IBM AIX Technologies Compared to Oracle Solaris 11

The following content gives an overview of some of the technologies included in Oracle Solaris 11 and the direct benefit you can get by using some of these features. This guide also provides a similar technology mapping, where possible, between IBM AIX and Oracle Solaris 11, so that administrators with knowledge in the former can kick start their learning experience if planning deploy the latter. For more information, read the IBM AIX to Oracle Solaris Technology Mapping Guide.

Table of Content

 System Configuration
 High Availability



An Interactive Text Install can be used to install a basic server oriented image onto SPARC and x86 systems. Stepping through a series of short screens, administrators define configuration for disks, time and date, timezone, initial users, and basic network configuration. Once installed, administrators can continue to customize their system using package management tools.

A Live Media Install (either DVD or USB) is available for administrators wishing to evaluate the operating system prior to installing on an x86 system. Administrators simply boot off the media into RAM to a full desktop environment that enables them to run applications, tools or utilities without having to install it onto their system. Once they make the decision to install, a graphical installation steps administrators through a similar set of screens to define configuration for disks, time and date, timezone, and initial users. Unlike the interactive text installation, the only option for network configuration is DHCP.

The Automated Installer, or AI, is a new technology included in Oracle Solaris 11 to allow administrators to provision multiple clients automatically across the network. Unlike it's predecessor Jumpstart included in Oracle Solaris 10, Automated Installer reduces a lot of administrative overhead by reducing the complexity of set up particularly in complex network environments and includes a lot of new functionality out of the box such as the ability to automatically provision virtual environments (Oracle Solaris Zones). One substantial difference with AI is the inability to run a selection of scripts during installation. Instead of this often error prone approach, particularly when scripts are run at different stages of the install giving potentially different results, a series of post-reboot services using the Oracle Solaris Service Management Framework (SMF) are run to perform post installation construction. This ensure a much more repeatable and reliable image installed to a system.

Unified Archives are a new type of archive format that enables creating a single archive for redeployment either as clones within a cloud environment or for system backup and disaster recovery purposes. You can quickly capture a complete bare-metal system, virtual environments, or a combination of both and deploy using the existing Oracle Solaris Zones administration tools or through the Automated Installer.

The Distribution Constructor is a utility to be able to create customized installation media for a variety of different forms, and indeed used to create the standard Oracle Solaris 11 installation media themselves. The construction process allows extensive customization including different package selection and boot archive contents, taking advantage of built-in virtualization capabilties on the SPARC T series and the latest M-series products (M5 and M10).



Oracle Solaris 11

Interactive Installation

DVD Image (3.5Gb)

Single installation media. No Live Media capability. Additional software available on additional DVDs or on the web.

Interactive Text Installer (~500Mb)
Live Media Installer (~800Mb)

Each installation option has a fixed software selection for different environments - server or developer/desktop. Additional software available in package repositories.

Automated Installation

Network Installation Manager (NIM)
Input file:
- Text based configuration file

The configuration file can be generated by doing an initial install and then is edited for use with the command line or SMIT
Commands: smit, nim

IBM Systems Director

IBM Systems Director automates the management of data center operations by implementing cloud-ready virtual infrastructures.

Automated Installer
Input files:
- XML based configuration file called an AI manifest specifies disk layout, software packages and virtual environments
- XML based system configuration profiles specify hostname, users, networking, timezone and locale. Can be generated using command line, sysconfig

In order to install clients, an automated install service is required to be created using an administrative utility. This utility can be used to manage several installation profiles for different types of systems, including comprehensive selection criteria based on hostname, IP, MAC address, platform, architecture, CPU and memory sizes.
Commands: installadm

Initial out of the box configuration includes default AI client services for SPARC and x86 that will install a basic server oriented software selection and run the system configuration interactive tool upon reboot.

Oracle Enterprise Manager Ops Center, included in all Oracle Premier Support agreements, can be used to manage multiple clients at a greater scale through a web interface, along with other capabilities.

Custom Media / Golden Image Creation

Create a system backup and clone it.
Commands: mksysb, mkcd, mkdvd, savevg, alt_disk_install

Unified Archive
Unified Archives provides a way of creating clone or disaster recovery archives from a live running system by taking Oracle Solaris ZFS snapshots and clones. Unified Archives can capture a complete system including all virtual environments. When deployed through the existing Oracle Solaris Zones utilities or Automated Installer, archives can be transformed with physical-to-virtual and virtual-to-virtual translations.
Commands: archiveadm

Distribution Constructor
Input file:
- XML based file called a manifest (separate to AI manifest)

The Distribution Constructor uses a command line utility distro_const to create customized installation media, taking Oracle Solaris ZFS snapshots along the way allowing administrators to continue the construction process from various checkpoints.

Key Links:
Installing Oracle Solaris 11 Systems
Installing Using an Automated Install Server Using Unified Archives for System Recovery and Cloning in Oracle Solaris 11
Creating a Custom Oracle Solaris 11 Installation Image



Oracle Solaris 11 includes a new network based package management framework called Image Packaging System, or IPS. IPS greatly advances the system software management lifecycle on Oracle Solaris reducing much of the complexity that existed with SVR4 packages and patches. System updates are applied to separate cloned filesystems called Boot Environments, which take advantage of the fact that Oracle ZFS is the default root filesystem with no additional setup required. This ensures that administrators can start their system updates well ahead of any planned maintenance windows while running their live production environments, taking down the machine for a reboot when required and boot into a new environment.

IPS uses network package repositories to store software content (over http or file based), relieving the need to bundle all software with installation media. IPS has been fully integrated into the Automated Installation technology for provisioning multiple machines. During a system install, a small boot image is downloaded to the system to allow it to run the necessary package commands and install the rest of the software from package repositories. These package repositories can be easily mirrored locally for administrators operating in network restricted environments, or simply wanting better change control for their systems.

IPS integrates package and patch management by updating package versions rather than applying patches with full package dependency checking. Installing new versions of packages is extremely bandwidth efficient, with only the exact files that have changed between package versions being downloaded over the wire. IPS can also manage updates across any Oracle Solaris Zones that are provisioned on a system automatically - an update in the global zone will trigger updates in all non-global zones, ensuring consistency is maintained.



Oracle Solaris 11


AIX has the ability to handle multiple different packaging formats. Most common of all is the native packaging format, installp. AIX also has the ability to handle Red Hat's RPM format, interim fixes, and InstallShield Multiplatform (ISMP) packages. The package boundaries within AIX are Licensed Programs (complete software products including all packages associated with that program), Packages (groups of separately installable units that provide a set of functions), Filesets (individually installable providing a specific option) and Bundle (collections of packages, products or individual filesets).

Commands: installp, smit install_latest


Image Packaging System (IPS)
Command line pkg and graphical Package Manager allows install, uninstall, query, etc...
Other commands available for creating and publishing packages and repositories
Commands: pkg, pkgsend, pkgrecv, pkgsign, pkgdiff, pkgfmt, pkgmogrify, pkgrepo, pkgsurf

Behind each IPS package is a text based manifest which outlines some basic meta-information about the package, package dependencies, what contents the package has, and any SMF services it needs to restart during package installation. Unlike RPMs, IPS packages typically include binaries for multiple architectures (SPARC and x86), debug or optimized binaries, man pages, developer documentation and any localization. Through IPS 'facets' and 'variants' the client system filters the parts of the package they are interested in.


SUMA (Service Update Management Assistant) significantly simplifies the system update process by using policy-based automatic downloads of technology updates from the web. For updates, AIX uses a number of different choices - PTF (Program Temporary Fixes), ML (Maintenance Levels), TL (Technology Levels) and SP (Service Packs). Interim fixes can also be applied temporarily using epkg. Multiple instances of AIX can be created on the same rootvg using multibos.


IPS provides integrated packaging and patching with a single update operation. With built-in dependency checking, IPS will update software installed on a system to the latest Support Repository Update (SRU). If a system reboot is required, IPS will create a ZFS Boot Environment that administrators can boot into. Should an update fail for any reason, the administrator can reboot back into the older boot environment, providing for fail safe system update. Interim Diagnostic Relief (IDR) fixes can also be applied temporarily with existing IPS tools.

Commands: pkg update

Key Links:
Adding and Updating Software in Oracle Solaris 11
Image Packaging System One Liners
Introducing the Basics of Image Packaging System


System Configuration

System configuration in Oracle Solaris 11 is handled through a mix of configuration files in /etc and the SMF. Unlike previous versions of Oracle Solaris, much of the typical system configuration associated during an installation (hostname, locale, timezone, name servers) is now stored in the SMF configuration repository. This change has been introduced so as to provide a more structured handling of configuration data as systems are upgraded, or new configuration is provided by Oracle. Through a series of configuration layers, administrators have improved control over any local changes made to the system ensuring that they don't get lost during system updates.

Services are handled with SMF on Oracle Solaris 11, though support for legacy RC scripts is still available for legacy applications. SMF provides a framework for tracking dependency and start order of services on the system, and automatically restarting services should a failure occur. SMF is integrated into the Oracle Solaris Fault Management Architecture (FMA) allowing complete software recovery during hardware faults. SMF also provides for the ability to notify administrators of service state changes through email notifications or SNMP traps, especially useful when monitoring critical application services.



Oracle Solaris 11


System Resource Controller
The System Resource Controller (SRC) creates and controls programs and processes.
Commands: startsrc, stopsrc, refresh
Run Level Scripts
Start and stop applications based on run level transitions.
File locations: /etc/rc.d/rc<run level>.d


Service Management Framework (SMF)
The SMF configuration repository is divided into a series of configuration layers that allows administrators to record the source of properties, property groups, instances, and services, and better understand what administrative customizations have been made and which were provided by default. In order of priority, any administrative customization made to systems through the SMF command lines take precedent over the site profile location, which take precedent over the system profile location, which take precedent over the manifest location. These layerings are automatically managed by SMF.
Commands: svcadm, svccfg, svcprop, svcs, svcbundle
Manifest location: /lib/svc/manifest
System profile location: /etc/svc/profile/generic.xml, /etc/svc/profile/platform.xml
Site profile location: /etc/svc/profile/site 

General System Configuration

Change Locale: smit lang
Change Timezone: smit chtz_user
Change Hostname: smit hostname, hostname, mkdev

Locale: svc:/system/environment:init
Timezone: svc:/system/environment:init
Hostname: svc:/system/identity:node


Commands: smit user, smit group
User and group locations: /etc/passwd, /etc/security/user, /etc/group/, /etc/security/group

AIX provides role-based access control (RBAC) and Trusted AIX which controls which users can run commands or modify files.

Commands: useradd, userdel, usermod, users, groupadd, groupdel, groupmod, groups, roleadd, roledel, rolemod, roles, auths, sudo
User and group locations: /etc/passwd, /etc/shadow, /etc/group

Oracle Solaris 11 also uses extended attributes in conjunction with typical user accounts - these provide additional privileges (authorizations, roles and profiles) to individual users of the system. For example, a user or set of users may be given the ability to install new software or create new virtual environments. By default, the traditional UNIX root account has been converted into a role - this ensures proper accountability and auditing as the system is modified. These commands can also be used to store user and role information in remote LDAP directories.

Administrators can use additional utilities to execute a command (or set of commands) within a privileged context

Privileged shells: pfexec, pfbash, pfcsh, pfksh93, pfsh, pfzsh, pftcsh

Key Links
Managing System Services in Oracle Solaris 11
Transitioning from Oracle Solaris 10 to Oracle Solaris 11



Oracle Solaris 11 provides a full set of integrated network virtualization capabilities. Administrators can create virtual network interfaces that act and feel like any normal physical ones allowing them to create virtual networks within a system without the restriction on physical devices. Network virtualization is fully integrated into Oracle Solaris Zones giving administrators the ability to create fully exclusive IP networks within each non-global zone - in fact exclusive IP and automatic virtual network interfaces (VNICs) are the default for each new zone creation. Additionally, virtual networks can be fully resource managed allowing traffic to be controlled by IP, transport protocol and port number.

In addition Oracle Solaris 11 uses network configuration profiles (NCPs) to manage the systems network configuration. Oracle Solaris 11 supports two types of NCPs: reactive and fixed. In reactive network configuration, a network daemon monitors the system's network configuration. If networking conditions change for the system, then its network configuration changes for the new conditions. With fixed network configuration network daemon instantiates a specific network configuration on the system, but does not automatically adjust that configuration. These modes differ in how an administrator configures the networking on a system, either through applying a series of network profiles or manually by using the dladm and ipadm command line utilities.

Oracle Solaris 11 has a variety of integrated networking services - link aggregation, tunneling, bridging, and load balancing to name but a few.



Oracle Solaris 11

Basic Network Configuration
(Automatic vs Manual)


Manual networking can be set up in a variety of methods, but it typically done through smit or as part of installation through NIM.
Commands: smit commodev, ifconfig

Automatic networking in Oracle Solaris 11 is managed through a series of network profiles (configuration profiles and location profiles). Two network configuration profiles are provided by default, DefaultFixed (ie. manual networking) and Automatic (providing automatic detection of network interfaces and an attempt to obtain an IP address through DHCP). Location profiles manage configuration like naming service or IPfilter. Only one network configuration profile and one location profile can be enabled at any one time.
Commands: netadm, netcfg

Manual configuration is handled primarily by two commands - dladm which handles the data-link layer, and ipadm which handles the IP layer. While ifconfig is still provided for compatibility, this utility will only configure interfaces temporarily and will not be persistent across a system reboot. Administrators also have the ability to rename data-links to aid network configuration migration across the data center.

Commands: dladm, ipadm
IP configuration (private): /etc/ipadm
Data-link configuration (private): /etc/dladm
Network profiles (private): /etc/nwam

Network Virtualization


Network virtualization is administered at the data-link level. Once created VNICs act and feel like physical NICs. Virtual switches are automatically created to properly route the network traffic to the physical NIC device. VNICs can also be created over pseudo devices called 'etherstubs' rather than over physical NICs to create private virtual networks with full traffic isolation.
Commands: dladm, flowadm, flowstat

Link Aggregation

Supported since AIX 5.3.
Commands: route

Link Aggregation
AIX supports both Etherchannel and IEEE 802.3ad Link Aggregation at the link layer though support is required at the switch layer.
Commands: smitty etherchannel


IP Network multipathing provides physical interface failure detection, transparent network failover, and packet load spreading for systems with multiple interfaces that are connected to a particular LAN. Similar to link aggregation in concept, IPMP operates at the IP layer (Layer 3). In general, IPMP is used where higher degrees of availability are critical rather than increased network performance. There are 3 methods of failure detection - link state based failure detection, ICMP probe-based failure detection and transitive probing.
Commands: ipadm, ipmpstat

Link Aggregation
Oracle Solaris 11 supports the organization of network interfaces into link aggregations, via both trunk aggregations and Datalink Multipathing (DLMP) under the 803.2ad Link Aggregation Standard, These are administered at the link layer and in addition DLMP is switch vendor independent and does not require support in the actual switch.
Commands: dladm
IP Tunnels


IBM AIX supports generic routing encapsulation (GRE) tunnel for IPv6 over IPv4 and IPv4 over IPv6 tunnel (GIF tunnel)
Commands: smit ctinet6, autoconf6


Oracle Solaris 11 supports IPv4 (IPv4/6 over IPv4 encapsulation), IPv6 (IPv4/6 over IPv6 encapsulation) and 6to4 tunnels (IPv6 over IPv4 encapsulation, as a preferred way of transitioning from IPv4 to IPv6 addressing for networks that don't yet support IPv6).
Commands: dladm

Key Links
Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11
Managing IP Quality of Service in Oracle Solaris 11.2
How to restrict your Application Traffic using Network Virtualization
Configuring an Oracle Solaris 11 System as a Router or a Load Balancer



Oracle offers differing levels of virtualization technology to uniquely match the requirements of your application and infrastructure. Used in isolation or, more commonly together, Oracle Solaris Zones and OVM Server for SPARC provide built-in, enterprise class virtualization that is fully integrated into the Oracle Solaris ecosystem.

Oracle Solaris Zones provides native operating system virtualization, with low CPU and memory overhead. Zones operate as completely isolated virtual environments that run on a single OS instance. With integrated network virtualization, each non-global zone can have independent 'exclusive' IP stacks giving an unprecedented level of flexibility for application deployment in production environments. Oracle Solaris Zones are also integrated with IPS, allowing each non-global zone to have independent software stacks such that administrators can install different application stacks without the need to install those software stacks in the global zone. A simple package update on a system automatically updates each non-global zone, ensuring software version compatibility and application integrity. A new feature called Oracle Solaris Kernel Zones enables independent kernel versions running side by side with independent patching.

Resource management for non-global zones provides further application refinement, including the ability to allow read-only zones for higher levels of security. The administration of Oracle Solaris Zones can also be delegated to another user, or set of users, providing an ideal multi-tenancy cloud environment.

Oracle VM Server for SPARC (previously called Sun Logical Domains) provides highly efficient, enterprise-class virtualization capabilities for supported Oracle SPARC servers. Oracle VM Server leverages the built-in SPARC hypervisor to subdivide a supported platform’s resources (CPUs, memory, network, and storage) by creating partitions called logical (or virtual) domains. Each logical domain can run an independent operating system. Oracle VM Server for SPARC provides the flexibility to deploy multiple Oracle Solaris operating systems simultaneously on a single platform. Oracle VM Server also allows you to create up to 128 virtual servers on one system to take advantage of the massive thread scale offered by the supported Oracle SPARC servers.



Oracle Solaris 11


Workload partitions (WPARs) are virtualized operating system environments within a single instance of the AIX operating system. WPARs secure and isolate the environment for the processes and signals that are used by enterprise applications, as well as providing resource management control over each WPAR. Versioned WPARs are available to support AIX 5.2 and 5.3 in addition to AIX 7.
Commands: mkwpar, chwpar, startwpar, wparexec

LPARs Logical partitions (LPARS) allow you to assign processors, memory, and input/output devices to logical partitions. You can run AIX, IBM i, Linux, and the Virtual I/O Server in logical partitions.
Commands: installios, mktcpip, cfgassist, cfgdev, mkvdev, lsmap

Oracle Solaris Zones
Oracle Solaris Zones provide native low overhead OS virtualization, with high application isolation and resource management. Oracle Solaris 11 also supports Oracle Solaris 10 Zones, the ability to run applications that require an Oracle Solaris 10 environment within a non-global zone running on Oracle Solaris 11.
Commands: zoneadm, zonecfg, zonestat, zonename, zone2pvhck

Oracle VM Server
Oracle VM Server for SPARC (previously called Sun Logical Domains) provides highly efficient, enterprise-class virtualization by taking advantage of built-in virtualization capabilties on the SPARC T series processor. Each domain is a full virtual machine that can be started or stopped independently. Domains can take on different roles - control, service, I/O or guest.
Commands: ldm, ldm2v

Physical Domains
Physical domains provide electrically isolated hard partitioning for SPARC Enterprise M-Series servers. Each domain executes a unique instance of Oracle Solaris. Since isolation is instantiated all the way to the hardware, configurations can be created in which software changes, reboots, and potential faults in one domain do not impact applications running in another domain.

Key Links
Introduction to Oracle Solaris Zones
How to Get Started Creating Oracle Solaris Zones in Oracle Solaris 11
Administering Resource Management in Oracle Solaris 11
Oracle VM for SPARC Documentation



Oracle Solaris ZFS is the flagship file system in Oracle Solaris 11. Data integrity is ensured by protecting against silent data corruption with continuous checksumming. Using ZFS greatly reduces administration because file system and volume management is integrated. File systems are created within a storage pool that virtualizes the underlying storage devices. This model means that you no longer have to manage file systems and storage separately. File system space is increased automatically when pool space is increased.

ZFS uses a copy-on-write transactional model that provides excellent data efficiency and offers the ability to snapshot and clone file systems instantly. Snapshots and clones are the foundation of Solaris Boot Environments and provide increased safety during important system upgrades by using IPS.

Oracle Solaris ZFS includes a number of integrated data services, such as encryption, data deduplication, shadow migration, and software RAID.

Application performance can be greatly enhanced by using a hybrid storage pool, where you can easily identify that important cached workloads reside on SSDs.



Oracle Solaris 11

File Systems

Default journaling file system. Maximum file size of 32TB (recommended).
Commands: smit chfs, smit vg, lsvg, extendvg, smit fs, mkvg, mklv, reorgvg, lslv, lsfs, lspv, migratepv, exportvg, importvg, smit mklvcopy, mirrorvg 

Oracle Solaris ZFS
Default file system on Oracle Solaris 11. Maximum file size of 16EB, maximum volume size of 16EB. Oracle Solaris ZFS has integrated data services - deduplication, encryption, compression, shadow migration, and RAID.
Commands: zfs, zpool

Key Links
Getting started with OpenStack on Oracle Solaris 11



Security in Oracle Solaris 11 is considered to be the highest priority, which is reflected in both the security services provided by the operating system itself, and during development when it adheres to the Oracle Software Security Assurance process mandating that security is integrated by design, not bolted on afterwards. Oracle Solaris security technologies protect data, applications, users, and the operating system itself from a variety of external and internal threats which reduces risk and prevents breaches.

The Cryptographic Framework provides cryptographic services to users and applications through individual commands, a user-level programming interface, a kernel programming interface, and user-level and kernel-level frameworks. The Cryptographic Framework provides these cryptographic services to applications and kernel modules in a manner seamless to the end user. It also brings direct cryptographic services, like encryption and decryption for files, to the end user. As a practical example, all applications written to the Cryptographic Framework can take advantage of the onboard crypto accelerator on the Oracle SPARC T4 chip with no additional work required.

The Trusted Extensions feature of Oracle Solaris is an optionally enabled layer of secure labeling technology that enables data security policies to be separated from data ownership. Oracle Solaris Trusted Extensions provides labels for local objects and processes, for the desktop and windowing system, for zones and file systems, and for network communications. These labels are to implement a Multilevel Security (MLS) policy that restricts flow of information based on label relationships.



Oracle Solaris 11

Mandatory Access Control, Role Based Acess and Multi-Level Security

RBAC allows the creation of roles for system administration and the delegation of administrative tasks across a set of trusted system users. In AIX, RBAC provides a mechanism through which the administrative functions typically reserved for the root user can be assigned to regular system users.
Commands: ckauth, chauth, lsauth, mkauth, rmauth, chrole, lsrole, mkrole, rmrole, rolelist, swrole, lssecattr, rmsecattr, setsecattr, lskst, setkst, lspriv, tracepriv, pvi, rbactoldif, setsecconf

The privileged command database implement the least privilege principle for processes. Privileges can be granted to a command and the execution of the command can be governed by an authorization. Commands are included in the RBAC list above.

Trusted AIX
Trusted AIX enables Multi Level Security (MLS) capabilities in AIX, also referred to as label-based security. Once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX.
Commands: labck, getsecconf, setsecconf, getsyslab, setsyslab, getrunmode, setrunmode, pdlink, pdmkdir, pdmode, pdrmdir, pdset, bootauth, chuser, lsuser, chsec, lssec, trustchk, lstxattr, settxattr

Also known as user rights management, RBAC allows administrators to distribute administrative duties. RBAC is integrated right across the operating system.
Commands: profiles, roleadd, roledel, rolemod, roles, auths

Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges. Privileges can be granted to a command, a user, a role, or a system. Many Oracle Solaris commands and daemons run with only those privileges that are required to perform their task. The use of privileges is also called process rights management.
Commands: ppriv, profiles

Trusted Extensions
Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Trusted Extensions is integrated into much of the operating system, including Oracle Solaris Zones.
Commands: tncfg, txzonemgr, setlabel, getlabel, plabel


AIX relies on AIXPert (AIX Security Expert) to provide network and security hardening based on various best practices. However no direct support for compliance assessment and reporting is available as part of the operating system.


OpenSCAP Compliance Framework
Oracle Solaris 11 also implements SCAP and integrates the OpenSCAP set of tools and libraries. A new command compliance has been developed that wraps these tools that allows administrators to assess and report against different benchmarks including PCI-DSS.
Commands: compliance, oscap


AIX implements IPsec for both IPv4 and IPv6 to provide cryptography-based protection of all data at the IP layer of the communications stack. No changes are needed for existing applications.
Commands: smit ips4_basic, smit ips6_basic


IP security (IPsec) protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. Oracle Solaris supports IPsec for both IPv4 and IPv6. Because IPsec is implemented well below the application layer, Internet applications can take advantage of IPsec without requiring modifications to their code.
Commands: ipadm, ipsecconf, ipsecalgs, ipseckey
Configuration file: /etc/inet/ipsecinit.conf


IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services.
Commands: ipf, ipfs, ipfstat, ipmon, ipnat
Configuration files: /etc/ipf.conf

IPFilter provides packet filtering capabilities. IPFilter is integrated into SMF providing the ability for administrators to configure per service firewall rules.
Commands: ipf, ipnat
Configuration files: /etc/ipf/ipf.conf, svc:/network/ipfilter:default


AIX JFS2 supports the Encrypted File System (EFS) which allows users to encrypt data and control access through keyed protection.
Commands: efsenable, efsmgr, efskeymgr, crfs

AIX Public Key Cryptography
AIX provides two tools for managing cryptographic systems: the PKCS #11 Key Management Administration tools. There is also a programmatic interface.
Commands: p11km, p11admin

Oracle Solaris ZFS supports full encryption of datasets during creation
Commands: zfs

Oracle Solaris Cryptographic Framework
The Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements.
Commands: cryptoadm, pktool

Key Links
Oracle Solaris 11 Security Guidelines
Oracle Solaris 11.2 Security Compliance Guide
Trusted Extensions Configuration and Administration
Developer's Guide to Oracle Solaris 11 Security


High Availability

Oracle Solaris 11 has a strong background in providing the highest levels of availability. The Oracle Solaris OS includes an architecture for building and deploying systems and services that are capable of predictive self healing. The service that is the core of the Fault Management Architecture (FMA) receives data related to hardware and software errors, automatically diagnoses the underlying problem, and responds by trying to take faulty components offline.

Oracle Solaris Cluster, an example of kernel-level clustering, provides a high availability solution by having redudant nodes where one or more systems continue to ensure critical services run if the other systems fail. Nodes may be located within the same data center or on different continents.



Oracle Solaris 11



IBM PowerHA System Mirror
PowerHA SystemMirror is an optional offering which provides on-demand failover to make applications highly available. It delivers continuous availability of services by eliminating single points of failure. It is integrated with AIX 7.1 to increase capabilities to monitor and recover from failures.

The Service Management Framework and Fault Management Architecture provide Oracle Solaris' self healing capability, monitoring the operating system for faults whether it's individual hardware components or system or application services, and silently works to isolate those faults or automatically restart services. State notifications have been added to Oracle Solaris 11 so administrators can send emails or SNMP traps for any important events they most are interested in.
Commands: svcadm, fmadm

Oracle Solaris Cluster is an additional offering that provides high levels of availability through clustering for enterprise applications and databases. Oracle Solaris Cluster is integrated with Oracle Solaris 11 features giving significant benefits in terms of detection and recovery from failure.

Key Links
Managing Faults in Oracle Solaris 11
Oracle Solaris Cluster Installation Guide



Oracle Solaris 11 has a variety of monitoring tools that spread across different facets of the operating system. Oracle Solaris DTrace, the dynamic tracing framework, allows developers and administrators to safely troubleshoot the kernel and applications on live production systems. DTrace can be used to get an overview of all parts of the operating system (network I/O, CPU and memory) and help the user better understand what is happening at any given point in time. With well over 70,000 different individual probe points of instrumentation, DTrace gives levels of observability few systems can match.



Oracle Solaris 11



Probevue provides dynamic tracing with the capability of inserting trace points at run-time. Uses the Vue programming language script to determine where, when, and what to trace.
Commands: probevue

A large selection of other administrative tools provide basic monitoring capabilities, including the following:
Network: netstat
I/O: iostat
File system: topas
CPU: sar, vmstat, xmstat
VM: vmstat, svmon
Process: procmon, top
System Latency: hpmstat

IBM Systems Director
IBM Systems Director provides basic hardware management through advanced cross enterprise management.

The DTrace framework includes many providers that distribution thousands of probe points across the operating system. A list of providers cover different aspects of the system, the ability to observe individual processes, and a number of different networking protocols. Support for a number of runtimes (Java, Python, PHP, Ruby) is also provided.
Commands: dtrace

A large selection of other administrative tools provide monitoring capabilities, helping to aggregate and display much of the same information you can get from DTrace.
Network: flowstat, dlstat, netstat, acctadm
Oracle Solaris Zones: zonestat
SMF Services: svcs
Fault Management: fmstat
I/O: iostat
File system: fsstat, stat
Kernel: kstate
CPU: mpstat, pgstat
VM: vmstat
Process: prstat, truss, ptree
Resource Management: poolstat
System Latency: latencytop
Power Management: powertop

Oracle Enterprise Manager Ops Center
, included with all Oracle Premier Support agreements, provides extensive monitoring at a greater scale.

Key Links
Oracle Solaris 11 Dynamic Tracing Guide

Other Related Links:
  Oracle Solaris 11 Technologies
  Oracle Solaris 11 How-To Guides

Revision date: 07/17/14