Mission Critical Computing Blog
Your source for the latest insights on HP Integrity, mission critical computing, and other relevant server and technology topics from the BCS team.

Impenetrable UNIX






With the HP-UX
11i v3 March 2010
Update shipping, I thought I would cover the third area
of significant improvements with this update. HP- 11i v3 already has a large
number of security features, but this update adds more, making HP-UX 11i v3
more secure.


 


Dynamic
Root Disk
(DRD) allows the root disk to be cloned to an inactive disk. If
patches or changes are made, but for some reason don't work, you can always
revert back to the original image on the inactive disk with just a reboot. To
help improve security, you can automatically synchronize the active image as
well as the clone. For instance, if after you create the clone, you update
passwords, the update passwords can be synced to the clone disk by running DRD
sync. This ensures that any security changes are reflected in the cloned disks.


 


HP-UX 11i v3 has
recently received a an additional security certification. It is the industry's
only UNIX to successfully achieve an EALV4 Common Criteria Certification
against the COTS
Compartmentalized Protection Profile-Operating Systems
(CCOPP-OS PDF).
This certification includes nPars, vPars, and Mandatory Access Control, so you
can now deploy highly secure virtualized environments.


 


In addition to
security certification and DRD syncing, HP-UX 11i v3 March 2010 update adds a
few other security features. Long passwords are now supported, with the maximum
password no being 256 characters. All of the Trusted Mode functionality is now
part of the Base Operating Environment. IPSEC on HP-UX 11i has also been
upgraded to support the latest requirements. It is now IPV6 Logo 2
compliant. IP Filter v17 has also been updated to the latest standard.


 


If you use the
Red Hat Directory Server for HP-UX 11i, it is being replaced with HP
Directory Server v8.1
. This is based off of the open source Fedora 389
directory server. It is included as part of the Base Operating Environment, and
as you would expect for a variation of open source software, no additional fees
or licenses are required.


 


Finally, if you
use HP Integrity Virtual Machines, and specifically Online
VM Migration
, there are a number of improvements that may make your life a
little easier. First, you can now use data encryption whenever you move a
virtual machine, allowing the secure movement of a virtual machine even over a
public network. The Online VM migration is also up to twice as fast as the
previous version, although using the encryption function will slow it down
again. Online VM Migration is now included as part of the Virtual Server
Operating Environment, Data Center Operating Environment, and the Insight
Dynamics - VSE Suite.


 


Overall, the
March 2010 Update makes HP-UX 11i v3 a little more secure.


 


Do you have any
comments on these updates? Will they make your life a little easier or more
secure? Let me know.


 


Jacob


 

Smarter UNIX






As I have
mentioned a few times now, the HP-UX
11i v3 March 2010
update is now available. Today, I'll take a look at a few
enhancements that make it a little smarter, in addition to the enhancements
that made it easier that I blogged about earlier this week.


 


The Software
Assistant
(SWA) tool update was released on the web in December 2009 and is
included with the March 2010 update. It has replaced Security Patch Check to
patch and security bulletin management on HP-UX 11i v3 systems. It now allows
users to see partial results while the analysis is underway, review past
reports, schedule recurring analysis and export the reports from HP Systems
Insight Manager. SWA now allows non-root users to use SWA to run a bulletin
analysis, ensuring that security compliance can be monitored without
distributing root passwords. And finally, SWA flags patch dependencies both
installed on the system and in the report, so that you don't need to look up
the dependencies. Smarter.


 


If you are a
developer, HP
Code Advisor
, which plugs into Eclipse, does analysis on C and C++ program
to help detect coding errors, porting issues, and security vulnerabilities. It
now had more detail comparison reports, improved defect detection and improved
migration capabilities. There is also new FORTRAN compiler advise built into
the FORTRAN compiler. Smarter - and who knew I would ever mention FORTRAN in a
blog?


 


And speaking of
developers, there are improvements to HP
Caliper with Ktracer
to help resolve performance issues faster. HP Caliper
is a performance analysis and monitoring tool for applications, processes and
systems. Ktrace, integreated into HP Caliper, provides performance analysis
across both the application and the HP-UX kernel. There have been improvements
to improve system reliability, easier trace selection, richer reports, and
improved startup and tear down time. In other words, smarter.


 


The March 2010 update makes HP-UX 11i v3 a little
smarter, and a little easier, to use.


 


Jacob


 

Easier UNIX






As I've
mentioned here a few times already, HP-UX 11i v3 March 2010 update is now
shipping. There are a number of new capabilities, but let's take a look at some
of the things that are now a little easier.


 


First, from a LVM
perspective, it now allows you to boot directly from an LVM L2 volume. The
volume layout was changed, and the LVM 2.0 volumes allow for a lot more
scalability. There are a few other changes, including LVM Snapshots, and
LVMove, which helps automate the process of moving volumes. 


 


The March 2010
release improved the management for HP
Integrity Virtual Machines v4.2
. It has improved system management by
offering automatic memory reallocation providing better utilization and more
flexibility. It has a storage reporting tool to report on the mapping between
virtual and physical storage, a big time saver whenever you need to make
storage modifications. It has better network management with guest-tagged VLAN
support providing additional flexibility. Finally, to improve the integration
between HP Integrity Virtual Machines and HP Serviceguard Solutions, there is a
new Integrity VM Serviceguard Toolkit enhancements to monitor not just the
virtual machine guest, but also the application running inside of the guest.
This provides multi-level protection in the cluster: failover if the server
fails, if the virtual machine guest fails, or if the application inside of the
guest fails.


 


While many
customers use HP Integrity Virtual Machines, a number of customers,
particularly those who are looking to reduce their maintenance costs for large
shared-services deployments, like to use application stacking within a single
instance of HP-UX 11i v3. For customers who are interested in using Secured
Resource Partitions in SAP, HP has released a reference architecture (Link: PDF).
HP is also developing a reference architecture for Oracle and Secure Resource
Partitions which should be published this month. Reference architectures make
it much easier to implement not only the technology with the application, but
also include best practices to make life easier.


 


Finally, to make
life easier for developers, HP has updated the default versions of the C and C++ compilers. These
compilers not only use the latest standards, but offer higher performance.
There are also features which make it much easier to port GNU applications to
HP-UX 11i v3 using these compilers.


 


These new
features are another step towards making HP-UX 11i v3 systems easier to use for
our customers.


 


Jacob


 

Greener UNIX






HP-UX 11i v3 has
become a little greener following the recent March 2010 Update announcement,
which I summarized in a blog
post
earlier this week. This builds on HP's culture of green. HP was rated
the #1 green company from America's 500 largest corporations by Newsweek, as well as #1 in the
Electronics industry by Climate Counts,
among others.


 


So, how is HP-UX
11i v3 a little more green today? First, we have eliminated most of our printed
manuals in favor of online documentation. Since most customers no longer order
separate printed manuals, you might think that this is a small thing. However,
across HP, it will help eliminate 13 tons of printed material by the end of
2010. It is a big number.


 


Second, HP-UX
11i v3 Operating Environments will be delivered around the world through
e-Delivery, although the rollout in Japan and China has been slightly delayed.
This capability has been available in the Americas for a number of years, but
there are a couple of significant changes. First, electronic delivery will now
be the default media delivery. You can still order physical media, but that
won't be the default. This alone will drastically improve the usage of
e-Delivery. In addition, Operating Environment images, often one or more DVD
images, are now available. This isn't a huge issue in some parts of the world,
but for customers who don't have large amounts of bandwidth, download DVD
images has been an issue.  This, and
other software packaging changes, will help eliminate 142 tons of corrugated
boxes and other packaging material from HP's software products by the end of
2010.


 


Overall, these
changes help eliminate 155 tons of packaging and paper. It is a decent next
step to help make HP-UX 11i v3 a little greener.


 


Jacob


 

HP-UX 11i v3 March 2010 Update Released






HP announced
that the HP-UX
11i v3 March 2010
release is now available. In fact, while the announcement
was today, I believe that it actually started shipping over the course of the
last 10 days in different geographies.


 


What is new
about this update?


 


First,
additional products have been added to the HP-UX
11i v3 Operating Environments
. The key new products included with the
Virtual Server and the Data Center Operation Environments are HP Integrity
Virtual Machines Online VM Migration and Insight Dynamics - VSE Infrastructure
Orchestration
. Insight Control power management has been added to all the
operating environments. This drastically increases the value of the software
that is included in the operating environments, which customers who have
current support contracts get at no additional charge.


 


There are also
product updates: a new version of HP Integrity virtual machines, a new
directory server, additional security certifications, and management
improvements for Logical Volume Manager. If you develop code, HP-UX 11i v3
offers updated tools that comply with newer standards, make porting to HP-UX
11i v3 easier, and help speed up debugging.


Not only does
HP-UX 11i v3 have additional functionality, we've also updated how we deliver
it. Actually, it was earlier this month that we rolled out e-Delivery
for most of the world (China and Japan are in the works). The default for the
HP-UX 11i v3 images and software packages is now a download instead of a
physical media set. Manuals are also electronic, instead of paper. These types
of efforts will contribute to reducing paper manuals by 13 tons and packaging
by 142 tons  across HP by the end of
2010.


 


Finally, it
wouldn't be a proper announcement without a story about HP-UX
11i v3 customers
. For this release, we have published case studies from
customers in the financial sector including Philippine National Bank, State
Bank of India, and Tekstilbank in Turkey.


 


I will likely
blog a little more about this HP-UX 11i v3 release in the next few weeks.  There is a lot of new functionality, and I
will try to cover some of it in a little more depth.


 


Jacob


 


 


 


 


 


 

Search
Showing results for 
Search instead for 
Do you mean 
Follow Us
Featured


About the Author(s)
  • I work as a Master Architect in HP Servers R & D group. I work with teams spread across the lab and outside to build solutions which are highly available on HP-UX, OpenVMS and Mission Critical Linux platforms. In particular I contribute to develop HP Serviceguard clusters, HP-UX Security and Middleware products. I have been with HP for last 17 years and have exposure to HA/DR field from both R & D and customer perspectives.
  • Kirk Bresniker is the Vice President/Chief Technologist for HP Business Critical Systems where he has technical responsibility for all things Mission Critical, including HP-UX, NonStop and scalable x86 platforms. He joined HP in 1989 after graduating from Santa Clara University and has been an HP Fellow since 2008.
  • I’m the worldwide marketing manager for HP NonStop. I’ll be blogging and tweeting out news as it relates to NonStop solutions – you can find me here and on twitter at @CarolynatHP
  • Cynthia is part of the HP ExpertOne team. ExpertOne offers professional IT training and certifications from infrastructure refresh to areas that span across the datacenter like Cloud and Converged Infrastructure.
  • Hi, I work on the HP Servers team as HP-UX worldwide product marketing manager. I´m interested in how customers use our technology and will be blogging about their stories and on how our products evolve to help their businesses be always on.
  • I have worked with NonStop systems since 1982. I am a Master Technologist for HP and am part of the IT SWAT organization, the Cloud SWAT and work with HP Labs. I report into the Enterprise Solutions and Architecture organization.
  • Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information systems design, instructional technologies and multimedia development. He left Apple Computer for Tandem Computers to help launch G03 and hasn’t looked back yet. He previously managed the program management team for the NonStop Education and Training Center and drove the development and growth of the NonStop Certification programs.
  • Hello! I am a social media manager for servers, so my posts will be geared towards HP server-related news & info.
  • HP Servers, Converged Infrastructure, Converged Systems and ExpertOne
  • Luke Oda is a member of the HP's BCS Marketing team. With a primary focus on marketing programs that support HP's BCS portfolio. His interests include all things mission-critical and the continuing innovation that HP demonstrates across the globe.
  • I am the Superdome 2 Product Manager. My interest is to learn how mission critical platform helps customers and would also like to share my thoughts on how Superdome has been helping customers and will continue to do so.
  • I work in the HP Servers marketing group, managing a marketing team responsible for marketing solutions for enterprise customers who run mission-critical workloads and depend on HP to keep their business continuously running.
  • Mohan Parthasarathy is a Technical Architect in the HP-UX lab. His primary focus currently is in the core kernel, platform enablement and virtualization areas of HP-UX. Mohan has worked on various modules of HP-UX, including networking protocol stacks, drivers, core kernel and virtualization
  • I’ll be blogging about the latest news and enhancements as it relates to HP Moonshot.
  • Greetings! I am on the HP Enterprise Group marketing team. Topics I am interested in include Converged Infrastructure, Converged Systems and Management, and HP BladeSystem.
  • As a Managing Consultant for HP’s Enterprise Solution & Architecture group, I collaborate with client business and IT senior management to understand, prioritize and architect advanced use of data and information, drawing insights required to make informed business decisions. My current focus leverages event-driven business intelligence design techniques and technologies to identify patterns, anticipate outcomes and proactively optimize business response creating a differentiated position in the marketplace for the client.
  • Wendy Bartlett is a Distinguished Technologist in HP’s NonStop Enterprise Division, and focuses on dependability – security and availability - for the NonStop server line. She joined Tandem in 1978. Her other main area of interest is system architecture evolution. She has an M.S. degree in computer science from Stanford University.
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.