
From the Installation and Maintenance menu, select option 2, Change/Show
Installation Settings and Install.
The options from the System Backup and Installation and Settings menu are:
• 1 Disk(s) where you want to install
- Select disks where you want to install.
• 2 Use Maps
- The option Use Maps lets you use the map file created (if you created one) during
the backup process of the mksysb tape. The default is no.
• 3 Shrink Filesystems
- The option Shrink Filesystems installs the file systems using the minimum required
space. The default is no. If yes, all file systems in rootvg are shrunk. So remember

V5.2
Instructor Guide
Uempty after the restore, evaluate the current file system sizes. You might need to increase
their sizes.
• 0 Install with the settings listed above
- At the end, select option 0 which installs using the settings selected. Your mksysb
image is restored.
The system then reboots.
Instructor Guide
Instructor notes:
Purpose — Show the remaining steps to complete the mksysb install
Details — Go through the example contained in the visual.
Transition statement — Let's look at restoring a mksysb from a NIM server.

V5.2
Instructor Guide
Uempty
Restoring a mksysb, from a NIM server (1 of 2)

IBM Power Systems
• Restore a mksysb image from a NIM Server, using the SMS

menu.
– Note: NIM server configuration is covered in the AU08G NIM course.
PowerPC Firmware
PowerPC Firmware
Version SF240_338
Version SF240_338
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main Menu
Main Menu
1. Select Language
1. Select Language
4. Select Console
4. Select Console
IP Parameters Enter client and NIM

IP Parameters server IP details.
Interpartition Logical LAN: U9113.550.65F2E7F-V9-C3-T1
Interpartition Logical LAN: U9113.550.65F2E7F-V9-C3-T1
4. Subnet Mask [255.255.0.0]
4. Subnet Mask [255.255.0.0]
Figure 11-10. Restoring a mksysb, from a NIM server (1 of 2) AN121.1
Notes:
Firstly, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the
client on the NIM server and the NIM server must run a bosinst operation on your client
machine. This is covered in the NIM course, AU08G.
Secondly, boot the client into SMS mode and select option 2, Setup Remote IPL. This
option allows us to define the network parameters of the NIM server and client. Once the
IPL details have been entered, press ESC to return to the main menu.
Instructor Guide
Instructor notes:
Purpose — Show how to recover using a mksysb image (NIM)
Details — Explain how to boot the machine from a NIM server. NIM server details are
covered in AU08G.
Transition statement — You then see more screens. Let's take a look.

V5.2
Instructor Guide
Uempty
Restoring a mksysb, from NIM sever (2 of 2)

IBM Power Systems
• Return to main menu, by selecting option “5 Boot Options”. Then, select:

• 1. Select Install/Boot Device
• 6. Network -- followed by the network adapter to the boot from
• 2. Normal Mode Boot
• 1. Yes -- to exit System Management Services
BOOTP: chosen-network-type = ethernet,auto,none,auto BOOTP R = 1 BOOTP S = 2

BOOTP: chosen-network-type = ethernet,auto,none,auto
BOOTP: server IP = 10.47.1.33 FILE: /tftpboot/alex.lpar.co.uk
BOOTP: server IP = 10.47.1.33
BOOTP: requested filename = FINAL Packet Count = 27900
BOOTP: requested filename =
BOOTP: client IP = 10.47.1.21 FINAL File Size = 14284288 bytes.
BOOTP: client IP = 10.47.1.21
BOOTP: client HW addr = ea 48 f0 0 90 3 load-base=0x4000
BOOTP: client HW addr = ea 48 f0 0 90 3
BOOTP: gateway IP = 0.0.0.0 real-base=0x2000000
BOOTP: gateway IP = 0.0.0.0
BOOTP: device /vdevice/l-lan@30000003
BOOTP: device /vdevice/l-lan@30000003
BOOTP: loc-code U9113.550.65F2E7F-V9-C3-T1
BOOTP: loc-code U9113.550.65F2E7F-V9-C3-T1
Client issues a bootp request
to NIM master and downloads
the boot image via tftp
Please wait...
Please wait...


Figure 11-11. Restoring a mksysb, from NIM sever (2 of 2) AN121.1
Notes:
The visual shows the rest of the steps involved in completing the mksysb restore.
Instructor Guide
Instructor notes:
Purpose — Show the remaining steps to complete the mksysb install
Details — As included in the visual
Transition statement — Now let's look at how to back up non-rootvg VGs.

V5.2
Instructor Guide
Uempty
Creating a backup of a data volume group

IBM Power Systems
• smit savevg /usr/bin/savevg –f /tmp/datavg_bk_svg -i datavg

Back Up a Volume Group to Tape/File
Back Up a Volume Group to Tape/File
* Backup DEVICE or FILE [/tmp/datavg_bk_svg] +/

* Backup DEVICE or FILE [/tmp/datavg_bk_svg] +/
* VOLUME GROUP to back up [datavg] +
* VOLUME GROUP to back up [datavg] +
Generate new vg.data file? yes +
Generate new vg.data file? yes +
EXCLUDE files? no +
EXCLUDE files? no +
Number of BLOCKS to write in a single output [] #
Number of BLOCKS to write in a single output [] #
Back up Volume Group information files only? no +
Back up Volume Group information files only? no +
Back up DMAPI filesystem files? no +
Back up DMAPI filesystem files? no +
• SMIT also provides facilities to do a VG backup to CD and

DVD (smit vgbackup).
Figure 11-12. Creating a backup of a data volume group AN121.1
Notes:
To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters
are virtually identical to creating a mksysb image.
The savevg command finds and backs up all files belonging to a specified volume group.
The volume group must be varied-on, and the file systems must be mounted. The savevg
command uses the data file created by the mkvgdata command. This data file can be one
of the following:
• /tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the
name of the volume group. The savevg command uses this file to create a backup
image that can be used by the restvg command to remake the user volume group.
Instructor Guide
Instructor notes:
Purpose — Explain how to create a backup of a non-rootvg VG
Transition statement — Let's see how we restore a non-rootvg VG.

V5.2
Instructor Guide
Uempty
Restoring a backup of a data volume group

IBM Power Systems
• smit restvg /usr/bin/restvg -q –f /tmp/datavg_bk_svg

* Restore DEVICE or FILE [/tmp/datavg_bk_svg] +/
* Restore DEVICE or FILE [/tmp/datavg_bk_svg] +/
SHRINK the filesystems? no +
SHRINK the filesystems? no +
Recreate logical volumes and filesystems only? no +
Recreate logical volumes and filesystems only? no +
PHYSICAL VOLUME names [] +
PHYSICAL VOLUME names [] +
(Leave blank to use the PHYSICAL VOLUMES listed
(Leave blank to use the PHYSICAL VOLUMES listed
in the vgname.data file in the backup image)
in the vgname.data file in the backup image)
Use existing MAP files? yes +
Use existing MAP files? yes +
Physical partition SIZE in megabytes [] +#
Physical partition SIZE in megabytes [] +#
(Leave blank to have the SIZE determined
(Leave blank to have the SIZE determined
based on disk size)
based on disk size)
Number of BLOCKS to read in a single input [] #
Number of BLOCKS to read in a single input [] #
Alternate vg.data file [] /
Alternate vg.data file [] /
(Leave blank to use vg.data stored in
(Leave blank to use vg.data stored in
backup image)
backup image)
• Prior to restoring the VG

– Unmount all file systems which are part of that VG.
– Varyoff and export the volume group.
Figure 11-13. Restoring a backup of a data volume group AN121.1
Notes:
The visual show the process of restoring a non-rootvg volume group. Standard out from the
smit screen is shown below:
COMMAND STATUS
Before command completion, additional instructions may appear
below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
Instructor Guide
datavg
loglv01
fslv00
New volume on /tmp/datavf_bk_svg:
The backup date is: Mon 20 Oct 20:29:05 2008
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
The total size is 5530 bytes.
The number of restored files is 11.

V5.2
Instructor Guide

Purpose — Show how to restore a non-rootvg VG
Details — Explain how to restore a non-rootvg backup.
Transition statement — Let's move on and cover some very popular standard AIX
backup, restore commands, and compression utilities.
Instructor Guide
Traditional UNIX and AIX backup commands

IBM Power Systems
• AIX
– Backup and restore
• Other popular backup, restore commands across UNIX

platforms:
– tar
– cpio
– pax
– dd
• Compression Utilities
– Compress, restore using uncompress or zcat
– gzip, restore using gunzip
Figure 11-14. Traditional UNIX and AIX backup commands AN121.1
Notes:

V5.2
Instructor Guide

Purpose — Display an overview and introduce the most popular
backup/restore/compression commands used in AIX/UNIX systems
Details — Examples will follow.
Transition statement — Let's start with backup and restore commands.
Instructor Guide
Backup by filename and restore

IBM Power Systems
• File names are read from standard input

## cat
cat listfile
listfile
/home/aix/file1
/home/aix/file1
/home/aix/file2
/home/aix/file2 Absolute Paths
/home/aix/file3
/home/aix/file3
## backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 << listfile
listfile
## find
find /home/aix
/home/aix || backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 Relative Paths
## cd
cd /home/aix
/home/aix
## find
find .. || backup
backup -iqvf
-iqvf /backup/aix.backup
/backup/aix.backup
List files
## restore
restore -Tvf
-Tvf /backup/aix.backup
/backup/aix.backup
Extract (restore)
files
## restore
restore -xvf
-xvf /backup/aix.backup
/backup/aix.backup
## restore
restore -xvf
-xvf /tmp/aix.backup
/tmp/aix.backup ./file1
./file1 Extract individual
file
Figure 11-15. Backup by filename and restore AN121.1
Notes:
The backup command
The backup command is a useful command for making backups of AIX files and
directories. backup supports two different methods:
• Backup by filename
• Backup by inode (also call a file system backup)
When performing a backup by filename, the files must be in a mounted file system to be
backed up. Backup by inode, backs up file systems when they are unmounted.
Note: Relative versus full filenames will impact the location of files on recovery!
Popular backup flags
-q: Media is ready
-i: Specifies that files be read from standard input and archived by file name.
-v: Verbose - display filenames during backup

V5.2
Instructor Guide
Uempty -f: device

Popular restore flags
-T: List files
-x: Extract files
For further information see the man pages.
Instructor Guide
Instructor notes:
Purpose — Show how to back up and restoring files by filename
Transition statement — Let's see how to perform a backup and restore by inode.

V5.2
Instructor Guide
Uempty
Backup and restore by inode

IBM Power Systems
• Only supported if filesystems are unmounted! Full backup
## backup
backup -u
-u -0
-0 -f
-f /tmp/databkup_21Oct_level0
/tmp/databkup_21Oct_level0 /data
/data
## backup
backup -u
-u -1
-1 -f
-f /tmp/databkup_21Oct_level1
/tmp/databkup_21Oct_level1 /data
/data
## cat
cat /etc/dumpdates
/etc/dumpdates
/dev/rfslv00
/dev/rfslv00 11 Tue
Tue Oct
Oct 21
21 15:45:21
15:45:21 2008
2008
/dev/rfslv00 0 Tue Oct 21 15:40:54
/dev/rfslv00 0 Tue Oct 21 15:40:54 2008 2008 Incremental backup
Backup history
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level0
/tmp/databkup_21Nov_level0
## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level1
/tmp/databkup_21Nov_level1
Must restore first to the last level 0 then

followed by each incremental…
Figure 11-16. Backup and restore by inode AN121.1
Notes:
Backup by inode is useful for performing full (level 0) and incremental backups of
filesystems. Backup by inode should only be completed when the filesystem is unmounted!
Note: The command will complete if the filesystem is in use, but the following warning
message is displayed, “backup: 0511-251 The file system is still mounted; data may
not be consistent.”
Popular backup by inode flags
-u: update /etc/dumpdates will backup transaction history
-0-9: backup level, 0 is full, 1…9 represents incremental change since level n-1
-f: device
Popular restore by inode flags
-r: restore files
For further information see the man pages.
Instructor Guide
When restoring file system archives, the restore command creates and uses a file
named restoresymtable. This file is created in the current directory. The file is necessary
for the restore command to do incremental file system restores. Do not remove the
restoresymtable file if you perform incremental file system backups and restores.

V5.2
Instructor Guide

Purpose — Show how to back up and restore by inode
Details — Go through the examples in the visual. Ensure students are fully aware of
/etc/dumpdates and when restoring increments – it must be done in order!
Additional information — In reality, incremental backups are performed by storage
solutions such as TSM – not by using backup by inode!
Transition statement — Let's see how to use tar.
Instructor Guide
tar command
IBM Power Systems
• tar is derived from tape archive

– Create a tar backup (-c)
## tar
tar –cvf
–cvf /dev/rmt0
/dev/rmt0 /home
/home
## tar
tar -cvf /backup/home.tar /home
-cvf /backup/home.tar /home
– List files in a tar backup (-t)

## tar
tar –tvf
–tvf /dev/rmt0
/dev/rmt0
– Extract files from a tar backup (-x)

## tar
tar –xvf
–xvf /dev/rmt0
/dev/rmt0
– Copying directories and files using tar

## cd
cd /data
/data
## tar
tar –cf
–cf || (cd
(cd /data_backup
/data_backup &&
&& tar
tar xBpf
xBpf -)
-)
Figure 11-17. tar command AN121.1
Notes:
The tar command archives and restores files. tar is most commonly used in tandem with
an external compression utility, since it has no built-in data compression facilities.
Here is a list of the commonly used options:
-c creates a tar backup.
-x extracts (restores) one or more files from a tar file.
-t reads the content of the tar file (verify the backup).
-v verbose output - displays files as they are backed up and restored.
-f identifies the file or device holding the tar image.
-h follows symbolic links.
-u appends files to an existing archive.
-p preserves file permissions, ignoring the present umask value.
-B forces a consistent blocking factor to help ensure this copy is made correctly.
The final .tar file is usually called a tarball.

V5.2
Instructor Guide

Purpose — Explain how to use the tar command
Details — Explain the use of tar and go through the examples provided.
Additional information — You may wish to discuss how tar copies symbolic links. For
example, by default it copies the link. The -h flag will cause tar to follow symbolic links as if
they were normal files or directories.
Often, when an archive is created, some additional files need to be copied to it. The -u flag
appends files to an existing archive.
Transition statement — Let's discuss the cpio command.
Instructor Guide
cpio command
IBM Power Systems
• cpio is derived from copy in and out

– Create a cpio backup (-o)
## find
find /home
/home || cpio
cpio –ov
–ov >> /backup/home.bk
/backup/home.bk
– List files in a cpio backup (-t)

## cpio
cpio -itv
-itv << /backup/home.bk
/backup/home.bk
– Extract files from a cpio backup (-i)

## cpio
cpio –idv
–idv << /backup/home.bk
/backup/home.bk
– Copy the contents of the current location to /mydir
## find
find .. -depth
-depth || cpio
cpio -pd
-pd /mydir
/mydir
Figure 11-18. cpio command AN121.1
Notes:
cpio copies file archives in from, or out to tape, disk, or another location on the local
machine.
Here is a list of the commonly used options:
-o command reads file path names from standard input and copies these files to
standard output, along with path names and status information.
-i command reads from standard input an archive file created by the cpio -o
command and copies from it the files with names that match the Pattern
parameter.
-p copies files to another directory on the same system.
-d creates directories as needed.
-v verbose (print files)

V5.2
Instructor Guide

Purpose — Explain how to use the cpio command
Details — Explain the use of cpio and go through the examples provided.
Additional information — The tar command is much more widely used in Unix
environments than cpio. Some applications, for example, Informix is packaged in cpio
format.
Transition statement — Let's discuss the pax command.
Instructor Guide
pax command
IBM Power Systems
• tar and cpio syntax differ slightly between UNIX platforms.

– IEEE addressed this problem with ‘pax’, meaning peace in Latin.
– Create a pax backup of /home (-w)

## pax
pax -wf
-wf /backup/home_pax.ar
/backup/home_pax.ar /home
/home
– List files in a pax backup (-v)

## pax
pax -v
-v –f
–f /backup/home_pax.ar
/backup/home_pax.ar
– Extract files in a pax backup (-r)
## pax
pax -rvf
-rvf /backup/home_pax.ar
/backup/home_pax.ar
Figure 11-19. pax command AN121.1
Notes:
The pax command extracts, writes, and lists members of archive files; copies files and
directory hierarchies.
Rather than sort out the incompatible options that have crept up between tar and cpio,
along with their implementations across various versions of UNIX, the IEEE designed a
new archive utility. Pax means “peace” in Latin, so the utility is named to create peace
between the tar and cpio.

V5.2
Instructor Guide

Purpose — Explain how to use the pax command
Details — Explain the use of pax and go through the examples provided.
Additional information — PAX is used in AIX to provide snaps to send to support. If
anyone asks, this is a usage example.
Transition statement — Let's discuss the dd command, in relation to copy/conversion and
backup.
Instructor Guide
dd command
IBM Power Systems
• The primary purpose of dd is the low-level copying and

conversion of raw data.
– Copy tape to tape. Tape1 block size=1KB. Tape2 block size=2KB
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024
ibs=1024 obs=2048
obs=2048 of=/dev/rmt1
of=/dev/rmt1
– Perform a raw data backup of /home to tape, then restore
## tar
tar -cvf
-cvf -- /home
/home || dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## tar
tar -cvf - /home | rsh <system>
-cvf - /home | rsh <system> dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024k
ibs=1024k || tar
tar xvf
xvf -- Writing to a tape
drive on a remote
machine
– Convert /etc/passwd from ascii to ebcdic

## dd
dd if=/etc/passwd
if=/etc/passwd of=/etc/passwd.ebcdic
of=/etc/passwd.ebcdic conv=ebcdic
conv=ebcdic
Figure 11-20. dd command AN121.1
Notes:
The dd command reads in standard input or the specified input file, converts it, and then
writes to standard out or the named output.
The common options are:
if= specifies the input file.
of= specifies the output file.
conv= designates the conversion to be done.
Copying specific blocks
The dd command is also useful when you need to copy specific blocks of data. For
example, if a file system’s superblock (stored in the first block of the file system) is corrupt,
a copy is kept at the 31st block. The dd command can copy that 31st block back to the first
to repair the file system. The command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4

V5.2
Instructor Guide

Purpose — Explain how to use the dd command in context to copy, convert, and back up
Details — Explain the use of dd and go through the examples provided.
Additional information — In the notes, an example is provided which shows the
superblock record being restored from the copy. This is not something some one would
actually do as the fsck command will handle the copy operation automatically if it sees
that the superblock is corrupted.
Transition statement — Let's discuss compression commands.
Instructor Guide
Compression commands (1 of 2)
IBM Power Systems
• Archives created with backup utilities are usually compressed.

– Reduce the size of the backup.
– This can be done using a number of utilities, such as compress.
• Examples (using compress, uncompress, and zcat):
## compress
compress -v
-v /tmp/data.tar
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: Compression:
Compression: 95.50%
95.50% This
This file
file is
is replaced
replaced
with /tmp/data.tar.Z.
with /tmp/data.tar.Z.
## uncompress
uncompress /tmp/data.tar.Z
/tmp/data.tar.Z
/tmp/data.tar.Z:
/tmp/data.tar.Z: This
This file
file is
is replaced
replaced with
with /tmp/data.tar.
/tmp/data.tar.
zcat, expands a
## zcat
zcat /tmp/data.tar.Z
/tmp/data.tar.Z || tar
tar -xvf
-xvf -- compressed file to
standard out.
Figure 11-21. Compression commands (1 of 2) AN121.1
Notes:
Files which are archived are usually further compressed to reduce their size. Compress,
uncompress and zcat commands are standard commands across UNIX platforms for
compressing and uncompressing files.

V5.2
Instructor Guide

Purpose — Explain how to use the compress and uncompress commands
Details — Explain the use of compress, uncompress, and zcat commands.
Transition statement — Let's discuss gzip compression commands.
Instructor Guide
Compression commands (2 of 2)
IBM Power Systems
• Examples (gzip and gunzip)

## gzip
gzip -v
-v /tmp/data.tar
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: 97.7%
97.7% --
-- replaced
replaced with
with
/tmp/data.tar.gz
/tmp/data.tar.gz
## gunzip
gunzip -v
-v /tmp/data.tar.gz
/tmp/data.tar.gz
/tmp/data.tar.gz:
/tmp/data.tar.gz: 97.7%
97.7% --
-- replaced
replaced with
with
/tmp/data.tar
/tmp/data.tar
Creates a
compressed
## tar
tar -cvf
-cvf -- /data
/data || gzip
gzip -c
-c >> data_tar.gz
data_tar.gz tarball (.tar.gz) of
the /data
## gunzip
gunzip -c
-c data_tar.gz
data_tar.gz || tar
tar xvf
xvf -- directory.
Decompresses and
extracts the
compressed tarball
(.tar.gz).
Figure 11-22. Compression commands (2 of 2) AN121.1
Notes:
gzip is a software application used for file compression. gzip is short for GNU zip. The
program is very popular and is a free replacement for the compress program which was
predominately used in early UNIX systems.
Another popular and free compression utility is bzip2 which is based on a lossless data
compression algorithm. Bzip2 compression is generally more effective than gzip. The
usage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip
respectively.

V5.2
Instructor Guide

Purpose — Explain how to use the compress and uncompress data using gzip and gunzip
Details — The gzip and bzip2 are two extremely popular free compression utilities used on
UNIX, AIX systems. Go through the example in the visual. I have also included some brief
notes on bzip2. There is no point including examples, since the syntax is more or less
identical to gzip.
Transition statement — Now we have seen some of the commands, let's end the unit by
covering a few good practices.
Instructor Guide
Good practices
IBM Power Systems
• Take regular backups.
• Verify your backups.

– Check the tape device(s).
– Label tapes.
• Keep old backups.
• Keep a copy of the backups securely offsite.
• Test recovery procedures before you have to use them!
• Consider deploying an enterprise storage management

solution like Tivoli Storage Manager (TSM).
Figure 11-23. Good practices AN121.1
Notes:
• Take regular backups. Always take regular backups of data. The most efficient way of
doing this is through regular automated incremental backups, as done through products
like TSM.
• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker
and verify the contents without having to restore the data.
• Check the tape devices. The tapechk command can be used to check a number of
files on a tape. If no argument is specified, then the first block on the tape is checked. If
a number is specified, that number of files are checked. You can also position the tape
before tapechk is run by specifying a second number. For example, tapechk 2.1 reads
two files after skipping past the first file.The tapechk command can be used to detect
malfunctioning hardware.
• Label your tapes. There is no way to know what is on the tape by looking at it. The
label should at least list the tape files, the commands used to create the tape, the date
created, and the block size.

V5.2
Instructor Guide
Uempty • Keep old backups. Keep old backups in case something goes wrong with the new
ones.
• Keep a copy of backups securely offsite. Store a set of backups off site in case
something happens to your site.
• Test recovery procedures. Test your recovery procedure before you have to. Know
that you can recover before you have to recover.
• Consider deploying an enterprise storage solution. Enterprise storage solutions like
Tivoli Storage Manager provide centralized, automated storage management and data
protection. TSM storage management software protects you from the risks of data loss
and helps you reduce complexity, manage costs, and address compliance with data
retention and availability requirements.
Instructor Guide
Instructor notes:
Purpose — Emphasize some good practices
Details — Go through each bullet point. Planning and testing is always the best approach
to backup practices. Redundancy and documentation is also very important.
Transition statement — Now, let's answer a few checkpoint questions.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1. What is the difference between the following two commands?

• find /home/fred | backup -ivf /dev/rmt0
• cd /home/fred; find . | backup -ivf /dev/rmt0
___________________________________________________
___________________________________________________
___________________________________________________
2. On a mksysb tape, if you entered tctl rewind and then tctl -

f/dev/rmt0.1 fsf 3, which element on the tape could you look at?
_________________________________________________________
_________________________________________________________
3. Which command could you use to restore these files?

_________________________________________________________
4. True or False: smit mksysb backs up all file systems, provided they
are mounted.
________________________________________________
_________________________________________________________
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems

Option a) backs up the files using the full path names, whereas
option b) backs up the file names using the relative path names.
Therefore, b)’s files can be restored into any directory.

You would be at the start of the backed up images of the files, having
skipped over the first three sections of the tape (boot image, mkinsttape,
and dummy toc).
3. Which command could you use to restore these files? The files were
backed up using the backup command so you would have to use the
restore command.
are mounted. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.

V5.2
Instructor Guide
Uempty
Exercise 11
IBM Power Systems
Backup and restore
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

• Explain and understand the role of both the image.data
and bosinst.data files
• Use standard AIX/UNIX backup, restore, and
compression utilities
Notes:
Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 12. Security and user administration
Estimated time
01:30

This unit describes the key concepts related to AIX security and user
administration.

• Define the concepts of users and groups, and explain how and
when these should be allocated on the system
• Describe ways of controlling root access on the system
• Explain the uses of SUID, SGID, and SVTX permission bits
• Administer user accounts and groups
• Understand the basic concepts and implementation of RBAC
• Identify the data files associated with users and security

Accountability:
• Exercise
References
SG24-7424 AIX 6.1 Advanced Security Features: Introduction and
Configuration (redbook)
SG24-7559 AIX Version 6.1 Differences Guide (redbook)
following address:
© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-1
Instructor Guide
Unit objectives
IBM Power Systems

Notes:

V5.2
Instructor Guide

Details —
Transition statement — Let's start by discussing some important security-related
concepts. First, let's consider user accounts. Effective administration of user accounts is a
key factor in promoting system security.
Instructor Guide

V5.2
Instructor Guide
Uempty 12.1. Security and user concepts
Instructor topic introduction

What students will do — Learn about security and user concepts
How students will do it — Lecture
What students will learn — Security and user concepts.
How this will help students on their job — This topic will help students to:
• Understand user accounts and groups
• Describe the role of RBAC
• Identify key security logs
• Understand and apply file permissions
• Change file ownership and group assignment
Instructor Guide
Security and user concepts

IBM Power Systems
After completing this topic, you should be able to:

– Including the role of the umask parameter
Figure 12-2. Security and user concepts AN121.1
Notes:

V5.2
Instructor Guide

Purpose — Explain security and user concepts
Details —
Transition statement — Let's start by looking at user accounts.
Instructor Guide
User accounts
IBM Power Systems
• Each user has a unique name, numeric ID, and password.

• File ownership is determined by a numeric user ID.
• The owner is usually the user who created the file, but
ownership can be transferred by root.
• Default users:
– root Superuser
– adm, sys, bin, ... IDs that own system files but
cannot be used for login
## id
id
uid=0(root)
uid=0(root) gid=0(system)
gid=0(system)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
Figure 12-3. User accounts AN121.1
Notes:
Importance of user accounts
The security of the system is based on a user being assigned a unique name, a unique
user ID (UID) and password, and a primary group ID (GID). When the user logs in, the UID
is used to validate all requests for file access. The UID, associated groups, and GIDs can
be seen by the id command.
File ownership
When a file is created, the UID associated with the process that created the file is assigned
ownership of the file. Only the owner or root can change the access permissions.
Automatically created user accounts
There are several user accounts automatically created. root, for example, is one. Some
user accounts are not made for login but only to own certain files. adm, sys, and bin are
examples of that type of account.

V5.2
Instructor Guide

Purpose — Highlight some basic concepts concerning AIX security, particularly the role of
user accounts in setting up system security
Details — AIX security can be defined by two basic principles:
1. Ownership of data controls access.
2. Permissions or access to the data is granted by the owner to other users.
Transition statement — The effective use of groups is also important in promoting AIX
system security.
Instructor Guide
Groups
IBM Power Systems
• A group is a set of users, all of whom need access to a given

set of files.
• Every user is a member of at least one group and can be a
member of several groups.
• The user has access to a file if any group in the user’s
groupset provides access. To list the groupset, use the
groups command.
• The user's real group ID is used for file ownership on creation.
To change the real group ID, use the newgrp command.
• Default groups:
– System administrators: system
– Ordinary users: staff
Figure 12-4. Groups AN121.1
Notes:
Function of groups
Users that require shared access to a set of files are placed in groups. Each group has
a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when it
is created. A user can belong to multiple groups.
Predefined groups
There are several groups predefined on an AIX system. For example, the system
group is root's group and the staff group is for all ordinary users.
Planning and administering groups
The creation of groups to organize and differentiate the users of a system or network is
part of systems administration. The guidelines for forming groups should be part of the
security policy. Defining groups for large systems can be quite complex, and once a
system is operational, it is very difficult to change the group structure. Investing time
and effort in devising group definitions before your system arrives is recommended.

V5.2
Instructor Guide
Uempty Groups should be defined as broadly as possible and be consistent with your security
policy. Do not define too many groups because defining groups for every possible
combination of data type and user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and
administrators of a group. It does not imply that the user has any administrative abilities
for the system.
Types of groups
There are three types of groups on the system:
• User Groups
- User groups should be made for people who need to share files on the
system, such as people who work in the same department, or people who are
working on the same project.
• System Administrator Groups
- System administrators are automatically members of the system group.
Membership of this group allows the administrators to perform some of the
system tasks without having to be the root user.
• System Defined Groups
- Several system-defined groups exist. staff is the default group for all
non-administrative users created in the system. security is another
system-defined group with limited privileges for performing security
administration. The system-defined groups are used to control certain
subsystems.
Use of the newgrp command
A user's real group identification is used to determine the group ownership of a file
created by that user. The newgrp command changes a user's real group identification.
If you provide a group name as a parameter to the newgrp command, the system
changes the name of your real group to the group name specified (if the group name
specified is part of your groupset). If no group name is provided as a parameter, the
newgrp command changes your real group to the group specified as your primary
group in the /etc/passwd file.
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)
Instructor Guide
Instructor notes:
Purpose — Describe the concept of a group and show how users can change their group
Details — A user's groupset can contain up to 32 groups. The permissions of each group
in the groupset are available to the user. When defining a user through SMIT or mkuser,
you have the option of specifying a primary group ID. This is stored as the principal group
ID in the etc/passwd file. When the user initially logs in, this principal group ID is used to
establish the real group ID in the user's environment. The current real group ID is recorded
in the inode of any new file created in that environment, unless overridden by an SGID on
the parent directory. While the real group ID, can be changed using the newgroup
command, the principle group ID in /etc/passwd is unaffected and is used to set the real
group ID the next time the user logs in.
Additional information — The entry for the newgrp command in the online AIX 6.1
Command Reference has some helpful information.
Transition statement — Several groups have been mentioned. Now, let's look at the
group hierarchy.

V5.2
Instructor Guide
Uempty
Group hierarchy
IBM Power Systems
system security
Rights to
printq administrative
adm functions
audit
shutdown
staff Ordinary
users
Figure 12-5. Group hierarchy AN121.1
Notes:
Rights to administrative functions
As indicated on the visual, membership in some groups confers rights to the use of certain
administrative functions. Membership in the staff group does not provide rights to the use
of administrative functions.
Common groups
Common groups on the system (and their intended uses) are as follows:
• system for most configuration and standard hardware and software maintenance
• printq for managing queuing.
- Typical commands which can be run by members of this group are: enable,
disable, qadm, qpri, and so forth.
• security to handle most passwords and limits control
- Typical commands which can be run by members of this group are: mkuser,
rmuser, pwdadm, chuser, chgroup, and so forth.
Instructor Guide
• adm most monitoring functions such as performance, cron, accounting staff, default
group assigned to all new users
- You may want to change this in /usr/lib/security/mkuser.defaults.
• audit for auditors
• shutdown allows use of the shutdown command.

V5.2
Instructor Guide

Purpose — Describe common groups in the system
Details — Other groups added to the system do not inherit any special attributes as far as
the operating system is concerned.
AIX provides additional groups that were first added to AIX V4.3, most notably a group
called shutdown. Members of this group can issue the shutdown, fastboot, and reboot
commands. fastboot and reboot are equivalent commands. Recent versions of AIX also
include a group called perf. Members of this group can execute various AIX performance
tools.
Additional information — Each group has privileges for specific tasks. For example,
members of the system group can perform hardware and software administration, and
members of the security group can perform user administration. No one group is more
powerful than the other since they each control their own specific area.
Transition statement — User accounts have a similar hierarchy.
Instructor Guide
User hierarchy
IBM Power Systems
• As well as admin groups, AIX has admin users.

• An admin user has the admin group “system” (guid 0) set as
the primary group.
• Only root can add, remove, or change an admin user or admin
group.
• Any user on the system can be defined as an admin user
regardless of the group they are in.
• This approach is limited. AIX 6 includes enhanced RBAC.
root
admin user
(admin flag set to true)
normal user
Figure 12-6. User hierarchy AN121.1
Notes:
Capabilities of members of certain groups
The ability to perform certain system tasks (like creating users) depends upon the standard
AIX file permissions. Most system administration tasks can be performed by users other
than root if those users are assigned to groups such as system, security, printq, cron,
adm, audit, or shutdown. In particular, a user in the security group can add, remove, or
change other users and groups.
Purpose of user hierarchy
To protect important users and groups from users in the security group, AIX has three
levels of user hierarchy: root, admin users and groups, and normal users and groups. Only
root can add, remove, or change an admin user or admin group. Therefore, you can define
a user that has a high level of access, but is protected from users in the security group.

V5.2
Instructor Guide

Purpose — Describe the user hierarchy
Details — The root user sits at the top of the stack. This means that in discussions
concerning security, the root user is the exception to most, if not all, restrictions that are
applied to a system.
The key reason for creating administrative users is to ensure that these users cannot be
managed by any user other than root. That is, only root can change the password of an
administrative user. An example of an administrative user might be an executive - only the
root user can change this executive's system password. Ensure that the students are clear
about the difference between an admin user and an administrator. The former has no
special powers, whereas the latter does.
Additional information — In AIX, the user hierarchy is generally two tier:
• Tier 1: The all powerful root user
• Tier 2: Normal users with no administrative rights
The concept of adding admin groups to AIX users is limited. Enhanced RBAC was added
to AIX 6.1 to address this limitation and remove any dependence on security add tools, like
sudo.
Transition statement — Let's provide an overview of enhanced RBAC in AIX 6.
Instructor Guide
Role based access control

IBM Power Systems
• Enhanced RBAC is a major new feature in AIX 6.

• With Enhanced RBAC:
– Authorizations can be hierarchical.
– root can be disabled altogether.
– Can limit or eliminate UNIX based security add-ons like sudo
– Definitions are stored in the kernel table to enhance security.
– Applies also to devices and files
– Support for WPARs
• Authorizations, such as the ability to shutdown the system, are
assigned to roles
• Roles such as System Administrator, are assigned to users
1 Roles 2 Users
Authorizations Roles
Figure 12-7. Role based access control AN121.1
Notes:
Why do we need RBAC?
The difficulty with permission (or even access control list) based access control is that
you must secure the needed resource rather than the command. It was often difficult to
know which resources were the ones needed. In some cases we are dealing with kernel
resources. In addition, a given resource may have multiple uses and a single group
access to it may not work. Allowing a program to be root with suid allowed one to
bypass the resource permissions, but suid itself was a potential exposure. With
Enhanced Resource Based Access Control (RBAC), resource access is controlled
through privileged commands and then only users with the proper authorization are
allowed to execute the privileged command. The authorization and privileges are fine
grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.
Even though a user was assigned a role, that user was often still unable to execute the
associated tasks until a requisite command was converted to a set uid executable and

V5.2
Instructor Guide
Uempty the user was made a member of the associated group. In addition, the legacy
framework was implemented without involvement of the kernel.
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC
framework involves the kernel and thus is more secure. The new framework is also
more granular and extensive than the legacy RBAC. Once a role is assigned to a user,
they have the authorization to do the related tasks without having to play with file
permissions or group membership. While the framework supports user defined
privileged commands, authorizations, and roles, AIX 6.1 provides 10 predefined roles
that can be used without additional RBAC configuration. The details of the RBAC
framework is outside the scope of this course, however more detail with a simple
example is included in topic two of this unit.
Sudo
Sudo (su “do”) is free add-on software for UNIX systems which enables a system
administrator to delegate authority to give certain users, or groups of users, the ability to
run some, or all, commands as root or another user while providing an audit trail of the
commands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.
Instructor Guide
Instructor notes:
Purpose — Introduces enhanced RBAC
Details — Provide a high level overview of RBAC as implemented in AIX 6.1.
Additional information — More RBAC details will follow later in the Unit. The purpose is
to give students a basic understanding of:
• RBAC
• Why we need it
• Provide just enough essential information to implement it
It is not designed to cover RBAC is detail, the place for that is AU47 and you should use
this opportunity to promote the security class.
Transition statement — Since the root user is such a powerful user account, it is a good
idea to guard this account as much as possible.

V5.2
Instructor Guide
Uempty
Controlling access to the root account

IBM Power Systems
• Restrict access to privileged logins.

• Root's passwords should be changed on an unannounced
schedule by the system administrator.
• Assign different root passwords to different machines.
• System administrators should always login as themselves first
and then su to root instead of logging in as root. This helps
provide an audit trail for root usage.
## chuser
chuser login=false
login=false root
root
• Do not include unsecured directories in root's PATH.
Figure 12-8. Controlling access to the root account AN121.1
Notes:
Guidelines for root account password
If the root password is known by too many people, no one can be held accountable. The
root password should be limited to just two or three administrators. The fewer people who
know root's password, the better. The system administrator should ensure that distinct
root passwords are assigned to different machines. You may allow normal users to have
the same passwords on different machines, but never do this for root.
Use of the su command
Attempts to become root through su can be investigated. Successful and unsuccessful
attempts might be logged by the audit system.
PATH variable for root account
Do not include unsecured directories in the value of PATH for the root account. Note that
root's PATH is used by many implicit system functions, not just by a user logged in as root.
Instructor Guide
Instructor notes:
Purpose — Discuss important concepts related to root security
Details — Review the information on the visual
Having different passwords on every machine may cause a problem if there are lots of
machines. This needs to be done sensibly. Administrators could create a password
scheme that makes each password slightly different but not impossible to remember. Be
sure to point out the dangers of having an unsecured directory in root's PATH. This
includes the dot (.) for the current directory. You might want to use an example like:
PATH=.:/usr/bin:/usr/sbin
Since the dot (.) represents the current directory, the root user might accidentally execute
something in that directory. A user on the system could create a destructive file called “ls”
that contains the one line to delete all the files on the system “rm -r /”. If the root user is in
that user's home directory and tries to perform a file listing, instead of /usr/bin/ls running, it
will find ./ls first. When this file is run by the unsuspecting system administrator with root
authority, the system is destroyed. If the user normally logs in as a regular user and does
su to root, the regular account's PATH should also avoid using unsecured directories.
Remember, with the su command, if the dash (-) is not used, then the current environment
is kept (that includes PATH).
Transition statement — Reference to the su audit trail is made in this visual. Let's take a
look at a number of files important for system security.

V5.2
Instructor Guide
Uempty
Security logs
IBM Power Systems
/var/adm/sulog Audit trail of su activity
/var/adm/wtmp Log of successful logins
/etc/utmp List of users currently

logged in
/etc/security/failedlogin Information on failed

login attempts
Figure 12-9. Security logs AN121.1
Notes:
The sulog file
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the
following information is recorded: date, time, terminal name, and login name. The file also
records whether the login attempt was successful, and indicates a success by a plus sign
(+) and a failed login by a minus sign (-).
The utmp and wtmp files
The /etc/utmp file contains a record of users logged into the system, and the
/var/adm/wtmp file contains connect-time accounting records. To obtain information from
either file use the who command with the file name. The who command normally examines
the /etc/utmp file, but you can specify either one of the files just mentioned as an argument
to the command.
The last command
The last command can also be used to display, in reverse chronological order, all previous
logins and logoffs still recorded in the /var/adm/wtmp file. The /var/adm/wtmp file collects
Instructor Guide
login and logout records as these events occur, and holds them until the records are
processed by the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the
/etc/utmp file. This daemon monitors the validity of the user process entries at regular
intervals. The default interval time would be 300 seconds. The syntax of the command is:
/usr/sbin/utmpd [ Interval ]
To start utmpd from the /etc/inittab, add the following entry to the file:
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts. The
file can be displayed using the who command with the file as an argument.

V5.2
Instructor Guide

Purpose — Show where the information about accesses to the system is recorded
Details — Where information is recorded depends on how the user gained access to the
system.
Further information can be recorded about the security of the system. This can be
monitored and reports generated if the audit subsystem is configured. However, this is not
covered in this course.
Additional information — Stress the importance of monitoring these log files, not just
“cleaning them up” on a regular basis. You might want to ask the students, if
/etc/security/failedlogin is growing significantly bigger every day what might that
indicate? Suggested answer: someone might be trying to hack into the system. If this log is
just routinely cleaned out, it is not serving much purpose.
Transition statement — Let's now look at the permissions that can be applied to files and
directories.
Instructor Guide
File/Directory permissions
IBM Power Systems
File Perm. Bit Directory
Read content of file r List content of directory
Modify content of file w Create and remove files in

directory
Use file name to execute x Give access to directory
as a command
Run program with SUID --------
effective UID of owner
Run program with SGID Files created in directory
effective GID of group inherit the same group as
the directory
-------- SVTX Must be owner of files to
delete files from directory
Figure 12-10. File/Directory permissions AN121.1
Notes:
Permission bits
There are a number of permission bits associated with files and directories. The standard r
(read), w (write), and x (execute) permissions, define three levels of access for the user
(owner), group, and others. In addition, there are three permission bits known as SUID (set
UID), SGID (set GID), and SVTX (sticky bit).
The SUID bit
SUID on an executable file means that when the file runs, the process runs with an
effective UID of the owner of the file. SUID is not supported on shell scripts.
SUID has no meaning on a directory.
The SGID bit
SGID on an executable file means that when the file runs, the process runs with an
effective GID of the group owner of the file.

V5.2
Instructor Guide
Uempty SGID on a directory means that any file or directory created within the directory will have
the same group ownership as the directory rather than the real group ID or primary group of
the user.
The SGID permission bits are propagated down through the directory structure, so that any
directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed running,
but with memory management routines, this is no longer necessary. SVTX is known as the
sticky bit.
SVTX on a directory means that even if the directory has global write permission (for
example, /tmp), users cannot delete a file within it, unless they either own the file, or the
directory.
Instructor Guide
Instructor notes:
Purpose — Examine the effect that permissions have on files and directories
Details — The effects of permissions are often forgotten or misunderstood. It is probably a
good idea to review all the permission bits.
Additional information — The base permission (rwx) must give the user the appropriate
permission before SUID, SGID, or STVX are effective. For example, if a user is part of
“others” and “others” do not have execute permission on a file, it is irrelevant whether the
SUID bit is set for that user since they cannot execute the file. SUID and SGID bits are not
effective on shell scripts for security reasons. They can be set but they will be ignored
during execution.
Also, many people misuse the terminology related to these additional permission bits.
Many times all three are incorrectly referred to as the sticky bits. Only SVTX is the sticky
bit. SUID is “SUID” and SGID is “SGID”. Be sure to keep your students on track with the
proper terminology.
Historically, SVTX stood for “Save Text” and was meant to keep a binary executable in
memory. AIX does not support that use of the permission bit.
Transition statement — Let's see how these permissions appear when listing a file.

V5.2
Instructor Guide
Uempty
Reading permissions
IBM Power Systems
owner group other

r w x r w x r w x
s s t
S S T
SUID SUID SGID SGID sticky sticky

only +x only +x bit bit
only +x
## ls
ls -ld
-ld /usr/bin/passwd
/usr/bin/passwd /usr/bin/crontab
/usr/bin/crontab /tmp
/tmp
-r-sr-xr-x
-r-sr-xr-x root
root security
security ...
... /usr/bin/passwd
/usr/bin/passwd
-r-sr-sr-x
-r-sr-sr-x root cron
root cron ...
... /usr/bin/crontab
/usr/bin/crontab
drwxrwxrwt
drwxrwxrwt bin
bin bin
bin ...
... /tmp
/tmp
Figure 12-11. Reading permissions AN121.1
Notes:
How SUID, SGID, and SVTX settings are indicated
The SUID bit is indicated by an S or s in the slot normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot normally
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the
slot normally reserved for the execute permission for others. Since this slot must show if
execute is on/off and whether the additional permission bit is on/off, the uppercase S or T is
used to indicate that the execute permission is off. The lowercase s or t indicates the
execute permission is on.
Instructor Guide
Discussion of examples on visual

Three examples of files that use these additional permissions are shown on the visual:
• The passwd command allows users to change their passwords even though
passwords are stored in a restricted area.
• The crontab command allows users to create a crontab file even though access to the
directory where crontab files reside is restricted for ordinary users.
• Permission bit settings for /tmp allow everyone to write to the directory, but only the
owner of a file can remove a file from the /tmp directory.

V5.2
Instructor Guide

Purpose — Show how the AIX permissions appear when set against files and directories
Details — Explain how to read file permissions
Transition statement — Having seen how to recognize the permissions, you should now
look at how these can be set.
Instructor Guide
Changing permissions
IBM Power Systems
4 2 1
SUID SGID SVTX
owner group other
r w x r w x r w x
4 2 1 4 2 1 4 2 1
# chmod 4 7 7 7 file1 SUID

# chmod 2 7 7 7 file1 SGID
# chmod 1 7 7 7 dir1 SVTX
OR
# chmod u+s file1 SUID
# chmod g+s file1 SGID
# chmod +t dir1 SVTX
Figure 12-12. Changing permissions AN121.1
Notes:
Setting the additional permission bits
To set the additional permission bits, you use the same command (chmod) as you do to
set the regular permission bits.
Using octal notation to set the additional permission bits
Using the octal notation, you are probably familiar with setting permissions using a
command like: # chmod 777 file1. When you issue this command, the more complete
command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourth
position determines whether the additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the
same. To set the additional bits, you are affecting the x position in either the user, group, or
other area. If you assign numeric values to user (4), group (2), and other (1), these are the
values that you insert into the fourth position to set the additional bit:
• SUID is indicated in the user's area. Therefore use a 4 in the fourth position.
• SGID is indicated in the group area. Therefore use a 2 in the fourth position.

V5.2
Instructor Guide
Uempty • SVTX is indicated in the others area. Therefore use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual
shows how to set the values using the symbolic method.
Instructor Guide
Instructor notes:
Purpose — Demonstrate how to set or change extended permissions on files or directories
Details — Explain the students notes to ensure the students understand how to set the
permission bits. This is sometimes a difficult concept for students to grasp.
Remind the students that when using the octal method, all permissions are reset to the
indicated value. With symbolic notation, use of the + allows for permission to be added to
the existing permission set.
Transition statement — Let's see what determines the default permission on a file.

V5.2
Instructor Guide
Uempty
umask
IBM Power Systems
• The umask governs permissions on new files and directories.

• System default umask is 022.
• 022 calculation Files: 666 Directories: 777
umask: 022 umask: 022
644 755
rw-r--r-- rwxr-xr-x
• A umask of 027 is recommended.

• 027 calculation Files: 666 Directories: 777
umask: 027 umask: 027
640 750
rw-r----- rwxr-x---
• /etc/security/user specifies default and individual user umask

values.
Figure 12-13. umask AN121.1
Notes:
Function of umask
The umask specifies what permission bits are set on a new file when it is created. It is an
octal number that specifies which of the permission bits are not set.
Default value of umask
If no umask was used, then files would be created with permissions of 666 and directories
would be created with permissions of 777. The system default umask is 022 (indicating
removal of the 2 bit, or write from the group and others area). Therefore, removing write
from group and other, results in an initial permission for files of 644 and, for directories,
755. Execute permission is never set initially on a file.
Changing the umask to enhance security
The default setting of the umask is 022. For tighter security you should make the umask
027, or even 077.
Instructor Guide
The umask command

To view or change the value of the umask for the current session, use the umask
command.
Values stored in /etc/security/user file
The umask is specified in /etc/security/user. The default stanza in this file specifies the
system wide default, but a value can be specified on a per-user basis.

V5.2
Instructor Guide

Purpose — Show how the file and directory permissions can be set by default
Details — Explain the umask setting and how it works and can be changed
Transition statement — Let's take a look at how to change file and directory ownership.
Instructor Guide
Changing ownerships and groups

IBM Power Systems
The chown command:

## chown
chown fred
fred file1
file1
The chgrp command:

## chgrp
chgrp staff
staff file1
file1
Changing both user and group ownership:

## chown
chown fred:staff
fred:staff file1
file1
-- OR
OR --
## chown
chown fred.staff
fred.staff file1
file1
Figure 12-14. Changing ownerships and groups AN121.1
Notes:
Using chown to change ownership
As illustrated on the visual, the chown command can be used by root to change the
ownership on a file.
Using chgrp to change group ownership
The chgrp command is used to change the group ownership of a file. Any owner of a file
can change the group ownership to any group in their groupset. The root user can change
the group ownership to any group on the system.
Changing both ownership and group ownership
The chown command can be used by root to set both the ownership, and group
ownership, of a file. As illustrated on the visual, this can be done two different ways.

V5.2
Instructor Guide

Purpose — Explain how to change ownership and group ownership of a file
Details —
Transition statement — It’s time for topic 1 review questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. Which file contains an audit trail of su activity?

_____________________________
2. If the following command was run:
chmod 6754 file1
What would the file permissions be for file1?
___ ___ ___
3. A binary executable with the SUID flag set is owned by user root.
User michael executes the binary. The executable runs under
which user, root or michael?
_______________
4. A shared directory is created on the system. What flag must be
set to ensure only the owner of the files can delete them?
_______________
5. Why is an umask of 027 recommended?
________________________________________________
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

/var/adm/sulog
chmod 6754 file1
r w s r w- r - -
root
SVTX or sticky bit
This value removes all permission bits for the “others”
category, which enhances security.
Instructor Guide
Topic summary
IBM Power Systems
Having completed this topic, you should be able to:

– Including the role of the umask attribute
Figure 12-16. Topic summary AN121.1
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Additional information — This is probably a good time for a break.
Transition statement — The next topic in this unit is user and group administration.
Instructor Guide

V5.2
Instructor Guide
Uempty 12.2. User and group administration

What students will do — Learn about user and group administration.
What students will learn — User and group administration.
• Understand the login sequence from a system console
• Understand the login initialization process
• Add, list, change, and delete users and groups
• Set and change passwords
• Understand the key elements of RBAC and configure a simple RBAC implementation
Instructor Guide
User and group administration

IBM Power Systems

– Recover root password if lost or forgotten
• Understand the key elements of RBAC and configure a
simple RBAC implementation
Figure 12-17. User and group administration AN121.1
Notes:

V5.2
Instructor Guide

Purpose — User and group admin
Details — Read out the topic objectives
Transition statement — Let's start by looking at the login sequence from a console.
Instructor Guide
Console login sequence

IBM Power Systems
getty process Spawned by inittab

Settings in
/etc/security/login.cfg
Login: userid and passwd
/etc/passwd
User verification check /etc/security/passwd
no
Login failed Valid?
yes /etc/environment
Log entry in: /etc/security/environ
/etc/security/failedlogin Set up the environment. /etc/security/limits
/etc/security/user
Display /etc/motd $HOME/.hushlogin
/etc/profile
Enter login shell $HOME/.profile
Figure 12-18. Console login sequence AN121.1
Notes:
Introduction
When a user attempts to log in, AIX checks a number of files to determine if entry is
permitted to the system and, if permitted, what parts of the system the user can access.
This section provides an overview of the checks performed during the login process.
The getty process
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal attached to that port.
The actual message displayed, also known as the herald, by the getty process is defined
in /etc/security/login.cfg. Once the message is displayed, the getty process waits for a
user to make a login attempt.
Entry of username and password
When a user is ready to log in, they enter their user name at the login prompt. The login
program is passed the user name and password. The login credentials are checked
against /etc/passwd and /etc/security/passwd files.

V5.2
Instructor Guide
Uempty Validation
If the password is incorrect or if an invalid user name was given, then the login fails, and an
entry is made in the file /etc/security/failedlogin. Use the command who
/etc/security/failedlogin to view this file. The number of failed attempts is also tracked (by
user account) in /etc/security/lastlog. The login prompt is redisplayed for another attempt.
It is possible to set the characteristics for a user to prevent unlimited attempts on an
account. If the number of attempts exceeds the maximum allowable failed attempts, the
account is locked. If a user successfully enters the user name and password, the usw
stanza in /etc/security/login.cfg is checked. This stanza sets the maximum number of
concurrent logins for a user account. If that number is exceeded, the login is denied and a
message is displayed to the user.
Setup of user's environment
If everything is successful to this point, then the user's environment is set using
/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.
The login program sets the current directory to the user's HOME directory and displays the
content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date of the
last successful login, and the number of unsuccessful login attempts since the last
successful login.
Passing of control to shell
Finally, control is passed to the login shell (as defined in /etc/passwd) which will read
/etc/environment and run /etc/profile and $HOME/.profile when using Korn or Bourne
shells.
Results of a user logging out
When a user logs out, the shell terminates and a new getty process is spawned for that
port.
Instructor Guide
Instructor notes:
Purpose — Discuss the big picture of what happens when a user logs in
Details — Explain the visual as per the student notes. The steps have been extensively
documented.
Transition statement — Now that we have looked at the 'big picture' of what happens
when we log in, let's look further at three of the files listed on this visual, /etc/profile,
/etc/environment, and $HOME/.profile.

V5.2
Instructor Guide
Uempty
User initialization process

IBM Power Systems
LOGIN
Establishes base environment

/etc/environment sets PATH, TZ, LANG, and
NLSPATH
Shell script run at all logins

/etc/profile sets TERM, MAILMSG, and
MAIL
User's personal file to

$HOME/.profile customize their environment
PATH, ENV, PS1
User's personal file to customize

$HOME/.kshrc the Korn shell environment
set –o vi, alias
Figure 12-19. User initialization process AN121.1
Notes:
The /etc/environment file
/etc/environment is used to set variables. No commands should be placed in this file. Only
root can change this file.
The /etc/profile file
/etc/profile will be read and executed during every login. Like the /etc/environment file, this
file can be changed only by root.
The $HOME/.profile and $HOME/.kshrc files
$HOME/.profile and $HOME/.kshrc can be customized by the user. The user can overwrite
any variable set in /etc/environment and /etc/profile.
Instructor Guide
Common Desktop Environment (CDE) considerations

If you are using CDE, .profile is not read by default. In the user’s HOME directory, the
.dtprofile file is used to establish the environment when working with CDE. .dtprofile
replaces the function of .profile in the CDE environment. If you want to use both, in the
.dtprofile, uncomment the line near the end of the file that references the
DTSOURCEPROFILE variable.

V5.2
Instructor Guide

Purpose — Describe the files listed on this page
Details — Each file can overwrite a variable that the other sets. Therefore, since the
.profile is read after /etc/environment and /etc/profile, the user can overwrite any
variables that the root user has set.
However, the root user can set a variable using the read-only option to prevent this from
occurring. For example:
readonly VAR=value
export VAR
Transition statement — Now, let's look at the MOTD which is displayed when each user
logs in.
Instructor Guide
Message of the day

IBM Power Systems
• The file /etc/motd contains text that is displayed every time a

user logs in.
• This file should only contain information necessary for the
users to see.
• If the $HOME/.hushlogin file exists in a user's home directory,
then the contents of the /etc/motd file are not displayed to that
user.
******************************************************************
******************************************************************
** **
** **
** AIX Version 6.1 TL 02 HACMP 5.5.0.0. + WPAR ckp
AIX Version 6.1 TL 02 HACMP 5.5.0.0. + WPAR ckp **
** **
** Eduction AIX AN12 Build version 318
Eduction AIX AN12 Build version 318 **
** **
** **
******************************************************************
******************************************************************
nimmaster:/
nimmaster:/
Figure 12-20. Message of the day AN121.1
Notes:
Using the /etc/motd file
The message of the day (motd) is a convenient way to communicate information, such as
installed software version numbers or current system news, to all users. The message of
the day is contained in the /etc/motd file. To change the message of the day, simply edit
this file.

V5.2
Instructor Guide

Purpose — Show one of the ways that information about the system can reach the user
Details — The motd file should not be used to display messages to deter intruders. By the
time intruders read the message, they are already in the system! These messages should
be written into the /etc/security/login.cfg file instead, in the herald for a port.
Additional information — Even though users can add a .hushlogin file, the administrator
can remove them very easily using the find command: find / -name
.hushlogin‘-execrm{};'
If you need to make sure every user sees your message, make sure you remove the
.hushlogin.
You may want to ask the students how they would remove the .hushlogin files and see if
they can come up with the find command.
Transition statement — Now, let's look at how users and groups can be managed.
Instructor Guide
Security & Users

IBM Power Systems
# smit security
Security
Security && Users
Users
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Users
Users
Groups
Groups
Passwords
Passwords
Login
Login Controls
Controls
PKI
PKI
LDAP
LDAP
Role
Role Based
Based Access
Access Control
Control (RBAC)
(RBAC)
Trusted Execution
Trusted Execution
Figure 12-21. Security & Users AN121.1
Notes:
The Security & Users menu
The Security & Users menu is used to manage user and group IDs on the system. The
menu consists of the seven options described below.
Users
This option is used to add users to the system, delete existing users and change the
characteristics of existing users.
Groups
This option is used to add groups to the system, delete groups, and change the
characteristics of existing groups.
Passwords
This option is used to change the password for a user. It is also required when setting
up a new user or when a user has forgotten their password.
Login Controls

V5.2
Instructor Guide
Uempty This option provides functions to restrict access for a user account or on a particular
terminal.
PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to
authenticate users using certificates and to associate certificates with processes as
proof of a user's identity.
LDAP
LDAP stands for Light Directory Access Protocol. It provides a way to centrally
administer common configuration information for many platforms in a networked
environment. A common use of LDAP is the central administration of user
authentication. The SMIT option here allows us to configure this platform as either an
LDAP client or an LDAP server.
Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user
to perform a portion of root's functions.
Trusted Execution
Trusted Execution (TE) refers to a collection of features that are used to verify the
integrity of the system and implement advanced security policies, which together can be
used to enhance the trust level of the complete system.
Instructor Guide
Instructor notes:
Purpose — Show the SMIT menu panel for security and users and explain each option
Details — Quickly highlight each of the options. The focus will be on users, groups, and
passwords only.
Transition statement — Let's next look at the SMIT menus used to manage users.

V5.2
Instructor Guide
Uempty
SMIT users
IBM Power Systems
# smit users
Users
Users
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
Add
Add aa User
User
Change
Change aa User's
User's Password
Password
Change
Change / Show Characteristics of
/ Show Characteristics of aa User
User
Lock / Unlock a User's Account
Lock / Unlock a User's Account
Reset
Reset User's
User's Failed
Failed Login
Login Count
Count
Remove a User
Remove a User
List
List All
All Users
Users
Figure 12-22. SMIT users AN121.1
Notes:
Add a User
Add user accounts.
Change a User's Password
Make password changes.
Change/Show Characteristics of a User
Changes the many characteristics that are part of the user account. The password
restrictions are part of this area.
Lock/Unlock a User's Account
This is used to temporarily disable an account. It is a good security practice to disable
accounts if they are not expected to be used for a reasonably long period of time, as when
someone is on an extended leave of absence.
Reset User's Failed Login Count
Instructor Guide
If the administrator has set a limit to the number of failed attempts that can be made on an
account before locking it, this resets that count.
Remove a User
Removes the user account, but not files owned by that user
List all users
Runs the lsuser command

V5.2
Instructor Guide

Purpose — Show the options available in this SMIT menu
Details — This menu lists all the functions available to administer a user.
Transition statement — You shall now work through some of the options available in this
menu, starting with listing users.
Instructor Guide
Listing users
IBM Power Systems
The lsuser command:

lsuser [-c | -f] [-a attribute …] {ALL | username …}
Example:
## lsuser
lsuser -a
-a id
id home
home ALL
ALL
root id=0 home=/
root id=0 home=/
daemon
daemon id=1
id=1 home=/etc
home=/etc
bin id=2 home=/bin
bin id=2 home=/bin
sys
sys id=3
id=3 home=/usr/sys
home=/usr/sys
adm id=4 home=/var/adm
adm id=4 home=/var/adm
uucp
uucp id=5
id=5 home=/usr/lib/uucp
home=/usr/lib/uucp
guest
guest id=100 home=/home/guest
id=100 home=/home/guest
alex id=333 home=/home/mancunian
alex id=333 home=/home/mancunian
Figure 12-23. Listing users AN121.1
Notes:
Function of the lsuser command
The lsuser command is used to list the attributes of all users (ALL) or individual users on
the system.
Using SMIT to list users
When the List All Users option in SMIT is used, the user name, ID and home directory
are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data may be listed in line format, in
colon format (-c), or in stanza format (-f). Individual attributes or all attributes may be
selected. The output can also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.

V5.2
Instructor Guide

Purpose — Illustrate the result of using the SMIT list users option
Details — This can be run from SMIT (smit lsuser) or by invoking the high-level command
lsuser.
Additional information — The lsuser command now has an additional flag (-R), which
can be used to specify an alternative Identification and Authentication mechanism. This
flag is not included in the simplified syntax shown on the visual.
Transition statement — Let's now see how we can add a user to the system.
Instructor Guide
Add a user to the system

IBM Power Systems
# smit mkuser mkuser id=333 alex

Add
Add aa User
User
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[TOP]
[TOP] [Entry
[Entry Fields]
Fields]
** User
User NAME
NAME [alex]
[alex]
User
User ID
ID [333]
[333] ##
ADMINISTRATIVE
ADMINISTRATIVE USER?
USER? false
false ++
Primary
Primary GROUP
GROUP []
[] ++
Group
Group SET
SET []
[] ++
ADMINISTRATIVE
ADMINISTRATIVE GROUPS
GROUPS []
[] ++
ROLES
ROLES []
[] ++
Another
Another user
user can
can SU
SU TO
TO USER?
USER? true
true ++
SU GROUPS
SU GROUPS [ALL]
[ALL] ++
HOME
HOME directory
directory []
[]
Initial
Initial PROGRAM
PROGRAM []
[]
User
User INFORMATION
INFORMATION []
[]
[MORE...32]
[MORE...32]
Figure 12-24. Add a user to the system AN121.1
Notes:
Ways of adding a user
The mkuser command or SMIT can be used to add a user. User attributes can be specified
to override the default values.
User name
The only value that must be specified, is the user name. Traditionally, this name was
restricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be
changed to allow names as long as 255 characters. The limit is modified in the
Change/Show Attributes of the Operating System panel (smit chsys).
Resources involved in user creation process
The following resources are involved in the user creation process:
• Default ID numbers stored in etc/security/.ids
• The usr/lib/security/mkuser.sys shell script used to set up a user ID.
• Default values for characteristics stored in usr/lib/security/mkuser.default

V5.2
Instructor Guide
Uempty • Default values for characteristics stored in /etc/security/user

• The default .profile stored in etc/security/.profile
Some of these resources are discussed further in the material that follows.
The /usr/lib/security/mkuser.default file
The /usr/lib/security/mkuser.default file contains the defaults for the mkuser command.
This file can only be edited by the root user. This file contains the following information:
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER
admin:
pgrp = system
groups = system
shell = /usr/bin/ksh
home = /home/$USER
The user stanza of this file is picked up if an ordinary user is being added, and the admin
stanza is picked up, if an administrative user is being added.
The /etc/security/.ids file
If the user ID is not specified, then a default ID number is chosen from the
/etc/security/.ids file. Administrative users are given IDs starting from six, and normal
users are given IDs starting from 200.
The /usr/lib/security/mkuser.sys shell script
The shell script /usr/lib/security/mkuser.sys is run during the user creation process.
This creates the user's home directory and creates the .profile file. This shell script can be
modified to perform any function that is required when setting up the user.
List of user characteristics
The full list of user characteristics contains entries which are not often used. Many of these
fields may be left empty with no ill effect. For the complete list, refer to SMIT (fastpath smit
mkuser).
Setting a password
When a new user is created, the ID is disabled (an asterisk “*” is placed in the password
field of the /etc/passwd file). To enable the ID, a password must be set with the Change a
User’s Password option or the passwd or pwdadm command.
Instructor Guide
Instructor notes:
Purpose — Show how to add a user to the system and detail what information is required
Details — Explain how to add users
Transition statement — What if you wish to change an attribute after you have set the
user up?

V5.2
Instructor Guide
Uempty
Change/Show characteristics of a user

IBM Power Systems
# smit chuser chuser groups='staff,security' alex

Change
Change // Show
Characteristics of
of aa User
User
[Entry
[Entry Fields]
Fields]
** User
User NAME
NAME alex
alex
User
User ID
ID [333]
[333]
##
ADMINISTRATIVE
ADMINISTRATIVE USER?
USER? false
false ++
Primary
Primary GROUP
GROUP [staff]
[staff] ++
Group
Group SET
SET [staff,security]
[staff,security] ++
ADMINISTRATIVE
ADMINISTRATIVE GROUPS
GROUPS []
[] ++
ROLES
ROLES []
[] ++
Another
Another user
user can
can SU
SU TO
TO USER?
USER? true
true ++
SU
SU GROUPS
GROUPS [ALL]
[ALL] ++
HOME
HOME directory
directory [/home/alex]
[/home/alex]
Initial
Initial PROGRAM
PROGRAM [/usr/bin/ksh]
[/usr/bin/ksh]
User
User INFORMATION
INFORMATION []
[]
EXPIRATION
EXPIRATION date
date (MMDDhhmmyy)
(MMDDhhmmyy) [0]
[0]
Is
Is this user ACCOUNT
this user ACCOUNT LOCKED?
LOCKED? false
false ++
User
User can
can LOGIN?
LOGIN? true
true ++
User
User can
can LOGIN
LOGIN REMOTELY(rsh,tn,rlogin)?
REMOTELY(rsh,tn,rlogin)? true
true ++
[MORE...48]
[MORE...48]
Figure 12-25. Change / Show Characteristics of a User AN121.1
Notes:
Changing user characteristics
The Change/Show Characteristics of a User option, which runs the chuser
command, allows any of the user characteristics listed previously, except the user name, to
be changed. This can only be executed by root or a member of the security group. Only
root can change an admin user. This SMIT screen holds exactly the same attributes as the
Add a User screen.
The chuser command
The following command can be used to change characteristics of a user:
# chuser attribute=value username
Instructor Guide
Instructor notes:
Purpose — Show how user attributes can be changed
Details — As detailed on the visual, almost any user attribute can be changed; however,
you cannot change the user name.
Transition statement — It may also be necessary to remove a user from the system.

V5.2
Instructor Guide
Uempty
Remove a user from the system

IBM Power Systems
• The rmuser command or SMIT can be used to delete a user

from the system
## rmuser
rmuser –p
–p team01
team01
• When you remove a user, that user’s home directory is not

deleted. Therefore, you must remember to manually clean up
the directories of users you remove. Remember to back up
important files first!
## rm
rm -r
-r /home/team01
/home/team01
Figure 12-26. Remove a user from the system AN121.1
Notes:
Ways to remove a user
The Remove a User from the System option in SMIT, or the rmuser command, can
be used to remove any user from the system. Only the root user may remove
administrative users.
The -p option of rmuser
The -p option removes authentication information from the /etc/security/* files. Typically,
this information is the user password, as well as other login restrictions which have been
previously set for the ID.
Removing the user's files
The user's home directory and associated files are not removed by this option. They must
be removed separately by the administrator. To do this, you can use the -r option on the
rmbv command to recursively remove files. Remember to back up any important files
before removing the user's home directory.
Instructor Guide
Instructor notes:
Purpose — Explain how to remove a user from the system
Details — There are two ways to remove a user from the system:
• Temporarily, by locking the user's account
• Permanently, by removing all information about the user from the system
As always, these actions are best performed in SMIT.
Additional information — Before the files that belonged to the ex-user can be used by
anyone, they have to be chown'ed to another user ID.
Transition statement — Having seen how users are created, changed and removed, we
will now look at passwords.

V5.2
Instructor Guide
Uempty
Passwords
IBM Power Systems
• A new user ID cannot be used until a password is

assigned.
• Two commands for changing passwords:
root or security
## pwdadm <username> (group) only
pwdadm <username>
OR
OR
## passwd
passwd [username]
[username]
• SMIT invokes the passwd command for root and the

pwdadm if non-root.
• An ordinary user can use the passwd command to
change own password
• Only root or member of security group can change
password of another user
Figure 12-27. Passwords AN121.1
Notes:
Setting an initial password
When a user ID is created with SMIT or with the mkuser command, the user ID is disabled.
(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or
pwdadm command must be used to set up the initial password for the user.
Entry of passwords (things to be aware of)
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag
is set in the flags field in /etc/security/passwd. The user is then prompted to change the
password at the next login.
Instructor Guide
Recovering from a forgotten password

There is no way to examine an existing password on the system. The only way to recover
from a forgotten password, is for an administrator or root, to set a new one for the user.
Invocation of passwd command by SMIT
The option Passwords on the Users menu of SMIT uses the passwd command.
Using the passwd command
Ordinary users who use passwd to change their passwords, are first prompted for the old
password, and then they are asked twice for a new password. When root uses passwd to
set a user's password, passwd only prompts twice for the new password.
Using the pwdadm command
Members of the security group, can use pwdadm to change the passwords of
non-administrative accounts. Members of the security group are first prompted to enter
their own password, and then prompted twice to enter the user's new password. The root
user is only prompted twice for the new password.
Users with ADMIN flag set
Only root can change the password for a user who has the ADMIN flag set in
/etc/security/passwd.

V5.2
Instructor Guide

Purpose — Define how passwords can be changed in AIX, and which commands are
available under certain circumstances
Details — Explain how to set passwords on the system, and the difference between the
passwd command, and the pwdadm commands.
Transition statement — What if you forget the roots'password? How can you rectify this
problem?
Instructor Guide
Regaining root's password

IBM Power Systems
1. Boot from optical media, NIM, or a bootable tape.

2. Select Access a Root Volume Group from the
Maintenance menu.
Maintenance
Maintenance
>>> 1 Access a Root Volume Group
>>> 1 Access a Root Volume Group
4 Erase Disks
4 Erase Disks
3. Follow the options to activate the root volume group and

obtain a shell.
4. Once a shell is available, execute the passwd command to
change root's password.
5. Enter the following command:
# sync ; sync
6. Reboot the system. © Copyright IBM Corporation 2009
Figure 12-28. Regaining root's password AN121.1
Notes:
If the root password is lost, just follow the steps as shown in the visual.

V5.2
Instructor Guide

Purpose — Show how to retrieve roots'password, if you have forgotten it
Details — Students need to understand that in maintenance mode, an ID is not required.
Thus, we are able to execute the passwd command to change root's password. Be sure to
stress the importance of physically protecting the machine. Anyone with physical access to
the machine and bootable media, can gain access to root. It is also extremely important to
run the sync commands before rebooting. Otherwise, your changes are not flushed out to
disk, and you will probably have the same problem again.
Transition statement — Let's see how groups can be set up.
Instructor Guide
SMIT groups
IBM Power Systems
# smit groups
Groups
Groups
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.
List
List All
All Groups
Groups
Add a Group
Add a Group
Change
Change // Show
Characteristics of
of aa Group
Group
Remove a Group
Remove a Group
Figure 12-29. SMIT groups AN121.1
Notes:
Purpose of groups
The purpose of groups is to give a common set of users the ability to share files. The
access is controlled using the group set of permission bits.
Group management restrictions
Only root and members of the security group can create groups. root and security group
members, can select a member of the group to be the group administrator. This privilege
allows the user to add and remove users from the group.
Predefined groups
There are a number of predefined groups on AIX systems, like the system group (which is
root's group), and the staff group (which contains the ordinary users).

V5.2
Instructor Guide

Purpose — Show the functions available under the Groups SMIT menu option
Details — Before creating groups, you should carefully plan how you want to organize your
users. This saves you time and headaches rather than trying to create groups on the fly.
Transition statement — Let's start by looking at the groups that already exist on a system.
Instructor Guide
Listing groups
IBM Power Systems
The lsgroup command:

lsgroup [-c | -f] [-a attribute …] {ALL | groupname …}
Example:
## lsgroup
lsgroup –f
–f -a
-a id
id users
users ALL
ALL
system:
system:
id=0
id=0
users=root,esaadmin,pconsole
users=root,esaadmin,pconsole
staff:
staff:
id=1
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
bin:
id=2
id=2
users=root,bin
users=root,bin
...
...
Figure 12-30. Listing groups AN121.1
Notes:
The lsgroup command
The lsgroup command is used to list all groups, or selected groups, on the system. The
data is presented in line format by default, in colon format (-c), or in stanza format (-f).
Commonly used options of the lsgroup command
The -c option displays the attribute for each group, in colon separated records.
The -f option displays the group attributes in stanza format with each stanza identified by a
group name.

V5.2
Instructor Guide

Purpose — Show how to find out about the groups on the system
Details — Like the SMIT lsuser option, the SMIT lsgroup option provides output in a fixed
format. The lsgroup command is more flexible.
Transition statement — You should now see how a group can be added to the system.
Instructor Guide
Add a Group
IBM Power Systems
# smit mkgroup
mkgroup -A id=101 users=alex,tyrone techies
Add
Add aa Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
Group
Group ID
ID [101]
[101] ##
USER
USER list
list [alex,tyrone]
[alex,tyrone] ++
ADMINISTRATOR
ADMINISTRATOR list
list []
[] ++
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
Figure 12-31. Add a Group AN121.1
Notes:
The mkgroup command
The mkgroup command is the command used to create a new group. The group name,
traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 and
later, the maximum name length can be modified to be as large as 255 characters.
Limit on group membership
A user may belong to no more than 32 groups.
The mkgroup/SMIT options
The mkgroup -a option is used to indicate that the new group is to be an administrative
group. Only the root user can add administrative groups to the system.
• ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to
change the characteristics of a group and add or remove members.

V5.2
Instructor Guide
Uempty • Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,
Projects, for tracking resource usage in the Advanced Accounting subsystem.
The following fields are related to Encrypted File Systems. This topic is outside the scope
of this class. Attend AU47, AIX Security, for training in this area.
• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other
security privileged system users, to reset the user's key store password. Otherwise, if
the user forgets their key store password, they will not be able to access their Encrypted
File System files. If the guard mode is selected, then root cannot reset the user's key
store password.
• Keystore Encryption Algorithm: This option specifies the algorithm for the
user's key, within the key store. This key protects the encrypting key of files the user
creates, within the Encrypted File System.
• Keystore Access: The key store enables the user to utilize files in the Encrypted File
System. The selection of file will create a key store file associated with this user. It is
recommended that file is selected. Select none for no key store to be created. All other
EFS (efs_*) attributes will not have any effect.
Instructor Guide
Instructor notes:
Purpose — Demonstrate how SMIT can be used to add a new group
Details — The only mandatory item of information is the group name.
Users can be added to the group at a later point in time.
The administrator list is not recognized for an administrative group. In other words, the root
user is the only user who can change the attributes of an administrative group.
Administrative groups can be added, although these are not recognized or used by the
system. It is up to an application to use the functions of such a group.
Additional information — The same concerns as were mentioned for increasing the
length of the user names applies to long group names as well.
Neither traditional AIX accounting nor the newer AIX 6.1 Advanced Accounting is within the
scope of this class. A project is a billable entity. In Advanced Accounting, there is a policies
database which determines what project will be charged for work being done. The group
name of the process using the resources can be one of the criteria determining which
project will be billed.
Transition statement — Now let's look at changing or removing a group from the system.

V5.2
Instructor Guide
Uempty
Change or remove a group

IBM Power Systems
# smit chgroup
chgroup users=alex,tyrone,ted adms=alex techies
Change
Change aa Group
Group
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
Group
Group ID
ID [101]
[101] ##
USER
USER list
list [alex,tyrone,ted]
[alex,tyrone,ted] ++
ADMINISTRATOR
ADMINISTRATOR list
list [alex]
[alex] ++
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++
To remove a group: # rmgroup techies

Figure 12-32. Change or remove a group AN121.1
Notes:
The chgroup command
The chgroup command is used to change the characteristics of a group. It can only be run
by root or a member of the security group.
Group attributes
The group attributes are:
• Group ID (id=groupid): It is not advisable to change the group ID, but it is occasionally
done immediately after a group has been created to match the ID of a previously
deleted group, or a specific group ID needed for a particular software package.
• ADMINISTRATIVE group? (admin=true|false): Only the root user can change a
group to be an administrative group, or make changes to an existing administrative
group.
• USER list (users=usernames): This is a comma separated list of the names of all the
members of the group. The group may be their primary group or an additional one.
Instructor Guide
• ADMINISTRATOR list (adms=adminnames): This is the list of group administrators.

• Projects (projects=projectnames): As previously mentioned, this attribute was added
to support the Advanced Accounting subsystem.
The chgrpmem command
The chgrpmem command can be used by any user to change either the administrators, or
the members of a group, for which the user running the command, is a group administrator.
The rmgroup command
The rmgroup command is used to remove a group from the system. This command has
no options and the only parameter is the group name. Only the root user can delete an
administrative group.

V5.2
Instructor Guide

Purpose — Explain how groups can be changed or removed
Details — Discussion Items - What conditions must be satisfied in order for the rmgroup
command to work?
Answer: There must not be any users whose primary group is the one being deleted.
Transition statement — Now we understand how to set up users and groups. Let's see
more details on RBAC.
Instructor Guide
RBAC overview
IBM Power Systems
• RBAC configuration is stored within the Kernel Security Tables

(KST).
1
Roles
Authorizations
Manage Devices
Create 2
System WPARs
Operating System
Administration Users
Privileged commands and files

Command= /usr/sbin/shutdown
Auth = aix.system.boot.shutdown Roles
System Operator System

Administrator
User and Group Account
Administration
Figure 12-33. RBAC overview AN121.1
Notes:
There are over 250 built in pre-defined authorizations, such as manage devices, create
WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.
Authorizations are assigned to commands and files which are considered privileged. By
privileged, we mean that we want to allow them to bypass traditional access controls.
These authorizations are then assigned to roles which, in turn, are assigned to users.
Users can then switch roles to perform the necessary administrative actions.
Custom user-defined authorizations and roles can also be created. However, this requires
the kernel security tables to be updated. To do this, execute the setkst command.

V5.2
Instructor Guide

Purpose — Remind students about the essential basics of RBAC as mentioned in topic 1
Details — Point out that Authorizations are assigned to roles and in turn roles are assigned
to users.
Keep the details simple! At a high level, RBAC is very simple to use. At a lower level the
theory can get quite complex.
Additional information — Privilege process and devices have been intentionally omitted,
as the focus is on the basic . RBAC is covered in much greater detail in AU47.
Transition statement — Let's see the default system roles and authorizations.
Instructor Guide
RBAC defined roles and authorizations

IBM Power Systems
## lsrole
lsrole -c
-c -a
-a dfltmsg
dfltmsg ALL
ALL |grep
|grep -v
-v "#name"|grep
"#name"|grep ":"
":"
AccountAdmin:User and Group Account Administration
AccountAdmin:User and Group Account Administration
BackupRestore:Backup
BackupRestore:Backup and and Restore
Restore Administration
Administration
DomainAdmin:Remote
DomainAdmin:Remote Domain Administration
Domain Administration
FSAdmin:File
FSAdmin:File System
System Administration
Administration
SecPolicy:Security
SecPolicy:Security Policy
Policy Administration
Administration
SysBoot:System
SysBoot:System BootBoot Administration
Administration
SysConfig:System
SysConfig:System Configuration
Configuration Administration
Administration
isso:Information
isso:Information System Security
System Security Officer
Officer roles
sa:System
sa:System Administrator
Administrator
so:System
so:System Operator
Operator
## lsauth
lsauth -f
-f ALL
ALL |grep
|grep dfltmsg
dfltmsg |sed
|sed 's:dfltmsg=::g'
's:dfltmsg=::g'
Operating System Administration
Operating System Administration
Device
Device Administration
Administration
Configure
Configure Devices
Devices
Configure
Configure thethe Random
Random Device
Device
Configure TTY Devices
Configure TTY Devices
Manage
Manage Devices
Devices authorizations
Change
Change Attributes
Attributes ofof aa Device
Device
…….removed
…….removed for clarify ……
for clarify
Figure 12-34. RBAC defined roles and authorizations AN121.1
Notes:
There are, by default, 10 predefined system roles and 254 authorizations. They can be
listed with the lsrole and lsauth commands respectively.
To list the roles and the assigned authorizations, type:
# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg
Role Definitions:
isso - Information system security officer
The ISSO role is responsible for creating and assigning roles, and is thus the most
powerful user-defined role on the system. Some of the ISSO responsibilities include:
• Establishing and maintaining security policy
• Setting passwords for users
• Network configuration
• Device administration

V5.2
Instructor Guide
Uempty sa - System administrator

The SA role provides the functionality for daily administration and is responsible for:
• User administration (except password setting)
• File system administration
• Software installation update
• Network daemon management
• Device allocation
so - System operator
The SO role provides the functionality for day to day operations and is responsible for:
• System shutdown and reboot
• File system backup, restore, and quotas
• System error logging, trace, and statistics
• Workload administration
AccountAdmin - User and group account administrator
The AccountAdmin role provides the functionality for users and group definitions and is
responsible for:
• Define, modify, and remove users
• Define, modify, and remove groups
BackupRestore - Backup and restore administrator
The BackupRestore role provides the functionality for backup and restore operations for file
systems, using various commands such as:
• cpio, pax, tar, backup and restore
DomainAdmin - Remote domain administrator
The DomainAdmin role provides the functionality for managing network security
mechanisms such as:
• kerberos, ldap, NIS, and PKI
FSAdmin - File system administrator
The FSAdmin role provides the functionality for managing file systems and has the ability
to:
• Create, modify, and remove file systems
• Mount and unmount file systems
• Defrag file systems
• Format file system logs
Instructor Guide
• Manage file system user quotas

• Create and manage JFS2 snapshots
SecPolicy - Security policy administrator
The SecPolicy role provides the functionality for security administration and is responsible
for most of what the ISSO covers, except for:
• Domain Administration
• System Configuration
SysBoot - System boot administrator
The SysBoot role provides the functionality for system shutdown and booting through the
facilities for:
• halt, shutdown, and reboot
SysConfig - System configuration
The SysConfig role provides the functionality for system configuration and is responsible
for such components as:
• inittab
• System console
• Kernel extensions
• uname
• Resource sets
• Date and time zone
• Software license management
• Performance tunables
• Diagnostics

V5.2
Instructor Guide

Purpose — Show how to list default roles and authorizations
Details — Go through the example commands in the visual.
Additional information — Enhanced RBAC roles (with authorizations) may be helpful
information if you get questions like: “What roles can the System Administrator role
perform?”
AccountAdmin:aix.security.group,aix.security.user
BackupRestore:aix.fs.manage.backup,aix.fs.manage.restore
DomainAdmin:aix.security.kerberos,aix.security.ldap,aix.security.nis,aix.security.pki
FSAdmin:aix.fs.manage.change,aix.fs.manage.create,aix.fs.manage.debug,aix.fs.manage
.defrag,aix.fs.manage.dump,aix.fs.manage.list,aix.fs.manage.mount,aix.fs.manage.quota,
aix.fs.manage.recover,aix.fs.manage.remove,aix.fs.manage.snapshot,aix.fs.manage.unmo
unt,aix.fs.object,aix.lvm
SecPolicy:aix.security.audit,aix.security.auth,aix.security.cmd,aix.security.config,aix.securit
y.device,aix.security.file,aix.security.kst,aix.security.network,aix.security.proc,aix.security.ro
le,aix.security.passwd,aix.security.su,aix.security.tcb,aix.security.tsd
SysBoot:aix.system.boot.halt,aix.system.boot.info,aix.system.boot.reboot,aix.system.boot.
shutdown
SysConfig:aix.system.boot.create,aix.system.config.bindintcpu,aix.system.config.console,
aix.system.config.date,aix.system.config.diag,aix.system.config.dlpar,aix.system.config.init
tab,aix.system.config.io,aix.system.config.kext,aix.system.config.mode,aix.system.config.p
erf,aix.system.config.rset,aix.system.config.uname,aix.system.config.write,aix.system.stat,
aix.wpar
isso:aix.device,aix.fs.chroot,aix.fs.manage.export,aix.fs.stat,aix.network,aix.proc.fuser,aix.
proc.ipc,aix.proc.status
sa:aix.system.config.acct,aix.system.config.cron,aix.system.config.src,aix.system.install
so:aix.proc.kill,aix.ras,aix.system.config.init,aix.system.config.wlm
Transition statement — Let's go through (basic) implementation steps for RBAC.
Instructor Guide
RBAC (basic) implementation steps

IBM Power Systems
• Steps to configure RBAC

1. Ensure RBAC is enabled (default true, AIX6.1).
## lsattr
lsattr -El
-El sys0
sys0 |grep
|grep RBAC
RBAC
enhanced_RBAC
enhanced_RBAC true
true Enhanced
Enhanced RBAC
RBAC Mode
Mode
2. Plan which predefined administration roles need to be assigned to

users.
3. Assign AIX predefined roles to the relevant users.

• Using chuser command
4. User would then switch to the role and perform the necessary
operations.
• To switch roles, use swrole command
Figure 12-35. RBAC (basic) implementation steps AN121.1
Notes:
A key part in implementing RBAC, is planning. Start by making a note of all the
administration tasks which may need to be performed, then allocate them to roles, and
assign the roles to userids.
RBAC is enabled by default in AIX 6, and can be checked with the lsattr command as
shown on the visual.

V5.2
Instructor Guide

Purpose — Define the basic implementation steps of RBAC
Details — Go through the details on the foil. Remember, keep it simple. Most users will not
delve deep into RBAC (example: creating authorizations and changing privilege
commands/files/devices.)
Transition statement — Let's see a basic example.
Instructor Guide
RBAC example (1 of 2)
IBM Power Systems
• Example: Let's give permission for user, alex, to start, stop,

and reboot the system.
– First, find the predefined role.
## lsrole
lsrole -f
-f -a
-a authorizations
authorizations dfltmsg
dfltmsg ALL
ALL |grep
|grep -p
-p dfltmsg
dfltmsg || \\
grep -p shutdown
grep -p shutdown
SysBoot:
SysBoot:
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.system.
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.system.
boot.reboot,aix.system.boot.shutdown
boot.reboot,aix.system.boot.shutdown
dfltmsg=System
dfltmsg=System Boot
Boot Administration
Administration
– Add the ‘SysBoot’ role to user alex.

## chuser Confirm the
chuser roles=SysBoot
roles=SysBoot alex
alex
SysBoot role has
## rolelist been allocated to
rolelist -u
-u alex
alex
SysBoot System user alex.
SysBoot System Boot
Boot Administration
Administration
Figure 12-36. RBAC example (1 of 2) AN121.1
Notes:
The visual demonstrates how to provide a user with the capability to start, stop, and reboot
the system.
If you are not sure if the system authorization, aix.system.boot.shutdown, contains
the shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
/etc/security # grep shutdown privcmds
/usr/sbin/exec_shutdown:
accessauths = aix.system.boot.shutdown
/usr/sbin/shutdown:
accessauths = aix.system.boot.shutdown

V5.2
Instructor Guide

Purpose — Show how to implement a basic RBAC example
Transition statement — Let's now see how to switch roles, and execute a system reboot,
as user, alex.
Instructor Guide
RBAC example (2 of 2)
IBM Power Systems
– As user, alex, shut down and reboot the system

alex Lists the assigned
alex $$ rolelist
rolelist
SysBoot System roles
SysBoot System Boot
Boot Administration
Administration
alex
alex $$ rolelist
rolelist -e
-e Lists the active
rolelist:
rolelist: There
There is
is no
no active
active role
role set
set roles
alex
alex $$ rolelist
rolelist -a
-a
SysBoot
SysBoot aix.system.boot.create
aix.system.boot.create
aix.system.boot.halt
aix.system.boot.halt Lists the assigned
aix.system.boot.info
aix.system.boot.info authorizations
aix.system.boot.reboot
aix.system.boot.reboot
aix.system.boot.shutdown
aix.system.boot.shutdown
alex
alex $$ swrole
swrole SysBoot
SysBoot Switch to role
alex
alex $ alex's Password:
$ alex's Password: SysBoot
SysBoot role is
alex
alex $$ rolelist
rolelist -e
-e now active
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
alex
alex $$ shutdown
shutdown –Fr
–Fr Perform a system
reboot.
Figure 12-37. RBAC example (2 of 2) AN121.1
Notes:
The rolelist command provides role and authorization information to the invoker, about
their current roles, or the roles assigned to them.
The swrole command creates a new role session, spawed in a sub shell, with the roles
that are specified by the role parameter (in this example, SysBoot). To exit the new role sub
shell, type:
# exit rolelist –e or # exit rolelist SysBoot

V5.2
Instructor Guide

Purpose — Show how to implement a basic RBAC example
Transition statement — It’s time for some review questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. What is the difference between the commands, pwdadm

and passwd?
___________________________________________
2. Which password change command does SMIT use?
3. True or False: When you delete a user from the system,

all the user's files and directories are also deleted.
4. True of False: RBAC is disabled by default on AIX 6.1.
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

and passwd?
The pwdadm command can only be run by a member
of the security group

passwd

4. True or False: RBAC is disabled by default on AIX 6.1.
Instructor Guide
Topic summary
IBM Power Systems

– Recover root password if lost or forgotten
• Understand the key elements of RBAC and configure a simple
RBAC implementation
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Additional information — This is probably a good time for a break.
Transition statement — Topic 3, Security files
Instructor Guide

V5.2
Instructor Guide
Uempty 12.3. Security files
Instructor topic introduction

What students will do — Learn about the security file.
What students will learn — Security files
• Identify and understand key security files
• Understand how to validate the user environment
• Document the system security policy and set-up
Instructor Guide
Security files
IBM Power Systems

Figure 12-40. Security files AN121.1
Notes:

V5.2
Instructor Guide

Purpose — Security files
Details — Read out the topic objectives.
Transition statement — Let's start by defining the key security files.
Instructor Guide
Security files introduction

IBM Power Systems
• Files used to contain user attributes and control access:

– /etc/passwd Valid users (not passwords)
– /etc/group Valid groups
– /etc/security Directory not accessible

to normal users
– /etc/security/passwd User passwords

– /etc/security/user User attributes, password
restrictions
– /etc/security/group Group attributes
– /etc/security/limits User limits
– /etc/security/environ User environment settings
– /etc/security/login.cfg Console Login settings
Figure 12-41. Security files introduction AN121.1
Notes:
Introduction
The security on the system is controlled by a number of ASCII files. Key files are listed
on the visual and briefly described below.
/etc/passwd
The /etc/passwd file lists the valid users, and the user ID, primary group, home
directory, and default login shell for each of these users.
/etc/group
The /etc/group file lists the valid groups, their group IDs, and members.
The /etc/security directory
The /etc/passwd and /etc/group files have global read access to all users. A number
of other files control the attributes of users. These files are in the /etc/security directory,
which can only be accessed by root or the security group.

V5.2
Instructor Guide
Uempty /etc/security/passwd
/etc/security/passwd contains the encrypted password and update information for
users.
/etc/security/user
/etc/security/user contains extended user attributes.
/etc/security/group
/etc/security/group contains extended group attributes.
/etc/security/limits
/etc/security/limits contains process resource limits for users.
/etc/security/environ
/etc/security/environ contains environment variables for users. This file is not often
used.
/etc/security/login.cfg
/etc/security/login.cfg is a configuration file for the login program. This file contains
security enhancements that limit the logins on a port, for example, the number of login
attempts and the valid login programs (shells).
Instructor Guide
Instructor notes:
Purpose — Introduce some of the primary files used to hold user, group, and security
information
Details — This page provides an introduction to the primary files that hold user, group, and
security information. This page is meant as an introduction. Details on most of the files
listed will be covered on the following pages.
Most UNIX systems have /etc/passwd and /etc/group. AIX uses the /etc/security
directory as a way to provide added security for additional user and group information. The
/etc/security directory is not standard on all UNIX operating systems.
Transition statement — Let's now take a look through some of the files that are involved
in the security of your system.

V5.2
Instructor Guide
Uempty
/etc/passwd file
IBM Power Systems
## cat
cat /etc/passwd
/etc/passwd
root:!:0:0::/:/usr/bin/ksh
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
nobody:!:4294967294:4294967294::/:
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh
! = Passwd is set
/etc/security/passwd
* = no password set
Figure 12-42. /etc/passwd file AN121.1
Notes:
Role of the /etc/passwd file
The /etc/passwd file lists the users on the system and some of their attributes. This file
must be readable by all users, because commands such as ls access it.
Fields in the /etc/passwd file
The fields in the /etc/passwd file are:
• User name: Up to eight alphanumeric characters (not all uppercase)
• Password: On older UNIX systems, this contained the encrypted password. On AIX, it
either contains an exclamation mark (!) to refer to the /etc/security/passwd file or an
asterisk (*), which means the user has no password assigned.
• UID: The user ID number for the user
• GID: The ID of the primary group to which this user belongs
• Information: Any descriptive text for the user
Instructor Guide
• Directory: The login directory of the user and the initial value of the $HOME variable
• Login program: Specifies the initial program or shell that is executed, after a user
invokes the login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for better
performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any
that look suspicious.

V5.2
Instructor Guide

Purpose — The first file discussed, lists all the user IDs on the system
Details — Discuss the format of the /etc/passwd file.
Be sure to mention the mkpasswd command mentioned in the student notes. This
command is available in AIX V4.3 and later. In order for the index mechanism to be used at
login, the mkpasswd command must be executed to generate the indexes.
Additional information — In enterprise UNIX environments today, LDAP is used to store
and authenticate users. If this is the case, then no users are contained in /etc/passwd. For
example, using Tivoli Directory server S 6.2, a user alex is created, # mkuser –R LDAP
alex.
The only entry that exists on the LDAP client for user alex, is in /etc/security/user, as
follows:
alex:
SYSTEM=LDAP
registry=LDAP
Transition statement — The file containing the security attributes of a user is now the
/etc/security/passwd file.
Instructor Guide
/etc/security/passwd file
IBM Power Systems
## cat
cat /etc/security/passwd
root:
root:
password
password == etNKvWlXX5EFk
etNKvWlXX5EFk
lastupdate
lastupdate = 1145381446
= 1145381446
flags
flags ==
daemon:
daemon:
password
password == **
bin:
bin:
password
password == **
alex:
alex:
password
password == XAkhucsiyVwAA
XAkhucsiyVwAA
lastupdate
lastupdate == 1225381869
1225381869
flags =
flags =
tyrone:
tyrone:
password
password == RWWoFp5iuL.JI
RWWoFp5iuL.JI
lastupdate
lastupdate = 1225381903
= 1225381903
flags
flags == ADMCHG,ADMIN,NOCHECK
ADMCHG,ADMIN,NOCHECK
Figure 12-43. /etc/security/passwd file AN121.1
Notes:
Role of the /etc/security/passwd file (commonly referred to as the shadow password
file)
The /etc/security/passwd file contains the encrypted user passwords and can only be
accessed by root. The login, passwd, pwdadm, and pwdck commands, which run with
root authority, update this file. This file is in stanza format with a stanza for each user.
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files for
/etc/security/passwd and some related files. These index files provide for better
performance during the login process. These indexes are created using the mkpasswd
command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:
• Password: Either the encrypted password asterisk (*) for invalid, or blank for no
password

V5.2
Instructor Guide
Uempty • Lastupdate: The date and time of the last password update in seconds from 1 January
1970
• Flags:
- ADMCHG: The password was last changed by an administrator or root.
- ADMIN: The user's password can only be changed by root.
- NOCHECK: Password restrictions are not in force for this user.
See /etc/security/user for password restrictions.
Instructor Guide
Instructor notes:
Purpose — Show the file containing the security attributes for users
Details — This file contains the actual password for each user.
In AIX, it is recommended that this file not be updated directly.
Transition statement — The /etc/security/passwd file contains the actual password
string (encrypted). Let's now look at where other user attributes are set.

V5.2
Instructor Guide
Uempty
/etc/security/user file
IBM Power Systems
default:
default: ** default
default continued
continued ...
...
admin
admin == false
false
login
login == true
true maxage
maxage == 00
susu == true
true maxexpired
maxexpired == -1
-1
daemon
daemon == true
true minalpha
minalpha == 00
rlogin
rlogin == true
true minother
minother == 00
sugroups
sugroups == ALL
ALL minlen
minlen == 00
admgroups
admgroups == mindiff
mindiff == 00
ttys
ttys == ALL
ALL maxrepeats
maxrepeats == 88
auth1
auth1 == SYSTEM
SYSTEM dictionlist
dictionlist ==
auth2
auth2 == NONE
NONE pwdchecks
pwdchecks ==
tpath
tpath == nosak
nosak root:
root:
umask
umask == 000
000 admin
admin == true
true
expires
expires == 00 SYSTEM
SYSTEM == "compat"
"compat"
SYSTEM
SYSTEM == "compat"
"compat" loginretries
loginretries == 00
logintimes
logintimes == account_locked
account_locked == false
false
pwdwarntime
pwdwarntime == 00 registry
registry == files
files
account_locked
account_locked == false
false admgroups
admgroups ==
loginretries
loginretries == 00 alex:
alex:
histexpire
histexpire == 00 admin
admin == false
false
histsize
histsize == 00
minage
minage == 00
Figure 12-44. /etc/security/user file AN121.1
Notes:
admin
This attribute defines the administrative status of the user. Possible values: true or false
login
This attribute defines whether a user can login. Possible values: true or false
su
This attribute defines whether other users can switch to this user account. The su
command supports this attribute. Possible values: true or false
daemon
This attribute defines whether the user can execute programs using the system resource
controller (SRC). Possible values: true or false
Instructor Guide
rlogin
This attribute defines whether the user account can be accessed by remote logins. rlogin
and telnet commands support this attribute. Possible values: true or false
sugroups
This attribute defines which groups can switch to this user account. Alternatively, you may
explicitly deny groups by preceding the group name with an exclamation mark (!). Possible
values: list of valid groups separated by commas, ALL or *
admgroups
This attribute lists the groups that a user administers. The value is a comma-separated list
of valid group names.
ttys
This attribute defines which terminals can access the user account. Alternatively you may
explicitly deny terminals by preceding the terminal name with an exclamation mark (!).
Possible values: list of device paths separated by commas, ALL or *
auth1
This attribute defines the primary authentication method for a user. The commands login,
telnet, rlogin, and su, support these authentication methods.
auth2
This attribute defines the secondary authentication methods for a user. It is not a
requirement to pass this method to log in.
tpath
This attribute defines the user's trusted path characteristics. Possible values: nosak, notsh,
always or on (For more information refer to the online documentation.)
umask
This attribute defines the default umask for the user. Possible values: 3-digit octal value
expires
This attribute defines the expiration time for the user account. Possible values: a valid date
in the form MMDDHHMMYY or 0. If 0, the account does not expire. The 'YY' supports the
last two digits of the years 1939 to 2038. If 0101000070, then the account is disabled.
SYSTEM
This attribute can be used to describe multiple or alternate authentication methods the user
must use successfully, before gaining access to the system. Possible tokens are:
• Files: Allows only local users access to the system
• Compat: The normal login procedure and therefore allows local and NIS users access
to the system
• DCE: The Distributed Computing Environment authentication

V5.2
Instructor Guide
Uempty logintimes
This attribute defines the times a user can login.
pwdwarntime
This attribute defines the number of days before a forced password change warning
informs the user of the impending password change. Possible values: a positive integer or
0 to disable this feature
account_locked
This attribute defines whether the account is locked. Locked accounts cannot be used for
login or su. Possible values: true or false
loginretries
This attribute defines the number of invalid login attempts before a user is not allowed to
login. Possible values: a positive integer or 0 to disable this feature
histexpire
This attribute defines the period of time in weeks that a user will not be able to reuse a
password. Possible values: an integer value between 0 and 260. 26 (approximately 6
months) is the recommended value
histsize
This attribute defines the number of previous passwords which cannot be reused. Possible
values: an integer between 0 and 50
minage
This attribute defines the minimum number of weeks between password changes. The
default is 0. Possible values: 0 to 52
maxage
This attribute defines the maximum number of weeks a password is valid. The default is 0,
which is equivalent to unlimited. Possible values: 0 to 52
maxexpired
This attribute defines the maximum number of weeks after maxage that an expired
password can be changed by a user. The default is -1, which is equivalent to unlimited.
Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to be enforced
(root is exempt from maxexpired)
minalpha
This attribute defines the minimum number of alphabetic characters in a password. The
default is 0. Possible values: 0 to 8
minother
This attribute defines the minimum number of non-alphabetic characters in a password.
The default is 0. Possible values: 0 to 8
Instructor Guide
minlen
This attribute defines the minimum length of a password. The default is 0. Range: 0 to 8
Note that the minimum length of a password is determined by minlen and/or “minalpha +
minother”, whichever is greater. “minalpha + minother” should never be greater than 8. If
“minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.
mindiff
This attribute defines the minimum number of characters in the new password that were
not in the old password. The default is 0. Possible values: 0 to 8
maxrepeats
This attribute defines the maximum number of times a given character can appear in a
password. The default is 8, which is equivalent to unlimited. Possible values: 0 to 8
dictionlist
This attribute defines the password dictionaries used when checking new passwords. The
format is a comma separated list of absolute path names to dictionary files. A dictionary file
contains one word per line where each word has no leading or trailing white space. Words
should only contain 7 bit ASCII characters. All dictionary files and directories should be
write protected from everyone except root. The default is valueless which is equivalent to
no dictionary checking.
pwdchecks
This attribute defines external password restriction methods used when checking new
passwords. The format is a comma separated list of absolute path names to methods or
method path names relative to /usr/lib. A password restriction method is a program
module that is loaded by the password restrictions code at run time. All password
restriction methods and directories should be write protected from everyone except root.
The default is valueless, which is equivalent to no external password restriction methods.

V5.2
Instructor Guide

Purpose — Show the location of most user attributes and demonstrate how the default can
be changed
Details — This visual, and the following one, show the file containing the user attributes.
The default stanza contains values that all users inherit unless their own stanza overrides
it.
There are also stanzas in this file for each configured user on the system.
The file /etc/security/user contains a lengthy comment section at the start of the file, which
amply documents what flags there are and the acceptable values for these. Refer to the file
and the student notes for further information.
Transition statement — Let's now look at the group files.
Instructor Guide
Group files
IBM Power Systems
## cat
cat /etc/group
/etc/group
system:!:0:root,esaadmin,pconsole
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
staff:!:1:ipsec,sshd,alex,tyrone,ted
bin:!:2:root,bin
bin:!:2:root,bin
sys:!:3:root,bin,sys
sys:!:3:root,bin,sys
adm:!:4:bin,adm
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
uucp:!:5:nuucp,uucp
...
...
## cat
cat /etc/security/group
/etc/security/group
system:
system:
admin
admin == true
true
staff:
staff:
admin
admin == false
false
bin:
bin:
admin
admin == true
true
...
...
techies:
techies:
admin
admin == false
false
adms = alex
adms = alex
Figure 12-45. Group files AN121.1
Notes:
The /etc/group file
The fields in the /etc/group file are:
• Group: Up to eight alphanumeric characters (not all uppercase)
• Password: This field is not used in AIX and should contain an exclamation mark (!)
• ID: The group ID
• Members: A comma-separated list of the users who belong to this group
The /etc/security/group file
The /etc/security/group file is a stanza file with one stanza for each group. The valid
entries are:
• admin: Defines whether the group is an administrative group; values are true or false
• adms: A comma-separated list of the users who are administrators for the group
• If admin=true, this stanza is ignored because only root can change an administrative
group.
• projects: A list of project names to be associated with the group

V5.2
Instructor Guide

Purpose — Having seen the user security files, we will now look at the group files
Details — Discuss the group files.
Additional information — Once again in AIX 5L V5.3, and later, there is the new group
attribute of projects. This relates to the previous discussion on the Add a Group SMIT
panel.
Transition statement — Let's look at the /etc/security/login.cfg file.
Instructor Guide
/etc/security/login.cfg file
IBM Power Systems
default:
default:
herald
herald == "Authorized
"Authorized use
use only.\n\rlogin:"
only.\n\rlogin:"
logintimes
logintimes = =
logindisable
logindisable == 00
logininterval
logininterval == 00
loginreenable
loginreenable == 00
logindelay
logindelay == 00
** Other
Other security
security attributes
attributes (usw
(usw stanza):
stanza):
usw:
usw:
shells
shells == /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh
/bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh
/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin
/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin
/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/r
/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/r
ksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin
ksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin
/snappd
/snappd
maxlogins
maxlogins == 32767
32767
logintimeout
logintimeout == 6060
auth_type = STD_AUTH
auth_type = STD_AUTH
Figure 12-46. /etc/security/login.cfg file AN121.1
Notes:
herald
This attribute specifies the initial message to be printed out when getty or login prompts
for a login name. This value is a string that is written out to the login port. If the herald is not
specified, then the default herald is obtained from the message catalog associated with the
language set in /etc/environment.
logintimes
This attribute defines the times a user can use this port to login.
logindisable
This attribute defines the number of unsuccessful login attempts before this port is locked.
Use this in conjunction with logininterval.
logininterval
This attribute defines the number of seconds during which logindisable unsuccessful
attempts must occur before a port is locked.

V5.2
Instructor Guide
Uempty loginreenable
This attribute defines the number of minutes after a port is locked, that it automatically
unlocked.
logindelay
This attribute defines the delay in seconds between unsuccessful login attempts. This
delay is multiplied by the number of unsuccessful logins. Therefore, if the value is two, then
the delay between unsuccessful logins is two seconds, then four seconds, then six
seconds, and so forth.
Other security attributes (usw stanza):
shells
The list of valid login shells for a user; chuser and chsh will only change a user's login shell
to one of the shells listed here.
maxlogins
This attribute defines the maximum number of simultaneous logins allowed on the system.
logintimeout
This attribute defines the number of seconds the user is given to enter their password.
auth_type
This attribute determines whether PAM or the standard UNIX authentication mechanism
will be used by PAM-aware applications. Valid values: STD_AUTH, PAM_AUTH
The chsec command
Changes to the /etc/security/login.cfg file can be done by the command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=”Password:”
To reset to the default value:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=
Instructor Guide
Instructor notes:
Purpose — Define some of the attributes of the /etc/security/login.cfg file
Details — Please note that only a few of the attributes have been listed. Most of the
remaining attributes are explained in the Advanced System Administration course. Only
cover the ones listed.
Be sure to point out that this is the file that is used for a customized herald and only valid
with tn and login commands (for example,NOT ssh).
Transition statement — With all the information that is spread over such a number of files,
it sometimes is necessary to perform sanity checks on these files.

V5.2
Instructor Guide
Uempty
Validating the user environment

IBM Power Systems
• pwdck verifies the validity of local authentication information:

– pwdck {-n|-p|-t|-y} {ALL | username}
– Verifies that /etc/passwd and /etc/security/passwd are consistent
with each other and with /etc/security/login.cfg and /etc/security/user
• usrck verifies the validity of a user definition:

– usrck {-l|-b|-n|-p|-t|-y} {ALL | username}
– Checks each user name in /etc/passwd, /etc/security/user,
/etc/security/limits and /etc/security/passwd
– Checks are made to ensure that each has an entry in /etc/group and
/etc/security/group.
• grpck verifies the validity of a group:

– grpck {-n|-p|-t|-y} {ALL | groupname }
– Verifies that the files /etc/passwd, /etc/security/user, /etc/group
and /etc/security/group are consistent
Figure 12-47. Validating the user environment AN121.1
Notes:
Use of validation commands
The commands listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root
permissions, they give administrative users the ability to make necessary changes to the
/etc/security/passwd file in a controlled way, without knowing the root password.
The usrck command
The usrck command verifies the validity of the user definitions in the user database files,
by checking the definitions for all the users or for the users specified by the user parameter.
You must select a flag to indicate whether the system should try to fix erroneous attributes.
Instructor Guide
Options for pwdck, usrck, and grpck commands

All the options for pwdck, usrck, and grpck are as follows:
-n Reports errors but does not fix them
-p Fixes errors but does not report them
-t Reports errors and asks if they should be fixed
-y Fixes errors and reports them
Additional options for usrck, are as follows:
-b Reports users who are not able to access the system and the reasons, with the
reasons displayed in a bit-mask format
-l Scans all users or the users specified by the User parameter to determine if the
users can access the system

V5.2
Instructor Guide

Purpose — Show how consistency in the security files can be maintained
Details — With all the information that is spread over such a number of files, it is
sometimes necessary to perform sanity checks on these files.
In the normal run of things, this should be unnecessary since SMIT will maintain
consistency among the files. However, if “traditional” UNIX administration methods are
employed on AIX, then these files can get out of sync.
In order to remedy this, there are several utilities provided to check and update or warn of
these inconsistencies.
Great care should be used when running these utilities, as they have options that fix
problems, but do not warn the administrator that a problem existed.
Transition statement — Let's end the topic and unit with some final words about
documentation.
Instructor Guide
Documenting security policy and setup

IBM Power Systems
• Identify the different types of users and what data they will
need to access.
– Consider using enhanced RBAC with AIX 6.1 to perform system
administration tasks (as opposed to using root).
• Organize groups around the type of work that is to be done.
• Organize ownership of data to fit with the group structure.
• Set SVTX on shared directories.
• Note: Further topics, such as LDAP, SSH,
trusted execution, encrypted filesystems, aixpert,
RBAC (detailed), and IPSec, are covered in the
AIX Security course: AU47G Security
Security
Policy and
Policy and
Setup
Setup
Figure 12-48. Documenting security policy and setup AN121.1
Notes:
Planning user and group administration
Plan and organize your user and group administration. Every user does not need their own
group. Good planning up front reduces any reorganizing of users and groups later on.
Use of the sticky bit
Always protect your shared directories by setting the sticky bit. Then users will not remove
each other’s files accidentally, or intentionally.

V5.2
Instructor Guide

Purpose — Discuss the documentation of the security policies of a site
Details — This really goes without saying, but it is worth pointing out that:
Security is a very narrow path. On one side there exists a totally secure system that, by
definition, is impossible to gain access to!
On the other side, we have a system where everyone logs in as root!
A sensible security policy treads a middle line between these two extremes and provides a
reasonable level of access control (you do not want to annoy the users too much) and still
manages to provide the required functionality and easy access.
Transition statement — Before we summarize, let's consider a few questions.
Instructor Guide
Checkpoint
IBM Power Systems
1. If an ordinary user forgets their password, can the system

administrator find out by querying the system as to what the
user's password was set to?
______
Why or why not?

_______________________________________
2. True or False: An asterisk “mary:*:” in the second field of the

/etc/passwd file, means there is a vaild password set in the
shadow password file for user mary.
3. Password restrictions are set in which of the following files?

/etc/passwd
/etc/security/restrictions
/etc/security/user
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

No
Why or why not?
Because the passwords are held in encrypted format, so
even the system administrator cannot tell what the password
was set to.

/etc/passwd
/etc/security/user
Instructor Guide
Topic summary
IBM Power Systems

Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Exercise 12
IBM Power Systems
Security and user

administration
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Unit summary
IBM Power Systems

Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide

V5.2
Instructor Guide
Uempty Unit 13. Scheduling
Estimated time
00:30

This unit describes how jobs can be scheduled on the system.

• Understand the role of the cron daemon
• Use crontab files to schedule jobs on a periodic basis
• Use the at command to schedule a job or series of jobs at some
time in the future
• Use the batch command to schedule jobs in a queue, to alleviate
immediate system demand

Accountability:
• Exercise
References
Online AIX 6.1 Commands Reference
AIX 6.1 Files Reference
AIX Version 6.1 Operating system and device
management
following address:
© Copyright IBM Corp. 2009 Unit 13. Scheduling 13-1

Instructor Guide
Unit objectives
IBM Power Systems

• Use crontab files to schedule jobs on a periodic basis
• Use the at command to schedule a job or series of jobs at
some time in the future
• Use the batch command to schedule jobs in a queue to
alleviate immediate system demand
Notes:

V5.2
Instructor Guide

Details —
Transition statement — Let’s start by discussing the role of the cron daemon.

Instructor Guide
The cron daemon

IBM Power Systems
• Responsible for running scheduled jobs
• Starts:
– crontab command events
(regularly scheduled jobs)
– at command events
(one time only execution at specified time)
– batch command events

(run when CPU load is low)
Figure 13-2. The cron daemon AN121.1
Notes:
Function of the cron daemon

The system process that enables batch jobs to be executed on a timed basis, is the
cron daemon. Many people rely on cron to execute jobs. Jobs are submitted to the
cron daemon in a number of different ways:
• The at and batch facilities are used to submit a job for one-time execution.
• crontab files are used to execute jobs periodically - hourly, daily, weekly.
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly
as a daemon. If killed, it is automatically restarted.

V5.2
Instructor Guide
Uempty Changing how cron event types are handled

The /var/adm/cron/queuedefs file defines how the system handles different cron
daemon event types. The file specifies the maximum number of processes per event
type to schedule at one time, the nice value of the event type, and how long to wait
before retrying to execute a process. This file is empty as shipped, but can be modified
to change how the cron daemon handles each event type.
For example, by default, crontab events are inspected every 60 seconds, run at a nice
value of 2 higher than the default, and there may be up to 100 executing
simultaneously.
This may be changed by modifying the /var/adm/cron/queuedefs file.
For example, if crontab jobs were to run at a nice value of 10 higher than the default,
with files inspected every two minutes, and with up to 200 jobs allowed, then the
following entry should be made to the file:
c.200j10n120w
| | | |
| | | wait period (in seconds)
| | |
| | nice value
| |
| jobs
|
cron

Instructor Guide
Instructor notes:
Purpose — Explain what cron is, what it does, and how it is configured
Details — cron runs system tasks on behalf of a user. The user can submit a task to
cron, and then log out of the system, knowing that the task will still be run.
The output of these tasks handed over to cron must be handled in a special way.
Redirection of output is sometimes used for such tasks. If no output redirection is used,
then cron will mail the output and the errors to the user.
Transition statement — Let’s cover some key points regarding crontab files.

V5.2
Instructor Guide
Uempty
crontab files
IBM Power Systems
• Used to start regularly occurring jobs
• Schedule is defined in:

/var/spool/cron/crontabs/$USER
• Files to control crontab privileges of users:

– /var/adm/cron/cron.deny lists users who cannot use
crontab
– /var/adm/cron/cron.allow lists users who can use
crontab
• An empty cron.deny exists by default.
Figure 13-3. crontab files AN121.1
Notes:
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly
scheduled jobs using files in the /var/spool/cron/crontabs directory, or it can be used
to schedule a command for one-time-only execution using the at command.
The /var/adm/cron/cron.deny file

All users by default have the privilege to set up scheduled jobs to be monitored by cron.
This is because the file /var/adm/cron/cron.deny, which denies privileges to users,
exists and is empty. As the administrator, you can restrict access to cron by adding user
names to this text file.

Instructor Guide
The /var/adm/cron/cron.allow file

Another file that also restricts users’ privileges, is /var/adm/cron/cron.allow. To use
this file, you should remove the cron.deny file and create the cron.allow file to list the
users that are allowed to use cron. If cron.allow exists and is empty, no user is able to
use cron, that includes root. If both cron.allow and cron.deny exist, then cron.allow
is the file that is used. If neither cron.allow nor cron.deny exists, then only root can
use cron.

V5.2
Instructor Guide

Purpose — List files associated with cron and tell where they are located
Details — Explain where the crontab files are located. The content of these files is
covered on the next visual.
Cover the files that control access to cron. Explain what happens when these files exist, do
not exist, or exist together.
By default, all users can use cron because an empty cron.deny exists.
Additional information — The at command is controlled by a similar set of files named
at.allow and at.deny. The same information applies as with cron.allow and cron.deny.
Transition statement — Let's take a look at the format of crontab files.

Instructor Guide
Format of a crontab file

IBM Power Systems
Format of entries:
minute hour date-of-month month day-of-week command
To view current crontab:

# crontab -l
...
...
#0
#0 33 ** ** ** /usr/sbin/skulker
/usr/sbin/skulker
#45
#45 2 * * 0 /usr/lib/spell/compress
2 * * 0 /usr/lib/spell/compress
#45
#45 2323 ** ** ** ulimit
ulimit 5000;
5000; /usr/lib/smdemon.cleanu
/usr/lib/smdemon.cleanu >> /dev/null
/dev/null
00 11
11 * * * /usr/bin/errclear -d
* * * /usr/bin/errclear -d S,O
S,O 3030
00 12
12 ** ** ** /usr/bin/errclear
/usr/bin/errclear -d-d HH 90
90
00 15
15 * * * /usr/lib/ras/dumpcheck >/dev/null
* * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
2>&1
0,30,45
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null
* * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
2>/dev/null
...
...
Figure 13-4. Format of a crontab file AN121.1
Notes:
Viewing a crontab file

Each user can view their crontab file by using the command crontab -l.
The user’s crontab file contains the schedule of jobs to be run on behalf of that user.
There is a separate crontab file for each user of the crontab facility. This file is located
in /var/spool/cron/crontab/$USER.

V5.2
Instructor Guide
Uempty Format of crontab file entries

The format for the lines in this file is as follows:
minute (0-59)
hour (0-23)
date of the month (1-31)
month of the year (1-12)
day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)
command
Fields are separated by spaces or tabs. To indicate a field is always true, use an
asterisk (*). To indicate multiple values in a field, use a comma (,). A range can also be
specified by using a hyphen (-).
Examples of crontab entries

Here are some examples of crontab entries:
• To start the backup command at midnight, Monday through Friday:
0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0
• To execute a command called script1 every 15 minutes between 8 a.m. and 5 p.m.,
Monday through Friday:
0,15,30,45 8-17 * * 1-5 /home/team01/script1

Instructor Guide
Instructor notes:
Purpose — Explain the format of a crontab file
Details — Cover that each field is separated by white space. Explain what each field
means. Each field can have multiple values separated by commas, and ranges can be
specified with hyphens.
All fields are compared using and, and all fields must be true before cron executes the line.
There is an exception to this rule. If a numeric is specified in both the “date of the month”
field and the “day of the week” field, these two fields (and only these two fields) are
compared with an “or”. For example, if a user wanted to run a script on the first of the
month when the first falls on a Friday, the administrator may incorrectly set up the crontab
entry to look like this:
0 0 1 * 5 /usr/bin/newscript
The problem is that although the first is specified correctly with the “1” and the day of the
week is specified correctly with the “5”, these two fields are compared using “or”. Therefore,
it runs on the first of the month, and it runs on Fridays because the first Friday makes the
condition true.
The crontab file does not provide the capability to accomplish the original goal. However,
you could achieve your objective by running a script every Friday and have the script check
to see if it is the first of the month before proceeding through the script. The logic needs to
be built into the script.
Additional information — You should point out the skulker entry in the file since this was
discussed earlier in the course.
Transition statement — Now that you know the format, let’s see how to change this file.

V5.2
Instructor Guide
Uempty
Editing a crontab file

IBM Power Systems
• One way to edit a crontab file:

## crontab
crontab -e
-e
• A safer method:
## crontab
crontab -l
-l >> /tmp/crontmp
/tmp/crontmp
## vi /tmp/crontmp
vi /tmp/crontmp
## crontab
crontab /tmp/crontmp
/tmp/crontmp
Figure 13-5. Editing a crontab file AN121.1
Notes:
Creating or updating a crontab file

To schedule a job, you must create a crontab file. The cron daemon keeps the
crontab files in memory, so you cannot update the crontab entries by just modifying
the file on disk.
Using crontab -e to edit the crontab file

To edit the crontab file, one method is to use crontab -e. This opens your crontab file
with the editor set with the EDITOR variable. Edit the file as you normally would any file.
When the file is saved, the cron daemon is automatically refreshed.

Instructor Guide
Another method of updating your crontab file

The crontab -l command always shows the crontab file that cron is using on your
behalf. Another method to update the file is to use the command crontab -l >
mycronfile. This command creates a copy of the current crontab file and enables you
to safely edit the mycronfile file without affecting the current crontab file. To submit
your changes, use the command: crontab mycronfile. The content of the mycronfile
file replaces the content of your file in the crontab directory, and refreshes the cron
daemon, all at once. Now, you also have a backup of the crontab file in mycronfile.
Removing your crontab file

Use the command crontab -r if you would like to remove your current crontab file.

V5.2
Instructor Guide

Purpose — Show how to view or add to a crontab file
Details — The crontab -l command can be used to get the current crontab into a file.
This file can be edited with an editor (for example, vi) and a new crontab is generated
using the crontab command. The crontab -e command can be used to do the above
steps interactively.
There is a crontab file for every cron user on the system, and it is given the name of the
user's ID. If you want to remove a job in your crontab file, you need to edit it, and remove
that one line. crontab -r will remove your entire file.
Additional information — The cron daemon runs the command named in the sixth field at
the selected date and time. If you include a percent sign (%) in the sixth field, the cron
daemon treats everything that precedes it as the command invocation and makes all that
follows it available to standard input, unless you escape the percent sign (\%).
Transition statement — Let's take a look at the at and batch commands.

Instructor Guide
The at and batch commands

IBM Power Systems
• The at command submits a uniquely occurring job to be run

by cron at a specified time.
## at
at 55 pm
pm Friday
Friday
banner
banner hello
hello >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
job
job user.time.a
user.time.a will
will be
be run
run at
at date
date
## for
for hosts
hosts in
in lpar50
lpar50 lpar51
lpar51 lpar52
lpar52
do
do
rsh
rsh $host
$host "echo
"echo '<<EOF
'<<EOF nohup
nohup shutdown
shutdown -Fr'
-Fr' || at
at now
now ""
done
done
• The batch command submits a job to be run when the

processor load is sufficiently low.
## batch
batch
banner
banner hello
hello world
world >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
Figure 13-6. The at and batch commands AN121.1
Notes:
Use of the at command

The at command submits a job for cron to run once, rather than on a recurring basis, at
a specified time. It reads the commands to execute from standard input. The at
command mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
Examples of keywords or parameters that can be used with at are: noon, midnight, am,
pm, A for am, P for pm, N for noon, M for midnight, today, tomorrow.
The time can be specified as an absolute time or date (for example, 5 pm Friday), or
relative to now (for example, now + 1 minute).
The Bourne shell is used by default to process the commands. If -c is specified the C
shell is run, and if -k is specified the Korn shell is run. If you specify the -m option, at
sends you mail to say that the job is complete.

V5.2
Instructor Guide
Uempty Controlling use of at

The at command can only be used by root unless one of the following files exists:
• /var/adm/cron/at.deny
If this file exists, anybody can use at, except those listed in it. An empty at.deny file
exists by default. Therefore, all users can use at by default.
• /var/adm/cron/at.allow
If this file exists, only users listed in it can use at (root included).
Use of the batch command

The batch command submits a job to be run when the processor load is sufficiently low.
Like the at command, the batch command reads the commands to be run from
standard input and mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.

Instructor Guide
Instructor notes:
Purpose — Explain how to use the at and batch commands
Details — Jobs entered using the at command are managed by the cron daemon.
Additional information — The at command performs once-only tasks at a later time than
the present.
This can be used to schedule a task for a time when there will be no users on the system,
for example, at 3 a.m.
batch jobs are the same as running at -q b.
Transition statement — We discussed how to submit a task to at. Now, let’s see how
these jobs can be cancelled.

V5.2
Instructor Guide
Uempty
Controlling at jobs
IBM Power Systems
• To list at jobs:
at -l [user]
atq [user]
## at
at –l
–l
root.1118077769.a
root.1118077769.a Mon
Mon Jun
Jun 66 10:09:29
10:09:29 2007
2007
root.1118078393.a
root.1118078393.a Mon
Mon Jun 6 10:19:53 2007
Jun 6 10:19:53 2007
test2.1118079063.a
test2.1118079063.a Mon
Mon Jun
Jun 66 10:31:03
10:31:03 2007
2007
• To cancel an at job:
at -r job
atrm [job | user]
## at
at -r
-r test2.1118079063.a
test2.1118079063.a
at
at file: test2.1118079063.a
file: test2.1118079063.a deleted
deleted
• To cancel all your at jobs:

atrm -
Figure 13-7. Controlling at jobs AN121.1
Notes:
Listing at jobs
To list at jobs use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command
atrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root user
can cancel all jobs for another user, using atrm <user>.

Instructor Guide
Instructor notes:
Purpose — Show how to view the at queue and to cancel jobs from it.
Details — The first portion of an at job number shows the user ID that entered the job.
Transition statement — Let's see what we should document.

V5.2
Instructor Guide
Uempty
Documenting scheduling
IBM Power Systems
• Have a copy of each user's crontab file

• Have a copy of the /etc/inittab file
Scheduling Records
Figure 13-8. Documenting scheduling AN121.1
Notes:
Overview
It is important to have correct, up-to-date information regarding your system, in case of
an unexpected system failure.
Maintain as much documentation as possible about all aspects of the system by
following the recommendations we have given throughout the course.

Instructor Guide
Instructor notes:
Purpose — Describe two useful documentation ideas that can help maintain the
availability of a system
Details — Explain the importance of having correct up to date information regarding the
system, in case of unexpected system failure.
Encourage the user to maintain as much documentation as possible about all aspects of
the system by following the recommendations we have given throughout the course.
Transition statement — Before we do the exercise for this unit, let's look at the checkpoint
questions.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1. True or False: The at.allow and at.deny files must be used to

specify which users are allowed and denied use of the at
command.
2. Give a crontab entry that would specify that a job should run
every Thursday at 10 past and 30 minutes past every hour.
_____________________________________________
3. How would you schedule a script named myscript, to run 10

minutes from now?
_____________________________________________
_____________________________________________
_____________________________________________
_____________________________________________
Notes:

Instructor Guide
Instructor notes:
Purpose — Review and test understanding of what has been covered in this unit
Details — A suggested approach is to give the students a few minutes to answer the
questions themselves and then go over the answers as a group. A suggested checkpoint
solution is given below:
IBM Power Systems
1. True or False: The at.allow and at.deny files must be

used to specify which users are allowed and denied use
of the at command.
False. Only one or the other of these files should be
used.
2. Give a crontab entry that would specify that a job should

run every Thursday at 10 past and 30 minutes past
every hour.
10,30 * * * 4 <job>
3. How would you schedule the script named myscript, to

run 10 minutes from now?
# at now + 10 minutes
myscript
^d
# © Copyright IBM Corporation 2009
Transition statement — Let’s move on to the exercise for this unit.

V5.2
Instructor Guide
Uempty
Exercise 13
IBM Power Systems
Scheduling
Notes:
Introduction
This lab gives you the opportunity to schedule jobs using both at and crontab.
The exercise can be found in your Student Exercises Guide.

Instructor Guide
Instructor notes:
Purpose — Introduce the exercise for this unit
Details — Depending on the class, it might be a good idea to remind the students where
the instructions for the exercise are located.
Transition statement — Let’s summarize the key points we have covered in this unit.

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

• Use crontab files to schedule jobs on a periodic
basis
• Use the at command to schedule a job or series of
jobs at some time in the future
• Use the batch command to schedule jobs in a
queue to alleviate immediate system demand
Notes:

Instructor Guide
Instructor notes:
Purpose — Summarize the key points covered in this unit
Details —
Transition statement — You have reached the end of our scheduling unit.

V5.2
Instructor Guide
Uempty Unit 14. TCP/IP networking
Estimated time
01:30

This unit describes the essential TCP/IP and networking concepts
required in order to work with and configure TCP/IP in AIX.

• Define TCP/IP layering terminology
• Describe the TCP/IP startup flow on AIX
• Configure Virtual LANs
• Describe IP addressing
• Configure TCP/IP basic functions on AIX
• Explain how Ports and Sockets are used
• Use standard TCP/IP facilities
• Configure NFS
• Set up VNC

Accountability:
• Checkpoint
References
management
System Management Guide: Communications and
Networks
following address:
© Copyright IBM Corp. 2009 Unit 14. TCP/IP networking 14-1

Instructor Guide
Unit objectives
IBM Power Systems

• Configure Virtual LANs
– IP configuration, routing, aliasing
• Use standard TCP/IP facilities to:
– Log in to another system
– Transfer files
– Run commands
• Configure NFS
• Set up VNC
Notes:

V5.2
Instructor Guide

Purpose — Provide an introduction to configuring TCP/IP on AIX
• Use standard TCP/IP facilities to: log in to another system, transfer files, run commands
• Configure NFS
• Set up VNC
Transition statement — Let's start by defining what TCP/IP is.

Instructor Guide
What is TCP/IP?
IBM Power Systems
- Transmission Control Protocol/Internet Protocol

- Set of protocols (rules) which define how computers (hosts)
communicate on a network
- Designed for Heterogeneous systems
- Supports different network types
- Made up of Open Standards
- Request for comments (RFCs)
- Protocol of the Internet, defined in 5 layers
Figure 14-2. What is TCP/IP? AN121.1
Notes:
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name
is Internet Protocol Suite or IP Stack.
TCP/IP is a set of protocols or rules which define various aspects of how two computers in
a network may communicate with each other. A protocol is a set of rules which describes
the mechanisms and data structures involved. Using these definitions, vendors can write
software to implement the protocols for particular systems.
There are many different protocols which cover the aspects of addressing hosts in the
network, data representation and encoding, message passing, interprocess
communications, and application features, such as how to send mail or transfer files across
the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface
software must be written to allow the protocols to use the available communications
hardware.

V5.2
Instructor Guide
Uempty This means that heterogeneous environments can be created where machines from
different manufacturers can be connected together, and different types of networks can be
interconnected.

Instructor Guide
Instructor notes:
Purpose — Introduce the TCP/IP protocol suite
Details — Go through the details in the visual.
Transition statement — Now that we have defined what TCP/IP is, let's see the layering
model.

V5.2
Instructor Guide
Uempty
TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation
- Firewall
Session TCP UDP
Transport Reliable delivery to
correct program
Unreliable delivery to
correct program
Transport
- Router
IP IPsec ICMP - Layer 3 switch
Network Internet
- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC
Medium (connectors, cabling, distance)

- NIC
Examples: Examples: - Repeater
Physical Physical 1000Base-TX/SX/LX SONET
IEEE 802.11x T/ E -carrier links
xDSL
Figure 14-3. TCP/IP layering AN121.1
Notes:
The TCP/IP protocol suite consists of lots of different protocols, which are described in
many thousands of RFCs. Most of these protocols and RFCs are either application specific
(such as RFC 959, which describes the FTP protocol), or describe how data should be
transferred over a specific architecture (such as RFC 894, which describes IP over
Ethernet). For now, it is important to understand the working and interdependency of only a
few core protocols. Since these protocols are built on top of each other, where one protocol
uses another protocol to get things done, the interdependency is almost as important as
understanding each protocol independently.
From top to bottom we find the following protocols:
• Applications use either the User Datagram Protocol (UDP) or the Transmission
Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to
the right process, and make use of IP to arrange delivery to the right host. The
difference between UDP and TCP is that TCP implements a mechanism of
acknowledgements, whereby reliability can be guaranteed. UDP does not have such a
mechanism, making UDP less reliable.

Instructor Guide
• The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol
(ICMP) messages are typically generated in response to errors in IP datagrams or for
diagnostic or routing purposes. The IPsec protocol is responsible for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a data
stream.
• The Network interface is the protocol layer which transfers data between hosts. In
order to do this, a physical medium is required such as copper or fiber and hence the
network interface and physical layers are closely related.
Common network devices
• Repeater. A repeater is an electronic device that receives a signal and retransmits
them at a higher level, higher power or both, so that the signal can cover longer
distances without degradation. Because repeaters work with the actual physical signal,
and do not attempt to interpret the data being transmitted, they operate on the Physical
layer, the first layer of the OSI model.
• Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allow
computers to communicate over a computer network. It is both a layer 1 (physical layer)
and layer 2 (data link layer) device, as it provides physical access to a networking
medium and provides a low-level addressing system through the use of MAC
addresses.
• Bridge. A bridge is a hardware device for linking two networks that work with the same
protocol. Unlike a repeater, which works at the physical level, a bridge works at the
logical level (on layer 2), which means that it can filter frames so that it only lets past
data whose destination address corresponds to a machine located on the other side of
the bridge.
• Switch. A network switch is a device that connects network segments. The term
commonly refers to a network bridge that processes and routes data at the Data link
layer (layer 2) of the OSI model.
- Layer 3. Switches that additionally process data at the network layer (layer 3 and
above), are often referred to as Layer 3 switches or multi-layer switches. A layer 3
switch can perform some or all of the functions normally performed by a router.
- Layer 4. Layer 4 switches process data a the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall which performs
transport layer function such as: Network Address Translation (NAT), IP filtering and
packet encryption/decryption.
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced
application data contained in the data packets, for example, an awareness of the
type of the file being sent by FTP. For this reason, a layer 7 switch can be used for
load balancing, by routing the incoming data flow to the most appropriate servers,
which have a lower load or are responding more quickly.

V5.2
Instructor Guide

Purpose — Introduce TCP/IP to the audience
Details — Most students know a great deal about TCP/IP today because we all connect to
the internet. What some people may not know is the layers and the flows of communication
between them. Go through the details in the visual and notes at a high level.
Transition statement — Let's looks at TCP/IP startup on AIX.

Instructor Guide
TCP/IP start-up flow

IBM Power Systems
Partition Activation
Run time init Process /etc/inittab
/sbin/rc.boot calls cfgmgr Process /etc/rc.net
/etc/rc.tcpip Starts TCP/IP subsystems

syslogd
/etc/rc.nfs snmpd
sendmail
portmap
Login
Inetd Æ /etc/inetd.conf
Figure 14-4. TCP/IP start-up flow AN121.1
Notes:
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which will in turn initialize the network interfaces and set up
routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip
script. This script can be edited directly to comment or uncomment subsystem startup. The
inetd daemon is responsible for loading network programs upon request, such as ftp, telnet
etc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based
applications such as NFS, NIM, HACMP, can be started.

V5.2
Instructor Guide

Purpose — Highlight how TCP/IP starts-up on AIX
Details — Give the audience an overview of the critical TCP/IP files which are used during
start-up
Transition statement — Let's look at Ethernet adapter support on AIX.

Instructor Guide
Ethernet adapters
IBM Power Systems
• Many types supported on AIX

– Traditional copper (TX).
– Single-mode and multi-mode fiber (SX, LX, SR, LR)
• Each adapter (entX) has two interfaces (enX and etX).
– enX interface, uses the ‘standard DIX’ ethernet frame format
• Originally designed by Digital, Intel and Xerox
– etX interface, uses IEEE802.3 frame format, (same as DIX except
Type field is replaced by Length)
Interface en0 and et0 Adapter Card ent0

Layer three logical devices Layer 1 and 2 physical device MAC
Address
## lsdev
lsdev -Cl
-Cl ent0
ent0
ent0 IP addresses are
ent0 Available 01-08
Available 01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter assigned to the
## lscfg -v -l ent0 |grep Network
lscfg -v -l ent0 |grep Network interfaces. In this
Network
Network Address.............001125BF9018
Address.............001125BF9018 case, en0.
## lsdev
lsdev -Cc if
-Cc if
en0
en0 Available
Available 01-08
01-08 Standard
Standard Ethernet
Ethernet Network
Network Interface
Interface
et0 Defined
et0 Defined 01-08
01-08 IEEE 802.3 Ethernet Network
IEEE 802.3 Ethernet Network Interface
Interface
Figure 14-5. Ethernet adapters AN121.1
Notes:
Brief history of Ethernet
The original Ethernet is called Experimental Ethernet today. It was developed by Robert
Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The
first Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was
derived from Experimental Ethernet. Today, there are many different standards, under the
umbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for
all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).
For further information see http://www.ieee802.org/3
Ethernet adapter support on AIX
• TX 10/100/1000Mb up to 100m using traditional copper
• SX 1000Mb up to 550m using multi-mode fiber
• LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)
• SR (short range) 10Gb up to 300m using multi-mode fiber

V5.2
Instructor Guide
Uempty • LR (long range) 10Gb up to 25km using single-mode fiber

In virtually all cases, on AIX you will configure the en (DIX) interface, et interfaces are rarely
(if at all) used.
Note: Fiber versus Fibre. When talking about networks and Fiber it is important to know
when to use the correct spelling. Fiber refers to the medium (wire), whereas Fibre refers to
the protocol, as in, Fibre channel.

Instructor Guide
Instructor notes:
Purpose — Provide an introduction to Ethernet adapters
Details — Provide a little Ethernet history to the students. Give a brief overview of the
adapter support in AIX. Traditional copper (TX) is inexpensive. However, to go further
distances and higher speeds, Fiber is required. Ensure students understand that the
adapter is both a layer 1 and 2 device, and that for each adapter there are two layer 3
interfaces, enX and etX. In the visual, en0 is shown as available. Explain it is made
available when an IP address is assigned to it.
Transition statement — VLANs are a critical part of configuring Ethernet networks and
play an important role in virtual Ethernet on Power5 and 6 boxes. Let's provide an overview
of VLANs.

V5.2
Instructor Guide
Uempty
Virtual LAN
IBM Power Systems
• VLANs divide physical networks into logical networks.

– To form smaller more manageable sub-networks
– Provide greater flexibility
– Aides performance and security through isolation
– Ports in a VLAN share broadcast traffic and belong to the same
broadcast domain.
• The industry standard VLAN protocol is IEEE 802.1Q.
Broadcast
domain
VLAN 1
Building 1 Trunk Building 2
VLAN 2
Figure 14-6. Virtual LAN AN121.1
Notes:
Virtual LAN (VLAN)
VLANs are used to divide networks into smaller, more manageable chunks. This helps to
reduce the size of the broadcast domain and helps with security through isolation. IEEE
802.1Q is the standard for VLANs. It aims to:
• Define an architecture to logically partition bridged LANs and provide services to
defined user groups, independent of physical location.
• Allow interoperability between multivendor equipment.

Instructor Guide
Instructor notes:
Purpose — Introduce VLANs
Details — VLANs today are common place and supported by modestly priced Ethernet
hardware.
Explain what VLANs are and describe the benefits.
Transition statement — VLAN tagging is the key to understanding how VLANs work. Let's
define VLAN tagging.

V5.2
Instructor Guide
Uempty
IEEE 802.1Q VLAN tagging (1 of 2)

IBM Power Systems
• VLANs are created by assigning a VLAN ID (VID) to switch

ports
• By default, all switch ports are assigned a default VLAN ID,
referred to as a PVID (Port VLAN ID)
• When an untagged packet enters a port it will be automatically
tagged with the port’s PVID.
• The packet can only travel to a destination port which belongs

to the same VLAN group.
• Ports can belong to multiple VLAN groups.
• Packets can either leave the switch port tagged or untagged.
Figure 14-7. IEEE 802.1Q VLAN tagging (1 of 2) AN121.1
Notes:
802.1Q VLAN
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet
carries a VLAN ID, called a Tag. This allows VLANs to be configured across multiple
switches. Packets can leave the switch tagged or untagged, depending on the setting for
that port's VLAN membership properties. When using 802.1Q, four bytes are added to the
Ethernet frame, of which 12 bits are used for the VLAN ID. Theoretically, there can be up to
4096 VLANs per network.

Instructor Guide
Instructor notes:
Purpose — Introduce VLAN tagging
Additional information — For further information, refer to the IEEE website:
http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf
Transition statement — VLAN tagging continuation

V5.2
Instructor Guide
Uempty
IEEE 802.1Q VLAN tagging (2 of 2)

IBM Power Systems
• Packets can also be tagged by the operating system, in this

case from AIX.
– This is useful if you want to create multiple networks from a single
Ethernet adapter.
ent1 VLAN 1 network A

Network ent0 ent2 VLAN 2 network B
ent3 VLAN 3 network C
• A host tagged packets, if permitted, are unaffected by the

PVID setting.
Figure 14-8. IEEE 802.1Q VLAN tagging (2 of 2) AN121.1
Notes:
AIX implementation supports the IEEE 802.1Q VLAN tagging standard, with the capability
to support multiple VLAN IDs running on Ethernet adapters. Each VLAN ID is associated
with a separate Ethernet interface to the upper layers (for example, IP), which creates
unique logical Ethernet adapter instances per VLAN, for example, ent1, ent2, and so on.
For example, you may only have one physical Ethernet adapter on the system, but want to
create multiple networks.

Instructor Guide
Instructor notes:
Purpose — Introduce VLAN tagging continuation
Transition statement — Let's see a simple VLAN example.

V5.2
Instructor Guide
Uempty
VLAN group example

IBM Power Systems
• VLAN 100 is used by the finance group.

• VLAN 200 is used by the sales group.
Trunk Link Trunk Link
Figure 14-9. VLAN group example AN121.1
Notes:
The example in the visual shows three VLANs split across three Ethernet switches. VLANs
100 and 200 are used to segregate hosts and users from the finance and sales groups
respectively.

Instructor Guide
Instructor notes:
Purpose — Demonstrate a simple VLAN example.
Details — The example shows how to define three VLANs: 33, 100, and 200, across three
switches.
Transition statement — Let's see how to create a VLAN adapter in AIX.

V5.2
Instructor Guide
Uempty
AIX VLAN tagging

IBM Power Systems
• To assign a VLAN ID in AIX, a VLAN adapter must be created.

– Go to smit addvlan, and select a base Ethernet adapter.
Available
Available Network
Network Adapters
Adapters
Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter. Use
Use arrow
arrow keys
keys to
to scroll.
scroll.
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (1410890)
(1410890)
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14106902)
(14106902)
Add
Add AA VLAN
VLAN
[Entry
[Entry Fields]
Fields]
VLAN
VLAN Base
Base Adapter
Adapter ent1
ent1
** VLAN
VLAN Tag ID
Tag ID [33]
[33] +#
+#
VLAN
VLAN Priority
Priority []
[] +#
+#
## lsdev
lsdev -Cc
-Cc adapter
ent0
adapter
Available
Packets(14106902)
which get
ent0 Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14106902)
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
sent
Base-TX PCI-X
from adapter
PCI-X Adapter
Adapter (14108902)
(14108902)
ent2
ent2 Available
Available VLAN
VLAN ent2, are sent
tagged (33) out of
ent1.
Figure 14-10. AIX VLAN tagging AN121.1
Notes:
Use smit addvlan fast path to configure VLANs. Start by selecting a base adapter, which
will be used to send the packets, and assign a VLAN tag. Optionally, you can also specify a
priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are created
using the same base adapter. You can specify a value from 0-7, where 0 is the default
priority, 1 is the highest, and then in increasing numerical order from 2 through 7.
After you have configured a VLAN, configure the IP interface (for example, en2) for
standard Ethernet.

Instructor Guide
Instructor notes:
Purpose — Show how to create a VLAN adapter in AIX
Details — Go through the example as shown in the visual.
Transition statement — Before we see how to configure TCP/IP on AIX, let's explain the
theory behind IP and subnet addressing.

V5.2
Instructor Guide
Uempty
IP and subnet addressing (1 of 2)

IBM Power Systems
• Each host on a network has an assigned unique IP address

and associated subnet mask.
– 32 bits, divided into four octets
10000001 00100001 10010111 00000111

129 . 33 . 151 . 7
11111111 11111111 00000000 00000000 /16
255 . 255 . 0 . 0
Network identification Host identification
– The network address = 129.33.0.0 (129.33/16)

– The broadcast address = 129.33.255.255
– The first host on the network = 129.33.0.1
– The last host on the network = 129.33.255.254
• Every TCP/IP host contains a special address called the

loopback which is assigned an address of 127.0.0.1.
Figure 14-11. IP and subnet addressing (1 of 2) AN121.1
Notes:
In order to be able to deliver the IP packet to the correct destination host, every host needs
an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,
the IP address is not written in its binary form, but in the so-called “decimal dot” notation,
where the 32 bits are grouped into four groups of eight bits each, and those eight bits are
written in decimal form, separated with dots. The subnet mask allows us to identify the two
key pieces of information in the IP address. The address of the network and the host
identification (host ID).
Several addresses and address ranges are reserved for special purposes. The most
important ones are listed here:
• The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for the
loopback address. Hosts use the loopback address to send messages to themselves.
• Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.

Instructor Guide
• Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved as
the local broadcast address. Data sent to this address is delivered to all systems on the
local network.

V5.2
Instructor Guide

Purpose — Explain the format and purpose of an IP address and subnet mask
Transition statement — Let's define how IP addresses are organized and how they are
assigned.

Instructor Guide
IP and subnet addressing (1 of 2)

IBM Power Systems
• Network addresses by default are divided into classes:

Class Default subnet mask Range No. of networks No. of hosts
A 255.0.0.0 (/8) 1-127 128 16.7 million
B 255.255.0.0 (/16) 128-191 16384 65534
C 255.255.255.0 (/24) 192-223 2.1 Million 254
• Network assignment is managed by the IANA (Internet

Assigned Numbers Authority) through ISPs.
– Network addresses are generally, either broken up and assigned to
physical networks (subnetting), or aggregated together (supernetting).
– This is achieved by manipulating the subnet mask.
Figure 14-12. IP and subnet addressing (1 of 2) AN121.1
Notes:
IP addresses need to be assigned in such a way that they are unique across the whole
Internet. That is why there is a special organization that does this. This is the Internet
Assigned Number Authority, or IANA. They are responsible for assigning groups of
addresses, called classes, to organizations. They do not do this directly, but have
contracted out that responsibility to the InterNIC (http://www.internic.net), who in turn
delegates this to local ISPs.
In additional to classes A to C, there are also classes D and E. Class D addresses are
reserved for multicasting. Multicasting is a limited area type of broadcasting. There is no
network or host portion in a multicast address. It is an integer number registered with the
InterNIC that identifies a group of machines. Class E, is for experimental use only.
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into
smaller more manageable chunks. This is achieved through a process known as
subnetting. On the other hand, class C addresses contain very few hosts, which can also
be subnetted into smaller chunks, but very often need to be aggregated together to form
larger networks. This is achieved through a process known as supernetting.

V5.2
Instructor Guide

Purpose — Define how IP addresses are organized and how they are assigned
Details — IP address assignment is based on a class system. Introduce this concept to
students and explain that class A and B addresses need to be broken down in order to be
assigned to physical networks. Subsequently, class C addresses often need to be
aggregated together.
Transition statement — Let's see a subnetting example.

Instructor Guide
Subnetting example
IBM Power Systems
• Company bigbucks.com has acquired the class B network address of

129.33.0.0. They need to spilt the address range so they can have up to
128 physical networks and up to 510 hosts per network.
10000001 00100001 0000000 0 00000000

129 . 33 . 0 . 0
11111111 11111111 1111111 0 00000000 /23
255 . 255 . 254 . 0
Network identification Assigned by this Host identification
organization to the
network
The number of possible

physical (sub) networks
is: The number of hosts per
2^7 = 128. network is:
(2^9)-2 = 510.
Figure 14-13. Subnetting example AN121.1
Notes:
The default subnet mask for a class B network is 255.255.0.0. This translates to one
network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often
have hundreds, if not thousands of physical networks split across both local and
geographically dispersed locations. The only way to do this is to split the network address
into more manageable chunks. This is achieved by borrowing bits from the host ID and
using them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical
networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have to
subtract two from the number of hosts, because all zeros are reserved for the network and
all ones are reserved for the broadcast address.

V5.2
Instructor Guide

Purpose — Demonstrate the effects of subnetting a class B address
Details — Using the visual, show students how an entire class B network structure can be
broken down into 128 networks consisting of up to 510 hosts per network.
Transition statement — Let's see a supernetting example.

Instructor Guide
Supernetting example
IBM Power Systems
• Company losechange.com has acquired four class C network

addresses: 222.180.108.0 through to 222.180.111.0. However, they
would like to aggregate these networks together to form one global
network.
11111100 10110100 011011 00 00000000

222 . 180 . 108 . 0
11111111 11111111 111111 00 00000000 /22
255 . 255 . 252 . 0
Network identification Host identification
One class C network

Network address =
The number of hosts
222.180.108.0/22
(2^10)-2 = 1022
Figure 14-14. Supernetting example AN121.1
Notes:
Having four class C addresses is four physical networks each with up to 254 hosts. Each
network would require a router to route packets between them. Supernetting is the
opposite to subnetting and borrows bits from the network portion of the IP address. In the
example, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to
255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part of
the 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.

V5.2
Instructor Guide

Purpose — Demonstrate the effects of supernetting a class C address
Details — Using the visual, show students how four class C networks can be aggregated
into 1 network consisting of up to 1022 hosts.
Transition statement — Let's see how we configure TCP/IP on AIX.

Instructor Guide
How is TCP/IP configured on AIX? (1 of 2)

IBM Power Systems
• There are many ways. However, in most cases you start with
smit mktcpip. A one stop shop for
Minimum TCP/IP config on
Minimum Configuration
Configuration && Startup
Startup
AIX.
To
To Delete existing configuration data, please use Further Configuration menus
Delete existing configuration data, please use Further Configuration menus
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
changes.
[Entry
[Entry Fields]
Fields]
** HOSTNAME
HOSTNAME [waldorf]
[waldorf]
** Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.18]
[10.47.1.18]
Network
Network MASK
MASK (dotted
(dotted decimal)
decimal) [255.255.0.0]
[255.255.0.0]
** Network
Network INTERFACE
INTERFACE en0
en0
NAMESERVER
NAMESERVER
Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.33]
[10.47.1.33]
DOMAIN Name
DOMAIN Name [lpar.co.uk]
[lpar.co.uk]
Default
Default Gateway
Gateway
Address
Address (dotted
(dotted decimal
decimal or
or symbolic
symbolic name)
name) [10.47.0.1]
[10.47.0.1]
Cost
Cost [0]
[0] ##
Do
Do Active
Active Dead
Dead Gateway
Gateway Detection?
Detection? no
no ++
Your CABLE Type
Your CABLE Type N/A
N/A ++
START
START Now
Now no
no ++
Figure 14-15. How is TCP/IP configured on AIX? (1 of 2) AN121.1
Notes:
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the
system. The essential items you will require are:
• Hostname of the machine
• IP address and network mask
• Interface to be configured
Desirable items are:

• Default Gateway for the environment
• DNS parameters (namserver and domain name)
This information populates the /etc/resolv.conf file, as follows:
nameserver 10.47.1.33
domain lpar.co.uk
Cable type is generally not required and can be left as N/A. Start now will refresh or start,
the TCP/IP subsystems. Note: they should already be running!

V5.2
Instructor Guide

Purpose — Introduce smitty mktcpip as a one stop shop for tcpip config.
Details — Use the visual to explain how to use smit mktcpip to configure TCP/IP on AIX.
Introduce most of the options in the panels.
Additional information — You may get questions on active dead gateway detection as
shown in the smit screen. Skip this for now and come back to it when we cover DGD.
Transition statement — What about multi-homed boxes?

Instructor Guide
How is TCP/IP configured on AIX? (2 of 2)

IBM Power Systems
• smit tcpip should only be used for the first adapter. In a multi-
homed host, subsequent adapters should be configured with
smit chinet.
Change
Change // Show
Show aa Standard
Standard Ethernet
Ethernet Interface
Interface
[Entry
[Entry Fields]
Fields]
Network
Network Interface
Interface Name
Name en1
en1
INTERNET
INTERNET ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [192.168.0.1]
[192.168.0.1]
Network
Network MASK
MASK (hexadecimal
(hexadecimal or or dotted
dotted decimal)
decimal) [255.255.255.0]
[255.255.255.0]
Current STATE
Current STATE up
up ++
Use
Use Address
Address Resolution
Resolution Protocol
Protocol (ARP)?
(ARP)? yes
yes ++
BROADCAST
BROADCAST ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) []
[]
Interface
Interface Specific
Specific Network
Network Options
Options
('NULL'
('NULL' will unset the
will unset the option)
option)
rfc1323
rfc1323 []
[]
tcp_mssdflt
tcp_mssdflt []
[]
tcp_nodelay
tcp_nodelay []
[]
tcp_recvspace
tcp_recvspace []
[]
tcp_sendspace
tcp_sendspace []
[]
Apply
Apply change
change to
to DATABASE
DATABASE only
only no
no ++
Figure 14-16. How is TCP/IP configured on AIX? (2 of 2) AN121.1
Notes:
If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be
used. All fields are optional, but essential items are:
• IP address and network mask
• Interface to be configured
• State of the interface, default is DOWN – so do not forget to switch this to UP – this is a
very common configuration error.
The network specific options are beyond the scope of this class.

V5.2
Instructor Guide

Purpose — Clarify how to add IP config to a box with multi adapters
Details — Talk through the options highlighted in blue. The network specific options are
beyond the scope of this course. Do not forget to point out the adapter state is by default,
down. Most people miss this.
Transition statement — Can we do this from the command line?

Instructor Guide
Command line TCP/IP configuration

IBM Power Systems
• There are two ways to configure network resources:

– AIX ODM (chdev or SMIT)
– Directly, using BSD UNIX commands: hostname, ifconfig, route
(valid until reboot)
• Setting the hostname
– ODM: # chdev –l inet0 –a hostname=sys1
– Directly: # hostname sys1
• Adding an IP address to an adapter
– ODM: # chdev -l en0 -a netaddr=192.168.0.1 –a \
netmask=255.255.255.0 -a state=up
– Directly: # ifconfig en0 192.168.0.1 255.255.255.0 up
• If the direct method is used, place the commands at the end
of:
– /etc/rc.net
or
– /etc/bsdnet (if inet0 bootup_option=yes)
Figure 14-17. Command line TCP/IP configuration AN121.1
Notes:
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two
ways to handle this:
• The AIX way, in which configuration is stored in the AIX internal database (ODM). This
way, the configuration remains after shutdown/restart.
• The traditional BSD UNIX way. This way configuration does not survive restarts unless
the commands are entered into the /etc/rc.net file.
The /etc/rc.net file is executed by cfgmgr during system boot. The /etc/rc.net file
configures AIX style configuration and optionally traditional BSD UNIX configuration. If only
traditional BSD style networking is required, then the following command can be run: #
chdev -l inet0 -a bootup_option=yes. Doing this, causes AIX to process the
/etc/rc.bsdnet instead of rc.net file at boot time. Commands such as hostname, ifconfig,
route etc should be appended to /etc/rc.bsdnet as appropriate.

V5.2
Instructor Guide

Purpose — Show how to configure AIX from the command line
Details — It is important for students to understand the different configuration methods
available on AIX.
Sometimes, it is preferable to do some things manually, like routing. One real world
example: In a mission critical environment an AIX server crashed and was subsequently
set to reboot. On reboot, the system did not come up. This happened during hours when
only basic first line support staff were on hand. They could not fix the problem. On
investigation, a route had become corrupted in the ODM causing a hard mount to get stuck.
The route could not be removed from the ODM using the standard smit panels. This took
some time for experienced personnel to solve. Subsequently, all routing was done
manually and documented in the /rc/net file. No further routing problems occurred.
Transition statement — Let's see how to verify network interfaces.

Instructor Guide
Verifying network interfaces

IBM Power Systems
• netstat
# netstat -in
# netstat -in
Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll
Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll
en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0
en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0
en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0
en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0
lo0 16896 link#1 1201 0 1214 0 0
lo0 16896 link#1 1201 0 1214 0 0
lo0 16896 127 localhost 1201 0 1214 0 0
lo0 16896 127 localhost 1201 0 1214 0 0
lo0 16896 ::1 0 1201 0 1214 0 0
lo0 16896 ::1 0 1201 0 1214 0 0
• ifconfig
# ifconfig -a
# ifconfig -a
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK
SUM_OFFLOAD(ACTIVE),CHAIN>
SUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.1.23 netmask 0xffff0000 broadcast 10.47.255.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1/0
inet6 ::1/0
Figure 14-18. Verifying network interfaces AN121.1
Notes:
The netstat –i command shows the state of all configured interfaces. The –n flag shows
network addresses as numbers. When this flag is not specified, the netstat command
interprets addresses, where possible, and displays them symbolically.
The ifconfig –a command is used to display information about all interfaces in the system.
The key flags are UP and RUNNING, which show the interface is available and active.

V5.2
Instructor Guide

Purpose — Show students how to verify network interfaces using netstat and
ifconfig commands
Details — Explain to students how to check and verify network interfaces using netstat
and ifconfig commands.
Transition statement — Let's look at name resolution.

Instructor Guide
Name resolution
IBM Power Systems
• Name resolution can be achieved through several

mechanisms: local hosts file, DNS, NIS, and LDAP.
• Local /etc/hosts file:
127.0.0.1
127.0.0.1 loopback
loopback localhost
localhost
10.10.1.1
10.10.1.1 system1
system1 nimserver
nimserver
10.10.1.2
10.10.1.2 system2
system2
10.10.1.3
10.10.1.3 system3
system3
• The default name resolution order is:

– bind (DNS), NIS=auth, local
• To change the default order to local then bind:
– Append to /etc/netsvc.conf
• hosts = local, bind
– Set environment variable NSORDER in /etc/environment
• NSORDER=local,bind
• Change is effective at next login or process start
• NSORDER overrides /etc/netsvc.conf
Figure 14-19. Name resolution AN121.1
Notes:
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
• Flat Network: This method provides name resolution through the file /etc/hosts and
works well in small, stable environments.
• DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in a
tree like database structure. It was created due to the growth of the Internet and
designed for large networks.
• NIS Server (Network Information System): This method provides a centralized server
for administration of configuration, and other files, within a LAN environment.
• LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol
for querying and modifying directory services running over TCP/IP. Tivoli Directory
Server (TDS) is IBM's version of an LDAP server

V5.2
Instructor Guide
Uempty Default Name resolution

The existence of /etc/resolv.conf determines how a system resolves hostnames and IP
addresses within a domain or flat network.
• If /etc/resolv.conf exists, then the system will attempt to query a DNS server.
• If /etc/resolv.conf does not exist, the system will check to see if NIS is being used and
if the server is available. NIS is authoritative. This means, that if the NIS client
subsystem is running, and it is not successful in obtaining an answer, then the process
stops.
• Finally, the local /etc/hosts file is checked.
Overriding the default name resolution
The default Name resolution can be overwritten in two ways:
• Append to the /etc/netsvc.conf file and specify host ordering. Use the hosts attribute
followed by the name of the resource to use. The resources listed depend on what
name resolution processes are running on the network.
• Create an environment variable NSORDER. NSORDER overrides any name resolution
specified in the /etc/netsvc.conf file.

Instructor Guide
Instructor notes:
Purpose — Explain how name resolution works on AIX
Details — Explain how name resolution can be achieved on AIX, the default order, and
how it can be changed.
Additional information — Changing the order differs between UNIX implementations. It is
generally a good idea if name resolution order is changed, to set both /etc/netsvc.conf and
NSORDER just in case the environment table gets cleared.
Do not get too involved with DNS, NIS, and LDAP topics. These are beyond the scope of
the class.
Transition statement — Now that we understand how to configure IP and Name
resolution, let's see how to add routes.

V5.2
Instructor Guide
Uempty
Routing implementation (1 of 2)
IBM Power Systems
subnet mask 9.19.99.17

sys1
255.255.0.0 sys17
9.19.98.1
(/16)
subnet mask
9.19.99.20 9.19.99.11 sys5
sys11 255.255.255.0
Internet sys20
9.19.98.5 (/24)
sys20e sys11e
152.64.10.1 9.19.98.11
default router
sys13 sys10
9.19.99.13 9.19.98.10
destination deliver via

address gateway
Host Route 9.19.98.1 9.19.99.11
Network Route 9.19.98/24 9.19.99.11
Default Route default 9.19.99.20
Figure 14-20. Routing implementation (1 of 2) AN121.1
Notes:
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
Routes are defined in the kernel routing table. Each routing table entry has two
components:
• Destination address, where you want to end up
• Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
• A host route. defines a route to a specific host. The routing IP algorithm still sees a
host address as a network; it is simply a perfect match.
• A network route. defines a route to any of the hosts on a specific network through a
gateway.
• A default route. defines a route to use when the destination did not match any host
route or network specific route. In most hosts, the only type of route the administrator
needs to define is a default route, also known as the default gateway.

Instructor Guide
Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is
used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).

V5.2
Instructor Guide

Purpose — Explain host, network, and default routes, and demonstrate how a router
works using the networks in the foil
Details — Using the drawing, explain each type of route table entry. The route table
resides on sys17.
In evaluating the route table, priority is host entries, network entries, and then finally default
entry.
Additional information — If there is no default route and no match exists for a destination,
an error is returned to the application. This message is “Cannot reach destination network”.
Transition statement — Let's see how to actually add these routes.

Instructor Guide
Routing implementation (2 of 2)
IBM Power Systems
• Route syntax: route [add/delete/change] [destination] [gateway]

– Add a default gateway
## route
route add
add 00 9.19.99.20
9.19.99.20
– Add a host or network route

## route
route add
add 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
## route
route add
add –net
–net 9.19.98
9.19.98 9.19.99.11
9.19.99.11
– Delete a host route

## route
route delete
delete 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11
– Empty or flush the routing table

## route
route -f
-f
– Configure an AIX host as a router

## no
no –o
–o ipforwarding=1
ipforwarding=1
Figure 14-21. Routing implementation (2 of 2) AN121.1
Notes:
Routes can also be manipulated through SMIT (smit route). See the route man page for
further details.

V5.2
Instructor Guide

Purpose — Explain how to add routes.
Transition statement — Now we can add routes, let's look at multipath routing.

Instructor Guide
Multipath routing
IBM Power Systems
• AIX will allow you to add multiple routes to the same

destination. It is known as MPR (multipath routing).
– This is for load balancing and high availability.
2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
Host 10.47.1.18
10.47.1.18
Default Router2
Default Router2 10.47.0.254
10.47.0.254 Primary
Backup
# route add 0 10.47.0.1 weight 1 –active_dgd 1

# route add 0 10.47.0.254 weight 10 –active_dgd
# route add 0 10.47.0.1 –weight 1 –active_dgd 2

# route add 0 10.47.0.254 –weight 1 –active_dgd
Figure 14-22. Multipath routing AN121.1
Notes:
From AIX5L, multiple routes can be configured to the same destination. This configuration
is known as multipath routing (MPR). MPR allows us to load balance between gateways or
prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection
(DGD). This enables the system to dynamically change the weight on a route if a router has
failed. There are two methods of DGD, active and passive. The passive mode has less
overhead on the network, but can be slow to respond to an outage. Active has more
overhead on the network but is more responsive to an outage, because icmp (ping)
packets are used to periodically poll/detect if a router is up or down. Active DGD is
deployed by using the –active_dgd option on the route command.
The default MPR policy is Weighted Round-Robin which will load balance by default. This
is defined by the network option mpr_policy. There are 5 policies to choose from:
• Weighted Round-Robin (1): Based on user-configured weights assigned to the multiple
routes, through the route command, round-robin is applied. If no weights are
configured, then it behaves identical to plain round-robin.
• Random (2): Chooses a route at random.

V5.2
Instructor Guide
Uempty • Weighted Random (3): Chooses a route based on user-configured weights and a
randomization routine. The policy adds up the weights of all the routes and picks a
random number between zero and the total weight. Each of the individual weights are
removed from the total weight, until this number is zero. This picks a route in the range
of the total number of routes available.
• Lowest Utilization (4): Chooses a route with the minimum number of current
connections going through it.
• Hash-based (5): A hash-based algorithm chooses a route by hashing based on the
destination IP address.
To change the MPR policy type: # no –o mpr_policy=<number>

Instructor Guide
Instructor notes:
Purpose — Explain the basics and advantages of multipath routing.
Details — This follows on from the first smitty mktcpip screen and will explain the option
“Do active DGD”. AIX, since 5L, will now let you add multiple routes to the same
destination, with priorities, which is very useful for defining backup paths and for switching
paths. For example, route to X 9am-5pm is through the 100Mb networkA, route to X
5pm-9am is through the 1Gb networkB.
It's important students have a basic grasp of this, because when they start working with
multiple IP aliasing clusters, they will configure AIX to use MPR.
Additional information — In AU07, MPR is associated with VIPA. VIPA is just one
example which relies on MPR to work. However, these topics are different. MPR would still
exist without VIPA. MPR is important, VIPA is not and is therefore not part of this unit.
Transition statement — Another important function of IP is aliasing, let's see how it works.

V5.2
Instructor Guide
Uempty
Additional configuration, IP aliasing

IBM Power Systems
• IP aliasing is a popular function which allows multiple IP

addresses to be assigned to a single IP interface.
• This technology is popular with clustering technologies, such
as PowerHA (HACMP).
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name Mtu
Name Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500
1500 192.168.0
192.168.0 192.168.0.1
192.168.0.1 00 00 66 00
## ifconfig
ifconfig en1
en1 alias
alias 172.31.0.1
172.31.0.1 255.255.0.0
255.255.0.0
## ifconfig
ifconfig en1
en1 alias
alias 10.47.33.33
10.47.33.33 255.255.0.0
255.255.0.0
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep –v
–v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500
1500 192.168.0
192.168.0 192.168.0.1
192.168.0.1 00 00 77 00
en1
en1 1500 172.31
1500 172.31 172.31.0.1
172.31.0.1 00 00 77 00
en1
en1 1500
1500 1010 10.47.33.33
10.47.33.33 00 00 88 00
Figure 14-23. Additional configuration, IP aliasing AN121.1
Notes:
IP aliasing is used widely in clustering technologies (such as HACMP), and in WPARs. It is
very useful if the network is being transitioned to another IP subnet or network range.

Instructor Guide
Instructor notes:
Purpose — Define how IP aliasing works
Details — Go through the details and example as shown in the visual.
Additional information — It maybe worth pointing out that having an IP alias on multiple
interfaces in the same network will cause MPR! This can, and often does, happen with
HACMP and WPAR technologies. For example: In HACMP, if there are persistent IP
aliases on en1 of 10.1.1.1, and an application service address on en2 of 10.1.1.2, the
(application) client will receive packets from both adapters. This causes problems with
some application (for example, NFS) and firewalls (depending on their configuration).
Transition statement — How do we test to see if a host is alive?

V5.2
Instructor Guide
Uempty
Testing for remote connectivity

IBM Power Systems
## ping
ping sys1
sys1
PING
PING sys1:
sys1: (192.108.14.2):
(192.108.14.2): 56
56 data
data bytes
bytes
64
64 bytes from 192.108.14.2: icmp_seq=0 ttl=255
bytes from 192.108.14.2: icmp_seq=0 ttl=255 time=0
time=0 ms
ms
64
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms
bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms
^C
^C
----seraph
----seraph PING
PING Statistics----
Statistics----
22 packets
packets transmitted, 22 packets
transmitted, packets received,
received, 0%
0% packet
packet loss
loss
## traceroute
traceroute sys1
sys1
trying
trying to
to get
get source
source for
for sys1
sys1
source should be 10.47.1.31
source should be 10.47.1.31
traceroute
traceroute toto seraph
seraph (192.108.14.2)
(192.108.14.2) from
from 10.47.1.31
10.47.1.31 (10.47.1.31),
(10.47.1.31), 30
30 hops
hops max
max
outgoing
outgoing MTU
MTU == 1500
1500
11 merovingian.lpar.co.uk
merovingian.lpar.co.uk (10.47.1.30)
(10.47.1.30) 11 ms ms 00 ms
ms 00 ms
ms
22 7.7.7.1 (7.7.7.1) 0 ms 0 ms
7.7.7.1 (7.7.7.1) 0 ms 0 ms 0 ms 0 ms
33 sys1
sys1 (192.108.14.2)
(192.108.14.2) 00 ms ms 00 ms
ms 00 ms
ms
• Note: Sometimes the protocols used by ping (icmp) and

traceroute (udp) are blocked by firewalls or IPSec filters.
Figure 14-24. Testing for remote connectivity AN121.1
Notes:
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP
ECHO_RESPONSE from a host or router. If the host is operational and on the network, it
responds to the echo.
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Be very careful of some options like –f. This will cause ICMP packets to flood the network.
Ping is most useful to test basic connectivity between hosts, but that it can not tell us any
thing about where the break is in the path. On the other hand, if ping cannot get a
response, traceroute can sometimes still give us information that helps to identify the
outage.
traceroute is useful for displaying all the routers between end to end host connectively. It
may turn out that the remote host is OK but a router has failed along the path. Traceroute

Instructor Guide
works by increasing the “time-to-live” value of each successive batch of packets sent. The
first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a
TTL value of 2, and so on. When a packet passes through a host, normally the host
decrements the TTL value by one, and forwards the packet to the next host. When a packet
with a TTL of one reaches a host, the host discards the packet and sends an ICMP time
exceeded (type 11) packet to the sender. The traceroute utility uses these returning
packets to produce a list of hosts that the packets have traversed en route to the
destination. The three timestamp values returned for each host along the path are the
delay (known as latency) values typically in milliseconds (ms) for each packet in the batch.
If a packet does not return within the expected timeout window, a star (asterisk) is
traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is
at one hop, the second host at two hops, and so on. IP does not guarantee that all the
packets take the same route. Also note, that if the host at hop number N does not reply, the
hop will be skipped in the output.

V5.2
Instructor Guide

Purpose — If we are having connectively problems, then we all tend to first ping and trace
a route.
Details — Go through the information in the visual and notes. You will probably find most
students know this already.
Additional information — There are many tools available to enhance or masquerade
traceroute type functionality, such as MTR (My traceroute). MTR is a program which
combines the functionality of both traceroute and ping programs in a single network
diagnostic tool. Pingplotter is a great traceroute program but works under windows.
Transition statement — Let's see how ports and sockets work.

Instructor Guide
Ports and sockets

IBM Power Systems
• A port identifies the application on the host.

• Server side ports are well-known and fixed.
– Stored in /etc/services
• Client side ports are dynamic > 1023.
– Every client connection uses a new port
• A Socket is a combination of IP address, protocol, and port
number.
• A pair of sockets define a unique application network
connection.
• TCP and UDP both implement ports independent of each
other.
## grep
grep "^ftp
"^ftp "" /etc/services
/etc/services
ftp
ftp 21/tcp
21/tcp ## File
File Transfer
Transfer [Control]
[Control]
ftp
ftp 21/udp
21/udp ## File
File Transfer [Control]
Transfer [Control]
neo:/
neo:/ ## ftp
ftp trinity
trinity Socket connection
neo:/ resulting from the
neo:/ ## netstat
netstat -a
-a |grep
|grep trinity
trinity ftp communication
tcp
tcp 00 00 neo.57413
neo.57413 trinity.ftp
trinity.ftp ESTABLISHED
ESTABLISHED
Figure 14-25. Ports and sockets AN121.1
Notes:
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
A port uniquely identifies an application (also called network services). The source port
number and the destination port number are contained in the header of each TCP segment
or UDP packet.
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number
that tells the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point. A pair of sockets uniquely identifies the end to end connection.
Socket communication can be viewed with the netstat –a command.

V5.2
Instructor Guide

Purpose — Define the principles of ports and sockets with the TCP/IP suite
Details — Introducing port and sockets does not fit in smoothly at this point, but they are
needed in describing UDP, TCP, and /etc/services, which follow. Before two programs can
communicate with each other, both must initialize communication end points. Connections
to a system are distinguished by a port number, which serves as a sort of mailbox number
for datagrams. Once a port has been assigned, any datagrams the application program
sends through the port, will have the port number in the transport port field.
Transition statement — The inetd daemon plays an important role in TCP/IP, let's see it in
more detail.

Instructor Guide
inetd daemon
IBM Power Systems
• Known as the ‘super server daemon’

• Loads a network program based upon request
– Example network programs
• ftp, tftp, login, telnet, shell, exec, bootp, time.
– To enable or disable a network program, comment or uncomment the
appropriate line, and refresh the inetd daemon.
– Example: disable ftp
vi
vi /etc/inetd.conf,
/etc/inetd.conf, locate
locate and
and comment
comment out
out ftp
ftp line
line
#ftp
#ftp stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/ftpd
/usr/sbin/ftpd ftpd
ftpd
telnet
telnet stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/telnetd
/usr/sbin/telnetd telnetd
telnetd -a
-a
shell
shell stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/rshd
/usr/sbin/rshd rshd
rshd
refresh
refresh –s
–s inetd
inetd
0513-095
0513-095 The
The request
request for
for subsystem
subsystem refresh
refresh was
was completed
completed successfully.
successfully.
Figure 14-26. inetd daemon AN121.1
Notes:
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
that inetd listens for requests and starts as needed, to handle these requests. The file is
used to enable and disable network services, such as ftp. To disable ftp on the host, edit
the inetd.conf file, locate and comment out the ftp program, then refresh the inetd
daemon.

V5.2
Instructor Guide

Purpose — Explain the purpose of the inetd daemon and show how to disable a network
service
Details — Explain the role of the inetd daemon and show how students can enable and
disable popular network services such as ftp.
Transition statement — Let's see how we can log in and run commands remotely on a
UNIX box.

Instructor Guide
Remote UNIX commands

IBM Power Systems
• Logging into a UNIX box remotely

## rsh
rsh trinity
trinity -l
-l root
root
## rlogin
rlogin trinity -l
trinity -l root
root
## telnet
telnet trinity
trinity
## ssh
ssh root@trinity
root@trinity
• Running commands remotely on a UNIX box

## rsh
rsh trinity
trinity -l
-l root
root date
date
## rexec
rexec trinity
trinity date
date
## ssh
ssh root@trinity
root@trinity date
date
• By default, all data, including passwords, are transferred

across the network in clear text (exception ssh)
– There are several types of ssh software available for AIX.
• OpenSSH is contained on the AIX Expansion Pack.
Figure 14-27. Remote UNIX commands AN121.1
Notes:
The commands, telnet, rsh, rexec, rlogin, and rsh are all part of the bos.net.tcp.client fileset
which is installed by default. Any passwords entered using these commands are
transferred over the network in clear text and can be easily captured using packet sniffing
tools. rsh, rexec, and rlogin commands can be configured so that the client user does not
have to supply a password. This introduces further vulnerabilities in the system. Ideally all
r* commands, including telnet, should be disabled. They can be replaced by SSH.
Openssh, including secure copy and file transfer commands, can be installed using the AIX
expansion pack media.

V5.2
Instructor Guide

Purpose — Clarify how we log in and run commands remotely on a UNIX box
Details — Go through the examples in the visual. Mention the –l flag is optional and these
commands normally do a getuid() lookup to use as the default ID. Point out that data is
transferred in clear text, apart from ssh, and new ftp –s option in 6.1.
Additional information — The intention is to show students how to use basic TCP/IP
commands to log in and run remote commands. Using these commands without a
password by configuring /etc/host.equiv, .rhosts and .netrc files are outside the scope of
this course. You may of course wish to elaborate if you have time or refer them to AU07G
TCP/IP.
Note: 20 February 2009. SSH is not covered as part of the AIX curriculum but will be added
to AU07G during the next update in 2009.
Transition statement — Let's see how we can transfer data across the network using FTP.

Instructor Guide
Transferring files over a network (1 of 2)

IBM Power Systems
• ftp
## ftp
ftp waldorf
waldorf
Connected
Connected to to waldorf.lpar.co.uk.
waldorf.lpar.co.uk.
220
220 waldorf.lpar.co.uk
waldorf.lpar.co.uk FTP FTP server
server (Version
(Version 4.2
4.2 Thu
Thu Apr
Apr 17
17 02:03:14
02:03:14 CDT CDT 2008)
2008)
ready.
ready.
Name
Name (waldorf:root):
(waldorf:root):
331
331 Password
Password required
required for
for root.
root.
Password:
Password:
ftp>
ftp> prompt
prompt
Interactive
Interactive mode
mode off.
off.
ftp> mput file* AIX 6.1 has new
ftp> mput file*
200 PORT command successful. secure option (-s) which
200 PORT command successful. uses TLS
150
150 Opening
Opening data
data connection
connection for
for file1.
file1.
226 Transfer complete.
226 Transfer complete.
200
200 PORT
PORT command
command successful.
successful.
150
150 Opening data
Opening data connection
connection for
for file2.
file2.
226
226 Transfer
Transfer complete.
complete.
200
200 PORT
PORT command
command successful.
successful.
150
150 Opening data
Opening data connection
connection for
for file3.
file3.
226
226 Transfer
Transfer complete.
complete.
ftp>
ftp> bye
bye
221
221 Goodbye.
Goodbye.
Figure 14-28. Transferring files over a network (1 of 2) AN121.1
Notes:
The ftp command is possibility the most widely used program for transferring files across a
network. The remote user name specified at the login prompt, must exist, and have a valid
password defined at the remote host.
FTP is an unsecure protocol, as all data including passwords are transferred across the
network unencrypted. These passwords are very easy to sniff and capture. AIX 6 has a
new secure feature (-s) which use Transport Layer Security (TSL) to encrypt data. To use
the secure (–s) option, OpenSSL must be installed, minimum level 0.9.7.
To gain a list of all ftp subcommands, type help in an interactive session or see the man
page.

V5.2
Instructor Guide

Purpose — Look at ftp as a mechanism to transfer data across the network
Details — Go through the simple example as provided in the visual
Transition statement — Are there any other ways to do this?

Instructor Guide
Transferring files over a network (2 of 2)

IBM Power Systems
• rcp, scp and tar

## rcp
rcp files*
files* waldorf:/tmp/files
waldorf:/tmp/files
## scp
scp file*
file* root@waldorf:/tmp/files
root@waldorf:/tmp/files
###
### Using
Using tar
tar and
and rsh
rsh (or
(or ssh)
ssh) to
to transfer
transfer files
files over
over aa network
network ###
###
## tar
tar cf
cf -- /tmp/files
/tmp/files || rsh
rsh waldorf
waldorf “cd
“cd /backup
/backup &&
&& tar
tar xBfp
xBfp –”
–”
###
### Using
Using ftp
ftp and
and dd
dd to
to test
test network
network performance
performance ###
###
ftp>
ftp> put
put "|dd
"|dd if=/dev/zero
if=/dev/zero bs=1M
bs=1M count=100"
count=100" /dev/null
/dev/null
200 PORT command successful.
200 PORT command successful.
150
150 Opening
Opening data
data connection
connection for
for /dev/null.
/dev/null.
100+0 records in.
100+0 records in.
100+0
100+0 records
records out.
out.
226
226 Transfer
Transfer complete.
complete.
104857600
104857600 bytes
bytes sent
sent in
in 1.36
1.36 seconds
seconds (7.529e+04
(7.529e+04 Kbytes/s)
Kbytes/s)
local:
local: |dd if=/dev/zero bs=1M count=100 remote:
|dd if=/dev/zero bs=1M count=100 remote: /dev/null
/dev/null
Figure 14-29. Transferring files over a network (2 of 2) AN121.1
Notes:
The rcp command is used to copy one or more files between the local host and a remote
host. The scp command is part of OpenSSH and is designed to replace rcp.
Moving files around the network can be neatly done with tar + rsh/ssh. The command
shown in the visual means: create an archive of /tmp/files and write this to standard out (in
this case the rsh command). The file will be transferred to system waldorf and
decompressed/written to directory/backup, if it exists.
To determine the transfer speed you can get between two hosts on a network, a good,
simple test is to use ftp and dd. In the visual, 100MB of data was transferred over the
network to /dev/null in 1.36 seconds.

V5.2
Instructor Guide

Purpose — Cover data transfer commands
Details — Go through the examples in the visual
Additional information — putty & pscp for windows can be obtained at
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Transition statement — NFS is a widely used application by UNIX administrators across
all UNIX systems. Let's provide an overview to NFS.

Instructor Guide
Network File System

IBM Power Systems
• File sharing between heterogeneous systems in a TCP/IP

network
• Transparent access to remote files and directories
• Based on a client/server model
• Filesets:
– Server: bos.net.nfs.server
– Client: bos.net.nfs.client
/home
/data client1 client2

/data
/data nfs_server /home
Figure 14-30. Network File System AN121.1
Notes:
Network File System (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
operating system so it is transparent to applications and users. NFS is based on a
client/server model, where the server stores files and provides clients with access.

V5.2
Instructor Guide

Purpose — Provide an overview to NFS
Details — Go through the details provided in the visual
Additional information — NFS version support is not relevant. The focus, will be on NFS
version 3, which is the default.
Transition statement — Let's see how to start and stop NFS.

Instructor Guide
NFS server configuration (1 of 2)

IBM Power Systems
• Server configuration
– Starting NFS (now and at system restart)
• /usr/sbin/mknfs –B
## lssrc
lssrc –g
–g nfs
nfs
biod
biod nfs
nfs 352444
352444 active
active
nfsd
nfsd nfs
nfs 221328
221328 active
active
rpc.mountd
rpc.mountd nfs
nfs 315524
315524 active
active
rpc.statd
rpc.statd nfs
nfs 364738
364738 active
active
rpc.lockd
rpc.lockd nfs
nfs 258262
258262 active
active
– Stopping NFS (now)

• /usr/sbin/rmnfs –N
## lssrc
lssrc –g
–g nfs
nfs
biod
biod nfs
nfs inoperative
inoperative
nfsd
nfsd nfs
nfs inoperative
inoperative
rpc.mountd
rpc.mountd nfs
nfs inoperative
inoperative
rpc.statd
rpc.statd nfs
nfs inoperative
inoperative
rpc.lockd
rpc.lockd nfs
nfs inoperative
inoperative
Figure 14-31. NFS server configuration (1 of 2) AN121.1
Notes:
The mknfs command configures the system to run the NFS daemons. The mknfs
command accepts the following flags:
-B Adds an entry to the inittab file to execute the /etc/rc.nfs file on system
restart and executes the /etc/rc.nfs file immediately to start the NFS
daemons
-I Adds an entry to the inittab file to execute the /etc/rc.nfs file on system
restart
-N Starts the /etc/rc.nfs file to start the NFS daemons immediately, when
started this way, the daemons run until the next system restart
When NFS is started the follow daemons are invoked:
• The biod daemon runs on all NFS client systems. When a user on a client wants to
read or write to a file on a server, the biod daemon sends this request to the server. The
biod daemon is activated during system startup and runs continuously.

V5.2
Instructor Guide
Uempty • The nfsd daemon runs on the server and handles client requests for file system
operations.
• The rpc.mountd daemon answers client requests to mount file systems. The mountd
daemon finds out which file systems are available by reading the /etc/xtab file. The
/etc/xtab file is created when file systems are exported on the server. This process is
covered in the next visual.
• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS
implements an advisory locking mechanism, meaning if a program, and does not pay
any attention to the locking messages it receives, it can go ahead and access the file. In
the event of a server crash, the locking information will be recovered. The status
monitor maintains information on the location of connections as well as the status in the
/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd
daemon queries these files and tries to reestablish the connection it had prior to
termination.
The rmnfs command changes the configuration of the system to stop running NFS
daemons. It accepts the same flags as mknfs.

Instructor Guide
Instructor notes:
Purpose — Show how to start and stop NFS on an AIX system
Details — Explain how to stop and start the NFS subsystem and provide an overview of
the NFS daemons.
Transition statement — Now we can start NFS, let's see how we can export directories.

V5.2
Instructor Guide
Uempty
NFS server configuration (2 of 2)

IBM Power Systems
• To export directories:
## vi
vi /etc/exports
/etc/exports
/home
/home
/usr/man
/usr/man -ro
-ro
/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle
/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle
## exportfs
exportfs -va
-va
Exported
Exported /usr/man
/usr/man
Exported
Exported /data
/data
Exported /home
Exported /home
/etc/xtab rpc.mountd
Figure 14-32. NFS server configuration (2 of 2) AN121.1
Notes:
In order to configure an NFS server, you have to first decide:
• What directories you want to export
• Which clients you want to have access the directories and files
• The permissions (for example, read-write, read-only) clients will have when accessing
the files
In the example shown in the visual:
• /home is exported to the world with read-write permissions. For security reasons, the
clients root user does not have root privileges when accessing the files remotely. The
root user is mapped to the nobody user (UID 2).
• /usr/man directory is exported to the world with read-only permissions.
• /data directory is exported to systems: kenny, kyle, and eric. Systems, kenny and kyle
have read-write access and their root users have root privileges when accessing the

Instructor Guide
files remotely. System, eric has read-only access and the root user is mapped to user
nobody.
Only when the NFS subsystem is activated, using the mknfs command, can directories be
made available. When the /etc/export file has been configured, the exportfs command
is used to make the directories available for client mounting. The exportfs -a command
exports all items listed in the /etc/exports file and automatically copies the entries to the
/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what is
currently exported. This leaves the /etc/exports file available for updating at any time. The
/etc/xtab file must never the edited directly.

V5.2
Instructor Guide

Purpose — Show how to export directories on an NFS server.
Details — Explain how to make directories available for exporting, including permissions.
Additional information — This can also be achieved using smit mknfsexp. In most cases
however, it is easier to configure the /etc/exports file directly.
Transition statement — Now we have made directories available, let's see how we can
mount them on a client system.

Instructor Guide
Manual NFS client mounting

IBM Power Systems
• The showmount command can be used to query the

directories exported by the NFS server.
kenny:/
kenny:/ ## showmount
showmount -e
-e nfs_server
nfs_server
export list for nfs_server:
export list for nfs_server:
/usr/man
/usr/man (everyone)
(everyone)
/data
/data kenny,kyle,eric
kenny,kyle,eric
/home
/home (everyone)
(everyone)
• Mounting an NFS server directory

## mkdir
mkdir /data_client_mnt
/data_client_mnt
## mount
mount nfs_server:/data
nfs_server:/data /data_client_mnt
/data_client_mnt
## df
df /data
/data
Filesystem
Filesystem 512-blocks
512-blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
nfs_server:/data 278528
nfs_server:/data 278528 212920
212920 24%
24% 1317
1317 6% /data_client_mnt
6% /data_client_mnt
• Predefined mounts can also be defined using smit mknfsmnt.

Figure 14-33. Manual NFS client mounting AN121.1
Notes:
The showmount command is useful for viewing which directories are available for
mounting on a particular NFS server. To mount an NFS directory, first create a directory
point and then issue the mount command, as shown in the visual.
Syntax: mount <NFS_server_name>:<server mount point> <client directory mount
point>

V5.2
Instructor Guide

Purpose — Demonstrate how to mount an NFS directory on a client
Details — Explain the use of the showmount command (-e option only) and how to simply
mount an NFS directory using the mound command. Briefly mention, a pre-defined mount
can also be performed using smit mknfsmnt.
Transition statement — Let's see how to configure a predefined NFS mount.

Instructor Guide
Predefined NFS client mounting

IBM Power Systems
– smit mknfsmnt
Add
Add aa File
File System
System for
for Mounting
Mounting
** Pathname
Pathname ofof mount
mount point
point [/data_client_mnt]
[/data_client_mnt] //
** Pathname
Pathname ofof remote
remote directory
directory [/data]
[/data]
** Host
Host where
where remote
remote directory
directory resides
resides [nfs_server]
[nfs_server]
** Security
Security method
method [sys]
[sys] ++
** Mount
Mount now,
now, add
add entry
entry to
to /etc/filesystems
/etc/filesystems oror both?
both? Both
Both ++
** /etc/filesystems entry will mount the directory
/etc/filesystems entry will mount the directory no
no ++
on
on system
system restart.
restart.
** Mode
Mode for
for this
this NFS
NFS file
file system
system read-write
read-write ++
** Attempt
Attempt mount in foreground or
mount in foreground or background
background background
background ++
** Mount file system soft or
Mount file system soft or hardhard hard
hard
Note:
Note: Many
Many options
options removed
removed for
for clarity.
clarity.
– /etc/filesystems
/data_client_mnt:
/data_client_mnt:
dev
dev == "/data"
"/data"
vfs
vfs == nfs
nfs
nodename
nodename == nfs_server
nfs_server
mount
mount == false
false
options
options == bg,hard,intr,sec=sys
bg,hard,intr,sec=sys
account
account == false
false
Figure 14-34. Predefined NFS client mounting AN121.1
Notes:
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use
when manual mounting or to enable remote file systems to be mounted during system start
time.
Key options are:
• Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to
Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The
default NFS security used in most implementations is standard Unix (sys). The other
methods are used in special situations where authentication and encryption is required.
These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not
the default version used in AIX and is a large complex topic which is outside the scope
of this class but may wish to refer to the following IBM redbook “Implementing NFSv4
in the Enterprise: Planning and Migration Strategies”, available at:
http://www.redbooks.ibm.com/abstracts/sg246657.html.
• Mode: Read-write or read-only.

V5.2
Instructor Guide
Uempty • Attempt mount in: Values: background (default) or foreground

If the attempt to mount the directory fails, the mount will be retried in the background. If
foreground is selected, the mount request stays in the foreground even, if the mount
request fails.
• Mount type: Values: hard or soft
If the mount is soft, the system returns an error if the server does not respond. If the mount
is hard, the client continues trying until the server responds. The hard mount is the default.
When a hard mount is selected, an extra option is included in /etc/filesystems: intr. The intr
option allow signals to interrupt an NFS call. This is useful for aborting an NFS mount
process when the server does not respond.

Instructor Guide
Instructor notes:
Purpose — Demonstrate how configure predefined NFS mounts.
Details — Go through the example as shown in the visual. The key smit fields are
explained in the student notes.
Transition statement — VNC is a popular free graphical utility which allows us to access
an X session (such as CDE) remotely. Let's start by defining VNC.

V5.2
Instructor Guide
Uempty
Virtual Network Computing

IBM Power Systems
• VNC is a ‘free’ graphical desktop sharing system which uses

the RFB protocol to remotely control another computer.
• It is popular in both UNIX and Windows systems.
VNC viewer
eg. UltraVNC VNC traffic
realVNC
tightVNC
VNC AIX
Server
Can also be tunnelled

over an ssh
connection for
improved security
Figure 14-35. Virtual Network Computing AN121.1
Notes:
Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the
RFB (“remote framebuffer”) protocol to remotely connect to another host/server. It
transmits the keyboard and mouse events from one host to another, relaying the graphical
screen updates back in the other direction, over a network.
VNC is platform-independent. A VNC viewer on any operating system connects to a VNC
server, running in this case, on AIX. Multiple clients may connect to the VNC server at the
same time. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United
Kingdom. The original VNC source code and many modern derivatives are open source
under the GNU General Public License.

Instructor Guide
Instructor notes:
Purpose — Explain the basics of VNC.
Details — VNC is a very popular mechanism for accessing AIX remotely. It is very popular,
mainly because it is free, supports multiple platforms (mac, windows, unix), and is open
source.
Transition statement — Now let's see how to configure VNC.

V5.2
Instructor Guide
Uempty
VNC configuration
IBM Power Systems
• In order to set up a VNC server on AIX, install vnc and zlib

from the AIX Toolbox for Linux Applications.
• Start a vnc session by typing:
– vncserver :<port number> Note: The TCP/IP port
started is actually 5933.
## vncserver
vncserver :33
:33
The “59” is implied and
New
New 'X'
'X' desktop
desktop is
is neo:33
neo:33 is not required to
connect.
Starting
Starting applications
applications specified
specified in
in //.vnc/xstartup
//.vnc/xstartup
Log
Log file
file is
is //.vnc/neo:33.log
//.vnc/neo:33.log
– To access the AIX desktop VNC session from

• UNIX, type: # vncview neo:33
• PC VNC viewer
• Also, access can be done through a web browser over http

http://neo:5833
Figure 14-36. VNC configuration AN121.1
Notes:
To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications
CD. No further configuration is required.
# lslpp -l |egrep -i “vnc|zlib)” freeware.vnc.rte 3.3.3.2 COMMITTED Virtual Network
Computing
freeware.zlib.rte 1.1.3.2 COMMITTED Data compression library
When a VNC session is started, two TCP/IP ports are opened, 59<number> and
58<number>. The 59 port must be used for the vncviewer application. The 59 prefix is
generally not required. It is implied and hard coded into the viewer application. The 58 port
is used to access VNC over http. To connect in the way, the full port number (including 58)
must be supplied.

Instructor Guide
Instructor notes:
Purpose — Show how to set up and configure a VNC session.
Details — Go through the example on the visual.
Additional information — There are many different types of VNC viewers available,
arguably the best is UltraVNC.
Transition statement — It is time for some checkpoint questions.

V5.2
Instructor Guide
Uempty
Checkpoint
IBM Power Systems
1. What are the following used for?

• /etc/rc.tcpip
_____________________________________________
• ssh
_____________________________________________
• VNC
_____________________________________________
• /etc/services
______________________________________________
2. What is multipath routing and why should we use it?

______________________________________________
______________________________________________
______________________________________________
3. How can we disable the FTP protocol on AIX?

Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —
IBM Power Systems

• /etc/rc.tcpip
starts TCP/IP daemons (sendmail, inetd, etc.)
• ssh
to login or run command on a remote machine (securely)
• VNC
to use a remote graphical display on a local desktop machine
• /etc/services
to store server side ports of TCP/IP applications
Multipath routing allows us to specify multiple paths to
hosts and gateways for load balancing and high availability
Comment out the ftp line in /etc/inetd.conf and refresh the
inetd daemon.

V5.2
Instructor Guide
Uempty
Exercise 14
IBM Power Systems
TCP/IP
implementation
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty
Unit summary
IBM Power Systems

– IP configuration, routing, Aliasing
• Use standard TCP/IP facilities to:
– Log in to another system
– Transfer files
– Run commands
• Configure NFS
• Set up VNC
Notes:

Instructor Guide
Instructor notes:
Purpose —
Details —

V5.2
Instructor Guide
Uempty Unit 15. Introduction to workload partitions
Estimated time
01:30

This unit provides an introduction to workload partitioning.

• Understand workload partition (WPAR) concepts
• Create, control, and manage WPARs
• Describe the role of WPAR manager

Accountability:
• Checkpoint
References
Online AIX Version 6.1 IBM Workload Partitions for AIX
SG24-7559 AIX Version 6.1 Differences Guide (redbook)
SG24-7656 Workload Partition Management in IBM AIX Version
6.1 (redbook)
following address:
© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-1
Instructor Guide
Unit objectives
IBM Power Systems
• Describe the role of WPAR Manager
Notes:

V5.2
Instructor Guide

Purpose — Create an introductory presentation of WPAR technology for new AIX system
administrators
Details — Introduction to WPAR technology in AIX.
• Describe the role of WPAR manager
Additional information — This unit is a simplified version of one found in AN02. It is very
important that these key features are presented early in the basic classes. Advanced
WPAR topics and WPAR manager will be addressed in the new AN13 admin class.
Transition statement — Let's start by providing an overview of WPARs.
Instructor Guide
Workload partition overview (1 of 2)

IBM Power Systems
• Workload partitions improve administrative efficiency by

reducing the number of AIX images to maintain.
• WPARs act like AIX instances partitioned in software

– Appears as a separate instance of AIX
– Software-based partitions for
workload management
AIX 6 instance
• Global environment
Workload Workload
– Owns all the physical resources, Partition Partition
Application
and can be thought of as the Server
Billing
traditional AIX login environment Workload

Partition
Workload Test
Partition Workload
Web Partition
Server BI
Figure 15-2. Workload partition overview (1 of 2) AN121.1
Notes:
Introduction
Workload Partition (WPAR) is a software-based virtualization feature of AIX 6 that will
provide new capabilities to reduce the number of AIX operating system images that
need to be maintained when consolidating multiple workloads on a single server.
WPARs will provide a way for clients to run multiple applications inside the same
instance of an AIX operating system, while providing security and administrative
isolation between applications. WPARs complement logical partitions and can be used
in conjunction with logical partitions if desired. WPAR can improve administrative
efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating
multiple workloads on a single system, and is designed to improve cost of ownership.
Global environment
Workload partitions are created within standard AIX 6 instances. The global
environment is the part of an AIX 6 instance, which does not belong to any workload
partition. The global environment is therefore similar to the operating system

V5.2
Instructor Guide
Uempty environment of earlier versions of AIX. This global environment can be hosted within a
dedicated LPAR or physical system.
The global environment owns all physical resources of the LPAR: network adapters,
disks adapters, disks, processors, memory. It allocates CPU and memory resources to
the workload partitions. It provides them access to the network and storage devices.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of WPARs.
Details — Present the information in the visual while explaining the details in the notes.
Transition statement — Overview continued

V5.2
Instructor Guide
Uempty
Workload partition overview (2 of 2)

IBM Power Systems
• Each workload partition (WPAR)

– Obtains a regulated share of system resources
– Can have unique network attributes and filesystems
– Has separate administrative and security domains.
• WPAR prerequisites
– AIX 6 and POWER4, 5, or 6
• Two types
– System
– Application
• Can be relocated from system to system (LPAR to LPAR)

– Requires WPAR manager software and license
– WPAR relocation is referred to as “Live Application Mobility”
Figure 15-3. Workload partition overview (2 of 2) AN121.1
Notes:
There are two types of workload partitions that can reside in a global environment.
• System WPAR is a virtual AIX environment.
• Application WPAR is a light-weight transient environment. It is suitable for execution of
one or more processes.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of WPARs.
Transition statement — Why should we use them?

V5.2
Instructor Guide
Uempty
Reasons to use workload partitions

IBM Power Systems
• Reduced number of AIX systems to administer
• Encapsulate and control applications
• Rapidly create a new AIX environment in minutes
• Separate security at the WPAR level

– Users, RBAC
• Ability to dynamically relocate WPARs to another system
Figure 15-4. Reasons to use workload partitions AN121.1
Notes:
WPARs provide unique partitioning values.
• Smaller number of OS images to maintain
• Performance efficient partitioning through sharing of application text and kernel data
and text
• Fine-grain partition resource controls
• Simple, lightweight, centralized partition administration
WPARs enable multiple instances of the same application to be deployed across
partitions.
• Many WPARs running DB2, Web Sphere, or Apache in the same AIX image
• Greatly increases the ability to consolidate workloads because often the same
application is used to provide different business services
• Enables the consolidation of separate discrete workloads that require separate
instances of databases or applications onto a single system or LPAR
Instructor Guide
• Reduced costs through optimized placement of work loads between systems to yield
the best performance and resource utilization
WPAR technology enables the consolidation of diverse workloads on a single server

increasing server utilization rates.
• Hundreds of WPARs can be created. Far exceeding the capability of other partitioning
technologies.
• WPARs support fast provisioning and fast resource adjustments in response to
normal/unexpected demands. WPARs can be created, and resource controls modified,
in seconds.
• WPAR resource controls enable the over-provisioning of resources. If a WPAR is below
allocated levels, the unused allocation is automatically available to other WPARs.
• WPARs can be migrated to another partition in response to normal shift in or
unexpected change in demand.
WPARs enable development, test, and production cycles of one workload to be
placed on a single system.
• Different levels of applications (production1, production2, test1, test2) can be deployed
in separate WPARs.
• Quick and easy roll out or roll back to production environments
• Reduced costs through the sharing of hardware resources
• Reduced costs through the sharing of software resources such as the operating
system, data bases, and tools

V5.2
Instructor Guide

Purpose — List the reasons for using WPARs.
Transition statement — Let's see the layering model for WPARs.
Instructor Guide
WPAR is built on top of WLM

IBM Power Systems
• Workload Manager (WLM) allows WPAR resource control

• Resource control allows the administrator to control CPU and
Memory limits.
– Plus many advanced options such as max. processes, threads,
pinned memory
WPAR
WLM
AIX
Figure 15-5. WPAR is built on top of WLM AN121.1
Notes:
WPAR technology sits on top of WLM. WLM has been a standard feature of AIX since
version 4.3.3. WLM allows the control and the management of WPAR resources, such as
CPU, memory, and processes. This means that you can assign specific fractions of CPU
and memory, to each WPAR. This is managed through WLM.

V5.2
Instructor Guide

Purpose — Introduce the layering model for WPAR
Details — It is important to communicate that WPAR sits on top of WLM and that WLM
enables us to control the resources of the WPARs. No further details are provided on WLM.
WLM and WPAR are advanced topics which should be addressed in AN12 and AN13, so
do not go into too much detail.
Transition statement — Let's define the starting point for AIX and WPARs, and the tools
available to create and manage them.
Instructor Guide
AIX workload partitions initial state

IBM Power Systems
• When you install AIX 6, either on a stand-alone machine or

an LPAR, there are no WPARs defined.
• When you log in to AIX 6.1, you log in to the global

environment.
– From this environment you create, monitor, and administer
WPARs using:
• SMIT (smit wpar)
• WebSM
• Command line interface
• AIX System Director console
• WPAR Manager
Figure 15-6. AIX workload partitions initial state AN121.1
Notes:
The creation of WPARs requires AIX 6 on your system or logical partition. You can use a
variety of tools to create, monitor, and administrate the workload partitions.

V5.2
Instructor Guide

Purpose — Provide a quick start WPAR introduction
Details — Go through the details on the visual.
Transition statement — Let's look at application WPARs.
Instructor Guide
Application WPARs (1 of 2)
IBM Power Systems
Create and run
Stop and remove
Global environment
Application WPAR
Processes
IPCs
Devices and file
systems visible
/usr / /var /tmp from global
environment in
/home PTY WPAR
hdiskX
Figure 15-7. Application WPARs (1 of 2) AN121.1
Notes:
Application Workload Partitions
• Normal WPARs except there is no file system isolation
• Login not supported
• Internal mounts not supported
• Target: Light weight process groups for mobility

V5.2
Instructor Guide

Purpose — Introduce application WPARs
Details — Use the visual to provide an introduction to application WPARs.
Transition statement — Let's see more of the details.
Instructor Guide
Application WPARs (2 of 2)
IBM Power Systems
• Isolate individual applications.
• Light weight; quick to create and remove

– Created with wparexec command
– Removed when stopped
– Stopped when the application finished
– File systems and device resources are shared with the global
environment
– No user login capabilities
• Can be migrated to another server
Figure 15-8. Application WPARs (2 of 2) AN121.1
Notes:
Application workload partitions do not provide the highly virtualized system environment
offered by system workload partitions, rather they provide an environment for segregation
of applications and their resources to enable checkpoint, restart, and relocation at the
application level.
The Application WPAR represents a shell or an envelope around a specific application
process or processes which leverage shared system resources. It is light weight, quick to
create and remove, and does not take a lot of resources, since it uses the global
environment system file system and device resources. Once the application process or
processes are finished, the WPAR is stopped. There are no login capabilities for the user. If
you need to access the application, you must use an application provided mechanism. All
file systems are shared with the global environment. If an application is using devices, it will
use global environment devices.

V5.2
Instructor Guide

Purpose — Explain more theory details regarding application WPARs
Details — Present the information in the visual, while explaining the details in the notes.
Transition statement — Let's see how to create application WPARs.
Instructor Guide
Creating an application WPAR: wparexec

IBM Power Systems
• Started when created

• Removed when stopped or associated application ends
• Created using wparexec
• Can optionally have a hostname and IP address
WPAR and
## wparexec
wparexec -n
-n MyAppWpar
MyAppWpar /start_myapp
/start_myapp application
Starting started
Starting workload partition MyAppWpar.
workload partition MyAppWpar.
Mounting
Mounting all
all workload
workload partition
partition file
file systems.
systems.
Loading workload partition.
Loading workload partition.
Starting
Starting myapp
myapp onon Mon
Mon 22
22 Dec
Dec 12:09:35
12:09:35 2008
2008
Shutting
Shutting down all workload partition processes.
down all workload partition processes.
Application
stopped, WPAR
removed
Figure 15-9. Creating an application WPAR: wparexec AN121.1
Notes:
Creating an application WPAR
The creation of an application WPAR is simple, since the only mandatory parameter is the
full path of the executable file to run inside the WPAR. The example in the slide shows the
wparexec command starting an application WPAR immediately after creation. This type of
WPAR only exists while the application is running. When the application ends, the WPAR
also ends, and all of its resources are freed.
An application WPAR can automatically mount additional files systems when starting,
where the application WPAR has a dependency on a file system. This filesystem is
automatically unmounted when WPAR stops.

V5.2
Instructor Guide

Purpose — Explain how to create application WPARs
Details — Present the information in the visual.
Transition statement — Let's look at the application WPAR process space.
Instructor Guide
Application WPAR process space

IBM Power Systems
Global Environment root@global_env /: # ps -ef |egrep "(wpar|vinit)" \

| awk '{print $1,$2,$3,$8,$9,$10}'
errdemon init /etc/init
UID PID PPID CMD
xmwlm
root 368872 131290 /usr/bin/ksh /usr/sbin/startwpar MyAppWpar
syncd root 417934 368872 /usr/lib/corrals/vinit MyAppWpar /start_myapp
cron
biod srcmstr
portmap Others…
inetd rpc.statd
syslogd
wparexec startwpar
PID=1
PID=417934 vinit
/usr/lib/corrals/vinit <wparname>
<application>
WPAR: MyAppWpar
Application running
Figure 15-10. Application WPAR process space AN121.1
Notes:
When executing the wparexec command, the vinit process is started in the global
environment. WPAR represents a shell or an envelope around a specific application
process or processes which use shared system resources. It is light weight and all file
systems are shared with the global environment. If an application is using devices, it will
use global environment devices.

V5.2
Instructor Guide

Purpose — Explain the process space for an application WPAR
Transition statement — Now, let's look more closely at system WPARs.
Instructor Guide
System WPARs (1 of 2)
IBM Power Systems
Global environment
System WPAR
Inetd
Processes Cron
IPCs sendmail
PTY hdiskX
Devices
File Systems /usr /opt / /var /tmp
Devices and file

systems visible from Devices and file
the global systems unique
environment in to WPAR
WPAR
Figure 15-11. System WPARs (1 of 2) AN121.1
Notes:
System Workload Partition
A System WPAR is a self contained, virtual AIX partition, within the global AIX
environment.

V5.2
Instructor Guide

Purpose — Introduce the concept of system WPARs
Details — Use the visual to provide an introduction to system WPARs.
Transition statement — Let's look more closely at system WPARs.
Instructor Guide
System WPARs (2 of 2)
IBM Power Systems
• Are autonomous virtual system environments

– By default:
• /usr/ and /opt filesystems are shared with the global environment
• /, /var and /tmp are private for the WPAR own use:
– Have their own unique set of users, groups, and network addresses
– Can be accessed from the global environment using the
administration console (clogin) or from the network using regular
telnet or ssh sessions
– Can be stopped and restarted
– Integrated with role-based access control (RBAC)
• Granular privilege and security controls within WPAR
– Processes can only see and signal other processes within a WPAR
– System services: Mail, NFS client, inetd, syslog, cron, and so on are
executed independently for each WPAR.
Figure 15-12. System WPARs (2 of 2) AN121.1
Notes:
System workload partitions are autonomous virtual system environments with their own
private root file systems, users and groups, login, network space, and administrative
domain.
The systems administrator accesses the WPAR through the administrator console or
through regular network tools such as telnet or ssh. Inter-process communication for a
process in a WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple
services and applications run. It takes longer to create a system WPAR compared to an
application WPAR, as it builds its own filesystems. A system WPAR is removed only when
requested. It has its own root user, RBAC privileges, and system services like inetd, cron,
syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the
global environment.

V5.2
Instructor Guide

Purpose — Explain more theory regarding system WPARs
Transition statement — Let’s see what devices a WPAR can contain and access.
Instructor Guide
System WPAR device access

IBM Power Systems
• WPARs have no device access to:

– Storage devices
• Access to data is performed through file systems that are mounted from
the global environment.
– Physical network devices
– Devices that could provide a more global view of the system such as
/dev/mem or /dev/kmem
• WPARs have device access to:
– A limited set of safe pseudo devices such as /dev/null, /dev/zero,
/dev/random, /dev/tty
• WPARs are not capable of creating new devices by
themselves.
Figure 15-13. System WPAR device access AN121.1
Notes:
The global environment can use physical or virtual devices. The hosted WPARs have no
control of, nor can they directly access, the hardware devices. Therefore, the global
environment also owns all physical I/O adapters needed by the workload partitions.

V5.2
Instructor Guide

Purpose — Define device access within a system WPAR
Transition statement — Let’s see how to create a basic system WPAR.
Instructor Guide
Creating a system WPAR: mkwpar

IBM Power Systems
## mkwpar
mkwpar –n–n wpar1
wpar1
mkwpar:
mkwpar: Creating file
Creating file systems...
systems...
//
/home
/home
/opt
/opt
/proc
/proc
/tmp
/tmp
/usr
/usr
/var
/var
……….
……….
Installp:
Installp: INSTALLING
INSTALLING software
software for:
for:
syncroot:
syncroot: RPM root packages are
RPM root packages are currently
currently synchronized.
synchronized.
syncroot: Root part is currently synchronized.
syncroot: Root part is currently synchronized.
syncroot:
syncroot: Returns
Returns Status
Status == SUCCESS
SUCCESS
Workload
Workload partition wpar1 created successfully.
partition wpar1 created successfully.
mkwpar:
mkwpar: 0960-390 To start the workload partition,
0960-390 To start the workload partition, execute
execute
the
the following
following asas root:
root: startwpar
startwpar [-v]
[-v] wpar1
wpar1
Figure 15-14. Creating a system WPAR: mkwpar AN121.1
Notes:
Creating a System WPAR
System WPARs are created with the mkwpar command. These commands can get quite
complex and many of the flags are beyond the scope of this course.
The example in the visual shows a simple system WPAR being created called wpar1. The
creation process is as follows:
• Create the filesystems.
• Install AIX or RPM software into the WPAR from the global environment.
• Check that the software is correctly synchronized between the global environment and
the WPAR.
• Return the success or failure status.

V5.2
Instructor Guide

Purpose — Show how to create a system WPAR
Details — Explain how to create a basic WPAR using the example in the visual.
Transition statement — Let's see the process space for system WPARs.
Instructor Guide
System WPAR process space

IBM Power Systems
Global Environment root@global_env /: ps -eaf |grep –E rcmstr|315476“

errdemon
init UID PID PPID C STIME TTY TIME CMD
xmwlm /etc/init root 1 0 0 Jun 29 - 0:00 /etc/init
syncd root 204946 1 0 Jun 29 - 0:00 /usr/sbin/srcmstr
cron root 282812 315476 0 Jul 03 - 1:57 /usr/bin/xmwlm -L
root 315476 204946 0 Jul 03 - 0:00 /etc/init
biod srcmstr root 348392 315476 0 Jul 03 - 0:00 /usr/sbin/srcmstr
portmap root 364660 315476 0 Jul 03 - 0:01 /usr/sbin/cron
rpc.statd
syslogd inetd
Others…
PID=1
PID=315476 cor_wpar1
/etc/init
wpar1
# root@wpar1 /: ps –ef cron
wmwlm
UID PID PPID C STIME TTY TIME CMD srcmstr
root 1 0 0 Jul 03 - 0:00 /etc/init
root 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetd biod
root 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogd
root 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmap Others…
root 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6 portmap inetd rpc.statd
root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -L
root 307220 1 0 23:06:20 ? 0:00 clogin wpar1
root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr syslogd
root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron
Figure 15-15. System WPAR process space AN121.1
Notes:
The visual shows an example of the processes structure in a system workload partition,
and its interaction with the global environment. The WPAR init process ID is always, within
the WPAR, virtualized to 1 and its parent process 0.
Each system workload partition has its own inittab file and resource manager (srcmstr), so
that it appears to be a standalone operating system.

V5.2
Instructor Guide

Purpose — Show the process space for a system WPAR
Transition statement — Now, let's see how to add network definitions to system WPARs.
Instructor Guide
Creating a system WPAR with a network definition

IBM Power Systems
## mkwpar
mkwpar -h
-h wpar1
wpar1 -r
-r -N
-N interface='en0'
interface='en0' \\
address='10.47.33.1'
address='10.47.33.1' -n wpar1
-n wpar1
## chwpar
chwpar -N
-N interface='en0'
interface='en0' address='3.3.3.3’
address='3.3.3.3’ \\ Additional network
netmask='255.0.0.0' wpar1
netmask='255.0.0.0' wpar1 parameters can be
added after
creation.
10.3.2.201
glob_env: # ifconfig en0
glob_env: # ifconfig en0
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M glob_env
ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.110.1 netmask 0xffff0000 broadcast 10.47.255.255 10.47.110.1/16
inet 3.3.3.3 netmask 0xff000000 broadcast 3.255.255.255 Workload
Partition: wpar1
10.47.33.1/16
3.3.3.3/8
wpar1: # ifconfig en0
wpar1: # ifconfig en0
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M en0 (net)
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M
10.47.0.0
3.0.0.0
Figure 15-16. Creating a system WPAR with a network definition AN121.1
Notes:
The network connection for a WPAR is implemented using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a
standard feature that is used to implement both an IP address for each WPAR and allows
for a WPAR movement to a different system.
Network addresses can also be assigned to application WPARs. This can be achieved as
follows:
# wparexec -c -n wpar30 -N address=10.6.105.130 /wpar30/appstart

V5.2
Instructor Guide

Purpose — Show how to create WPARs with network definitions or to add network
definitions later
Transition statement — Let's look at WPAR routing.
Instructor Guide
WPAR routing
IBM Power Systems
• By default, a system WPAR uses the routing table of the global

environment.
• A system WPAR can have its own specific routing table.
– In SMIT, set the WPAR specific routing option to yes, or from
command line, use the –i flag.
Syntax: -I rtdest=<IP> rtgateway=<IP> [rtnetmask=<IP>] [rttype={net|host}] [rtinterface=<if>]
– Example: To add a specific WPAR default route to wpar1
Global
Global env
env ## chwpar
chwpar -I
-I rtdest=default
rtdest=default rtgateway=10.47.0.1
rtgateway=10.47.0.1 wpar1
wpar1
– To view the routing table for wpar1

Global env # netstat -rn -@ wpar1
Global env # netstat -rn -@ wpar1
Routing tables
Routing tables
WPAR Destination Gateway Flags Refs Use If Exp Groups
WPAR Destination Gateway Flags Refs Use If Exp Groups
Route Tree for Protocol Family 2 (Internet):
Route Tree for Protocol Family 2 (Internet):
wpar1 default 10.47.0.1 UG 7 250 en0 - -
wpar1 default 10.47.0.1 UG 7 250 en0 - -
wpar1 10.47/16 10.47.33.30 U 1 39 en0 - -
wpar1 10.47/16 10.47.33.30 U 1 39 en0 - -
wpar1 10.47.33.1 127.0.0.1 UGHS 0 0 lo0 - -
wpar1 10.47.33.1 127.0.0.1 UGHS 0 0 lo0 - -
wpar1 10.47.255.255 10.47.33.1 UHSb 0 0 en0 - -
wpar1 10.47.255.255 10.47.33.1 UHSb 0 0 en0 - -
Figure 15-17. WPAR routing AN121.1
Notes:
Each WPAR can use the routing table available in the global environment. However, the
WPAR administrator can decide to enable WPAR specific routing and add or delete routes
as necessary.

V5.2
Instructor Guide

Purpose — Define WPAR routing
Transition statement — There can be three primary forms of file system access within a
system WPAR. Let's define them.
Instructor Guide
System WPAR file systems space (1 of 2)

IBM Power Systems
• There are three primary forms of file system access within a

system WPAR.
– Shared-system
• /usr and /opt are shared read-only, by default, from the global
environment through namefs mounts.
– NFS hosted
• A set of file systems, which can include /usr and /opt, are mounted
(read-only or read/write) from a host system through NFS mounts.
– Non-shared
• /tmp, /var, /home, / are separate local file systems (jfs/jfs2) within the
WPAR.
Creates a WPAR
with Non-shared
/usr and /opt file
systems.
## mkwpar
mkwpar -n
-n wpar1
wpar1 -l
-l
Figure 15-18. System WPAR file systems space (1 of 2) AN121.1
Notes:
Storage level access in a system WPAR is through a set of file systems assigned to the
WPAR at creation, and mounted within the WPAR during activation. A system WPAR
operates within a localized view of these file systems:
/
/usr
/opt
/tmp
/var
/home

V5.2
Instructor Guide
Uempty By default /usr and /opt are shared with the global environment (read only). Alternatively, if
the application requires read/write access to these directories, the WPAR can have its own
non-shared copies. However, this will significantly increase the time required to create,
backup, or restore the WPAR.
File systems can also be hosted through NFS. NFS is mandatory if the live application
mobility feature is to be deployed to move WPARs from box to box (LPAR to LPAR).
Instructor Guide
Instructor notes:
Purpose — Define the three primary forms of file system access within a system WPAR
Transition statement — File system space continued.

V5.2
Instructor Guide
Uempty
System WPAR file systems space (2 of 2)

IBM Power Systems
{sys02_p2} / # mount
• AIX 6 global Node mounted mounted over vfs date options
-------- -------------- --------------- ------ ------------ ----------
environment /dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE
{wpar1} / # mount
Node mounted mounted over vfs date options
• System WPAR -------- ------------- --------------- ------ ------ ---------
/dev/fslv01 / jfs2 Sep 03 14:55 rw,log=INLINE
– /usr > namefs, /dev/fslv02 /home jfs2 Sep 03 14:55 rw,log=INLINE
nfs mount or local /opt /opt namefs Sep 03 14:55 ro
– /opt > namefs, /proc /proc namefs Sep 03 14:55 rw
/dev/fslv03 /tmp jfs2 Sep 03 14:55 rw,log=INLINE
nfs mount or local /usr /usr namefs Sep 03 14:55 ro
/dev/fslv04 /var jfs2 Sep 03 14:55 rw,log=INLINE
– /proc > namefs
Figure 15-19. System WPAR file systems space (2 of 2) AN121.1
Notes:
The visual shows an example of the default storage model of a system WPAR. The system
WPAR includes the creation of a base directory. This base directory is the root of the chroot
system WPAR environment. By default, the path to this base directory is
/wpars/<name_of_wpar> in the global environment.
By default, the base directory contains 7 filesystems:
• /, /home, /tmp and /var are real filesystems, dedicated to the system partition use.
• /opt and /usr are read-only namefs mounts of the global environment's /usr and /opt.
• The /proc pseudo-file system maps to the global environment /proc pseudo-file system
(/proc in a WPAR only makes available process information for that WPAR).
From the global environment, the file systems and mount points associated with the system
WPAR, are seen as being located within a WPAR-specific sub-directory tree of the global
environment (for example, /wpars/wparname/).
Instructor Guide
From within the WPAR, the file systems are seen as being rooted at /. For example, if the
WPAR is established in /wpars/sample, then the /tmp directory for that WPAR will be seen
as /wpars/sample/tmp from the global environment, but simply as /tmp from within the
WPAR.

V5.2
Instructor Guide

Purpose — Show the filesystem space mapping
Transition statement — Now let’s see what commands are available to manage WPARs.
Instructor Guide
WPAR management commands

IBM Power Systems
• Basic commands:
– Create a system WPAR: /usr/sbin/mkwpar
– Create and run an application WPAR: /usr/sbin/wparexec
– List details and status: /usr/sbin/lswpar
– Make changes to the WPAR: /usr/sbin/chwpar
– Remove a WPAR: /usr/sbin/rmwpar
• Manage system WPARs

– Start a WPAR: /usr/sbin/startwpar <wparname>
– Stop a WPAR: /usr/sbin/stopwpar -F <wparname>
– Reboot a WPAR: /usr/sbin/rebootwpar -F <wparname>
– Synchronize the global environment
and WPAR software levels: /usr/sbin/syncwpar
• Save and recover system WPARs
– Create a WPAR from a WPAR backup image: /usr/sbin/restwpar
– Back up WPAR files: /usr/bin/savewpar
– Create a file used by the savewpar and restwpar: /usr/bin/mkwpardata
– Restore files from a backup source: /usr/bin/restwparfiles
– Lists the contents of a workload partition backup: /usr/bin/lssavewpar
Figure 15-20. WPAR management commands AN121.1
Notes:
The visual describes some popular WPAR commands. For further details, refer to the man
pages.

V5.2
Instructor Guide

Purpose — Define AIX commands which are used to manage WPARs
Details — Present the information in the visual.
Transition statement — Let's discuss the WPAR specification file.
Instructor Guide
Specification file
IBM Power Systems
• A specification file characterizes the WPAR.

– A specification file simplifies the creation of future WPARs.
• # mkwpar -n mywpar -o mywpar.spec
– A specification file may be generated from an existing WPAR using –w and –o:
• # mkwpar -e mywpar –w –o /tmp/mywpar.spec
– Creating a WPAR using a specification file
• # mkwpar-f mkwpar.spec
FILE:mywpar.spec
FILE:mywpar.spec
general:
general:
name
name == “mywpar"
“mywpar"
hostname
hostname == “mywpar"
“mywpar"
preserve
preserve == "no"
"no"
directory
directory == "/wpars/mywpar"
"/wpars/mywpar"
privateusr
privateusr == "no"
"no"
devices
devices == "/etc/wpars/devexports"
"/etc/wpars/devexports"
security:
security:
secfile
secfile == "/etc/wpars/secattrs"
"/etc/wpars/secattrs"
mount:
mount:
dev
dev == "/usr"
"/usr"
directory
directory == "/usr"
"/usr"
vfs
vfs == "namefs"
"namefs"
mountopts
mountopts == "ro"
"ro"
Figure 15-21. Specification file AN121.1
Notes:
The configuration of a workload partition can be stored in human-readable specification
files. These specification files can be generated by the operating system from already
existing workload partitions, or can be edited, created, or modified by hand.
In an environment where a system administrator has to manage several WPARs,
specification files can help clone new WPARs.
These specification files can be used as input to WPAR creation commands, allowing the
system administrator to automate the startup and handling of multiple workload partitions.

V5.2
Instructor Guide

Purpose — Explain the purpose of the WPAR specification file
Transition statement — Now we understand WPAR concepts and how to create WPARs,
Lets see how we start a system WPAR.
Instructor Guide
Starting a system WPAR

IBM Power Systems
• Start WPAR
Start WPAR
root@sys02_p1 /: startwpar -v wpar1
Starting workload partition wpar1.
Mounting all workload partition file systems.
Mounting /wpars/wpar1
Mounting /wpars/wpar1/home
Mounting /wpars/wpar1/opt
Mounting /wpars/wpar1/proc
Mounting /wpars/wpar1/tmp
Mounting /wpars/wpar1/usr
Mounting /wpars/wpar1/var cor_<wpar_n
Loading workload partition. ame>
Exporting workload partition devices. subsystem
Starting workload partition subsystem cor_wpar1. started
0513-059 The cor_wpar1 Subsystem has been started.
Subsystem PID is 282748.
Verifying workload partition startup.
Return Status = SUCCESS.
Figure 15-22. Starting a system WPAR AN121.1
Notes:
The startwpar command activates a workload partition that was defined by the mkwpar
command. It includes:
• Exporting devices from the global environment into the workload partition
• Mounting the workload partition's file systems
• Assigning and activating the workload partition's IP addresses
• Activating the workload partition's WLM class, if any
• Creating the init command
The startwpar command fails if no workload partition exists with the given name.

V5.2
Instructor Guide

Purpose — Show and explain how to start a system WPAR
Transition statement — Now we have started a system WPAR. Let's see how to stop and
remove them.
Instructor Guide
Stopping and removing a system WPAR

IBM Power Systems
• Stopping the WPAR from the global environment

root@sys02_p1
root@sys02_p1 /:
/: stopwpar
stopwpar [–F]
[–F] wpar1
wpar1
• Stopping the WPAR from within the WPAR

root@wpar1
root@wpar1 /:
/: shutdown
shutdown –F
–F
• Removing the WPAR from the global environment

root@sys02_p1
root@sys02_p1 /:/: rmwpar
rmwpar wpar1
wpar1
rmwpar:
rmwpar: Removing workload partition
Removing workload partition wpar1
wpar1
rmwpar:
rmwpar: Removing file system /wpars/ wpar1
Removing file system /wpars/ wpar1 /var.
/var.
rmlv: Logical volume fslv03 is removed.
rmlv: Logical volume fslv03 is removed.
rmwpar:
rmwpar: Removing
Removing file
file system
system /wpars/wpar1/usr
/wpars/wpar1/usr
…….
…….
rmwpar:
rmwpar: Return
Return Status
Status == SUCCESS
SUCCESS
Figure 15-23. Stopping and removing a system WPAR AN121.1
Notes:
The stopwpar command deactivates a running workload partition. This includes stopping
the following tasks:
• Stopping processes running within the workload partitions
• Unloading the workload partition's WLM class, if any
• Deactivating the workload partition's IP addresses, if any
• Unmounting the workload partition's file systems, if any
• Restarting the system workload partition
• Removing the application workload partition
The stopwpar command fails if one or more processes cannot be stopped, or one or more
file systems cannot be unmounted. In that case, you can force a workload partition to stop
by using the –F flag. This will signal running processes more aggressively and force an
unmount of file systems. If there are processes that cannot be stopped, the workload
partition is placed in the Broken state, and cannot be restarted.

V5.2
Instructor Guide
Uempty The rmwpar command deletes the specified workload partition from the system. This
includes the following tasks:
• Removing the workload partition's configuration data from the system's workload
partition database
• Deleting the workload partition's file systems
• Removing the workload partition's Workload Manager (WLM) profile
Instructor Guide
Instructor notes:
Purpose — Show how to stop and remove system WPARs
Transition statement — Let's see how to list the status of WPARs from the global
environment.

V5.2
Instructor Guide
Uempty
WPAR status: lswpar

IBM Power Systems
• From the global environment:

root@sys02_p1
root@sys02_p1 /:
/: lswpar
lswpar
Name
Name State
State Type
Type Hostname
Hostname Directory
Directory
--------------------------------------------------------------
--------------------------------------------------------------
wpar1
wpar1 DD SS wpar1
wpar1 /wpars/wpar1
/wpars/wpar1
oracle
oracle DD SS oracle
oracle /wpars/oracle1
/wpars/oracle1
db2_95
db2_95 AA SS db_serv
db_serv /wpars/db2_95
/wpars/db2_95
apache
apache AA AA web_serv
web_serv //
• Type = System or Application WPAR

• State values
State values Comments
D = Defined System WPAR created with mkwpar and not yet started
A = Active A system WPAR has been started and Daemons are running.
P = Paused Processes are stopped Checkpoint done – Ready to continue
F = Frozen Process stopped checkpoint not done – Usually not seen by the user
T = Transient Intermediate state between Defined and Active
B = Broken System WPAR failed at creation time – need to be removed using rmwpar
Figure 15-24. WPAR status: lswpar AN121.1
Notes:
The lswpar command lists both the state of workload partitions and optionally, their
characteristics.
Instructor Guide
Instructor notes:
Purpose — Show the status of WPARs and define the possible values
Transition statement — Are there any WPAR logs?

V5.2
Instructor Guide
Uempty
WPAR logs
IBM Power Systems
• Global environment
– /var/adm/wpars/event.log
• System WPAR events
– File systems creation, exporting WPAR devices
– Starting WPAR and stopping WPAR events
• Application WPAR logs start and stop events
– /var/adm/ras/wpars.<wparname>.log
• System WPAR installed filesets and root synchronization results
Figure 15-25. WPAR logs AN121.1
Notes:
Logs are available in the /var/adm/wpars directory of the global environment when the
WPAR is created, started, stopped, and so forth. These WPAR events are logged in an
event.log file.
Each system WPAR creation is logged in the /var/adm/ras/wpars.<wpar name>.log file.
Instructor Guide
Instructor notes:
Purpose — Define WPAR logs
Transition statement — Let's see how we can log in to a system WPAR.

V5.2
Instructor Guide
Uempty
System WPAR management: clogin

IBM Power Systems
• With a system WPAR, to log in or execute a command, you

can use:
– # clogin <WPAR Name>
– # clogin -l “user” “cmd” “args”
– # telnet
– # ssh
## clogin
clogin wpar10
wpar10 -l
-l bill
bill "id;
"id; date“
date“
uid=202(bill)
uid=202(bill) gid=1(staff)
gid=1(staff)
Tue
Tue 3 Mar 17:16:50 2009
3 Mar 17:16:50 2009
Figure 15-26. System WPAR management: clogin AN121.1
Notes:
The console of a WPAR is accessed from the global environment. You can log in to a
WPAR using clogin, or a remote mechanism such as rsh, telnet, rlogin, or ssh.
When you need to know whether you are in the global environment or inside a WPAR, you
can execute the uname -W command. This returns 0 if in the global environment, and
non-zero, if inside a WPAR. You can also check the host name or the mounted file systems.
Instructor Guide
Instructor notes:
Purpose — Show how to log in to a system WPAR
Transition statement — Are there any command restrictions within a WPAR?

V5.2
Instructor Guide
Uempty
AIX command restrictions in WPARs

IBM Power Systems
• AIX command restrictions (certain commands are not allowed

in WPAR)
– LVM commands
– File system commands
– Special file creation (for example, character and block devices)
– Commands accessing /dev/mem
– Performance or system tunables are largely restricted to global
environment only.
Figure 15-27. AIX command restrictions in WPARs AN121.1
Notes:
Not all applications can run in a WPAR environment. For example, if they require the ability
to manage devices and storage directly, the restrictions of the WPAR environment will be a
problem.
Instructor Guide
Instructor notes:
Purpose — Provide an overview of command restrictions within a WPAR
Details — Highlight the information in the visual.
Additional information — Students need to be aware that there are restrictions at a high
level, and that a system WPAR is not quite like an LPAR.
Transition statement — Let's see how we can back up and restore WPARs.

V5.2
Instructor Guide
Uempty
WPAR management: Save and restore WPAR

IBM Power Systems
• savewpar: Backs up files and metadata from a WPAR
# savewpar -Nif /tmp/wpar1.backup wpar1

# savewpar -Nif /tmp/wpar1.backup wpar1
Creating information file for workload partition wpar1.
Creating information file for workload partition wpar1.
Creating list of files to back up.
Creating list of files to back up.
Backing up 2067 files
Backing up 2067 files
2067 of 2067 files (100%)
2067 of 2067 files (100%)
0512-038 savewpar: Backup Completed Successfully.
0512-038 savewpar: Backup Completed Successfully.
• restwpar: Can be used to recreate or to clone a WPAR

# restwpar –F -f /tmp/wpar1.backup
# restwpar –F -f /tmp/wpar1.backup
New volume on /tmp/wpar1.backup:
New volume on /tmp/wpar1.backup:
The backup date is: Thu Nov 8 11:04:42 CST 2007
The backup date is: Thu Nov 8 11:04:42 CST 2007
The user is root.
The user is root.
x 2772 ./.savewpar_dir/wpar.spec
x 2772 ./.savewpar_dir/wpar.spec
x 4641 ./.savewpar_dir/image.data
x 4641 ./.savewpar_dir/image.data
x 124059 ./.savewpar_dir/backup.data
x 124059 ./.savewpar_dir/backup.data
The total size is 131472 bytes
The total size is 131472 bytes
syncroot: Returns Status = SUCCESS
syncroot: Returns Status = SUCCESS
mkwpar: 0960-390 To start the workload partition, execute the following as root:
mkwpar: 0960-390 To start the workload partition, execute the following as root:
startwpar [-v] wpar1.
startwpar [-v] wpar1.
Figure 15-28. WPAR management: save and restore WPAR AN121.1
Notes:
When the system administrator creates a backup through the mksysb command, the
system administrator usually sends it to a physical device. In a WPAR environment, there
are no physical devices for backup, which means that there is a different way to back up a
WPAR. Similar to the savevg command, we can make a backup of the WPAR with the
savewpar command. This saves the files and the configuration of the WPAR. When you
have a system WPAR with shared /usr and /opt, the backup is very small, because it does
not save those file systems. You must be in the global environment to execute the backup.
If you want to save the backup of a WPAR on a DVD, you can use the mkdvd command
with the –W flag. The –W flag demotes the workload partition to be backed up using the
savewpar command.
The restwpar command creates a workload partition from a workload partition backup
image, created by the savewpar, mkcd, or mkdvd command. A workload partition backup
image contains an image.data file and a workload partition specification file which are
used by default to establish the characteristics of workload partition.
Instructor Guide
The restwpar command has three major steps:

1. Create the necessary file systems according to the image.data file that is created with
the savewpar command, and mount them.
2. Restore the files in the backup to their proper places. This might include the /usr and
/opt depending on the type of WPAR.
3. Synchronize the WPAR with the global environment.

V5.2
Instructor Guide

Purpose — Explain how to back up and restore system WPARs
Additional information — WPARs can also be cloned using the savewpar and
restwpar commands.
Transition statement — Let's see how to install software into WPARs, starting with shared
WPARs.
Instructor Guide
Software installation, shared /usr and /opt

IBM Power Systems
• Software must be installed in the global environment and then

synchronized with the shared WPARs.
– This includes updates to the operating system
• To synchronize shared WPARs:
– From the global environment, run # syncwpar <wparname>
or
– From within the WPAR, run # syncroot
Global
Global env
env ## installp
installp –acd
–acd .. bos.games
bos.games
Global env # syncwpar
Global env # syncwpar -A -A
Synchronizes all
WPARS
Figure 15-29. Software installation, shared /usr and /opt AN121.1
Notes:
To install software in shared WPARs, the software must first be installed in the global
environment. When software is installed in AIX, there are two parts, root and user, as
shown in the installation summary below. When software is installed in the global
environment, the WPAR /usr already has the software installed, but the root part is private
and therefore is not in sync with the user part of the installation. In order to sync the root
and /usr parts of the shared WPAR, either run the syncwpar command from the global
environment, or run the syncroot command from within the WPAR.
--------------------
-------------------------------------------------------------------------------
bos.games 6.1.0.0 USR APPLY SUCCESS
bos.games 6.1.0.0 ROOT APPLY SUCCESS

V5.2
Instructor Guide

Purpose — Describe how to install software into a shared WPAR
Details — Go through the information in the visual and notes.
Transition statement — Let's see how to install software into a non-shared WPAR.
Instructor Guide
Software installation, non-shared /usr and /opt

IBM Power Systems
• Non-shared /usr and /opt

– Software can be installed from within the WPAR
– Same process as AIX (Using SMIT, installp, rpm)
or
– Can be installed into the WPAR from the global environment
# smit install_latest
Install
Install Software
Software
[Entry
[Entry Fields]
Fields]
** INPUT
INPUT device
device // directory
directory for
for software
software ..
** SOFTWARE
SOFTWARE to
to install
install [bos.games]
[bos.games] >> ++
PREVIEW
PREVIEW only?
only? (install
(install operation
operation will
will NOT
NOT occur)
occur) no
no ++
COMMIT software updates?
COMMIT software updates? yes
yes ++
## fields
fields removed
removed for
for clarity
clarity
WPAR
WPAR Management
Management
Perform
Perform Operation
Operation inin Global
Global Environment
Environment no
no ++
Perform
Perform Operation
Operation onon Detached
Detached WPARs
WPARs yes
yes ++
Detached
Detached WPAR
WPAR Names
Names [private]
[private] ++
Remount
Remount Installation
Installation Device
Device in
in WPARs
WPARs yes
yes ++
Alternate
Alternate WPAR
WPAR Installation
Installation Device
Device []
[]
Figure 15-30. Software installation, non-shared /usr and /opt AN121.1
Notes:
The procedure for installing software into a non-shared WPAR is the same as installing into
a regular instance of AIX. There is also a new facility in the AIX SMIT panels which will
enables software to be installed from the global environment in detached (non-shared)
WPARs, as shown in the visual.

V5.2
Instructor Guide

Purpose — Describe how to install software into a non-shared WPAR
Details — Go through the information as included in the visual and notes.
Transition statement — Let's look at WPAR resource control.
Instructor Guide
WPAR resource control

IBM Power Systems
• Resource control enables the administrator to control CPU and

Memory limits.
– In addition to CPU and memory, you can control other values such as
the total number of processes and threads.
• This facility is provided by workload manager (WLM).
– No direct WLM knowledge or configuration is required.
• For CPU and memory there are two approaches:
– Share-based (on relative importance)
– Percentage-based (on fixed limits)
Figure 15-31. WPAR resource control AN121.1
Notes:
The workload partition resource control is based on the Workload Manager (WLM)
technology which has been incorporated in the AIX kernel since version 4.3.3. Because the
workload partition resource control commands encapsulate and hide WLM details, the
system administrator does not need to have in-depth knowledge of WLM, in order to use
workload partition resource control.
There are two approaches of specifying CPU and memory allocation: share-based and
percentage-based.
Resource allocation control for each WPAR is performed at the global environment level by
the global administrator. Commands related to resource control are not available within a
workload partition. You can specify resource control attributes using the -R flag of the
mkwpar, chwpar, wparexec, and lswpar commands.

V5.2
Instructor Guide

Purpose — Introduce WPAR resource control
Details — Introduce WPAR resource controls.
Additional information — As this is a basic class, advanced metrics such as semaphore
IDs, virtual process memory, and performance tools such as lparstat, wlmstat, and topas
have been intentionally omitted.
Transition statement — Let's look at share-based resource control.
Instructor Guide
Shared-based approach
IBM Power Systems
• To create a WPAR using shared resource controls

System
System ## mkwpar
mkwpar -n
-n wparA
wparA -R
-R shares_CPU=10
shares_CPU=10 shares_memory=20
shares_memory=20
App
App # wparexec -n wparAPP -R shares_CPU=10
# wparexec -n wparAPP -R shares_CPU=10 shares_memory=20
shares_memory=20 <app.
<app. path>
path>
• To change or add shared resource controls

## chwpar
chwpar -R
-R shares_CPU=50
shares_CPU=50 shares_memory=30
shares_memory=30 wparA
wparA
## Note:
Note: Same syntax for both system
Same syntax for both system and
and application
application WPARs
WPARs
Figure 15-32. Shared-based approach AN121.1
Notes:
Share-based approach.
Each workload partition receives its part of the specified resource, according to the ratio of
its own share to the sum of shares of all currently active workload partitions.

V5.2
Instructor Guide

Purpose — Show shared–based resource control
Details — Explain how shared–based resource control works. Then use the examples
which show how to set and change shared–based resource control values.
Transition statement — Let's look at percentage-based resource control.
Instructor Guide
Percentage-based approach
IBM Power Systems
• Three values:
– Minimum: Guaranteed capacity
– Soft maximum: Maximum capacity if there is contention for resource
– Hard maximum: Absolute maximum, cannot be exceed
• Format:
– Minimum%-soft maximum%,hard maximum%
• Both percentage and share value can be set. Percentage
takes precedence.
• To create a WPAR with CPU % resource controls
System
System ## mkwpar
mkwpar -n
-n wparA
wparA -R
-R CPU=5%-30%,50%
CPU=5%-30%,50% memory=5%-10%,25%
memory=5%-10%,25%
App.
App. # wparexec -n wparAPP -R CPU=5%-30%,50%
# wparexec -n wparAPP -R CPU=5%-30%,50% memory=5%-10%,25%
memory=5%-10%,25% <app.
<app. path>
path>
• To change or add CPU % resource controls

## chwpar
chwpar -R
-R CPU=10%-20%,70%
CPU=10%-20%,70% memory=5%-20%,45%
memory=5%-20%,45% wparA
wparA
Figure 15-33. Percentage-based approach AN121.1
Notes:
Percentage-based approach.
There are three parameters that should be specified:
• Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed
to have available at all times.
• Soft maximum percentage is the maximum amount of a resource that a WPAR can
have when multiple WPARs contend for that type of resource. If there is a sufficient
amount of that type of resource available, and resource contention does not occur, the
WPAR can exceed this limit.
• Hard maximum percentage is the maximum amount of a resource that a WPAR can
ever have. Even if there is a sufficient amount of that type of resource available, and
resource contention does not occur, the WPAR cannot exceed this limit.

V5.2
Instructor Guide

Purpose — Show percentage–based resource control
Details — Explain how percentage–based resource control works. Then use the examples
which show how to set and change percentage–based resource control values.
Transition statement — Let's end the unit by providing an overview to WPAR manager.
Instructor Guide
Workload Partition Manager overview

IBM Power Systems
• Provides centralized management of WPARs across multiple servers

and enables infrastructure optimization
Browser
• WPAR Manager components require:
– One server LPAR running as manager
– One agent on each managed LPAR containing WPARs
WebServer
• Browser-based single GUI for WPAR management: Workload
– Basic lifecycle administration Partition
• Create, view, modify, start, stop, and remove Manager
– Advanced management LPAR1

Management Server
• Static and live relocation
• Checkpoint, restart
• Automated relocation, policy driven
• Monitoring, performance reporting LPAR X
• Global load balancing WPAR Agent
LPAR Y
• Recovery WPAR Agent
WPAR A WPAR B WPAR C
WPAR1 WPAR2 WPAR3
Figure 15-34. Workload Partition Manager overview AN121.1
Notes:
IBM Workload Partition (WPAR) Manager is a platform management solution that provides
a centralized point of control for managing workload partitions or WPARs, across a
collection of managed systems running AIX.
It is an optional product, part of the IBM Systems Director family, designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced
features such as policy-based mobility for the automation of WPAR relocation, based on
current performance state. WPAR Manager is a separate chargeable product, not part of
AIX.

V5.2
Instructor Guide

Purpose — Provide an overview of WPAR manager
Details — The WPAR Manager is a management system designed to provide a centralized
interface for administration of WPAR instances across multiple systems.
Additional information — WPAR Manager, although optional, is a necessity if:
• The customer plans to create lots of WPARs.
• WPAR relocation is to be used
Transition statement — WPAR Manager, continued
Instructor Guide
Workload Partition Manager GUI

IBM Power Systems
• Access the WPAR Manager from a browser using a system anywhere

on the network. Browser based console
• WPAR Manager console default URLs:

– Public: http://<hostname> :14080/ibm/console
– Secured: https://<hostname>:14443/ibm/console
• Single point of control for

managing:
– System WPARs
– Application WPARs
• WPAR Manager is licensed

– Covers all embedded technologies
and products:
• Agent services
• Database
• MetaCluster Checkpoint Restart (MCR)
– Customer required to accept license agreement on all installp filesets
Figure 15-35. Workload Partition Manager GUI AN121.1
Notes:
WPAR Manager is a JAVA application running in a management server. The WPAR
Manager GUI provides a browser-driven interface to the WPAR management server. The
UI displays information that has been collected through the agents, and also provides
management capability such as creation, deletion, and relocation of WPARs. Many of
these tasks can also be accomplished from the command line interface.

V5.2
Instructor Guide

Purpose — Provide an overview of the WPAR manager GUI
Details — Provide an introduction to the WPAR GUI.
Transition statement — Now, it’s time for some checkpoint questions.
Instructor Guide
Checkpoint
IBM Power Systems
1.True or False: Workload partitions require Power6 systems.
2.What are the two types of workload partitions?
3.What command builds and starts an application workload partition?
4.How is the network connection for a WPAR implemented?
5.What are the three forms of file system access within a WPAR?
Notes:

V5.2
Instructor Guide

Purpose —
Details —
IBM Power Systems

System and Application

wparexec

Using the network alias feature on the global environment’s physical or virtual
network interface
Shared-system: /usr and /opt are shared read-only from the global environment
through namefs mounts.
NFS hosted: /usr and /opt filesystems are nfs mounted from a host system
Non shared: /var, /home, /tmp, and / are separate local file systems (jfs/jfs2) within
the WPAR
Instructor Guide
Exercise 15
IBM Power Systems
Introduction to
workload partitions
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide
Unit summary
IBM Power Systems
• Describe the role of WPAR Manager
Notes:

V5.2
Instructor Guide

Purpose —
Details —
Instructor Guide

V5.3
Instructor Guide
Uempty Appendix A. Printers and queues

This unit describes the concepts behind the AIX print spooling
mechanisms in AIX 6.1.

• Describe the purpose and the benefits of a queuing system
• Identify the major components that are responsible for processing
a print request
• Add a printer queue and device under different circumstances
• Submit jobs for printing
• View the status of the print queues

Accountability:
• Exercise
References
Online AIX 6.1 System Management Guide
Online AIX 5L Version 5.3 Guide to Printers and Printing
© Copyright IBM Corp. 2009 Appendix A. Printers and queues A-1

Instructor Guide
Unit objectives
• Describe the purpose and the benefits of a queuing system
• Identify the major components that are responsible for
processing a print request
• Add a printer queue and device under different
circumstances
• Submit jobs for printing
• View the status of the print queue
Figure A-1. Unit objectives AN121.1
Notes:
A-2 AIX installation © Copyright IBM Corp. 2009

V5.3
Instructor Guide

Purpose — Set the students’ expectations for this unit.
Details —
Transition statement — Let’s start by looking at an overview of the print subsystem.

Instructor Guide
AIX 6.1 printing environments

• Print subsystems:
– AIX print subsystem
– System V print subsystem
• Print directly to a local printer device.
• Print directly to a remote printer through a socket program.
• Infoprint Manager, or similar advanced print management
system
Figure A-2. AIX 6.1 printing environments AN121.1
Notes:
Introduction
The visual gives an overview of the different approaches that can be taken to printing
under AIX 5L and later. In the next two visuals, System V printing is compared to the
traditional AIX print subsystem. The remainder of this unit will focus on using the AIX
print subsystem.
Note
You can use either the AIX print subsystem or the System V print subsystem. They will not
run concurrently.

V5.3
Instructor Guide
Uempty Print directly to a local printer device

This is the simplest form of printing. If your printer is directly attached to a serial or
parallel port on the local machine, it is possible to print by sending a file directly to the
device. For example:
# cat /home/karlmi/myfile > /dev/lp0
In this approach, you lose the ability to serialize (spool) print requests. Only one user
may print at a time. On the other hand, if a printer is dedicated to one use, this may be a
good solution. Examples might be logging to a printer, or printing checks.
Print directly to a remote printer through a socket program

This is similar to printing to a device driver, except that in this case, you are sending the
output to a program which makes a connection to the printer over the network.
Print using the System V print subsystem

In this environment, files to be printed are sent to the System V print service daemon,
lpsched, using the lp or lpr commands. The print service daemon serializes the jobs,
so they will be printed in the order in which they were submitted. The print service may
filter the file to format the data so that it matches the types of data acceptable to the
printer. The print service then sends files, one at a time, to the interface program, which
may do additional filtering before sending the file to the local printer driver or network
printing application.
Print using the AIX print subsystem

In this environment, files to be printed are sent to the AIX print spooler daemon,
qdaemon, using any of the AIX print commands (enq, qprt, lp, or lpr). The spooler
daemon serializes the jobs. The spooler sends jobs, one at a time, to programs that
may filter the data, before sending it to the local printer driver or network printing
application.
Print using IBM’s Infoprint Manager (or similar advanced print

management system)
Infoprint Manager provides serialization and filtering similar to the System V or AIX print
subsystems. In addition, it adds extra capabilities of security, customization, and control
not provided by either System V printing or AIX printing. For additional information, refer
to the Infoprint Manager Web site:
http://www.printers.ibm.com/internet/wwsites.nsf/vwwebpublished/ipmaix_ww

Instructor Guide
Instructor notes:
Purpose — Give an overview of printing under AIX 5L and later, putting System V and AIX
in context. You also give a little advertisement for Infoprint Manager.
Details — More detail is provided in the System V print subsystem appendix. If a student is
interested in this print subsystem, the appendix has all the details and an exercise if they
wish to test out the features.
Additional information — There are several places later in this unit that mention a few
System V print commands that are in AIX V4.3.3. These notes have not been changed as
they are still true. AIX now provides full support for the print subsystem.
Transition statement — Now, let’s look at the strengths of the AIX print subsystem.

V5.3
Instructor Guide
Uempty
AIX print subsystem: Advantages

• Powerful and flexible printer drivers
• System management tools:
– Limits fields and options validation
– Easy printer customization
– Single step print device and queue creation
• Customizable spooling subsystem
Figure A-3. AIX print subsystem: Advantages AN121.1
Notes:
Powerful and flexible printer drivers

AIX printer drivers provide many printing options that can be easily controlled using
command line options to the qprt command. Printer defaults can be easily managed
using SMIT or the command line.
System management tools

The AIX print subsystem includes mature and powerful system management using
either the Web-based System Manager or SMIT, as well as the command line. Some
specific system management advantages using the AIX print subsystem are:
• Limits fields and options validation
Gives the user or administrator a range of valid values for print options and
prevents the user from using an invalid value

Instructor Guide
• Easy printer customization

• Printers can be customized using menu selections or command line options.
Under System V printing, customizing printers often requires a knowledge of
shell programming.
• Single step print device and queue creation
• Under System V printing, you must first add a print device and then create the
print queue.
Customizable spooling subsystem

The AIX print subsystem is specifically designed so that it can be used to serialize other
types of jobs beyond just printing.

V5.3
Instructor Guide

Purpose — List the advantages of the AIX print subsystem
Details — In summary, the main advantages of AIX printing are flexibility and ease of use.
AIX printing and System V are tightly integrated into SMIT and the Web-based System
Manager.
Transition statement — Now, let’s look at the strengths of the System V print subsystem.

Instructor Guide
System V print subsystem: Advantages

• Compatibility
• Availability of interface programs
• Security
• Support for forms
• Standard PostScript filters
• Long term strategy
Figure A-4. System V print subsystem: Advantages AN121.1
Notes:
Compatibility
System administrators with experience in other UNIX variants that use System V
printing, will find it easy to manage printing under AIX’s System V print subsystem.
Availability of interface programs

Many printer manufacturers provide interface shell scripts to support using their
products under System V printing. Usually, only minor modifications are required for
individual UNIX variations. Because the AIX print subsystem is proprietary, an interface
program written for another operating system cannot be used in the AIX print
subsystem. It must be completely rewritten. This has led to a limited number of printers
supported under AIX. With the support of System V printing in AIX 6.1, it is easier for
manufacturers to include support for AIX printing.

V5.3
Instructor Guide
Uempty Security
Controlling user access to printers can be an important issue. For example, you might
need to limit access to the printer used to print checks. System V printing includes
built-in capabilities for restricting user access to certain printers. Using the AIX print
subsystem, the backend program must be customized to restrict user access.
Support for forms

If you are printing to preprinted forms, it’s important that other users not be able to print
while the expensive forms are loaded on the printer. The System V print subsystem
provides a mechanism for mounting forms on printers, and allowing or denying, user
access based on the form which is mounted. To provide this capability under AIX
printing, you must create multiple queues and manage which queues are enabled while
a form is mounted.
Standard PostScript filters

The System V print subsystem includes a number of filters for converting different file
formats to PostScript. Some formatting and page selection capabilities are also
included.
Long term strategy

IBM’s long term printing strategy for AIX is to maintain compatibility with other UNIX
systems. This means that new features and functions are added to the System V print
subsystem in later releases, while the AIX print subsystem is supported, but not
enhanced in future releases.

Instructor Guide
Instructor notes:
Purpose — List advantages of System V print subsystem.
Details — In summary, the main advantages of System V has to do with compatibility. This
makes it easy for system administrators from other UNIX variants to transition to AIX and it
drives availability of support for a larger number of printers on AIX.
System V also adds forms support and better security.
Additional information — Directory-enabled printing is supported beginning with
AIX 5L V5.2. System V printing on AIX uses LDAP (Lightweight Directory Access Protocol)
as the directory service.
A directory is an ordered list of objects, including details about each object. Obvious
examples are phone books or library card catalogs. Directories are a type of database.
They differ from other databases in that accesses are mostly reads, with only occasional
writes. Directory protocols are optimized to facilitate a high read environment.
Computer directories can be searched in many ways, making them a very powerful way to
store and manage information.
In the case of a printer directory, this might include searching for the name of a printer to
get its characteristics, searching for printers in a particular location, searching for printers
with particular features, and so forth. Directory enabled printing provides an easy way for
users to search for a printer that is close and has the features they require. If security or
other control features are made part of the directory, directory enabled printing facilitates
easier management by system administrators.
Transition statement — Now, let’s look at traditional AIX printing and queues.

V5.3
Instructor Guide
Uempty
Concepts of queues
file1
Queue1
file1
file2
.
file2 .
file3
/dev/lp0
Queue2
file3
file4
file4
/dev/lp1
Figure A-5. Concepts of queues AN121.1
Notes:
Purpose for queues

The purpose of the queuing system is to maintain a queue of jobs that are waiting for
their turn to run (that is, use some system resource, like a printer or the CPU). The
AIX 6.1 queuing system performs this function.
Benefits of queues
The queues also give control to the system administrator over the queuing mechanism.
Therefore, the system administrator can perform tasks like cancelling jobs on queues,
changing priorities of jobs, and so forth.
A queue enables the sharing of resources in an ordered fashion.

Instructor Guide
The diagram above illustrates three important issues:

• One print queue can point to a number of printers (and it is the job of the qdaemon
to determine the next available printer to print on), for example, Queue1.
• Users may submit their jobs to a number of different queues.
• A printer can have a number of different queues pointing to it, for example, the
printer /dev/lp1 is accessed by both Queue1 and Queue2.

V5.3
Instructor Guide

Purpose — Explain the purpose and benefits of queuing versus printing directly to a device
driver.
Details — A simple way of submitting jobs to the printer device is with the following
command:
$ cat myfile > /dev/lp0
This prints the output from the cat command on the printer lp0. The printer device modifies
the data stream to ensure things like number of lines on a page, page ends, page ejects,
and so forth. It has certain characteristics like an 80-character line already set.
The major disadvantage of using the above method for printing is that you bypass the
queue facility and lose your ability to serialize print requests to a printer through the
queuing system. Printing by utilizing a queuing system, enables a user or an application to
send a print job to a queue, and then the queuing subsystem itself will drive the printers
and share them among the applications and users who wish to access the printers.
Additional information — The motivation behind having two queues sharing the same
printer is the ability to have different types of data streams for the same printer. For
example, one queue might be straight ASCII while another queue might support PostScript
printing.
Transition statement — Let's look at the actual data flow through the queuing system.

Instructor Guide
Printer data flow

# qprt -Pps [-c] file
print request
lp lpr qprt
enq
copy of file (if requested)
Queue
Spool
monitors directory
qdaemon uses spool file
(if it exists)
starts
Backend Virtual Printer
(piobe) Definition
submits file to
printer
/dev/lp0
Figure A-6. Printer data flow AN121.1
Notes:
Print request
Local printing is implemented through a queuing mechanism. The user can issue one of
the printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can
use any one of these four commands, the true entry point to the spooler is the enq
command which is responsible for processing the job request, creating a job description
file (JDF), and notifying the qdaemon of the new job.
The qdaemon
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined
queues and monitors the queues for newly submitted jobs. qdaemon tries to process the
job if the destination device is available, otherwise the job remains in the queue and
qdaemon tries again later.

V5.3
Instructor Guide
Uempty Queueing system process

The flow of the queuing system shown in the visual:
• The printing command calls enq. enq checks to see if the requested queue name is a
valid queue and all of the parameters are correct. If so, it continues, if not, an error
message is returned to the user.
• An entry is made in the /var/spool/lpd/qdir directory identifying the job to be run. If the
printer command uses an option to indicate that a copy of the file is to be made, the
copy is placed in the spool directory /var/spool/qdaemon.
• The qdaemon is notified of a new job in its qdir directory.
• When the queue is ready for the job, the qdaemon reads information from the
/etc/qconfig file describing the queue.
• The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that
the queue is now working on a new job.
• The qdaemon starts the back-end program, passing the file names and appropriate
options on the command line.
• The back-end determines the correct data stream characteristics, and merges these
with the actual file. The data stream characteristics are stored as virtual printer
definitions in the /var/spool/lpd/pio/@local directory.
• The back-end program sends its data stream to the device driver for the appropriate
printer.
What happens when a file is spooled?

When a file is spooled, a copy of that file is sent to the print spool directory,
/var/spool/qdaemon. The copy remains in that directory until it is printed. This means
that if you spool a file to the printer, a user could continue to make revisions to the
original since the copy in the print spool directory will not be altered. This ensures that
the file that is sent to the printer gets printed in its original form, even if a user edits the
original file that is on disk. Spooled files take up disk space in /var until they are printed.
When a file is queued, one line of information is sent to the /var/spool/lpd/qdir
directory which points back to the original file on disk. If revisions are made to the file on
disk before it is pulled from the queue to print, the revised file is printed.

Instructor Guide
Instructor notes:
Purpose — Explain the flow of a print job using the queuing system.
Details — Review the flow of the queuing system as it is shown in the visual. The student
notes provide detailed information on what happens when a print request is made.
The student notes also refer to virtual printer definitions. This file pairs the attributes or
characteristics of a specific printer with the attributes of a specific data stream. For
example, if a printer supports both ASCII and PostScript data streams, you must create two
virtual printer definitions for the printer. These can be created using SMIT and are stored in
the /var/spool/lpd/pio/@local directory. A subdirectory called custom must hold an entry
for each virtual printer. SMIT will automatically place an entry in this directory for each
queue defined. The mkvirprt command can also be used to create a virtual printer.
Transition statement — Now that you have seen the major components, let's take a
closer look at the corresponding files and structures that are directly associated with the
queuing system.

V5.3
Instructor Guide
Uempty
System files associated with printing
/etc/qconfig Queue configuration files
/var/spool/* Spooling directories
/var/spool/lpd/qdir/* Queue requests
/var/spool/qdaemon/* Temporary enqueued files
/var/spool/lpd/stat/* Line printer status information
/var/spool/lpd/pio/@local Virtual printer directories
Figure A-7. System files associated with printing AN121.1
Notes:
Print related files and directories

The system files and directories used for printing include:
• The /etc/qconfig file describes the queues and devices available for use by the
printing commands.
• The /var/spool directory contains files and directories used by the printing
programs and daemons.
• The /var/spool/lpd/qdir directory contains information about files queued to
print.
• The /var/spool/qdaemon directory contains copies of the files that are spooled
to print.
• The /var/spool/lpd/stat directory is where the information on the status of jobs is
stored. It is used by the qdaemon and backend programs.

Instructor Guide
• The /var/spool/lpd/pio/@local directory holds virtual printer definitions. This is

where the attributes of printers are paired with the attributes of corresponding
data stream types.
It is recommended that SMIT be used to update these device-related files. In most
cases, updating standard system files is not recommended.

V5.3
Instructor Guide

Purpose — List the files involved in the queuing/spooling process, while the queuing flow
is still fresh in their minds.
Details — This is provided as a reference for students who wish to know which files are
involved in printing.
Do not attempt to discuss in detail how virtual printers work. Most users never work directly
with virtual printers.
Transition statement — Having looked at the files involved in queuing, let's review the
role of the qdaemon.

Instructor Guide
qdaemon
• Manages queues
• Is started in the /etc/inittab file
• Invokes the back-end programs
• Optionally records accounting data
Figure A-8. qdaemon AN121.1
Notes:
qdaemon introduction
The qdaemon program schedules jobs that have been enqueued. It is a background
process that is usually started at system IPL through the startsrc command run from
/etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each
queue. The stanza identifies any queue management options and points to a queue
device stanza, which identifies the destination printer, the formatting options, and the
back-end program.

V5.3
Instructor Guide
Uempty The back-end program

The back-end program is called by qdaemon to actually process each request. The
back-end program is determined by how the printer is connected to the AIX system. For
local printing, the back-end program is /usr/lib/lpd/piobe. For a remote printer, it is
/usr/lib/lpd/rembak.
The back-end program uses printer attribute information to prepare the printer and
format the data for output. It also prints header and trailer pages, if they are enabled.

Instructor Guide
Instructor notes:
Purpose — Describe the functions of the qdaemon.
Details — qdaemon is a process that starts when you start your system and runs until you
shut your system down. It keeps track of print job requests and the printer. It is also the
parent to the back-end process. It maintains queues of outstanding requests and sends
them to the proper device at the proper time. It is managed under the control of the SRC.
The proper way to start and stop it is through the SRC.
Transition statement — The queue-to-device relationships are held in the /etc/qconfig
file. Let's look at the format of this file.

V5.3
Instructor Guide
Uempty
The /etc/qconfig file

lp0: * One queue pointing to one device
device = lp0dev
up = TRUE
discipline = fcfs
lp0dev:
file = /dev/lp0
backend = /usr/lib/lpd/piobe
header = group
trailer = never
feed = never
lpq: * One queue pointing to two devices
device = lpqdev1,lpqdev2
lpqdev1:
file = /dev/lp1
lpqdev2:
file = /dev/lp2
ps: * Two queues pointing to one device
device = psdev
psdev:
file = /dev/lp3
asc:
device = ascdev
ascdev:
file = /dev/lp3
Figure A-9. The /etc/qconfig file AN121.1
Notes:
Introduction
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and
other stanzas describe devices. Every queue stanza requires that one or more device
stanzas immediately follow it in the file.
This file is the key to customizing the queues. Although the file can be edited directly, it
is recommended that it be changed through high-level commands or through SMIT.
Queue stanza
This starts with the queue name, which can be up to 20 characters, followed by a colon.
The queue name is used by the person submitting a job to indicate the requested
queue. The first queue in the /etc/qconfig file is the default queue, which receives any
job requests submitted without a specific queue name.

Instructor Guide
Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to
device
the device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print
acctfile false filename
accounting information
up Defines the state of the queue TRUE FALSE
Device stanza
The name of a device stanza is arbitrary and can be from one to 20 characters long.
The name is followed by a colon.
The attributes that can be found in the device stanza include:
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
FALSE indicates no redirection and that the
file name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and
parameters to be passed to it
both (used
Specifies the type of access the back-end for modems
has to the file specified by the file field or backends
access write
This field is ignored if the file field has the needing
value, FALSE. read
capability)
Specifies whether a header page prints always
header never
before each job or group of jobs group
Specifies whether a trailer page prints after always
trailer never
each job or group of jobs group
Specifies either the number of separator
pages to print when the device becomes idle
feed never integer
or the value never, which indicates that the
back-end is not to print separator pages
Specifies whether the back-end sends a
align form-feed control before starting the job, if FALSE TRUE
the printer was idle

V5.3
Instructor Guide
Uempty The device stanza must contain an attribute that designates the back-end program. The
function of the back-end is to manage the printing of the actual job. It also produces the
final data stream that goes to the printer. The most common back-end program for local
printing is piobe.
If different users prefer different default printers, then the PRINTER variable can be set
up, on a per user basis. The PRINTER variable should be set to the queue that the user
wants to be their default queue, for example:
# PRINTER=ps ; export PRINTER

Instructor Guide
Instructor notes:
Purpose — Cover all the different relationships that queues and devices can have.
Details — The reason that it is recommended to use SMIT rather than editing the file
directly, is mainly to keep the contents of /etc/qconfig consistent with the contents of the
ODM. For example if you use vi to remove an entire stanza of information from the file, the
ODM still has an entry for that printer, and you are not able to redefine that printer until the
ODM is in sync with the /etc/qconfig file.
A queue can have a one to one relationship, where there is one queue to one printer. Or, a
queue can have a one to many relationship, where there are many printers in the same
room and the job goes to the first available printer. There may be times when there are
multiple queues that support one printer giving each queue its own characteristics of
printing a job, which is referred to as the many-to-one relationship. This occurs when a
printer is capable of printing different types of output such as ASCII, PostScript, and
graphics.
The discipline attribute defines the queue serving algorithm. The default value, fcfs,
means first-come-first-served. sjn means shortest job next.
Additional information — How can you tell what the default queue is based on the
/etc/qconfig file? Answer: The first queue name specified is the default queue.
The LPDEST variable can also be set to define a user default queue. If both PRINTER and
LPDEST are set, LPDEST's value is the value that is used.
Transition statement — Let's look at how to define printers and print queues.

V5.3
Instructor Guide
Uempty
Printer menu
# smit spooler_choice
Print Spooling
AIX Print Spooling

System V Print Spooling

Figure A-10. Printer menu AN121.1
Notes:
Interface to manage spooling

AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. The
Web-based System Manager supports both print spooling systems.

Instructor Guide
Instructor notes:
Purpose — Show the main SMIT menu to manage print spooling.
Details —
Transition statement — Let’s configure a local print queue through SMIT.

V5.3
Instructor Guide
Uempty
AIX printer menu

# smit spooler
AIX Print Spooling

Start a Print Job

Manage Print Jobs
List All Print Queues
Manage Print Queues
Add a Print Queue
Add an Additional Printer to an Existing Print Queue
Change / Show Print Queue Characteristics
Change / Show Printer Connection Characteristics
Remove a Print Queue
Manage Print Server
Programming Tools
Change / Show Current Print Subsystem

Figure A-11. AIX printer menu AN121.1
Notes:
SMIT AIX printer menu

The SMIT fastpath to this menu is smit spooler. Printers and print queues can also be
managed using the Web-based System Manager.
The options on this menu are:
• Start a Print Job
This option starts a print job by submitting the job to a print queue.
• Manage Print Jobs
This option opens a submenu which enables you to cancel jobs, show the status
of jobs, prioritize jobs, hold and release jobs, and move jobs between print
queues.
• List All Prinul3t Queues
This option displays a list of all the print queues and their associated printers.

Instructor Guide
- Manage Print Queues

You can start and stop print queues, show the status of print queues and change the
system's default print queue.
- Add a Print Queue
This option adds a print queue to the system configuration and creates the
associated queue device and printer device definition, if needed.
- Add an Additional Printer to an Existing Print Queue
This option adds another printer to an existing queue.
- Change/Show Print Queue Characteristics
This option will provide access to screens that enable you to change the printer
setup, default print job attributes, accounting file setup, and queuing discipline.
- Change/Show Printer Connection Characteristics
This option changes or shows printer communication and startup characteristics.
- Remove a Print Queue
This option removes a print queue from the system configuration. It also removes
the associated spooler queue device and printer device definition. If a print queue
has more than one printer associated with it, then all the printers are removed from
the print queue.
- Manage Print Server
This option configures this machine as a print server. Allows you to control which
clients have print access to this machine, list clients with print access, add and
remove clients, and stop and start the server subsystem.
- Programming Tools
This option enables you to access low-level utilities for manipulating databases and
filters.
- Change/Show Current Print Subsystem
Only one of the two print subsystems at the same time can be active. By default,
after installation, the AIX printer subsystem is active.
Other commands
To show the current print subsystem: # switch.prt -d
To change the current print subsystem, you can use either:
-# switch.prt -s AIX
-# switch.prt -d SystemV
To check if binaries are correctly linked, you can use either:
-/usr/bin/lpstat --> /usr/aix/bin/lpstat
-/usr/bin/lpstat --> /usr/sysv/bin/lpstat

V5.3
Instructor Guide

Purpose — Show the options available from the SMIT AIX Print Spooling menu.
Details — Explain each option briefly. Remind the students that this is actually quite a
simple procedure and try not to overwhelm them at this point with the many options. Many
of these options will be covered in this unit.
Transition statement — Let's assume we wish to add a queue. Select the option Add a
Print Queue.

Instructor Guide
Configuring a printer with a queue

AIX Print Spooling
Add a Print Queue
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
F1=Help F2=Refresh F3=Cancel

F8=Image F10=Exit Enter=Do
/=Find n=Find Next
Figure A-12. Configuring a printer with a queue AN121.1
Notes:
Adding a local print queue

In our example, assume that the printer is directly attached to our AIX system. To
configure a printer attached in this way, choose local.
Some applications contain their own print control mechanisms and thus require that a
printer be configured without a queue. Use the SMIT fastpath smit pdp to define a
printer without a queue.

V5.3
Instructor Guide

Purpose — Define the different attachment types.
Details — In AIX V4, the SMIT menus were modified so that both the printer and the queue
can be configured in one operation.
Note that this menu will always be presented to the user, regardless of whether they are
adding a new printer, or a queue, to an existing printer.
Point out that this menu supports definitions for printers attached in a variety of ways. Many
installations these days use network-attached printers. To define this type of printer, choose
either hpJetDirect, ibmNetPrinter, or ibmNetColor.
You can also configure just the printer device without any queues through SMIT. This is
useful in instances where the application is responsible for the print job and utilizes its own
control mechanisms.
Transition statement — Once the attachment type is defined, the printer manufacturer
has to be specified.

Instructor Guide
Selecting a printer type (1 of 2)

AIX Print Spooling
Printer Type
Bull
Canon
Dataproducts
Hewlett-Packard
IBM
Lexmark
OKI
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)

/=Find n=Find Next
Figure A-13. Selecting a printer type (1 of 2) AN121.1
Notes:
Specify the printer manufacturer

The next selection that has to be made is the printer type. Notice that IBM is only one of
the choices and many other manufacturers are supported as well. Note also that there
is an Other option which will be selected if the printer type is not supported; that is, not
part of the list.

V5.3
Instructor Guide

Purpose — Choose the printer manufacturer.
Details — This screen is also presented to the user regardless of whether they are adding
a queue to a new device or to an existing one.
Transition statement — Assuming that you select IBM from this menu, the next screen is
a list of all the IBM supported printers. Let's view the list.

Instructor Guide
Selecting a printer type (2 of 2)

AIX Print Spooling
Printer Type
[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
ibm3130 IBM 3130 LaserPrinter
ibm3812-2 IBM 3812 Model 2 Page Printer
ibm4037 IBM 4037 LP printer
[MORE...49]

Esc+8=Image Esc+0=Exit Enter=Do
/=Find n=Find Next
Figure A-14. Selecting a printer type (2 of 2) AN121.1
Notes:
Select the manufacturer’s supported printer

If you do not have the software installed for your printer, you are prompted to insert the
media to install the software first, before configuring the device and the queue.
The choice of printer determines the queue, or the virtual printer, setup. For example,
an IBM 4029 Laser Printer is capable of handling PostScript, ASCII, GL Emulation, and
PCL Emulation. The SMIT print spooling menus guide you through the creation of up to
four separate queues which submit to the same printer.

V5.3
Instructor Guide

Purpose — Define the supported printer type.
Details — Having selected IBM from the previous menu, the system next presents the user
with a list of all the supported IBM printers. Once the printer is selected, the system then
prompts the user to create a separate queue for each mode the printer is capable of
supporting.
If the printer selected from this menu does not have device support installed, the user is
prompted to install the support at this time. With AIX 6.1, no printer drivers are installed by
default. However, the AIX installation media contains the device support for many printers.
Also, many OEM printers are delivered along with the necessary printer support software.
Transition statement — The next section deals with how the printer is physically
connected to the server.

Instructor Guide
Printer attachment
Printer Interface
parallel
rs232
rs422
Parent Adapter
ppa0 Available 01-G0 Standard Parallel Port Adapter
Figure A-15. Printer attachment AN121.1
Notes:
Selecting the printer attachment

After selecting a printer type, a pop-up window is displayed where the printer interface
must be chosen. Possible values are parallel, RS232, and RS422. Some printers
support multiple attachment methods.
Then, a list of installed adapters that support that method of attachment are presented.

V5.3
Instructor Guide

Purpose — Choose the printer attachment.
Details — If you are adding a queue to an existing printer, then before the two menus are
displayed as shown on the visual, an extra menu is displayed which reads:
Add a new printer or select existing printer from below.
Let's assume that you already have an IBM 4029 printer configured on the system. Having
just selected IBM from the first menu and IBM 4029 from the second printer type menu, the
system at this point is not sure whether you are trying to add a queue to the printer which
already exists or whether you are trying to configure yet another IBM 4029 printer for your
system. That is why it will ask for clarification by displaying the screen with the above
message.
In the visual, we are assuming that there are no printers configured yet, or at least not one
of the type that we have selected, so the two screens are displayed. We are assuming that
the printer is connected to the parallel port.
Transition statement — Once information about the printer has been defined, the next
menu asks for information about the new print queues.

Instructor Guide
Add the print queues

Add a Print Queue
[Entry Fields]
Description IBM 4029 LaserPrinter
Names of NEW print queues to add
ASCII [asc]
GL Emulation []
PCL Emulation []
PostScript [ps]
Printer connection characteristics

* PORT number [p] +
Type of PARALLEL INTERFACE [standard] +
Printer TIME OUT period (seconds) [600] +#
STATE to be configured at boot time available +

Figure A-16. Add the print queues AN121.1
Notes:
Create the print queues

This menu varies depending on the characteristics of the physical printer. If the printer is
capable of two or three different modes or emulations, the system prompts you for a
separate queue name for each emulation. Once these queues are created, they are
sometimes referred to as virtual print devices.
Additional queues can be added to this printer after the initial queues are created.

V5.3
Instructor Guide

Purpose — Define why there can be multiple instances of queue names required.
Details — There are many variations on the naming of print queues and print devices. It is
recommended that they are kept short and simple without loosing the unique description
required by the users.
Once these initial print queues are created, more queues and queue customization can be
done. It is this procedure that creates the print and queue relationships and subsequently
updates the /etc/qconfig file. It is highly recommended that you do not edit the
/etc/qconfig file directly. Use SMIT whenever possible, because of the implications with
the ODM updates.
In our example, you have chosen to create just two queues for our IBM 4029 printer. Take
the time to point out the two queues (ps and asc as shown in the student notes) that were
created as a result of having a printer which is capable of multiple modes. More often than
not, this is probably going to be the case. Also, point out that the /etc/qconfig file has a
stanza construct added, that will point two queues, to a single printer.
Transition statement — Now that the printer infrastructure is in place, let's talk about
remote printing.

Instructor Guide
Remote printing
host1 client1
lp1
9 Set up the local print queue. 9 Configure a

9 Define client machines in remote queue.
/etc/hosts.lpd.
9 Start the lpd daemon.
Figure A-17. Remote printing AN121.1
Notes:
Overview of print server setup

Once your system has the local queue set up, any user on that system can print. If the
machine is networked, it can also provide printing for client machines by becoming a
print server.
To set up a print server, you need to define the client machine names, or IP addresses,
in the /etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be
done through SMIT. To use SMIT, the fastpath to identify the client system is smit
mkhostslpd.
The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT
also adds entries to /etc/inittab to ensure that it is started on reboot. The fastpath for
this screen is smit mkitab_lpd.

V5.3
Instructor Guide

Purpose — Explain the step for setting up remote printing.
Details — Keep this discussion simple. This is not a discussion on networking or TCP/IP.
This visual assumes that networking is already configured. Most users operate in a
networking environment and network printing is very common.
There are different techniques to set up remote printing. Here, you are showing how to take
an AIX system with a local printer, and turn it into a print server. This does not require much
discussion of the network itself. All the user needs to know is what the names (or IP
addresses) are of the client machines.
There are other ways to set up remote printing. For example, HP Jet Direct cards are very
common. If the students are using these, then the AIX system is a client rather than a host.
We address that in a moment.
Additional information — These SMIT screens can be found in Print Spooling >
Manager Print Server.
Transition statement — Let's take a look a the screen to define the client systems.

Instructor Guide
Client authorization
# smit mkhostslpd
Add Print Access for a Remote Client

[Entry Fields]
* Name of REMOTE CLIENT [client1]
(Hostname or dotted decimal address)

Figure A-18. Client authorization AN121.1
Notes:
Set up client authorization

This step is done on the print server. On this screen, enter the client machine's name or
IP address. A plus sign ( + ) is also valid. It indicates that this AIX system is a print
server to all machines.

V5.3
Instructor Guide

Purpose — Show how to set up client authorization.
Details — Enter the name or IP address. A plus (+) symbol gives access to all machines.
The entries are added to the /etc/hosts.lpd file.
Transition statement — Let's see how to start the print server.

Instructor Guide
Start lpd
# smit mkitab_lpd
Start the Print Server Subsystem
[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
EXPORT directory containing print attributes? [no] +
Note:
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running

Figure A-19. Start lpd AN121.1
Notes:
Starting the lpd daemon

This step is done on the print server. The lpd daemon is controlled by the system
resource controller (SRC). The commands startsrc and stopsrc can be used to
control lpd. By using SMIT, an entry is placed in the /etc/inittab file to ensure that lpd
is started each time the machine is booted.

V5.3
Instructor Guide

Purpose — Show how to start the lpd daemon.
Details — Keep this simple. The screen's defaults are all that is needed to start the lpd
daemon and turn the AIX system into a print server.
Transition statement — Now that the server is running, let's see how to configure a client
machine for remote printing.

Instructor Guide
Add a remote print queue

AIX Print Spooling
Add a Print Queue
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend

/=Find n=Find Next
Figure A-20. Add a remote print queue AN121.1
Notes:
Adding a remote queue on the client

This step is done on the client machine. The procedure to add a remote queue starts
the same way as a local queue: smit spooler > Add a Print Queue. This time, select
remote as the attachment type.
You are prompted to determine if you want to perform any type of filtering or
pre-processing to the print job before it is sent. Normally, Standard Processing is
selected. This just sends the job to the printer server and the print server is responsible
for processing the job.

V5.3
Instructor Guide

Purpose — Show what to pick from SMIT to set up a remote print queue
Details — Each attachment type will ask for different information. Let’s show what
information is needed to set up the remote queue.
Be sure to mention there will be one more screen that follows this. It is used to preprocess
a job. Selecting Standard Processing will leave all processing to the printer server.
Transition statement — Let's see what is needed to complete the process.

Instructor Guide
Define the print server on the client
Add a Standard Remote Print Queue

[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
*Name of QUEUE on remote server [lp1]
Type of print spooler on remote server AIX Version 3 or 4 +
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
file pathname
DESCRIPTION of printer on remote server []

Figure A-21. Define the print server on the client AN121.1
Notes:
Required input
Only three lines are required to complete the queue set up. You must name your local
(to the client) queue name. Then, provide the name of the printer server. Lastly, name
the queue on the print server.

V5.3
Instructor Guide

Purpose — Complete the remote queue set up.
Details — Focus on the first three lines.
Name of QUEUE to add is the name of the queue on the client side. Users logged into the
client machine, send their jobs to this queue.
The hostname and the name of the queue on the host must be added.
Additional information — The local queue name, and printer server's queue names, can
be different or they can be the same. By keeping them the same, users on both machines
would direct their print jobs to queues of the same name. This is easier for the users and
the administrator.
Transition statement — Let's do a quick review.

Instructor Guide
Let's review
1. True or False: The qdaemon is responsible for printing jobs.
________________________________________________
________________________________________________
________________________________________________
2. To set up remote printing, what daemons are needed, and do they

run on the server, the client, or both?
________________________________________________
________________________________________________
3. What does the up = TRUE indicate in the /etc/qconfig file?
________________________________________________
________________________________________________
4. What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
________________________________________________
________________________________________________
________________________________________________
Figure A-22. Let’s review AN121.1
Notes:

V5.3
Instructor Guide

Purpose — Review and test the students understanding of the first part of this unit.
Details — A suggested approach is to give the students about five minutes to answer the
questions on this page. Then, go over the questions and answers with the class.
et's review solution

. True or False: The qdaemon is responsible for printing jobs. The printer
back-end is responsible for printing. The qdaemon manages jobs in
queue. The qdaemon hands the jobs off to the back-end for printing.
. To set up remote printing, what daemons are needed, and do they run on
the server, the client, or both? qdaemon and lpd on the server
qdaemon only on the client
. What does the up = TRUE indicate in the /etc/qconfig file? It means the
queue is accepting jobs. If it were FALSE, the user would be notified
that the queue is not accepting jobs.
. What does discipline mean in reference to the /etc/qconfig file? What
are its possible values? discipline is read by qdaemon to determine
the sorting order for jobs in the queue. The values supported are fcfs
(first come first server) and sjn (shortest job next).
Let's review solution

1. True or False: The qdaemon is responsible for printing jobs. The printer
back-end is responsible for printing. The qdaemon manages jobs in
queue. The qdaemon hands the jobs off to the back-end for printing.
2. To set up remote printing, what daemons are needed, and do they run on
the server, the client, or both? qdaemon and lpd on the server
qdaemon only on the client
3. What does the up = TRUE indicate in the /etc/qconfig file? It means the
queue is accepting jobs. If it were FALSE, the user would be notified
that the queue is not accepting jobs.
4. What does discipline mean in reference to the /etc/qconfig file? What
are its possible values? discipline is read by qdaemon to determine
the sorting order for jobs in the queue. The values supported are fcfs
(first come first server) and sjn (shortest job next).
Transition statement — Now, let’s look at how to submit print jobs.

Instructor Guide
Submitting print jobs

• AIX print systems offer compatibility to System V print
commands
• To submit a job to a queue:

System V BSD AIX
lp lpr qprt
$ lp -d queuename filename
- OR-
$ qprt -P queuename filename
Figure A-23. Submitting print jobs AN121.1
Notes:
Introduction
There are three sets of commands for submitting, listing and cancelling print jobs. They
come from either System V, BSD, or IBM versions of UNIX and are all available in AIX.
The commands have slightly different options.
Submitting a print job

To submit a print job to a queue, use either lp, lpr, or qprt. All jobs go to the system
default queue, unless the PRINTER or LPDEST variables are set. You can also specify, on
the command line, which queue to use. Use -d with lp or use -P with qprt and lpr.

V5.3
Instructor Guide
Uempty Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c
option if spooling is desired. The command lpr spools and queues by default. The -c
option will turn off spooling with lpr.
Multiple copies
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and
with lpr use just a hyphen followed by the number of copies ( - # ).
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the
/var/spool/qdaemon directory.
The enq command

All the print commands, lp, lpr, and qprt, actually call the enq command which places
the print request in a queue. enq can be used instead of the other commands to submit
jobs, view job status, and so forth. To submit a job using enq:
$ enq -Pqueuename filename
Requesting a specific printer

Ordinarily your request is serviced by the first device on the queue that becomes
available. However, if more than one printer services a queue, you can request a
specific printer by using the name of the queue followed by a colon (:) and then the
name of the printer. For example, if a system with one queue (ps) is serviced by two
printers (lp0 and lp1), and a print job needs to be printed on the lp1 printer, use the
command:
$ qprt -Pps:lp1 /home/team01/myfile

Instructor Guide
Instructor notes:
Purpose — Show how to submit jobs to the printer.
Details — Explain the visual using the student notes. Do not explain every single option for
every command. Concentrate on the AIX command.
Note that qprt was chosen to be on the visual because it is the AIX command. lp was also
included because it illustrates that these commands use different options. lp is the most
popular printing command in UNIX. The student notes include a discussion on all the
available commands. Students should choose what works best for them.
You may also want to mention the -j option, which can be used with the enq and lpr
commands, so that the job number is displayed once the job has been submitted to print.
The lp command displays the job number by default. The qprt command uses the -j
option for another purpose.
Transition statement — Once you have submitted a job, you probably want to view where
in the queue your job is. Let's see how you can do this.

V5.3
Instructor Guide
Uempty
Listing jobs in a queue

• To list jobs in a queue:
SYSTEM V BSD AIX

lpstat lpq qchk
For example:
$ qchk
Queue Dev Status Job Files User PP % Blks Cp Rnk
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1 1
Figure A-24. Listing jobs in a queue AN121.1
Notes:
Checking status with the qchk command

Many of the print job control tasks require the user to supply a job number. The job
number, along with other queue status information is available by checking the status of
print jobs.
The fields from the qchk command are as follows:
Queue Queue name
Dev Logical device name for the queue
Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)
Job The job number assigned by the qdaemon
Files Files sent to the queue
User User who sent the print request

Instructor Guide
PP Number of pages printed

% Percent completed
Blks The number of 512-byte blocks the print job has been split into
Cp Copies of each job to be printed
Rnk Order on that queue
Other viewing commands

Other commands that can be used to view printer status include:
lpstat Shows status of all queues
lpq Shows status of the default queue
qchk -A Shows status of all queues
enq -A Shows status of all queues
qchk -W Shows status in wide-form mode
This is helpful if using long queue and device names, and 6-digit job numbers. This option
is available with AIX V4.2.1 and later.

V5.3
Instructor Guide

Purpose — How to list the jobs in a queue
Details — Explain the advantage of the lpstat command which by default lists information
about all the configured queues. With the qchk command, use the -A option to obtain a
similar sort of listing. The qchk with no options lists only the default queue information.
Also mention the -L option with the qchk command. This option displays a long-form listing
of the queues including spool file information. The -W option displays a wide-form listing,
which is helpful if device or queue names are long. The wide-form listing lists queue names
up to 20 characters, and device names up to 14 characters (versus 7 and 5 characters
respectively). This option is available with AIX V4.2.1 and later, and cannot be used when
the -L option is used.
All the attributes have been defined in the student notes.
Transition statement — Let's look at more tools that enable you to manage your print
queues.

Instructor Guide
Change characteristics of a queue

# smit chpq
Print Queue to Change / Show

[Entry Fields]
PRINT QUEUE name [ps] +
Characteristics to Change / Show

Move the cursor to the desired item and press Enter.
1.Printer Setup
2.Default Print Job Attributes
3.Accounting File
4.Queuing Discipline
Figure A-25. Change characteristics of a queue AN121.1
Notes:
Attributes for Printer Setup option

After selecting 1. Printer Setup, the following attributes can be changed or shown:
• Automatic mode switching to PostScript
• Paper size in trays and the manual feeder
• Envelope size
• ID of the font cards
• Paper trays for header and trailer pages
• Formatting flags for the header and trailer pages
• Users to get the intervention messages
• Flags prohibited for all print files
• Mode in which to leave the printer at the end of the job
• Width of printable area on header page

V5.3
Instructor Guide
Uempty Attributes for Default Print Job option

After selecting 2. Default Print Job Attributes, the following attributes can be changed
or shown:
• Text print options such as emphasized print
• Job processing options such as page number where printing should begin
• Text formatting options such as top Margin and lines per page
• Paper/Page Options such as page orientation
• Header/Trailer Page such as separator pages
• Messages/Diagnostics
Attributes for Accounting File option

After selecting 3. Accounting File, the following attribute can be changed or shown:
• Accounting file name
Attributes for Queuing Discipline option

After selecting 4. Queueing Disciple, the following attribute can be changed or shown:
• Queuing discipline

Instructor Guide
Instructor notes:
Purpose — Show how the characteristics of the queue can be customized.
Details — You must select the queue name to which you wish to make the changes. Then,
select the option that holds the attribute that you are changing. Refer to the student notes
to obtain a list of what is contained in each option.
The actual contents of each option will vary depending on the type of queue being
customized (for example, an ASCII queue versus a PostScript queue).
Under Default Print Job Attributes => Job Processing Options..., some queues allow
you to specify the page number where printing should begin. This can be helpful if there is
a paper jam in the middle of printing a job. Bring the queue down and fix the jam. Then,
alter this value to indicate the page at which you want the print job to resume. Then,
change the value back to 1 for printing future jobs.
The queueing discipline will be covered in more detail shortly. If a student asks, the two
disciplines that can be chosen are either First Come First Serve or Shortest Job Next.
Transition statement — Let's see how we can remove a queue.

V5.3
Instructor Guide
Uempty
Removing a queue
# smit rmpq
Remove a Print Queue

[Entry Fields]
Print queue to remove ps:lp0
Local printer device /dev/lp0
KEEP the local printer device? no +

Figure A-26. Removing a queue AN121.1
Notes:
Removing a queue with SMIT

It is not possible to remove a queue containing jobs. The jobs would have to be
removed first.
The last option on the screen asks whether the printer device definition should be kept.
This option will only appear if the queue being removed is the only queue defined for a
printer. Note that by default, it will be removed.

Instructor Guide
Instructor notes:
Purpose — Show how queues can be deleted from the system.
Details — The last option on the screen asks whether the printer device definition should
be kept. This option will only appear if the queue being removed is the only queue defined
for a printer. Note that by default, it will be removed. You may wish to keep the definition if
in the future you wish to add a new queue which uses the same printer. If there were other
queues which were using the printer, the last option would not be present on the SMIT
screen. This option will remove the print queue from the system configuration.
Additional Information—
Transition statement — Other management tasks can be carried out on queues. Let's see
what they are.

V5.3
Instructor Guide
Uempty
Managing queues
# smit pqmanage
Manage Print Queues
Show Status of Print Queues

Stop a Print Queue
Start a Print Queue
Set the System's Default Print Queue

Figure A-27. Managing queues AN121.1
Notes:
SMIT Managing Queues options

The following actions can be performed:
• Show Status of Print Queue gives output similar to qchk and lpstat
• Stop a Print Queue runs the disable command
• Start a Print Queue runs the enable command
• Set the System's Default Print Queue reorders the /etc/qconfig file to ensure
the default queue is the first queue in the file

Instructor Guide
Instructor notes:
Purpose — List the supported management tasks for queues through SMIT.
Details — The visual is fairly self explanatory. Point out that if a print queue is stopped,
print jobs can still be submitted to the queue. However, they will not be processed until the
queue is enabled.
Changing the system wide default printer will affect everyone other than those who have
set the PRINTER or LPDEST variable to their own personal choice.
We will look at the first three items on this menu. The last item is self-explanatory, so there
is no need to spend more time on it.
Be sure to point out that the last three tasks on this menu can only be performed by the
root user or a member of the printq group.
Transition statement — Let's see what the different queue statuses mean.

V5.3
Instructor Guide
Uempty
Understanding queue status

Queue Dev Status Job Files User PP % Bks Cp Rnk
ps lp0 DOWN
QUEUED 1569 /etc/motd root 1 1 1
State Description
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
DOWN Queue is down and no jobs will be serviced
from this queue until it is brought up
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
Figure A-28. Understanding queue status AN121.1
Notes:
Introduction
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There
are a number of different status states that may be seen.
DEV_BUSY
This status can occur when more than one queue is defined to a print device and
another queue is currently using the print device. It could result when the qdaemon
attempts to use the printer port device and another application is currently using that
print device. Normal recovery: You have to wait until the queue or application has
released the print device, or kill the job or process that is using the printer port.

Instructor Guide
DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline,
out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:
Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes
the jobs have to be removed from the queue before the problem can be corrected.
DOWN
This status is set when the device driver cannot communicate with the printer after
TIME OUT seconds (which can be set through SMIT). This variable indicates the
amount of time, in seconds, that the queuing system waits for a printer operation. If the
printer is off, the queue will go down. Also, the operator can bring down the queue
intentionally, which might be necessary for system maintenance. Normal recovery:
Correct the problem that has brought the queue down and then bring the queue up
again.
OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the
paper, change forms, and so on. This is usually software related. Normal recovery:
Respond appropriately to the request that is made by the queuing system.
QUEUED
This status is set when a print file is queued and is waiting in line to be printed.
READY
This is the status of a queue when everything involved with the queue is ready to queue
and print a job.
RUNNING
This status occurs when a print file is printing.
UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is
using, and its status is DEV_WAIT. The queue cannot get a status from the printer
device when it is on hold. Normal recovery: Bring down the other queue or fix the
problem with the printer (paper out, jammed, offline and so on). Bring the new queue
down and then back up so that the queue will register as READY.

V5.3
Instructor Guide

Purpose — Define the different queue states.
Details — Explain each of the values, not in too much detail, using the student notes.
Transition statement — Let's see how to bring a queue up and down.

Instructor Guide
Bringing queues up and down
# lpstat
Queue Dev Status Job Files User PP % Bks Cp Rnk
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
Quality lp0 READY
• To enable a queue whose status is DOWN:

# enable draft
• To disable a queue whose status is READY:

# disable quality
You must be a member of the printq group or root.
Figure A-29. Bringing queues up and down AN121.1
Notes:
Enabling a queue
Occasionally, problems with printers can bring a queue down. Once the problem has
been fixed it can be brought back up with:
# enable <queuename>
Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any
maintenance is going to be performed on the printer. You can do this with either of the
commands:
• # disable <queuename>
• # enq -D -P <queuename>

V5.3
Instructor Guide

Purpose — Show how to bring up a queue after a problem is resolved or down for system
administration purposes.
Details — There are several commands that can be used to bring queues up and down.
The student notes show two of them.
The enq options -D and -U can only be used on local print jobs. Most system administrators
find that the enable and disable commands are the easier ones to use.
This example shows queue names of draft and quality. These are the queue names that
will be used in the machine exercises.
Transition statement — Let's turn our focus to jobs and how to manage them.

Instructor Guide
Manage Print Jobs

# smit jobs
Manage Print Jobs
Cancel a Print Job

Show the Status of Print Jobs
Prioritize a Print Job
Hold / Release a Print Job
Move a Job between Print Queues

Figure A-30. Managing Print Jobs AN121.1
Notes:
Who can manage print jobs?

The root user or a member of the print group can work with any print request. Normal
users can only work with their own print jobs.

V5.3
Instructor Guide

Purpose — Discuss the SMIT screen that is used to manage print requests.
Details — Do not go into too much detail at this point for each option. We have already
discussed the menu item Show the Status of Print Jobs. The other options will be
discussed next.
Transition statement — Let's look at these tasks one at a time.

Instructor Guide
Cancel a Print Job

# smit qcan
Cancel a Print Job

[Entry Fields]
PRINT QUEUE containing job [ ] +
(required for remote jobs)
* Print JOB NUMBER [ ] +#

Figure A-31. Cancel a Print Job AN121.1
Notes:
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue.
Normal users can only cancel their own jobs, whereas root can cancel any job.
Commands to cancel print jobs

To cancel a job you can either use the smit qcan fastpath, or use one of the following
commands:
• cancel (System V)
• lprm (BSD)
• qcan (AIX)

V5.3
Instructor Guide
Uempty Examples
To cancel job number 127 on whatever queue the job is on, you can use either of the
following two commands:
• # qccel 127
To cancel all jobs queued on printer lp0, you can use either of the following two
commands:
• # qcan -X -Plp0
• # cancel lp0

Instructor Guide
Instructor notes:
Purpose — How to cancel a job in a queue.
Details — Point out that there are restrictions. As an ordinary user, you can only cancel
your own requests (which is a desirable thing!). However, root or a member of the printq
group can cancel any job from any queue.
Note the two examples in the student notes. The use of the -x option allows you to cancel
a specific job by its job number. An equivalent command to that shown in the student notes
is cancel 127. The use of the -X option allows you to cancel all jobs queued on a specific
printer. If a normal user uses this option, only the jobs that they submitted will be cancelled.
The qcan command can be used to cancel both local and remote jobs.
This command can also be used to cancel HELD jobs.
Additional information — You may want to mention that a running job can only be
cancelled if all of it hasn't been sent to the printer. Today's printers all have buffers. Once
the print job has left the system it is outside the control of printer commands. The status
may show running but there won't be any way to cancel it. On some printers, it is possible
to power-off the printer as a way to clear the buffer. A large job that is bigger than the
printer buffer can be cancelled before it completes. Keep in mind that whatever is in the
printer buffer will still be printed.
Transition statement — Let's see how the priority of print requests can be changed.

V5.3
Instructor Guide
Uempty
Job priority example

# qchk -L
Queue Dev Status Job Name From To
______ ___ _______ Submitted Rnk Pri Blks Cp PP %
ps lp0 DOWN
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25
1 15 2 1
/etc/qconfig
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 2 15 1 1
/etc/motd
# qpri -#570 -a 25
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
ps lp0 DOWN
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
Figure A-32. Job priority example AN121.1
Notes:
Processing order
The discipline line in the /etc/qconfig file determines the order in which the printer
serves the requests in the queue. In the queue stanza, the discipline field can either
be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no
discipline in the queue stanza, requests are serviced in fcfs order.
Changing print job priority

Each print job also has a priority that can be changed through SMIT (smit qpri) or with
the qpri command. Print jobs with higher-priority numbers are handled before requests
with lower-priority numbers. Only a user who has root authority or who belongs to the
printq group can change the priority of a local print request.

Instructor Guide
Note
You can only set priorities on local print jobs. Remote print jobs are not supported.
The qprt -R command can also be used to set job priority.
Example
The example in the visual shows that when print jobs are submitted they receive the
default priority of 15. The example shows how the qpri command can be used to
change the priority of job number 570 to 25. Use the qchk -L command to show the
new job priorities.

V5.3
Instructor Guide

Purpose — Define how to change the priority of a print job.
Details — Mention that normal users can only raise their priority to 20, whereas members
of the printq group or root can change their priority to 30. Mention also that jobs by default
are submitted with a priority of 15.
You can only assign priority on local queues. You cannot assign the priority of a remote
print job.
The example shows that when print jobs are submitted they receive the default priority of
15. The example shows how the priority of job number 570 has been increased to 25. This
is clearly seen in the output of the qchk -L command.
Students note that the ps queue has been disabled. However, it is still possible to send
jobs to the queue.
Priority takes precedence over discipline. Even in the shortest-job-next environment,
priority is the most important.
Transition statement — Now let's see how a job can be held in a queue.

Instructor Guide
Holding a job in a queue

# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
# qhld -#1493
# qchk
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1
# qhld -r -#1493
# qchk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
Figure A-33. Holding a job in a queue AN121.1
Notes:
Holding and releasing a print job

The qhld command is used to put a temporary hold on a job that is waiting in the
queue. The qhld command is also the command that is used to release job back in the
queue.
The visual provides a example of using the qhld command to hold and then release job
# 1493.
This task can also be accomplished through smit (smit qhld).

V5.3
Instructor Guide

Purpose — To show how to use the qhld command.
Details — Cover the example. qhld can be used to hold a job, a queue (use -P) or jobs
owned by a particular user (use -u).
If you specify and own and do not specify a queue name, then all jobs by that owner are
effected.
You cannot hold a job once it starts printing.
You cannot hold or release remote print jobs.
Explain the example per the visual. Job number 1493 is first held and then released.
In reality, if the queue were ready and only one job was queued, the job would print before
you could alter it to HELD. So, for the sake of example, assume that there are other jobs in
the queue that may currently be printing.
Transition statement — Print jobs can also be moved from one queue to another. Let's
see how this can be done.

Instructor Guide
Moving a job between queues
# qchk -A

asc lp0 DOWN
QUEUE 11 /etc/qconfig root 2 1 1
ps lp0 READY
# qmov -mps -#11

# qchk -A

asc lp0 DOWN
ps lp0 RUNNING 11 /etc/qconfig root 2 1 1
Figure A-34. Moving a job between queues AN121.1
Notes:
Moving print jobs

You can move jobs between queues in AIX. The command qmov is used. The -m option
specifies what queue to move the job to and the -# option specifies the job number.
This can be done through smit using smit qmov.

V5.3
Instructor Guide

Purpose — Show how jobs can be moved from one queue to another.
Details — In the example the job is moved from the asc queue to the ps queue.
You cannot move a remote print job to another queue.
A job cannot be moved once it starts printing.
Additional information — When would this be useful?
Answer: if the user has made a mistake of submitting a job to the wrong queue.
Transition statement — Let's see what print-related directories to monitor.

Instructor Guide
Printing-related directories to monitor
var
spool
lpd
qdaemon
qdir
• Contains queue requests • Temporary copies of enqueued files

(job description files) if spooling
Figure A-35. Printing-related directories to monitor AN121.1
Notes:
Why directories may fill up

The directories shown in the visual fill up very quickly if the spooling mechanism
encounters a problem. For example, if the queue goes down, or if there are many users
submitting jobs, there may not be enough room to handle the requests.
Remember, when print jobs are submitted to spooling rather than just queuing, a copy
of that file is created and stored in the /var/spool/qdaemon directory until that job has
printed. At that time, the temporary file is removed. If the queue or multiple queues quit
working, jobs don't get through the system. This could cause a full condition in this
directory structure.

V5.3
Instructor Guide

Purpose — List the directories that should be monitored.
Details — The following are directories which could potentially grow, so these have to be
regularly monitored. The spooling directories and files are under /var/spool. Do not go
through each file and directory name, however two of the more frequently used directories
have been listed. /var/spool/lpd/qdir contains one request for each job submitted to the
printer, and the requests are in the format NumberUser_name:Queue_name. This is what
qdaemon uses to determine who submitted the job, which of the users use to determine who
submitted the job, which of the users requested this particular job, and the queue name to
which the job was submitted. The /var/spool/qdaemon directory contains the spool files (if
one is requested).
If the print spooler system needs to be cleared and restarted, it is possible to remove all
files from these directories. For example: rm /var/spool/lpd/qdir/* and
rm /var/spool/qdaemon/*. Be aware that these commands will completely delete all jobs
in the queues and the jobs need to be resubmitted. There are times when these actions are
necessary due to system problems. Of course, only the root user can execute these rm
commands.
Also, if the /var file system becomes too large, actions also need to be taken.
Transition statement — What if you encounter a problem with your printer or the queues?
What can you try?

Instructor Guide
Printing problem checklist

# cat file > /dev/lp0
Any output?
NO YES
Check hardware Check software
9 Check physical cables 9 qdaemon running

9 Printer online and ready 9 Check /etc/qconfig
9 No paper jams 9 Queue enabled
9 Not out of paper 9 /var and /tmp not full
Figure A-36. Printing problem checklist AN121.1
Notes:
First step
If you experience problems trying to print, start by checking the simple things first.
The easiest test to perform is to cat a file and redirect standard output to the printer
device file. This by-passes the queuing system and helps to narrow the problem.
Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually
hardware-related. Check to make sure the cables are attached securely. Make sure the
printer is ready to print (online). Make sure there is paper in the printer and there are no
paper jams.

V5.3
Instructor Guide
Uempty Potential software problems

If something does print out using cat but not print out when using lp, qprt, or lpr, the
problem is most likely software-related.
Check to make sure the qdaemon is running. If not, start it.
# lssrc -s qdaemon
# startsrc -s qdaemon
Look at the contents of /etc/qconfig to make sure it is not corrupt.
Ensure the queue is enabled. If not, enable it.
# lpstat
or
# qprt -A
# enable queuename
Check to make /tmp and /var are not full with the command: df

Instructor Guide
Instructor notes:
Purpose — Explain how to troubleshoot printing problems.
Details — Cover the visual in detail.
Make sure the students understand why performing a cat to direct a file to the printer helps
to pinpoint the problem area.
When checking cables, if using serial connection, be sure the pins have not been bent or
broken.
Ask the students if /tmp or /var is full, what commands would be useful in determining what
is filling the file system?
Answer:
# df
# du -ax /tmp
# du -ax /var
Additional information — When checking to see if qdaemon is running, make sure there is
only one qdaemon running. Having multiple qdaemons running is not a likely situation, but it
would cause a problem if it happened. If qdaemon is being used properly under SRC, it is
not likely that this problem would ever occur.
Transition statement — Let's take a look at some checkpoint questions.

V5.3
Instructor Guide
Uempty
Checkpoint (1 of 2)
1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.
________________________________________________
2. True or False: The /etc/qconfig file is read by the back-end program to
determine what the queue discipline is.
________________________________________________
3. True or False: All printer software is automatically installed when you
install the base operating system.
________________________________________________
4. What is the difference between these two commands?
# qprt -Pasc file1
# qprt -c -Pasc file1
________________________________________________
Figure A-37. Checkpoint (1 of 2) AN121.1
Notes:

Instructor Guide
Instructor notes:
1. True or False: One of the advantages of queues is that each user can have
a different default queue set up for them.
True. This can be accomplished using the PRINTER environment
variable.
False. It is read by qdaemon.
3. True or False: All printer software is automatically installed when you install
the base operating system.
False. Only a handful of printer software is installed by default.
# qprt -Pasc file1
The -c flag produces a spool file.
Transition statement — Continue with more checkpoint questions.

V5.3
Instructor Guide
Uempty
Checkpoint (2 of 2)
5. What three methods can be used to find out what the system default
queue is?
í
í
í
6. What users can bring print queues down?
_______________________________________________
7. True or False: Once the queue is down, no more jobs can be submitted
to the printer.
_______________________________________________
8. Can users hold all their print jobs in a specific queue? If so, how?
________________________________________________
________________________________________________
Figure A-38. Checkpoint (2 of 2) AN121.1
Notes:

Instructor Guide
Instructor notes:
queue is?
í First entry in /etc/qconfig file
í The output from the qchk command with no options
í The first queue listing from the lpstat command
The root user or members of the printq group.
to the printer. False. Jobs can be submitted to the queue. However,
they will not be printed until the queue is brought up again.
Yes, they can by only specifying a queue name and not individual
job numbers.
Transition statement — Now, let’s do an exercise.

V5.3
Instructor Guide
Uempty
Exercise 18: Printers and queues
• Add a printer and a queue

• Install printer support software (if needed)
• Check the queue
• Change the characteristics of a queue
• Manage jobs in queues
• Troubleshooting printer problems (optional)
Figure A-39. Exercise 18 AN121.1
Notes:
Introduction
This exercise gives you an opportunity to work with the AIX queuing system. If your
classroom does not have locally attached printers, your instructor needs to supply you
with local modification for this lab.
This exercise can be found in your Student Exercise Guide.

Instructor Guide
Instructor notes:
Purpose — Introduce the exercise.
Details —
Transition statement — Summarize the unit.

V5.3
Instructor Guide
Uempty
Unit summary
• Queues can be added for local or remote printing.

• Queue characteristics can be changed either through
SMIT or through high-level commands.
• Queues can be brought up and down by the system
administrator.
• The following tasks were considered:
– Submit and cancel print jobs
– List the jobs in a queue
– Hold and release jobs in a queue
– Move a job from one queue to another
– Change priorities of a print job
Figure A-40. Unit summary AN121.1
Notes:

Instructor Guide
Instructor notes:
Purpose — Summarize the unit.
Details —
Transition statement — This is the end of this unit.

V5.2
Instructor Guide
AP Appendix B. Checkpoint solutions

Unit 1
IBM Power Systems

LPARs? The HMC.
2. True or False: An AIX operating system can have no real

devices.
3.True or False: Virtualization features provided by the VIO

Server can be used by default on any Power system.
Lower end machines require a PowerVM license.
4. True or False: The su command enables you to get root

authority even if you signed on using another user ID.
You must also know the root password.
© Copyright IBM Corp. 2009 Appendix B. Checkpoint solutions B-1

Instructor Guide
Unit 2
IBM Power Systems
1. List the three main system management tools available on

AIX.
SMIT, WebSM, and IBM Systems Director console for AIX

To obtain the command(s) SMIT has just executed

Console?
Firmware/model information
Network configuration, IP address etc
A list of Top CPU logging processes
File system information
B-2 AIX installation © Copyright IBM Corp. 2009

V5.2
Instructor Guide
AP Unit 3
IBM Power Systems

The initial process is ignit. The file init references is
/etc/inittab for information regarding other processes
that have to be started.

The System Resource Controller (SRC)
3. True or False: You can only execute the AIX shutdown


Instructor Guide
Unit 4
IBM Power Systems
1. AIX V6.1 can that be installed from which of the following?

a. 8 mm tape
b. CD-ROM
c. Diskette
d. NIM Server
2. True or False: A Preservation install preserves all data on the
disks.
Preserves some of the existing data on the disk selected for
installation. This method overwrites the user (/usr), variable
(/var), temporary (/tmp), and root (/) file systems. Other
product application files and configuration data are destroyed.
3. What is the console used for during the installation process?
The console is used to display all the system messages and to
interact with the installation.

V5.2
Instructor Guide
AP Unit 5
IBM Power Systems
1.Which of the following states must your software be in, in order for you
to be able to use it? Select all that apply.
a. Applied state
b. Removed state
c. Install state
d. Commit state
2.What command is used to list all installed software on your system?

lslpp –l or –L
3.Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
4.True or False: If a problem is found with the inetd subsystem, it is

possible to download and apply a fix to bos.net.tcpip.server fileset to

Instructor Guide
Unit 6
IBM Power Systems

fcs0
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter
Port 1 of a 4Gb Fibre Card, connected to planar 1, card slot 3, in Power

550 CEC (U78A0)

The AIX Kernel can determine the actual driver and device to be
accessed for a user-level request.
Perform a long directory list of the /dev directory.


configuration? prtconf, lsdev, lscfg, lsslot, lssattr

V5.2
Instructor Guide
AP Unit 7
IBM Power Systems
5. Volume Group
1. Volume Group___
Descriptor Area__
VGDA 6. Physical Volume
2. Physical Partition
3. Logical Partition
4. Logical Volume

Instructor Guide
Unit 7
IBM Power Systems
a single VG? One
8. By default, how big are PPs? Traditionally 4 MB, but LVM
chooses an optimal size based on the #PPs/PV and the size
of largest PV in the VG.
belong to?
b) Only one
regardless of how many volume groups (VGs) exist. All VGDAs
within a VG are the same.

V5.2
Instructor Guide
AP Unit 7
IBM Power Systems

## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 ---- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 --
-- yes
yes no
no
/dev/hd9var
/dev/hd9var ---- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 ---- yes
yes no
no
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 163840
163840 ---- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
/dev/lv00
/dev/lv00 --
-- /home/john jfs2
/home/john jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin--
/dev/hd11admin-- /admin
/admin jfs2
jfs2 262144
262144 ---- yes
yes no
no
/dev/hd1
Enhanced journaled file systems (JFS2), and CD-ROM (CDRFS)
volume?
/
/home

Instructor Guide
Unit 8
IBM Power Systems

physical volume.
volume group.
4. True or False: If mirroring logical volumes, it is not
necessary to perform a backup. False. You still need to
back up to external media.
5. True or False: SMIT can be used to easily increase or
decrease the size of an enhanced JFS filesystem.
provide increased performance and availability

V5.2
Instructor Guide
AP Unit 9
IBM Power Systems

a file? istat
of the logical volume it is on is increased? No

which it sits removed as well? Yes

in order to make it available for use? The file system
must be mounted using the mount command.

1 LP

Instructor Guide
Unit 9
IBM Power Systems

Add 1 GB
chfs –a size=+1G <file system>
Set the size to 5 GB
chfs –a size=5G <file system>

system is full? df

specific location?
du

inconsistent file systems? fsck

V5.2
Instructor Guide
AP Unit 10
IBM Power Systems

Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640 MB 7%
640 MB 7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00
Obviously, it is difficult to come to any conclusions regarding the state of this

system just by looking at a snapshot picture like the one above. However, at first
glance, the following potential problems can be noticed:
• paging00 is underutilized
• paging01 is over utilized, and the size seems to be too small. Both user-defined
paging spaces are on the same disk.
• paging01 should be deleted. The administrator should investigate why there is a high
level of paging and possibly increase the size of hd6 and paging00.
2. True or False: The size of paging00 (in the above example)

can be dynamically decreased.

Instructor Guide
Unit 11
IBM Power Systems

Option a) backs up the files using the full path names, whereas
option b) backs up the file names using the relative path names.
Therefore, b)’s files can be restored into any directory.

You would be at the start of the backed up images of the files, having
skipped over the first three sections of the tape (boot image, mkinsttape,
and dummy toc).
3. Which command could you use to restore these files? The files were
backed up using the backup command so you would have to use the
restore command.
are mounted. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.

V5.2
Instructor Guide
AP Unit 12
IBM Power Systems

/var/adm/sulog
chmod 6754 file1
r w s r w- r - -
root
SVTX or sticky bit
This value removes all permission bits for the “others”
category, which enhances security.

Instructor Guide
Unit 12
IBM Power Systems

and passwd?
The pwdadm command can only be run by a member
of the security group

passwd

4. True or False: RBAC is disabled by default on AIX 6.1.

V5.2
Instructor Guide
AP Unit 12
IBM Power Systems

No
Why or why not?
Because the passwords are held in encrypted format, so
even the system administrator cannot tell what the password
was set to.

/etc/passwd
/etc/security/user

Instructor Guide
Unit 13
IBM Power Systems
1. True or False: The at.allow and at.deny files must be

used to specify which users are allowed and denied use
of the at command.
False. Only one or the other of these files should be
used.
2. Give a crontab entry that would specify that a job should

run every Thursday at 10 past and 30 minutes past
every hour.
10,30 * * * 4 <job>
3. How would you schedule the script named myscript, to

run 10 minutes from now?
# at now + 10 minutes
myscript
^d
# © Copyright IBM Corporation 2009

V5.2
Instructor Guide
AP Unit 14
IBM Power Systems

• /etc/rc.tcpip
starts TCP/IP daemons (sendmail, inetd, etc.)
• ssh
to login or run command on a remote machine (securely)
• VNC
to use a remote graphical display on a local desktop machine
• /etc/services
to store server side ports of TCP/IP applications
Multipath routing allows us to specify multiple paths to
hosts and gateways for load balancing and high availability
Comment out the ftp line in /etc/inetd.conf and refresh the
inetd daemon.

Instructor Guide
Unit 15
IBM Power Systems

System and Application

wparexec

Using the network alias feature on the global environment’s physical or virtual
network interface
Shared-system: /usr and /opt are shared read-only from the global environment
through namefs mounts.
NFS hosted: /usr and /opt filesystems are nfs mounted from a host system
Non shared: /var, /home, /tmp, and / are separate local file systems (jfs/jfs2) within
the WPAR

V5.2
Instructor Guide
AP Appendix A
1. True or False: One of the advantages of queues is that each user can have
a different default queue set up for them.
True. This can be accomplished using the PRINTER environment
variable.
False. It is read by qdaemon.
3. True or False: All printer software is automatically installed when you install
the base operating system.
False. Only a handful of printer software is installed by default.
# qprt -Pasc file1
The -c flag produces a spool file.

Instructor Guide
Appendix A
queue is?
í First entry in /etc/qconfig file
í The output from the qchk command with no options
í The first queue listing from the lpstat command
The root user or members of the printq group.
to the printer. False. Jobs can be submitted to the queue. However,
they will not be printed until the queue is brought up again.
Yes, they can by only specifying a queue name and not individual
job numbers.

V5.3
Instructor Guide
glos Glossary
Note: Synonymous with: This is a backward reference
from a defined term to all other terms that have the
The entries in this glossary were developed a same meaning.
number of years ago and indicate the use of various See: This refers the reader to multiple-word terms
terms at a particular point in UNIX history. Hence, that have the same last word.
some of the definitions may not be applicable to See also: This refers the reader to terms that have a
related, but not synonymous, meaning.
current UNIX implementations such as AIX 6, and Deprecated term for: This indicates that the term
some other statements in the entries may not be should not be used. It refers to a preferred term,
current. However, this glossary still provides which is defined in its proper place in the glossary.
valuable information regarding the historical use of
the terms listed here.
A
This glossary includes terms and definitions from: access mode A matrix of protection information
stored with each file specifying who may do what to
• The American National Standard Dictionary for a file. Three classes of users (owner, group, all
Information Systems, ANSI X3.172-1990, others) are allowed or denied three levels of
copyright 1990 by the American National access (read, write, execute).
Standards Institute (ANSI). Copies may be access permission See access mode.
purchased from the American National access privilege See access mode.
Standards Institute, 11 West 42nd Street, New address space The address space of a process is
York, New York 10036. Definitions are identified the range of addresses available to it for code and
by the symbol (A) after the definition. data. The relationship between real and perceived
space depends on the system and support
• The ANSI/EIA Standard— 440-A, Fiber Optic hardware.
Terminology. Copies may be purchased from AIX Advanced Interactive Executive. IBM's
the Electronic Industries Association, 2001 implementation of the UNIX Operating System.
Pennsylvania Avenue, N.W., Washington, DC AIX Family Definition IBM's definition for the
20006. Definitions are identified by the symbol common operating system environment for all
(E) after the definition. members of the AIX family. The AIX Family
Definition includes specifications for the AIX Base
• The Information Technology Vocabulary, System, User Interface, Programming Interface,
developed by Subcommittee 1, Joint Technical Communications Support, Distributed Processing,
Committee 1, of the International Organization and Applications.
for Standardization and the International alias The command and process of assigning a new
Electrotechnical Commission (ISO/IEC name to a command.
JTC1/SC1). Definitions of published parts of this ANSI American National Standards Institute. A
vocabulary are identified by the symbol (I) after standards organization. The United States liaison
the definition; definitions taken from draft to the International Standards Organization (ISO).
international standards, committee drafts, and application program A program used to perform an
working papers being developed by ISO/IEC application or part of an application.
JTC1/SC1 are identified by the symbol (T) after argument An item of information following a
the definition, indicating that final agreement has command. It may, for example, modify the
not yet been reached among the participating command or identify a file to be affected.
National Bodies of SC1. ASCII American Standard Code for Information
Interchange. A collection of public domain
• The Network Working Group Request for character sets considered standard throughout the
Comments: 1208. computer industry.
The following cross-references are used in this awk An interpreter, included in most UNIX operating
glossary: systems, that performs sophisticated text pattern
Contrast with: This refers to a term that has an matching. In combination with shell scripts, awk
opposed or substantively different meaning. can be used to prototype or implement applications
Synonym for: This indicates that the term has the far more quickly than traditional programming
same meaning as a preferred term, which is methods.
defined in its proper place in the glossary.
© Copyright IBM Corp. 2009 Glossary X-1

Instructor Guide
B change mode The chmod command will change

the access rights to your own files only, for
background (process) A process is “in the yourself, your group or all others.
background” when it is running independently of
the initiating terminal. It is specified by ending the character I/O The transfer of data byte by byte;
ordinary command with an ampersand (&). The normally used with slower, low volume devices
parent of the background process does not wait for such as terminals or printers.
its “death”. character special file An interface to devices not
backup diskette A diskette containing information capable of supporting a file system; a byte oriented
copied from another diskette. It is used in case the device.
original information is unintentionally destroyed. child The process emerging from a fork command
Berkeley Software Distribution Disseminating arm with a zero return code, as distinguished from the
of the UNIX operating system community at the parent which gets the process id of the child.
University of California at Berkeley; commonly client User of a network service. In the client/server
abbreviated “BSD”. Complete versions of the UNIX model, network elements are defined as either
operating system have been released by BSD for a using (client) or providing (server) network
number of years; the latest is numbered 4.3. The resources.
phrase “Berkeley extensions” refers to features command A request to perform an operation or run
and functions, such as the C shell, that originated a program. When parameters, arguments, flags, or
or were refined at UC Berkeley and that are now other operands are associated with a command,
considered a necessary part of any fully configured the resulting character string is a single command.
version of the UNIX operating system.
command file A data file containing shell
bit bucket The AIX file “/dev/null” is a special file commands. See shell file, or shell script.
which will absorb all input written to it and return no
data (null or end of file) when read. command interpreter The part of the operating
system that translates your commands into
block A group of records that is recorded or instructions that the operating system understands.
processed as a unit. command or previous command key.
block device A device that transfers data in fixed concatenate The process of forming one character
size blocks. In AIX, normally 512 or 1024 bytes. string or file from several. The degenerate case is
block special file An interface to a device capable one file from one file just to display the result using
of supporting a file system. the cat command.
booting Starting the computer from scratch (power console The only terminal known explicitly to the
off or system reset). Kernel. It is used during booting and it is the
break key The terminal key used to unequivocally destination of serious system messages.
interrupt the foreground process. context The hardware environment of a process,
BSD Berkeley Software Distribution. including:
• BSD 2.x - PDP-11 Research • CPU registers
• BSD 4.x - VAX Research • Program address
• BSD 4.3 - Current popular VAX version of UNIX. • Stack
• I/O status
button
context The entire context must be saved during a
1. A word, number, symbol, or picture on the process swap.
screen that can be selected. A button may
control character Codes formed by pressing and
represent a command, file, window, or value, for holding the control key and then some other key;
example. used to form special functions like End Of File.
2. A key on a mouse that is used to select buttons control-d See eof character.
on the display screen or to scroll the display
cooked input Data from a character device from
image. which backspace, line kill, and interrupt characters
byte The amount of storage required to represent have been removed (processed). See raw input.
one character; a byte is 8 bits. current directory The currently active directory.
When you specify a file name without specifying a
C directory, the system assumes that the file is in
C The programming language in which the UNIX your current directory.
operating system and most UNIX application current subtree Files or directories attached to the
programs are written. The portability attributed to current directory.
UNIX operating systems is largely due to the fact
that C, unlike other higher level languages, permits curses A C subroutine library providing flexible
programmers to write systems-level code that will screen handling. See Termlib and Termcap.
work on any computer with a standard C compiler.
X-2 AIX installation © Copyright IBM Corp. 2009

Instructor Guide
cursor A movable symbol (such as an underline) on

a display, usually used to indicate to the operator
F
where to type the next character. field A contiguous group of characters delimited by
blanks. A field is the normal unit of text processed
customize To describe (to the system) the devices, by text processes like sort.
programs, users, and user defaults for a particular
data processing system. field separator The character used to separate one
field from the next; normally a blank or tab.
FIFO “First In, First Out”. In AIX, a FIFO is a
D permanent, named pipe which allows two
DASD Direct Access Storage Device. IBM's term for unrelated processes to communicate. Only related
a hard disk. processes can use normal pipes.
device driver A program that operates a specific file A collection of related data that is stored and
device, such as a printer, disk drive, or display. retrieved by an assigned name. In AIX, files are
grouped by directories.
device special file A file which passes data directly
to/from the device. file index Sixty-four bytes of information describing
a file. Information such as the type and size of the
directory A type of file containing the names and file and the location on the physical device on
controlling information for other files or other which the data in the file is stored is kept in the file
directories. index. This index is the same as the AIX Operating
directory pathname The complete and unique System i-node.
external description of a file giving the sequence of filename expansion or generation A procedure
connection from the root directory to the specified used by the shell to generate a set of filenames
directory or file. based on a specification using metacharacters,
diskette A thin, flexible magnetic plate that is which define a set of textual substitutions.
permanently sealed in a protective cover. It can be file system The collection of files and file
used to store information copied from the disk. management structures on a physical or logical
diskette drive The mechanism used to read and mass storage device, such as a diskette or
write information on diskettes. minidisk.
display device An output unit that gives a visual filter Data-manipulation commands (which, in UNIX
representation of data. operating systems, amount to small programs) that
take input from one process and perform an
display screen The part of the display device that operation yielding new output. Filters include
displays information visually.
editors, pattern-searchers, and commands that
sort or differentiate files, among others.
E fixed disk A storage device made of one or more
flat, circular plates with magnetic surfaces on
echo To simply report a stream of characters, either which information can be stored.
as a message to the operator or a debugging tool
to see what the file name generation process is fixed disk drive The mechanism used to read and
doing. write information on a fixed disk.
editor A program used to enter and modify flag See Options.
programs, text, and other types of documents. foreground (process) An AIX process which
environment A collection of values passed either to interacts with the terminal. Its invocation is not
a C program or a shell script file inherited from the followed by an ampersand.
invoking process. formatting The act of arranging text in a form
escape The backslash “\” character specifies that suitable for reading. The publishing equivalent to
the single next character in a command is ordinary compiling a program.
text without special meaning. fsck A utility to check and repair a damaged file
Ethernet A baseband protocol, invented by the structure. This normally results from a power
XEROX Corporation, in common use as the local failure or hardware malfunction. It looks for blocks
area network for UNIX operating systems not assigned to a file or the free list and puts them
interconnected via TCP/IP. in the free list. (The use of blocks not pointed at
cannot be identified.)
event One of the previous lines of input from the
terminal. Events are stored in the (Berkeley) free list The set of all blocks not assigned to a file.
History file. full path name The name of any directory or file
event identifier A code used to identify a specific expressed as a string of directories and files
event. beginning with the root directory.
execution permission For a file, the permission to
execute (run) code in the file. A text file must have
execute permission to be a shell script. For a
directory, the permission to search the directory.

Instructor Guide
G initial program load The process of loading the

system programs and preparing the system to run
gateway A device that acts as a connector between jobs.
two physically separate networks. It has interfaces
to more than one network and can translate the i-node A collection of logical information about a file
packets of one network to another, possibly including owner, mode, type and location.
dissimilar network. i number The internal index or identification of an
global Applying to all entities of a set. For example: i-node.
• A global search - look everywhere input field An area into which you can type data.
• A global replace - replace all occurrences input redirection The accessing of input data from
• A global symbol - defined everywhere. other than standard input (the keyboard or a pipe).
interoperability The ability of different kinds of
grep An AIX command which searches for strings computers to work well together.
specified by a regular expression. (Global Regular
Expression and Print.) interpreter A program which “interprets” program
statements directly from a text (or equivalent) file.
group A collection of AIX users who share a set of Distinguished from a compiler which creates
files. Members of the group have access privileges computer instructions for later direct execution.
exceeding those of other users.
interrupt A signal that the operating system must
reevaluate its selection of which process should be
H running. Usually to service I/O devices but also to
signal from one process to another.
hardware The equipment, as opposed to the
programming, of a system. IP Internet Protocol.
header A record at the beginning of the file ipl See initial program load.
specifying internal details about the file. ISO International Standards Organization. A United
heterogeneous Descriptor applied to networks Nations agency that provides for creation and
composed of products from multiple vendors. administration of worldwide standards.
hierarchy A system of objects in which each object
belongs to a group. Groups belong to other groups.
Only the “head” does not belong to another group.
J
In AIX this object is called the “Root Directory”. job A collection of activities.
highlight To emphasize an area on the display job number An identifying number for a collection of
screen by any of several methods, such as processes devolving from a terminal command.
brightening the area or reversing the color of
characters within the area.
history A list of recently executed commands.
K
home (directory). 1. A directory associated with an kernel The part of an operating system that contains
programs that control how the computer does its
individual user.
work, such as input/output, management and
home (directory). 2. Your current directory on login control of hardware, and the scheduling of user
or after issuing the cd command with no argument. tasks.
homogeneous Descriptor applied to networks keyboard An input device consisting of various keys
composed of products from a single vendor. allowing the user to input data, control cursor and
hypertext Term for on-line interactive pointer locations, and to control the user/work
documentation of computer software; to be station dialogue.
included with AIX. kill To prematurely terminate a process.
kill character The character which erases an entire
line (usually @).
I
IEEE Institute of Electrical and Electronics
Engineers. A professional society active in L
standards work, the IEEE is the official body for
work on the POSIX (Portable Operating System for LAN Local Area Network. A facility, usually a
Computer Environments) open system interface combination of wiring, transducers, adapter
boards, and software protocols, which
definition.
interconnects workstations and other computers
index See file index. located within a department, building, or
indirect block A file element which points at data neighborhood. Token-Ring and Ethernet are local
sectors or other indirect blocks. area network products.
init The initialization process of AIX. The ancestor of libc A basic set of C callable routines.
all processes. library In UNIX operating systems, a collection of
existing subroutines that allows programmers to

Instructor Guide
make use of work already done by other mount A logical (that is, not physical) attachment of
programmers. UNIX operating systems often one file directory to another. “remote mounting”
include separate libraries for communications, allows files and directories that reside on physically
window management, string handling, math, and separate computer systems to be attached to a
so forth. local system.
line editor An editor which processes one line at a mouse A device that allows you to select objects
time by the issuing of a command. Usually and scroll the display screen by means of buttons.
associated with sequential only terminals such as a move Relinking a file or directory to a different or
teletype. additional directory. The data (if any) is not moved,
link An entry in an AIX directory specifying a data only the links.
file or directory and its name. Note that files and multiprogramming Allocation of computer
directories are named solely by virtue of links. A resources among many programs. Used to allow
name is not an intrinsic property of a file. A file is many users to operate simultaneously and to keep
uniquely identified only by a system generated the system busy during delays occasioned by I/O
identification number. mechanical operations.
lint A program for removing “fuzz” from C code. multitasking Capability of performing two or more
Stricter than most compilers. Helps former Pascal computing tasks, such as interactive editing and
programmers sleep at night. complex numeric calculations, at the same time.
Local Area Network (LAN) A facility, usually a AIX and OS/2 are multi-tasking operating systems;
combination of wiring, transducers, adapter DOS, in contrast, is a single-tasking system.
boards, and software protocols, which multiuser A computer system which allows many
interconnects workstations and other computers people to run programs “simultaneously” using
located within a department, building, or multiprogramming techniques.
neighborhood. Token-Ring and Ethernet are local
area network products.
login Identifying oneself to the system to gain N
access.
named pipe See FIFO.
login directory See home directory.
Network File System (NFST) A program developed
login name The name by which a user is identified by SUN Microsystems, Inc. for sharing files among
to the system. systems connected via TCP/IP. IBM's AIX, VM, and
logout Informing the system that you are through MVS operating systems support NFS.
using it. NFST See Network File System.
NIST National Institute of Science and Technology
(formerly the National Bureau of Standards).
M node An element within a communication network.
mail The process of sending or receiving an
electronically delivered message within an AIX • Computer
system. The message or data so delivered. • Terminal
make Programming tool included in most UNIX • Control Unit
operating systems that helps “make” a new null A term denoting emptiness or nonexistence.
program out of a collection of existing subroutines
and utilities, by controlling the order in which those null device A device used to obtain empty files or
programs are linked, compiled, and executed. dispose of unwanted data.
map The process of reassigning the meaning of a null string A character string containing zero
terminal key. In general, the process of reassigning characters.
the meaning of any key.
memory Storage on electronic memory such as
random access memory, read only memory, or O
registers. See storage. object-oriented programming Method of
message Information displayed about an error or programming in which sections of program code
and data are represented, used, and edited in the
system condition that may or may not require a
user response. form of “objects”, such as graphical elements,
window components, and so forth, rather than as
motd “Message of the day”. The login “billboard” strict computer code. Through object-oriented
message. programming techniques, toolkits can be designed
MotifT The graphical user interface for OSF, that make programming much easier. Examples of
incorporating the X Window System. Behavior of object-oriented programming languages include
this interface is compatible with the IBM/Microsoft Pareplace Systems, Inc.'s Smalltalk-80T, AT&T's
Presentation Manager user interface for OS/2. Also C++T, and Stepstone Inc.'s Objective-CR.
called OSF/Motif. oem original equipment manufacturer. In the context
of AIX, OEM systems refer to the processors of a

Instructor Guide
heterogeneous computer network that are not programs linked together into larger routines by
made or provided by IBM. pipes. The “piping” of the list directory command to
Open Software FoundationT (OSF) A non-profit the word count command is ls | wc. The passing of
consortium of private companies, universities, and data by a pipe does not (necessarily) involve a file.
research institutions formed to conduct open When the first program generates enough data for
technological evaluations of available components the second program to process, it is suspended
of UNIX operating systems, for the purpose of and the second program runs. When the second
assembling selected elements into a complete program runs out of data it is suspended and the
version of the UNIX operating system available to first one runs.
those who wish to license it. IBM is a founding pipe fitting Connecting two programs with a pipe.
sponsor and member of OSF. pipeline A sequence of programs or commands
operating system The programs and procedures connected with pipes.
designed to cause a computer to function, enabling portability Desirable feature of computer systems
the user to interact with the system. and applications, referring to users' freedom to run
option A command argument used to specify the application programs on computers from many
details of an operation. In AIX an option is normally vendors without rewriting the program's code. Also
preceded by a hyphen. known as “applications portability”,
ordinary file Files containing text, programs, or “machine-independence”, and
other data, but not directories. “hardware-independence”; often cited as a cause
of the recent surge in popularity of UNIX operating
OSFT See Open Software Foundation. systems.
output redirection Passing a programs standard port A physical I/O interface into a computer.
output to a file.
POSIX “Portable Operating Systems for Computer
owner The person who created the file or his Environments”. A set of open standards for an
subsequent designee. operating system environment being developed
under the aegis of the IEEE.
preprocessor The macro generator preceding the
P C compiler.
packet switching The transmission of data in small, process A unit of activity known to the AIX system,
discrete switching “packets” rather than in streams, usually a program.
for the purpose of making more efficient use of the
physical data channels. Employed in some UNIX process 0 (zero) The scheduler. Started by the
system communications. “boot” and permanent. See init.
page To move forward or backward on screen full of process id A unique number (at any given time)
data through a file usually referring to an editor identifying a process to the system.
function. process status The process's current activity.
parallel processing A computing strategy in which • Non existent
a single large task is separated into parts, each of
• Sleeping
which then runs in parallel on separate processors.
• Waiting
parent The process emerging from a Fork with a
• Running
non#zero return code (the process ID of the child
process). A directory which points at a specified • Intermediate
directory. • Terminated
password A secret character string used to verify • Stopped.
user identification during login. profile A file in the users home directory which is
PATH A variable which specifies which directories executed at login to customize the environment.
are to be searched for programs and shell files. The name is .profile.
path name A complete file name specifying all prompt A displayed request for information or
directories leading to that file. operator action.
pattern-matching character Special characters protection The opposite of permission, denying
such as * or ? that can be used in a file access to a file.
specification to match one or more characters. For
example, placing a ? in a file specification means
that any character can be in that position. Q
permission The composite of all modes associated quotation Temporarily cancelling the meaning of a
with a file. metacharacter to be used as a ordinary text
pipes UNIX operating system routines that connect character. A backslash (\) “quotes” the next
the standard output of one process with the character only.
standard input of another process. Pipes are
central to the function of UNIX operating systems,
which generally consist of numerous small

Instructor Guide
R The program can act as a filter for user data

requests.
raw I/O I/O conducted at a “physical” level.
shell The outermost (user interface) layer of UNIX
read permission Allows reading (not execution or operating systems. Shell commands start and
writing) of a file. control other processes, such as editors and
recursive A recursive program calls itself or is compilers; shells can be textual or visual. A series
called by a subroutine which it calls. of system commands can be collected together
into a “shell script” that executes like a batch
redirection The use of other than standard input (.BAT) file in DOS.
(keyboard or pipe output) or standard output
(terminal display or pipe). Usually a file. shell program A program consisting of a sequence
of shell commands stored in an ordinary text file
regular expression An expression which specifies which has execution permission. It is invoked by
a set of character strings using metacharacters. simply naming the file as a shell command.
relative path name The name of a directory or file shell script See shell program.
expressed as a sequence of directories followed by
a file name, beginning from the current directory. single user (mode) A temporary mode used during
“booting” of the AIX system.
RISC Reduced Instruction Set Computer. A class of
computer architectures, pioneered by IBM's John signal A software generated interrupt to another
Cocke, that improves price#performance by process. See kill.
minimizing the number and complexity of the sockets Destination points for communication in
operations required in the instruction set of a many versions of the UNIX operating system,
computer. In this class of architecture, advanced much as electrical sockets are destination points
compiler technology is used to provide operations, for electrical plugs. Sockets, associated primarily
such as multiplication, that are infrequently used in with 4.3 BSD, can be customized to facilitate
practice. communication between separate processes or
root directory The directory that contains all other between UNIX operating systems.
directories in the file system. software Programs.
special character See metacharacter.
S special file A technique used to access I/O devices
in which “pseudo files” are used as the interface for
scalability Desirable feature of computer systems commands and data.
and applications. Refers to the capability to use the
same environment on many classes of computers, standard error The standard device at which errors
from personal computers to supercomputers, to are reported, normally the terminal. Error
accommodate growth or divergent environments, messages may be directed to a file.
without rewriting code or losing functionality. standard input The source of data for a filter, which
SCCS Source Code Control System. A set of is by default obtained from the terminal, but which
programs for maintaining multiple versions of a file may be obtained from a file or the standard output
using only edit commands to specify alternate of another filter through a pipe.
versions. standard output The output of a filter which
scope The field of an operation or definition. Global normally is by default directed to the terminal, but
scope means all objects in a set. Local scope which may be sent to a file or the standard input of
means a restriction to a subset of the objects. another filter through a pipe.
screen See display screen. stdio A “Standard I/O” package of C routines.
scroll To move information vertically or horizontally sticky bit A flag which keeps commonly used
to bring into view information that is outside the programs “stick” to the swapping disk for
display screen or pane boundaries. performance.
search and replace The act of finding a match to a stopped job A job that has been halted temporarily
given character string and replacing each by the user and which can be resumed at his
occurrence with some other string. command.
search string The pattern used for matching in a storage In contrast to memory, the saving of
search operation. information on physical devices such as fixed disk
sed Non-interactive stream editor used to do “batch” or tape. See memory.
editing. Often used as a tool within shell scripts. store To place information in memory or onto a
server A provider of a service in a computer diskette, fixed disk, or tape so that it is available for
network; for example, a mainframe computer with retrieval and updating.
large storage capacity may play the role of streams Similar to sockets, streams are destination
database server for interactive terminals. See points for communications in UNIX operating
client. systems. Associated primarily with UNIX System V,
setuid A permission which allows the access rights streams are considered by some to be more
of a program owner to control the access to a file.

Instructor Guide
elegant than sockets, particularly for interprocess termcap A file containing the description of several
communication. hundred terminals. For use in determining
string A linear collection of characters treated as a communication protocol and available function.
unit. termlib A set of C programs for using termcap.
subdirectory A directory which is subordinate to tools Compact, well designed programs to perform
another directory. specific tasks. More complex processes are
subtree That portion of an AIX file system performed by sequences of tools, often in the form
accessible from a given directory below the root. of pipelines which avoid the need for temporary
files.
suffix A character string attached to a file name that
helps identify its file type. two-digit display Two seven-segment light-emitting
diodes (LEDs) on the operating panel used to track
superblock Primary information repository of a file the progress of power-on self-tests (POSTs).
system (location of i-nodes, free list, and so forth).
superuser The system administration; a user with
unique privileges such as upgrading execution U
priority and write access to all files and directories. UNIX Operating System A multi-user, multi-tasking
superuser authority The unrestricted ability to interactive operating system created at AT&T Bell
access and modify any part of the Operating Laboratories that has been widely used and
System. This authority is associated with the user developed by universities, and that now is
who manages the system. becoming increasingly popular in a wide range of
SVID System V Interface Definition. An AT&T commercial applications. See Kernel, Shell,
Library, Pipes, Filters.
document defining the standard interfaces to be
used by UNIX System V application programmers user interface The component of the AIX Family
and users. Definition that describes common user interface
swap space (disk) That space on an I/O device functions for the AIX PS/2, AIX/RT, and AIX/370
used to store processes which have been operating systems.
swapping out to make room for other processes. /usr/grpR One of the oldest, and still active, user
swapping The process of moving processes groups for the UNIX operating systems. IBM is a
member of /usr/grp.
between main storage and the “swapping device”,
usually a disk. uucp A set of AIX utilities allowing
symbolic debugger Program for debugging other • Autodial of remote systems
programs at the source code level. Common • Transfer of files
symbolic debuggers include sdb, dbx, and xdbx. • Execution of commands on the remote system
sync A command which copies all modified blocks • Reasonable security.
from RAM to the disk.
system The computer and its associated devices V
and programs. vi Visual editor. A character editor with a very
system unit The part of the system that contains powerful collection of editing commands optimized
the processing unit, the disk drive and the disk, and for ASCII terminals; associated with BSD versions
the diskette drive. of the UNIX operating system.
System V AT&T's recent releases of its UNIX visual editor An optional editor provided with AIX in
operating system are numbered as releases of which changes are made by modifying an image of
“UNIX System V”. the file on the screen, rather than through the
exclusive use of commands.
T W
TCP Transmission Control Protocol. A facility for the
creation of reliable bytestreams (byte-by-byte, wild card A metacharacter used to specify a set of
end#to#end transmission) on top of unreliable replacement characters and thus a set of file
datagrams. The transmission layer of TCP/IP is names. For example "*" is any zero or more
used to interconnect applications, such as FTP, so characters and "?" is any one character.
that issues of re-transmission and blocking can be window A rectangular area of the screen in which
subordinated in a standard way. See TCP/IP. the dialog between you and a given application is
TCP/IP Transmission Control Protocol/Internet displayed.
Protocol. Pair of communications protocol working directory The directory from which file
considered de facto standard in UNIX operating searches are begun if a complete pathname is not
system environments. IBM TCP/IP for VM and IBM specified. Controlled by the cd (change directory)
TCP/IP for MVS are licensed programs that command.
provide VM and MVS users with the capability of
participating in networks using the TCP/IP protocol workstation A device that includes a keyboard from
suite. which an operator can send information to the

Instructor Guide
system, and a display screen on which an operator

can see the information sent to or received from
the computer.
write Sending data to an I/O device.
write permission Permission to modify a file or
directory.
X
X/OpenT An international consortium, including
many suppliers of computer systems, concerned
with the selection and adoption of open system
standards for computing applications. IBM is a
corporate sponsor of X/Open. See Common
Application Environment.
X Windows IBM's implementation of the X Window
System developed at the Massachusetts Institute
of Technology with the support of IBM and DECT,
that gives users “windows” into applications and
processes not located only or specifically on their
own console or computer system. X-Windows is a
powerful vehicle for distributing applications among
users on heterogeneous networks.
Y
yacc “Yet Another Compiler# Compiler”. For
producing new command interfaces.
Z
zeroeth argument The command name; the
argument before the first.

Instructor Guide

V5.3
backpg
Back page

An12 Ib

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An12 Ib

Uploaded by

Copyright:

Available Formats

V5.

Power Systems for AIX II: AIX

(Course code AN12)

October 2009 edition

© Copyright International Business Machines Corporation 2009. All rights reserved.

iii AIX installation © Copyright IBM Corp. 2009

iv AIX installation © Copyright IBM Corp. 2009

Instructor course overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

©Copyright IBM Corp. 2009 Contents v

Console applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34

Unit 3. System startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1

Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

vi AIX installation ©Copyright IBM Corp. 2009

TOC Installation disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

©Copyright IBM Corp. 2009 Contents vii

Unit 6. System configuration and devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1

Unit 7. System storage overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1

viii AIX installation ©Copyright IBM Corp. 2009

TOC Exercise 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-56

Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

©Copyright IBM Corp. 2009 Contents ix

Unit 9. File systems administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-1

Unit 10. Paging space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1

Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1

x AIX installation ©Copyright IBM Corp. 2009

TOC System image backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Unit 12. Security and user administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

©Copyright IBM Corp. 2009 Contents xi

Security & Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-56

Unit 13. Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1

xii AIX installation ©Copyright IBM Corp. 2009

TOC Unit 14. TCP/IP networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

Unit 15. Introduction to workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

©Copyright IBM Corp. 2009 Contents xiii

Application WPARs (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-16

Appendix A. Printers and queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Appendix B. Checkpoint solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

xiv AIX installation ©Copyright IBM Corp. 2009

© Copyright IBM Corp. 2009 Trademarks xv

xvi AIX installation © Copyright IBM Corp. 2009

pref Instructor course overview

© Copyright IBM Corp. 2009 Instructor course overview xvii

xviii AIX installation © Copyright IBM Corp. 2009

pref Course description

© Copyright IBM Corp. 2009 Course description xix

xx AIX installation © Copyright IBM Corp. 2009

pref • TCP/IP Networking

© Copyright IBM Corp. 2009 Course description xxi

xxii AIX installation © Copyright IBM Corp. 2009

© Copyright IBM Corp. 2009 Agenda xxiii

xxiv AIX installation © Copyright IBM Corp. 2009

Uempty Unit 1. Introduction to IBM Power Systems, AIX,

What this unit is about

What you should be able to do

How you will check your progress

After completing this unit, you should be able to:

© Copyright IBM Corporation 2009

Figure 1-1. Unit objectives AN121.1

1-2 AIX installation © Copyright IBM Corp. 2009

Uempty Instructor notes: