Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HPUX Update Seminar Session 1 Dan Taipala

767 views

Published on

Presentation that I put together as part of workshop that introduced the March 2010 updates to HPUX 11i v3

  • Be the first to comment

  • Be the first to like this

HPUX Update Seminar Session 1 Dan Taipala

  1. 1. © 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Overview and Update HPUX 11i v3 Dan Taipala, Ph.D. HP Solutions Architect
  2. 2. HPUX 11i v3: This is NOT your fathers Oldsmobile … What HPUX is not … • Another Unix Operating System • The HPUX v1 and v2 that we came to know and love What HPUX is … • A key part of HP’s strategy • A platform for virtualization and partitioning • A mission critical environment for the most demanding workloads
  3. 3. HP-UX: Over 25 years of great history, strategic to HP’s future • ______ 1st version released on an HP 9000 Series 500 system with a Motorola 68000 processor − Based on AT&T System V with BSD extensions − Ronald Reagan was president of the United States • ______ November – 1st commercial system released with the HP PA-RISC processor, the HP 9000 Model 840 − The Berlin wall still separated East from West Germany • ______ June – HP-UX 11i released on HP Intel Itanium processor- based HP Integrity servers • ______ February – HP releases HP-UX 11i v3 with major enhancements in virtualization, availability, security, performance and management. • ______ March– HP releases HP-UX 11i v3 March 2010 Release with new functionality, enhancements to existing, and a new packaging, delivery and pricing strategy 1983 1986 2001 2007 2010
  4. 4. HP-UX 11i v2 Enterprise UNIX for HP Integrity & HP 9000 Servers HP-UX 11i software roadmap • Investment protection through binary compatibility and 10+ years of support life • Major releases about every 3 years Dates and content subject to change without notice. 20072003 In de ve lo pm e nt In planning Next generation Accelerating deployment, reducing costs, and improving service levels 24x7 lights out computing & policy-based services provisioning HP-UX 11i v3 Adaptive Infrastructure: The next level of virtualization and automation Re co m m e nde d ve rsio n fo r ne w de plo ym e ntsSale s thro ug h 20 0 9 • Flexibility with mission-critical virtualization • Capacity for most demanding workloads • Affordable data-center class availability & security • Centralized expert control • Embracing multi-OS environments, blades HP-UX 11i v4 Zero-downtime virtualization HP-UX 11i v5 Next wave of enterprise computing Continuously releasing functionality to shipping releases Optimizing business outcomes with mission-critical virtualization 2010 and beyond • Manageability • Security • Availability
  5. 5. Data Center Operating Environment (DC-OE)* High Availability OE (HA-OE)* Virtual Server OE (VSE-OE) Advanced file system and volume management Goal-based workload management Partitioning Capacity advisor Virtualization manager System performance analysis System management Security Kernel & application performance analysis Base file system and volume manager Base OE (BOE) Superset: HA-OE + VSE-OE, both of which include BOE Advanced file system and volume management High availability: Failover cluster software and related toolkits System performance analysis HP-UX 11i v3 New OE Packaging
  6. 6. HP-UX 11i v3 Operating Environments * Upgrades available: SM for Oracle Premium, CFS for Oracle RAC, CFS for Oracle, CFS Data Center Operating Environment (DC-OE)* High Availability OE (HA-OE)* • Base OE • MirrorDisk/UX • Serviceguard • ECM Toolkit • NFS Toolkit • Online JFS • GlancePlus PAK • HA Monitors • Pre-integrated, simple installation Virtual Server OE (VSE-OE) • Base OE • MirrorDisk/UX • VSE Suite: − gWLM or WLM − HPVM or vPars − Capacity Advisor − Virtualization Manager • Online JFS • GlancePlus PAK • HA Monitors • Pre-integrated, simple installation • Foundation OE • Auto Port Aggregator • Process Resource Manager • C++ linking for Oracle EBS • Caliper, WDB • 3D Graphics RTE • Message Passing Interface • Math Library • Pre-integrated, simple install Base OE (BOE) HA-OE, VSE-OE, BOE
  7. 7. Partitioning and Virtualization Support within HPUX 11i v3
  8. 8. Single Physical Node Single OS image per node within a cluster HP nPartitions Hard partitions within a node HP Virtual Partitions & HP Integrity Virtual Machines Within a hard partition (or server) HP Secure Resource Partitions Secure partitions within an OS image • OS image with HW fault isolation • Dedicated CPU RAM & I/O nPar 1 • OS image with HW fault isolation • Dedicated CPU RAM & I/O nPar 2 nPar 3 • OS image with HW fault isolation • Dedicated CPU RAM & I/O nPar n • OS + SW fault isolation • Dedicated CPU, RAM vPar 1 • OS + SW fault isolation • Dedicated CPU, RAM vPar 2 Hard Partition 1 • OS + SW fault isolation • Virtual + Shared CPU, I/O • Virtualized Memory Virtual Machine 1 Hard Partition 2 • OS + SW fault isolation • Virtual + Shared CPU, I/O • Virtualized Memory Virtual Machine 2 Application 2 Application 3 Application 1 • Guaranteed compute resources (shares or percentages Application n FlexibilityIsolation Node • Guaranteed compute resources (shares or percentages) • Guaranteed compute resources (shares or percentages) HP Partitioning ContinuumCapability Scales from High Isolation/High Effort to Lower Isolation/Low Effort HPUX Unique Capabilities
  9. 9. HP Integrity nPartitions Itanium 2 processors PA-8900 processors Itanium 2 dual core processors nPartition 1 - Windows nPartition 2 - HP-UX 11i vPar monitor nPartition 3 - Integrity VM Host w/Linux guests • Support 4 Multi-OS in 1 server − HP-UX, Windows, Linux, OpenVMS • Physically maintain part of server − while other nPartitions continue to run • Mix & match processor architectures − PA-RISC & Itanium processors in 1 cabinet • Dynamically add/remove cells of running nPartition − While same nPar running − HP-UX 11i v3 dynamic nPartitions Itanium 2 processors nPartition 4 – OpenVMS Electrical isolation, flexibility & no overhead
  10. 10. HP-UX 11i Virtual Partitions (vPars) Core granularity with negligible overhead • Software isolation for OS and application • Individual reconfiguration and reboot • Dynamic CPU migration across vPars • Dynamic memory migration across vPars for HP-UX 11i v3 • Mixed vPars in same nPar: • HP-UX 11i v1, v2 & v3 on both HP 9000 & Integrity servers Multiple HP-UX instances running on the same server or nPar in multiple Virtual Partitions: OS OS OS OS Dept. A App 1 Dept. A App 1’ Dept. B App 2 Dept. B App 3
  11. 11. HP Secure Resource Partitions Secure partitions within an OS image Application 2 Application 3 Application 1 • Guaranteed compute resources (shares or percentages Application n • Guaranteed compute resources (shares or percentages) • Guaranteed compute resources (shares or percentages) HP Partitioning Continuum: Secure Resource Partitions • Single operating system kernel • Resource Allocation (WLM and PRM) • CPU allocated with FSS policy • Disk I/O allocated with FSS share policy • Memory allocated with Memory shares • Allocations are entitlement based (guaranteed minimum) • Configuration access between workloads • Key benefit: single os instance reduces operational cost • Resource allocation provides protection against ‘out of control’ apps
  12. 12. HP Integrity Virtual Machines Within a hard partition (or server) • OS + SW fault isolation • Virtual + Shared CPU, I/O • Virtualized Memory Virtual Machine 1 Hard Partition 2 • OS + SW fault isolation • Virtual + Shared CPU, I/O • Virtualized Memory Virtual Machine 2 HP Partitioning Continuum: Integrity Virtual Machine• VMware for Unix • HPUX 11i v3 Hypervisor • Isolation at guest operating system • All I/O (Network, Storage) Abstracted • Memory and CPU can be dynamically allocated to the VM • CPU can be allocated down to the 5% of one core • Software licensed to the number of virtual CPU’s allocated to the virtual machine • Tools See ONLY the kernel of the VM
  13. 13. Offline virtual machine migration Host (Integrity VM + platform OS) OS app1 app2 Host (Integrity VM + platform OS) OS app1 app2 VM with unique: • Kernel Parameters • Patch levels • Layered software OS app1app2 VMs is stopped on one server and then started up on another SAN Assumes that OS boot disk is on SAN and accessible from the hypervisors of Different servers. Pre-production Production
  14. 14. Online Guest Migration: Live Migration Source Host (HPVM and HP-UX) Guest OS app1 app2 Target Host (HPVM and HP-UX) Guest OS app1 app2 Guest OS with unique: • Kernel Parameters • Patch levels • Layered software OS app1app2 Guest continues to operate on source host while migration begins SAN Guest is briefly suspended as final resident memory image transfers Guest continues operation on target server after transfer completes Existing Production Host New Production Host
  15. 15. Key Benefits • Provides broadest portfolio of partitioning capabilities of any unix vendor • Secure Resource Partitions provide resources isolation without the work and overhead (cost) of another operating system • Offline guest migration allows promotion of single OS instance. Move same instance from pre-production, to production. Simplify deployment with effective N, N+1, N-1 strategy • Live guest migration provides zero downtime re-hosting reducing potential SLA impact • Dynamic vPars, Dynamic VM, Dynamic Memory, Dynamic Storage provide the ability to dynamically re-provision the infrastructure to meet changing business needs
  16. 16. New Features in the HPUX 11i v3 March 2010 release and beyond
  17. 17. What’s new in HP-UX 11iv3 Operating Environments and Software A technology enhancement view of the March 2010 Update
  18. 18. New v3 OEs: More Software, Less Cost for Support Customers Upgrade from original OEs 29-32% reduction in annual support cost for EOE plus Serviceguard, to HA- OE Up to 15% reduction in annual support cost, OE-to-OE Eliminate line-item software support cost for newly included software “Socket fora Socket” upgrade to NGIS e-Delivery NOW available: download and install 2 1 3 The upgrade is free — Trade old OEs for new to reduce annual costs up to 3 ways
  19. 19. Significant Performance Improvements • In addition to significant performance improvements achieved in the Itanium servers, HP is also improving the operating system to yield better performance from a more efficient operating system HP-UX 11i v3: 30% better OS performance on average than HP-UX 11i v2 HP-UX 11i v3: 30% better OS performance on average than HP-UX 11i v2 17% 45% 46% 77% 150% 172% 0% 20% 40% 60% 80% 100% 120% 140% 160% 180% 200% Boot time Kernel Intensive Applications File Server File System Mount & Unmount File System I/O Disk I/O Threads 17% 45% 46% 77% 150% 172% 0% 20% 40% 60% 80% 100% 120% 140% 160% 180% 200% Boot time Kernel Intensive Applications File Server File System Mount & Unmount File System I/O Disk I/O Threads 365%
  20. 20. Updates for the HP-UX 11i v3 OEs: Changes to the OE Contents As of the March 2010 update release
  21. 21. Amped up Manageability and Ease-of-Use for HP Integrity VM v4.2 Network management Guest-tagged VLAN support: Increased flexibility System management –Automatic memory reallocation: Increased resource utilization, improved flexibility, automation against SLAs –Storage reporting tool (mapping guest virtual to physical storage): Easier management –VM suspend/resume for temporary stop & re-start (now early access with Virtual I/O) : Increased flexibility Easier deployment AVIO drivers released with Integrity VM software Increased HA integration –Integrity VM Serviceguard Toolkit enhanced to include: – application monitoring automation, – automated multi-node packaging of SLVM backing storage – improved ease of: use, deployment and management
  22. 22. ISV Support now supports 10gR2 with Online VM migration (soon with11g) Dynamic Server 11.50 is now also supported by IBM with Online VM Migration (see the whitepaper) Enhanced for security, performance, deployment Online VM Migration for Integrity VM v4.2 Secured Online VM Migration •Data encryption is now provided for Online VM Migration •Customers can now use public networks (lower cost than private networks), and still have their data secured Improved performance Total Online VM Migration time of Integrity VM v4.2 can be up to 2x faster than v4.1 (on busy systems) Higher server uptime, better response time, more efficiency of server Now also included in the HP-UX 11i v3 virtualization bundles –Easy deployment –VSE-OE, DC-OE, Insight Dynamics – VSE Suite
  23. 23. Avoid Loss of Work with DRD Sync – Enhancements Your Customers Asked For ACTIVE CLONE Friday afternoon, an HP- UX 11i admin creates a clone, applies some patches, and activates it, with plans to reboot the system at 3:00 am Sunday morning. Saturday the system is accessed: password and log files are changed on the original system image. If the clone replaces the original image on Sunday those changes would be lost. The system is rebooted with all of the changes intact. With DRD Sync the original image was compared to the clone, identifying and applying any changes made to the original image that occurred since Friday afternoon. On Sunday, the off-hours SA runs DRD Sync to make sure any changes that have been made to the original image between Friday afternoon and 3:00 Sunday morning are propagated to the clone NEW ACTIVE www.hp.com/go/drd
  24. 24. Suspend/Resume: put “on shelf” temporarily • Captures the state of a VM, its OS, applications and workloads, • Temporarily stops the VM • Resumes the execution at a later time from the captured system & workload state Use cases: • Put workload “on a shelf” temporarily • Debugging problems that take a long time to reproduce • Cloning, replication & high availability • Integrity VM v4.2.5, Sept. 2010 (general release, with AVIO & VIO support) • Diffe re ntiato r vs. IBM • Early acce ss with VIO March 20 1 0
  25. 25. 25 January 28, 2015 When formatting devices isn’t enough… 3 degrees of disk sanitization Erase the drive to reuse it • In place in the system $0-$150/drive • In a separate eraser device $1,500-$25,000 Degauss and dispose of the drive (NSA requirement) $2,500+ Destroy the drive $2,500-$45,000 HP-UX 11i Disk Scrub • DoD 5220.22-M approved method of overwriting & erasing data • User selectable: − Character written − Number of passes • Destroys data in all active and deleted files, file directories, disk allocation tables, boot area, disk label and unallocated addressable disk space • Free with HP-UX 11i v3 Erase in place for convenience New with Update 4 Hard drive security: Overwriting media Disk Scrub now with HP-UX 11i v3
  26. 26. The Industry’s Only UNIX® Certified to the Latest Common Criteria Profile (CCOPP) • HP-UX 11i has just successfully completed a new Commercial off the Shelf (COTS) Compartmentalized Operations Protection Profile (CCOPP-OS) evaluation • This new EAL4 CCOPP evaluation encompasses the extensive range of security solution for HP-UX 11i v3 including vPars and nPars and includes high- security Mandatory Access Control features. Industry Best Practices for Securing a UNIX System – Built Right In Industry Validated UNIX® Security for Peace of Mind • HP-UX 11i Bastille implementation is in evaluation to be CIS certified
  27. 27. Security Ready Out of the Box: Long Password Support and IPSec Long Password support • Increases the maximum password length from 8 to 256 characters in Shadow Mode • Now all security formerly carried in Trusted Mode is shipped in Base OE IPSec on HP-UX 11i successfully completed • Logo Phase-2 conformance and interoperability tests • http://www.ipv6ready.org/phase-2_approved_list
  28. 28. Security Ready Out of the Box: HP Directory Server V8.1 • Replaces Red Hat Directory Server for HP-UX 11i • Port of Open Source Fedora 389 Directory Server • Licensed and Supported as part of the HP-UX 11i V3 FOE. (No fees/license worries for HP-UX) • New Features include:  LDAP support of UNIX sockets, Additional options for secure communication between servers, More flexibility in schema management, Option to disallow unauthenticated bind operations. • New Features that HP-UX 11i is contributing: Replication agreements can be prioritized, account policy plug-in provides control over inactive accounts.
  29. 29. IP FiIter v17: Updated to Latest Standard • IP Filter is a TCP/IP packet filter or system firewall that functions as a security defense by cutting down the number of exposure points on a machine. • What’s new in the March 2010 Update: −Rate based packet filtering: Controls the amount of legitimate packets processed by a system to reduce the latest threat of Denial of Service attacks −Easy or Use: A variety of enhancements make managing the complex rules much easier −Automatic monitoring/removal of “dead“ IP/port pairs Like closing and locking all of the unused windows & doors in your house
  30. 30. 30 January 28, 201530 August 2009 – HP Restricted. For HP and channel partner internal use. Enhanced HP-UX 11i v3 security auditing Motivation customer now need to comply with SOX and CIS − Audit “functionality” has been part of HP-UX 11i for number of releases − Recent developments in compliance rules mandate extensive auditing What’s new Web released available today and bundled in with 0909 − Audit filtering • Pre-filter audit data to reduce raw audit data • Reduces disk space consumed − Audit Reporting • Process RAW audit data for reporting • Sample PCI/SOX report templates included provided with HP-UX 11iv3 It’s in the Software Depot http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AuditExt * Available on v3 - comes with Base OE
  31. 31. Encrypted Volume/File System Provides: • Confidentiality and integrity of critical business information • Encrypted Volumes: Protect ‘data-at-rest’ against unauthorized use • Encrypted Filesystem: Protect ‘data-in-use’ against unauthorized access Advantages: • Transparent to applications • Supports long-term data retrieval for auditing purpose • Robust and flexible key management • Design centered on high-availability environments •non EVFS-aware •application •existing VFS system calls •volume manager •physical disk •non EVFS-aware •application •physical disk •EVFS tools •EVFS pseudo-disk driver •*New* EVFS Performance & Tuning Whitepaper http://docs.hp.com/en/12710/Performance •New in all v3 OEs- March 2010!
  32. 32. 32 January 28, 201532 August 2009 – HP Restricted. For HP and channel partner internal use. HP-UX 11i v3 Encrypted Volume and File System: EVFS V2.0 – Web release August/September Unique value: • HP-UX 11i v3 is the only Unix to provide both volume & file level encryption capability • Volume level encryption provides protection of data-at-rest with simplified key management and is completely transparent to the user • File-level encryption for granular protection of data, even against administrative access so the file is locked and only authorized users with the key can accesses it • Integrated into HP-UX 11i Base OE • No need for application or storage infrastructure changes • Robust key management • Common key mgmt between EVS and EVFS • Hardware protection of keys with optional TPM module on select Integrity servers • “Enterprise-ready” with support for recovery keys and support for cluster/HA environments * Available on v3 - comes with Base OE
  33. 33. HP-UX 11i v3 tomorrow Continuously delivering enhancements, about every 6 months 2010 (2H) 2011 + Potential candidates Potential candidates • 1009: recommended for SD2 (B’eer) • ServiceGuard A.11.20: Features for reducing downtime; package management and extensibility enhancements • Secure Resource Partition (SRP) v3.0 • More virtualization of the SRP environment - Virtual FS per container, GID/UID per container, local services, local IPC namespace • Management GUI with SMH/SIM Integration • Expanded local administration • Green – Power thermal monitoring via iLO/IPM for B’eer; intelligent fan control • N-Port ID Virtualization (NPIV) support in FC drivers • Fiber Channel over Ethernet (FCoE) • SMH enhancements – Apache 2.2 , Kerberos support • Ignite and DRD integration into SIM and/or SMH • DRD – Support for LVM 2.0 boot/root volume • LORA pre-configured by default for Tukwila systems • Security enhancements - Trusted execution, LDAP-UX 5.0 • Serviceguard A.11.21 • Secure Resource Partition (SRP) : Extended integration with HP-UX Partitioning and virtualization products and management tools; Extended virtualization of system resources • Integrity VM 4.3: o Improved Oracle & SAP performance, o Direct I/O o 16 core VM support, o External configuration of virtual firmware environment o Dynamic guest reconfig CPU, memory and IO o VM Snapshot o Remote access to VM console o Expanded Online Migration capabilities for storage processor and I/O configurations • Integrity server power & cooling: Power regulation via iLO/IPM for NGIS all sizes, group power capping, COLAD/BOLAD B’eer, PCI OL* NGIS • DRD: more clone creation methods (mirror split, golden image, biz copy, PAX); expanded rehosting • LVM: data mobility, self healing/self tuning, improved performance 33 January 28, 2015 •HP Confidential – Dates and content subject to change without notice
  34. 34. New HP Integrity server/HP-UX support - Insight Orchestration • Support for automated provisioning of HP Integrity blades with HP-UX 11i • Uses Ignite- UX as software deployment tool • Included in VSE Suite, VSE-OE, and DC-OE starting March 2010 • Available as trial until March 2010 •Available HP-UX software populated from Ignite •Integrity blades with HP-UX in service templates •34 •HP Product Announcement – HP Restricted
  35. 35. 35 •HP Insight Dynamics for Integrity Advanced infrastructure-lifecycle management • Infrastructure orchestration support for Integrity Virtual Machines • Bundling infrastructure orchestration, online VM migration with Insight Dynamics - VSE for Integrity, VSE-OE, and DC-OE • Infrastructure orchestration with enhanced capabilities and deeper VM integration • Logical server mgmt P2V and V2P • Capacity planning with expanded report choices • Increase scalability 1500+ and ease of use • Infrastructure orchestration design & auto-provisioning for physical Integrity blades • Logical server management for HP Integrity VM for import and V2V move •Easier to use: Breakthrough UI for infra lifecycle mgmt •Insight Software •* Under investigation • Integrity VM – shared LVM storage for online migration • Secure Resource Partitions - HA integration, increased ease of use and offline migration • Integrity VM – memory, management, and security enhancements • OpenVMS guest support • Integrity VM – storage mgmt from guests • Secure Resource Partitions: increased isolation •Speed capacity planning via in-depth HP platform knowledge Partitioning Continuum for HP-UX 11i Greater return on IT investments by enhancing server resource utilization in real time. Provision infrastructure in minutes Deliver IT to the business more quickly and predictably Optimize with confidence Adjust resources efficiently, so IT can reduce operational costs while maintaining service levels
  36. 36. Key Take Aways • New Logo • New Packaging/Pricing − Download and install e-Delivery − Socket based licensing − Free upgrade for existing licenses • New Functionality − Improved, new security features − Improved virtualization − Improved performance • Continued commitment as HP’s strategic enterprise platform • Certainly NOT your father’s Oldsmobile …
  37. 37. © 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Thank You ...

×