1 13012 HPUX Eng for Critical Workloads Ideas WP

7/23/2019 1 13012 HPUX Eng for Critical Workloads Ideas WP

http://slidepdf.com/reader/full/1-13012-hpux-eng-for-critical-workloads-ideas-wp 1/15

actionable intelligence

www.ideasinternational.com

HP-UX 11i V3: ENGINEERED

FOR CRITICAL WORKLOADS

An Ideas International White Paper

Prepared for:

Hewlett-Packard

August 2010





custom consulting services

HP-UX 11i V3:ENGINEERED FOR CRITICAL WORKLOADS

August 2010

W H I T E P A P E R

This document is copyrighted© by Ideas International, Inc. (IDEAS) and is protected by U.S. and international copyright laws and conventions. This document may not be copied, reproduced, stored in a retrieval system, transmitted inany form, posted on a public or private website or bulletin board, or sublicensed to a third party without the written consent of IDEAS. No copyright may be obscured or removed from the paper. All trademarks and registered marks ofproducts and companies referred to in this paper are protected.

This document was developed on the basis of information and sources believed to be reliable. This document is to be used “as is.” IDEAS makes no guarantees or representations regarding, and shall have no liability for the accuracyof, data, subject matter, quality, or timeliness of the content. The data contained in this document are subject to change. IDEAS accepts no responsibility to inform the reader of changes in the data. In addition, IDEAS may change itsview of the products, services, and companies described in this document.

IDEAS accepts no responsibility for decisions made on the basis of information contained herein, nor from the reader’s attempts to duplicate performance results or other outcomes. Nor can the paper be used to predict future values orperformance levels. This document may not be used to create an endorsement for products and services discussed in the paper or for other products and services offered by the vendors discussed.

PREPARED FOR

HP

Executive Summary

This white paper presents a technical comparison of HP-UX 11i v3, AIX 6.1, and Solaris 10

UNIX operating systems, focusing on their functional capabilities in terms of virtualization

reliability, and security. In each of these areas, the paper identifies some critical technica

requirements, describes the significance of these requirements in current customer

environments, and then shows how well HP-UX 11i v3 meets these requirements compared to

the other UNIX systems.

TABLE OF CONTENTS

Executive Summary ............................. 1

HP-UX, AIX, and Solaris all offer very strong functionality today, with each leading in one area

or another. But HP-UX stands out for its balance. It does not lag its competitors in any one

area, and it breaks out with leading functionality in several areas valued by business users. One

particular area of strength for HP-UX is the unique level of integration between virtualization

workload management, and high availability (HA) / disaster recovery in HP Insight Dynamics –

VSE. The combination of HP-UX and Insight Dynamics – VSE gives customers the full benefit o

virtualization in a highly available environment. In the newest version of HP-UX, online

migration of Integrity Virtual Machines is up to two times faster than the previous release, and

encryption is supported for live migration of sensitive workloads. Live migration has also been

fully integrated into the VSE-OE and DC-OE operating environments. HP-UX can now become

the basis for truly virtual infrastructure, in which computing resources are treated as a single

pool of resources that can be drawn upon on demand by workloads. HP-UX 11i v3 deployment

is facilitated by HP’s Reference Architectures for Insight Dynamics – VSE, which document bes

practices for deploying ISV solutions from IBM, Oracle, SAP, and SAS in an Insight Dynamics –

VSE environment on HP Integrity servers.

HP-UX 11i Optimized for24x7 Global Enterprises ...................... 1

HP-UX Ope rating Env ironment Bu ndles . 2

HP-UX Design Goals ............................. 1

Virtualization ....................................... 3

HP-UX 11i v3’s Complete Portfolio of

Virtualization Techniques ...................... 1

Online Migration .................................... 5

Workload Man agement T ools ................ 1

HP In sight Dynamics – VSE ................... 6

Performance Optimization Tools ............ 7

Availability ........................................... 1

In the area of security, HP-UX 11i v3 has superior storage encryption capabilities compared to

the other UNIX systems, with the unique ability to encrypt both entire storage volumes and

individual files. HP-UX 11i v3 also offers unique, host-based intrusion detection functions that

are integrated into the operating system; such functions require installation of add-ons in the

other UNIX systems.

Error-Handling Architecture ................. 10

HA Clus ter and DR Option s ................. 10

Security ............................................. 11

Role-Based A ccess Contro l (RBAC) .... 13

Encryption ........................................... 13 By addressing some of the major Total Cost of Ownership (TCO) concerns customers have

today, these capabilities help to put HP-UX in a leadership position for delivering the proven

benefits of UNIX platforms.Host-Based Intrusion Det ection ........... 13

The IDEAS Bottom Line ..................... 13

HP-UX 11i Optimized for 24x7 Global Enterprises

Hewlett-Packard has long been a leading supplier of commercial UNIX solutions, succeeding inpart by emphasizing business-oriented factors such as quality, investment protection, consulting

abilities, and support. Today, HP-UX is the strategic operating system for HP Integrity servers

bringing leadership mission-critical performance and virtualization to businesses of all sizes. HP-UX

11i provides a powerful, standards-based platform that can virtualize and automatically adjust



AUGUST 2010 HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

infrastructures to achieve 24x7 lights-out computing and dramatically reduce total cost of

ownership – all integrated and rigorously tested to operate as a single system.

HP-UX is now fully integrated into HP’s Converged Infrastructure, a blueprint for data centers

that is designed to eliminate boundaries between IT silos, so that customers can invest more otheir IT budget on business innovation rather than maintenance. HP Converged Infrastructure

enables administrators to easily provision predefined server and storage capacity for HP-UX

Integrity systems, and HP-UX can be deployed on server hardware that is optimized for a

mission-critical Converged Infrastructure, such as HP BladeSystem Matrix.

HP-UX Operating Environment Bundles

HP-UX offers leadership integration and the most robust set of integrated system software

bundles compared to operating systems from other vendors. These bundles, known as HP-UX

“Operating Environments (OEs),” reflect typical user environments (see Figure 1). An often

overlooked benefit of HP’s OE approach is in the effort that HP has put forth to pre-test and

integrate the most frequently used software products (such as HP Serviceguard Solutions and

HP Insight Dynamics – VSE). Pioneered by HP, this concept of pre-integration makes the

purchasing, installation, patching, and support processes more streamlined, and it removes thenecessity for the initial customers to act by default as external beta testers.

HP-UX OEs include the Base Operating Environment (BOE), which is intended for customers

requiring less complex installations; the Virtual Server Operating Environment (VSE-OE), which

is targeted at customers seeking higher resource utilization or at those who are embarking on

consolidation projects; and the High Availability Operating Environment (HA-OE), which is

intended for customers focused on increasing uptime for large, business-critical applications

There is also a superset known as the Data Center Operating Environment (DC-OE), which

includes all the functionality from BOE, VSE-OE, and HA-OE.

While the Operating Environments are nested for ease of procurement, customers can still add

on single software products should they wish to pick and choose. In addition, HP offers a series

of Reference Architecture (RA) best-practices to help customers minimize deployment time.

Figure 1. HP-UX 11i v3 Operating Environments

» Scalable systems and storage

» UNIX performance

» Centralized, single-pane systemmanagement

» Comprehensive security

» Consolidation safeguards – secureresource and hard partitions

» Single system RAS

Base OE (BOE) –The UNIX OS plus HP innovation

Data Center Operating Environment (DC-OE)

Integrates all Operating Environments into a virtualized mission critical OS

High Availability OE (HA-OE) integrates:

Serviceguard clusters

» Fast failover

» 100% onlinemaintenance

» Fully IPV6 compliant

» Congestion free

Advanced file systemand volume management

» Scalable, secure, andavailable data

Virtual Server OE (VSE-OE) integrates:

Insight Dynamics – VSE

» Provision infrastructure

» Optimize infrastructure

» Protect continuity ofservices

Advanced file systemand volume management

» Scalable, secure, andavailable data

Source: HP

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC. 2

IDEAS RECOMMENDATIONS FOR USERS

Ideas International (IDEAS) offers the

following recommendations for users

who are considering the deployment of

HP-UX versus AIX and Solaris:

» Scalability. Assess operat ing

systems in terms of scale-up

capabilities such as the number of

threads supported in SMP

configurations, memory capacity,

and storage range. Also consider the

maturity of SMP implementations

and the tools that are available for

the operating system that will help

administrators and developers

extract the most possibleperformance from an application

running on a server with that OS.

» Virtualization. Measure the

manageability benefits resulting from

HP’s superior integration between

HP-UX virtualization and HA/DR

capabilities in HP Insight Dynamics

– VSE agains t t he work load

migration capabilities in competing

UNIX systems such as AIX.

» Availability. Weigh the importance

of avoiding disruption caused by

introducing major changes inhardware or OS software against the

pressures from workload growth

and/or variation.

» Security. Assess the risk of hosting

critical workloads on systems that

are externally accessible from a

network, which significantly

increases the importance of setting

up processes for detecting intrusions

by unauthorized users.

» Management. Determine the role

that UNIX systems will play asserver, storage, and network

infrastructures converge. If blade

servers are considered strategic,

establish the tradeoffs between HP-

UX and other UNIX systems in terms

of their ability to be deployed in

blade form factors.




HP-UX Design Goals

HP-UX 11i v3 was released in early 2007. Individual releases of HP-UX are supported for a

decade or so to enable customers to upgrade when it makes the most sense for the business to

do so. Investment protection is provided through binary compatibility for source, data, andbinaries.

With HP-UX 11i v3, HP focused on continued improvements to RAS to meet the needs of the

24x7 global enterprise. It also focused on the agile enterprise and the increasing need to

transport and store large amounts of data – a change driven by compliance and archiving

regulations as well as evolving data types and ever-expanding media files. HP designed the

current release of HP-UX 11i v3 to provide flexibility with mission-critical virtualization; capacity

for the most demanding workloads; affordable data-center-class availability and security; and

centralized expert control. The newest release of HP-UX, in the spring of 2010, introduced a

number of functional enhancements that significantly strengthen its appeal as a data center

computing platform. The core OS includes several new capabilities to reduce downtime, both

unplanned and planned. In particular, online migration of Integrity Virtual Machines is up to

two times faster than the previous release, and migrations are made more secure with

encryption. HP also added a suspend/resume capability for Integrity Virtual Machine guests

which provides increased flexibility for deploying workloads in virtual machines.

In addition to being faster and more secure, Online Virtual Machine Migration for HP Integrity

Virtual Machines has been fully integrated into the VSE-OE and DC-OE operating environments

Software such as HP Insight Dynamics – VSE and HP Serviceguard Solutions extend the

reliability, scalability, and flexibility of HP-UX so that it benefits workloads, data centers, and IT

infrastructures on an end-to-end basis. With complete flexibility to move virtual machines

according to business policies driven by availability and service levels, HP-UX can now become

the basis for truly virtual infrastructure, in which computing resources are treated as a single

pool of resources that can be drawn upon on demand by workloads.

It is clear that HP is continuing to invest in enhancing the functionality of HP-UX, following its

traditional approach of responding to specific needs that its customers have raised. But howdoes HP-UX compare with the other leading UNIX systems on the market today? The next few

sections compare the functionality of HP-UX 11i v3 with the latest releases of its major

competitors: IBM’s AIX 6.1 and Oracle’s Solaris 10. The comparison focuses on several key

functional areas, including virtualization support, reliability functions, and security functions.

Virtualization

Virtualization continues to take hold across the industry with the proven ability to deliver a

variety of business and operational benefits, including consolidation and improved resource

utilization; simplified resource provisioning; simplified implementation of high availability (HA)

and disaster recovery (DR); legacy application support; and improved test and development

processes. One of the most basic enablers of virtualization is the ability to run multiple

operating systems simultaneously on a single server. There are a number of ways to

accomplish this feat, depending on the goals of a virtualization deployment. For example, in

some cases (e.g., web server farms), it may be acceptable (or necessary) to run multiple

instances of the same OS. In other cases, particularly with consolidation, it may be desirable to

run heterogeneous operating systems – either different release or patch levels of the same

operating system, or entirely different operating systems altogether – simultaneously on a

single server.

From an implementation standpoint, operating systems can use several possible technologies

to manage multiple operating system instances. Such approaches include server partitioning

hardware assistance, virtual machines, and virtual operating systems (i.e, virtual servers).


Software such as HP Insight

Dynamics – VSE and HPServiceguard Solutions

extend the reliability,

scalability, and flexibility of

HP-UX so that it benefits

workloads, data centers,

and IT infrastructures on

an end-to-end basis.




HP-UX 11i v3’s Complete Portfolio of Virtualization Techniques

HP-UX supports all of these virtualization types in some form on Integrity servers. For the most

demanding workloads that require their own copies of an operating system (either HP-UX or

heterogeneous), HP-UX offers several approaches:

» HP nPartitions (nPars). HP nPars are hard partitions that provide complete electrical isolation

between operating system instances, so that hardware or software errors in one partition

cannot crash or panic other partitions (requires cell-based servers). Electrical isolation also

enables a key nPars advantage in online serviceability (i.e., the ability to add/replace rea

memory/CPU resources without impacting the entire system). Further, nPars incur no

performance overhead with respect to I/O performance, since the operating system has

direct access to the I/O, just as on a physical system. HP-UX 11i v3 also supports Dynamic

nPartitions, which allow nPars to be reconfigured online at the granularity of cell boards. The

ability to reconfigure Dynamic nPartitions introduces several benefits, including the capability

to: perform hardware maintenance on a server while that server continues to run mission

critical applications; add cell boards needed to accommodate growth without shutting the

server down; and migrate cell boards to different partitions in response to changing

workloads without incurring downtime. nPars within an HP Integrity server can run multipleoperating systems in parallel: HP-UX, including different release levels, or OpenVMS.

» HP Virtual Partitions (vPars). HP vPars are soft partitions that offer finer granularity than

nPars. They can be as small as a single CPU, and can be used to host multiple instances of

either HP-UX 11i v2 or HP-UX 11i v3, each of which can be independently managed. Both

CPUs and memory can be dynamically moved between vPars without a reboot. Since the OS

still has direct access to the CPUs, memory, and I/O resources that are assigned to it, vPars

offer close to standalone server performance with the flexibility of software partitions.

» HP Integrity Virtual Machines (VMs). HP Integrity VMs offer the finest granularity for running

multiple complete operating system instances (up to 20 per processor or core). HP Integrity

VMs are a true virtual machine implementation with fully virtualized processors, memory

and I/O. HP Integrity VMs can run either HP-UX 11i v3 or the older HP-UX 11i v2, and they

can be deployed within an nPar. HP Integrity VMs support up to eight virtual CPUs and

capping of CPU resources. Resources can be dynamically moved between guests withoutaffecting the operation of the running applications, and online migration enables relocation

of an entire virtual machine from one host to another without interrupting its processing.

» HP Secure Resource Partitions (SRPs). HP SRPs provide many of the benefits of a virtua

operating system, enabling applications to be “stacked” securely within a single instance o

HP-UX 11i. HP SRPs combine the HP-UX Security Containment function with HP Process

Resource Manager (PRM) resource management. HP SRPs allow discrete sets of processes

and files to be contained within compartments; provide role-based access control to

administer privileges for these compartments; and provide rules that dictate inter

compartmental communication.

The variety of virtualization functions on HP Integrity makes it possible to deploy them in

innovative ways. For example, with HP-UX it is possible to nest different virtualization functions

– i.e., deploy HP vPars or HP Integrity VMs inside of HP nPars. The range of virtualizationapproaches available for HP-UX allows users to match applications with virtualization methods

based on their specific performance, isolation, and flexibility requirements.

AIX and Solaris each match many of the basic virtualization capabilities in HP-UX (see Table 4)

Virtualization in AIX is generally based on Dynamic LPARs (dLPARs) and Micro-Partitions, a

hypervisor-based partitioning approach that matches much of the value of HP’s Integrity Virtua

Machines in terms of the ability to support multiple operating system instances at very fine

levels of granularity (i.e., fractions of processors). IBM does not have a partitioning solution

that is equivalent to nPars for providing complete electrical protection between OS instances,

which might be necessary for applications that demand the highest levels of isolation.


The range of virtualization

approaches available for HP-UX allows users to match

applications with virtualization

methods based on their

specific performance,

isolation, and flexibility

requirements.




Solaris supports several methods for running multiple operating instances simultaneously on a

single server. Some high-end SPARC64 servers have a hard partitioning function called dynamic

domains, which is similar in design to HP’s nPars. Oracle also offers a more flexible

virtualization function called Oracle VM Server for SPARC (formerly called Logical Domains, oLDOMs), which allow multiple separate instances of Solaris to run on a single processor

However, Oracle VM Server for SPARC is only supported on Oracle servers that have chip

multithreading technology (CMT). Finally, Solaris Containers allow multiple private execution

environments to be created within a single instance of Solaris 10, similar to HP’s Secure

Resource Partitions.

Table 1. Server Partitioning Functions in HP-UX vs. Other UNIX Systems

HP-UX 11i v3 AIX 6.1 Solaris 10

Multiple OS Instances

(Same OS)

vPars, nPars, Integrity

VMs

dLPARs and Micro-

Partitions

Dynamic domains,

Oracle VM Server for

SPARC

Multiple OS Instances(Older OS)

vPars, nPars, Integrity VMs

dLPARs and Micro-Partitions

Dynamic domains

OS Virtualization Secure Resource

Partitions

dLPARs and Workload

Partitions

Solaris Containers

Hardware Assistance

HW/FW-Assisted

Hypervisor

None dLPARs and Micro-

Partitions


SPARC

Electrical Isolation nPars None Dynamic domains

Online Migration Integrity VMs Micro-Partitions,

Workload Partitions

Warm migration with


SPARC; live migration

with Oracle VM Server

forx86

Online Migration

Most forms of virtualization to some degree isolate workloads from the details about the

servers on which they are hosted. As a result, the use of virtualization generally makes it easie

to move a workload from one machine to another without disturbing the workload’s application

environment. The ability to transfer virtualized workloads across the network in this manner

enables a number of benefits that can greatly affect operational costs, including reduced

downtime and better controls for maintaining service levels.

HP-UX 11i v3 supports live migration for Integrity Virtual Machines, allowing the state of an

Integrity Virtual Machine to be relocated from one physical host to another without interrupting

its processing. In the newest version of HP-UX, online migration of Integrity Virtual Machines isup to two times faster than the previous release, and it has now been fully integrated into the

VSE-OE and DC-OE operating environments. The new release also adds the ability to encryp

virtual machines during migration, which will be valuable for using virtualization to maintain

service levels in sensitive workloads. Finally, HP added a suspend/resume capability for

Integrity Virtual Machine guests, which provides increased flexibility for deploying workloads in

virtual machines. Among other uses, administrators can use this mechanism to maintain

libraries of pre-built virtual machines containing various workloads.

AIX 6.1 has two different ways of moving virtualized workloads across systems withou

interrupting applications. The first method, called Live Partition Mobility, can transfer an


In the newest version of

HP-UX, online migration ofIntegrity Virtual Machines is

up to two times faster than

the previous release, and it

has now been fully integrated

into the VSE-OE and DC-OE

operating environments.





operating system from one POWER server to another while the operating system continues

running.1 The other method, Live Application Mobility, is a function of AIX 6.1 that can be used

to move Workload Partitions (virtualized operating systems similar to Solaris Containers or HP

Secure Resource Partitions) from one host to another. Neither of these options supportsencryption, however. Solaris Containers support “cold” migration, in which the state of a

Container is captured in a file for migration from one host to another. Oracle VM Server for

SPARC supports “warm” migration, in which partitions can be moved from one host to another

with minimal interruption, but the approach incurs some downtime. Oracle VM Server for x86

supports live migration of Solaris, with encryption.

Workload Management Tools

HP-UX offers several powerful tools for managing resources at a fine level of granularity, both

on single systems and across multiple systems. The tools work by efficiently allocating system

resources such as CPU, memory, and I/O to different applications via flexible scheduling

policies. HP was a pioneer in delivering resource management functions for UNIX systems,

releasing the first version of its resource management tools for HP-UX in 1994 – well before

other UNIX vendors such as IBM or Oracle. HP-UX resource management functions havecontinuously improved since then, and they now offer the broadest capabilities available for a

UNIX system:

» HP Process Resource Manager (PRM) enables consolidation of applications within a single

copy of HP-UX with the assurance that no single application will monopolize server resources

and thus adversely affect other applications. PRM is a mature resource management too

that controls CPU, memory, and I/O utilization based on a defined set of priorities. It can

also be used to adjust resources the fly.

» Global Workload Manager (gWLM) is an intelligent policy engine that automatically allocates

resources among multiple workloads to increase server utilization while meeting service

levels for high-priority applications. Designed to work across multiple HP-UX 11i, OpenVMS

and Linux environments, the workload management features are ideal for large, centralized

IT environments that host applications for many departments.

HP Insight Dynamics – VSE

A core component of the HP-UX 11i v3 Virtual Server Operating Environment (VSE-OE) is HP

Insight Dynamics – VSE. Insight Dynamics – VSE is advanced infrastructure lifecycle

management software that allows customers to instantly adjust their environment to dynamic

business demands. It integrates workload management (PRM, gWLM) with partitioning

technologies (nPars, vPars, Integrity VMs); capacity planning capabilities for continuous

consolidation and infrastructure provisioning; high-availability solutions (HP Serviceguard

Solutions); and HP Utility Pricing offerings, including Instant Capacity (iCAP), Temporary iCAP,

Global iCAP and Pay per Use. The gWLM capability of Insight Dynamics helps users maintain

service levels and increase business agility with critical workloads. Administrators can contro

which applications are the most important, designate how much of the available computing

resources those applications get, and automatically change those allocations on an ongoing

basis. Insight Dynamics – VSE will also automatically and dynamically readjust resourceallocations in response to changes in workload demand or failure conditions. For instance, if

customers experience a disaster, they may only want their top-tier applications to be operating

for the first few days.

1 Requires that the guest OS uses the Virtual I/O server to virtualize the I/O connections, rather than

running the I/O directly through the hardware.

A core component of the HP-

UX 11i v3 Virtual ServerOperating Environment (VSE-

OE) is HP Insight Dynamics –

VSE. Insight Dynamics – VSE

is advanced infrastructure

lifecycle management software

that allows customers to

instantly adjust their environ-

ment to dynamic business

demands.




Alternatively, users may want to use the failover capability to move software application

packages between servers in a cluster whenever desired, not just in a failed cluster node

scenario. In an HP Integrity Virtual Machine environment, HP Serviceguard can monitor the

application in addition to the guest OS, the host OS, and the hardware. It can protect fromfailures at any level. Most virtual machine failover solutions only monitor the hardware

hypervisor, or the guest OS, and not the actual application. Upon failure, Serviceguard can

move virtual machines automatically to the failover node. This failover works seamlessly, since

HP Serviceguard can be loaded directly into the Integrity VM host to monitor the applications

running within the VM, or loaded onto the host to monitor the VMs themselves.

Further, Insight Dynamics – VSE’s workload management can be leveraged to automatically

reallocate (or invoke) resources after failover to retain service-level goals. Insight Dynamics –

VSE’s integration of the HP Serviceguard Solutions portfolio of clustering and disaster recovery

with virtualization and workload management functions, as well as HP’s utility pricing offerings

means that workloads can automatically maintain service levels even in the event of failures

within a data center, or of up to two entire data centers. As a result, overall system utilization

is improved offering the following benefits:

»

Provides business isolation for applications while making optimum use of server resources.

» Protects applications from failure or degradation caused by hardware or software problems

in other parts of the affected server.

» Optimizes application performance and behavior by isolating applications within their own

operating environments where they can have dedicated resources.

» Provides resource isolation within an operating environment such that applications sharing

an operating system image can receive dedicated system resources in order to meet service-

level objectives.

» Increases server flexibility through easy resizing of partitions.

» Improves Return on IT (RoIT) through optimized server utilization with minimal overhead.

Neither AIX nor Solaris match the powerful resource management capabilities in HP-UX and

Insight Dynamics – VSE. Both offer some workload management tools, including AIX Workload

Manager (WLM) and Solaris Resource Manager (SRM). However, these tools do not match the

functional capabilities – or the degree of integration with virtualization functions – that HP’s

workload management capabilities offer. With the ability to define business-driven, closed-loop

workload management policies, administrators can prioritize workloads in a way that

guarantees performance for high-priority business applications under varying application and

system loads. Further, when integrated with iCAP, HP’s Global Workload Management can

automatically activate and deactivate additional resources or just signal the need to do so.

In the spirit of tight integration, tested application stacks, and rapid deployment, HP also offers

Reference Architectures for Insight Dynamics – VSE. These are documented best practices and

step-by-step guides to easily deploy solutions in an Insight Dynamics – VSE environment, HP

Integrity servers, and key industry applications from IBM, Oracle, SAP, and SAS. While both

IBM and Oracle do provide some level of integration between their respective virtualizationfunctions and HA/DR tools, neither offers a solution that matches the breadth and depth of

Insight Dynamics – VSE.

Performance Optimization Tools

To extract the maximum performance from systems as virtualization is introduced

administrators require extensive visibility over the behavior of system components in real time,

so that they can diagnose performance bottlenecks and failures. HP offers a strong set of tools

for interactively managing the performance of the HP-UX operating system and its workloads

These include GlancePlus Pak and Perfview for optimizing the performance of systems (both of


In an HP Integrity Virtual

Machine environment, HPServiceguard can monitor the

application in addition to the

guest OS, the host OS, and

the hardware. It can protect

from failures at any level.




which also support AIX and Solaris), as well as HP Caliper and HPjmeter for optimizing

application performance. GlancePlus Pak provides an overview of system performance, allowing

administrators to examine system activities; identify and resolve performance bottlenecks; and

tune systems. Administrators can view real-time summaries of data on the performance of HP-UX systems, and then drill down to diagnostic details at the system level, application level and

process level. Performance metrics can be collected for analysis on a historical basis, and

alarms can be set up to trigger automated commands or scripts based on any combination of

metrics.

Table 2. Performance Optimization Tools of HP-UX vs. Other UNIX Systems


Performance

Management

Perfview, GlancePlus

Pak, Caliper (C++),

HPjmeter (Java)

Low-level command-

line tools; IBM

Performance Toolbox

for AIX

Low-level command-

line tools

Kernel Tracing ktracer ProbeVue Dynamic Tracing(DTrace)

HP Caliper is a tool that can be used to analyze the performance of C++ applications. HP

Caliper allows administrators and developers to understand the performance and execution of a

C++ application, and to identify ways to improve its runtime performance. Another tool,

HPjmeter, helps administrators and developers optimize the performance of Java applications

by displaying their behavior in real time, with the ability to automatically detect problems and

alerts in Java code. HPjmeter can provide particularly extensive visibility over the behavior o

memory in Java applications, showing the impact of garbage collection on application

performance and delivering alerts when memory leaks are detected.

HP-UX also has a tool called ktracer, which can be used to analyze the performance of

processes and systems at the kernel level, in order to detect performance bottlenecks and

discover opportunities to improve performance. ktracer is integrated with HP Caliper, and it

provides the user with an overall performance view. It tracks performance bottlenecks and

issues throughout the stack, so that performance can be optimized across both the application

and the kernel.

These interactive tools help administrators, working together with developers, extract the

maximum performance from HP-UX systems. The depth of information provided by HP’s tools

enables administrators to find and overcome performance bottlenecks in less time. Moreover

the graphical user interfaces (GUIs) of HP’s tools allow administrators to diagnose and repai

many problems by applying a point-and-click approach, rather than the “remember and type”

approach that is required for tools with command-line or textual user interfaces (TUIs). As a

result, some performance management tasks in HP-UX can be performed by personnel even if

they do not have a great deal of experience with issuing UNIX commands.

Most of the native performance management capabilities provided by IBM and Oracle for AIX

and Solaris, respectively, are more low-level tools driven by command lines. Solaris 10 includes

a powerful kernel tracing tool called Dynamic Tracing (DTrace), which enables administrators

and developers to monitor operating system behavior in real time and at the kernel level, using

a scripting language to configure diagnostic routines. IBM offers a tool for AIX 6.1 called

ProbeVue, which targets similar functionality to DTrace, taking advantage of prebuilt code in

the AIX kernel to capture the status and parameters of kernel functions. Also, IBM’s

Performance Toolbox for AIX provides a graphical user interface to help administrators with

load monitoring, and analyzing system information to diagnose performance bottlenecks.


HP offers a strong set of tools

for interactively managing theperformance of the HP-UX

operating system and its

workloads. These include

GlancePlus Pak and Perfview

for optimizing the performance

of systems (both of which

also support AIX and Solaris),

as well as HP Caliper and

HPjmeter for optimizing

application performance.




Availability

Like scalability, availability is a key concern for users in small and medium-sized businesses as

well as in large enterprise organizations. When it comes to availability, the issues tha

administrators are concerned with generally fall into two classes: avoiding planned downtime

due to maintenance, and minimizing the impact of unplanned downtime due to failures o

threshold violations. The operating system itself can help to reduce downtime in several ways

First, it can reduce planned downtime by minimizing the need (and the time required) fo

rebooting when maintenance is performed in the hardware or in the operating system software

itself. Further, it can support frameworks for smoothing service-level recovery when a serious

failure does occur, either in hardware or software.

Most advances with regard to UNIX system availability have occurred in three areas: dynamic

reconfiguration (i.e., the ability for operating systems to adapt to the addition and removal o

CPU and memory resources without requiring a reboot); error handling architectures (which

help application and higher-level service infrastructures correctly adapt when failures occur in

hardware or lower-level software); and and high availability (HA) and disaster recovery (DR

tools (which enable workloads to transparently migrate to alternate hosts when hardwaresoftware, storage or network failures occur).

Table 3. Availability Functions in HP-UX vs. Other UNIX Systems


Online Reconfiguration

– OS

Can dynamically add

and remove virtual

CPUs/memory in

nPars, vPars

Can dynamically add

and remove virtual

CPUs/memory in

Micro-Partitions

Can dynamically add

and remove virtual

CPUs/memory in

Dynamic domains

Online Reconfiguration

– Hardware

Can dynamically add

and remove real

CPUs/memory

No Can dynamically add

and remove real

CPUs/memory

Reduced OS UpdateDowntime

Dynamic Root Disk ConcurrentMaintenance

LiveUpgrade

Error Handling

Architecture

System Fault

Management

None Solaris Fault

Management

Architecture (FMA)

HA Cluster and DR

Options

HP Serviceguard IBM PowerHA Oracle Solaris Cluster

Operating systems can help to minimize planned downtime by reducing the number of

administrative tasks that require a system restart, which can consume a great deal of time in

high-end environments. For example, in HP-UX, most of the OS tuning required for a workload

can be performed without a reboot (75% of tuning operations that would have required a reboot

in the past have been eliminated in HP-UX 11i v3). Historically, hardware maintenance was onescenario in which some downtime was almost certainly unavoidable. However, some advanced

UNIX servers now have the ability to dynamically add and remove processor and memory

modules without being shut down, making it possible to upgrade servers without interrupting

operations. Online CPU and memory addition is especially useful when coupled with utility pricing

programs, which bring resources online only when they are needed by applications.

Moreover, in virtualized environments, where by definition resources such as CPUs and memory

can be created and removed at will, it becomes increasingly critical for operating systems to

have the ability to respond to constantly changing resources. For this “hot plug” functionality to

work correctly, the operating system must recognize CPU and memory modules as they come


HP Serviceguard Solutions

work with HP’s utility pricingofferings to automatically

activate capacity as needed,

as in the case of a failed

server. In some cases, down-

time can be eliminated as

cluster monitoring is able to

detect potential faults and

address them without an

interruption in business

activities.




online. It is also necessary for the operating system to recognize when the resources are no

longer available, which is somewhat more challenging, since it requires the OS to gracefully

“dry up” use of resources that reside in the components being detached.

Currently, HP-UX, AIX, and Solaris all have the ability to dynamically add and remove processors

and memory in a running instance of the operating system without reboot. It should be noted,

though, that only Solaris and HP-UX have the ability to add and remove both real and virtual CPU

and memory resources (i.e., support the maintenance and upgrade of hardware online, as well as

support the dynamic reconfiguration of operating systems running in virtual machines). IBM does

not currently support hot-plug CPUs or memory on its POWER servers.

Another way for operating systems to help minimize planned downtime is to reduce the time

required for making major changes to the operating system software itself, by allowing

administrators to install a new version of the operating system while the existing version

continues to operate normally. Instead of replacing the operating system directory structures and

files, the new system is built in a separate root directory structure. Once the installation is

complete, the administrator can quickly reboot from the other root directory and immediately

begin using the new system. Fallback is simple – simply reboot the original system and resume

using it. This capability is a major improvement for UNIX, since the traditional installation

procedure would have required a complete tape restore to recover from a bad installation. It also

relieves the fears of those who distrust new releases by providing quick fallback. HP-UX, AIX, and

Solaris now all support this capability, although they have different names for it: HP-UX 11i v3 has

“Dynamic Root Disk,” Solaris has “LiveUpgrade,” and AIX 6.1 has “Concurrent Maintenance.”

Error-Handling Architecture

Despite improvements to the robustness of hardware, faults can still occur in critical hardware

components – including processors, memory, and I/O devices – that are expensive and

sometimes extraordinarily challenging to replicate. In response, leading-edge UNIX system

developers have introduced error-handling architectures that help workloads recover from

outages by key hardware components in single systems, allowing them to continue functioning

by adapting to critical changes in hardware.

These frameworks allow applications to be adapted for dynamic reconfiguration so that they

behave correctly given a particular combination of CPUs and memory. If applications are not

properly modified to handle dynamic addition or removal of CPUs and memory, they will not

necessarily be optimized to take advantage of available resources. For example, dominan

applications such as database servers typically make assumptions about the number of

processors available. If the number changes while the database is running, performance can

suffer for a variety of reasons. The frameworks sometimes also allow dynamic reconfiguration

operations to be integrated smoothly into day-to-day system management operations

permitting resource changes to be activated by scripts and other system management

mechanisms. Along these lines, HP-UX 11i v3 has the System Fault Management framework,

while Solaris has its Fault Management Architecture (FMA). AIX has a lower-level mechanism

called First Failure Data Capture (FFDC), which collects diagnostic information about problemsat the time they occur, reducing the need for administrators to recreate the problem at a late

time in order to generate diagnostic information.

HA Cluster and DR Options

Administrators can use HA clusters to maintain the availability of operating system services

applications, databases, and networks in the event of a failure that affects a portion of the

system or the entire system. HA clusters ensure service restoration within a reasonable time

limit by enabling one or more servers to take over for a server that has crashed or stopped

processing due to any failure – in hardware, software, networks, or otherwise. By isolating


HP’s portfolio of Serviceguard

Solutions is recognized asone of the most proven high

availability and disaster re-

covery stacks in the industry

with some 750,000 licenses

sold worldwide to date.




faults on the failed node, the remaining nodes can continue providing service, keeping the

overall clustered system in operation. HP Serviceguard Solutions work with HP’s utility pricing

offerings to automatically activate capacity as needed, as in the case of a failed server. In some

cases, downtime can be eliminated as cluster monitoring is able to detect potential faults andaddress them without an interruption in business activities. Clustering can also help with certain

management tasks by absorbing planned downtime in addition to system failures.

Since most HA cluster environments depend on some form of shared storage, the distance

between nodes is often constrained to the maximum length of I/O channels such as SCSI o

Fibre Channel (i.e., at best “campus” distances up to 100 km). Disaster recovery (DR) options

which typically work via replication, allow nodes to be separated by geographically significant –

or even unlimited – distances. DR solutions protect systems from natural and man-made

disasters and provide compliance to government regulations.

HP’s portfolio of Serviceguard Solutions is recognized as one of the most proven high

availability and disaster recovery stacks in the industry with some 750,000 licenses sold

worldwide to date. Serviceguard Solutions provide capabilities ranging from cluster failover to

cross-city (Metrocluster) and cross-continent (Continentalclusters) disaster recovery, supporting

failover distances of up to 300 km through dark fiber, and unlimited distances over WAN

connections. Failover can be either fully automated or operator-initiated and with the lates

update to HP-UX 11iv3, Metrocluster and Continentalclusters are now simpler to configure and

easier to manage, with optimized failover times. Serviceguard is fully integrated with Integrity

Virtual Machines, allowing clusters to be deployed in virtual machines so that the computing

resources assigned to cluster nodes can be precisely calibrated.

Using HP-provided toolkits, Serviceguard Solutions can be integrated with Insight Dynamics – VSE

and software products from third-party vendors, including Oracle and SAP, to reduce overall time

to production deployment and enhance monitoring capabilities for these products. Unlike othe

UNIX vendors, HP integrated its Serviceguard availability and DR solutions with Symantec’s

VERITAS Storage Foundation offerings (available only through HP as Serviceguard Storage

Management Suite) to provide a comprehensive solution that delivers improved availabilitymanageability, and performance to business-critical environments on HP-UX.

IBM is also recognized for its very strong HA and DR capabilities, which include PowerHA and

PowerHA SystemMirror Enterprise Edition with Geographic Logical Volume Manager (GLVM)

and data migration capabilities in its System Storage products. However, IBM does not

currently offer a comparable level of integration between the virtualization functions in AIX

(i.e., Micro-Partitions and WPARs) and the HA and DR options of PowerHA. As a result, IBM’s

virtualization solution for AIX may not be able to offer the same levels of flexibility as HP’s

Insight Dynamics – VSE, or its operational cost benefits. The Solaris Cluster option for Solaris

can be used to stretch clusters over campus and metropolitan areas, as well as geographic

ranges with Solaris Cluster Geographic Edition. However, Solaris Cluster also does not have the

same degree of integration with workload management, virtualization, infrastructure

management, and utility pricing as Insight Dynamics – VSE, and thus does not deliver the same

benefits of automation as HP’s solution.

Security

The security functions in UNIX systems have continued to evolve as they have been deployed

in ever-more critical roles. The main areas of focus have been on improving control ove

allowable actions by users and administrators; supporting data encryption; and improving tools

to help administrators make sure their systems have been properly secured.

Security is a core competency of HP, which designed a portfolio of products – HP Secure

Advantage – to help customers securely share information; improve identity management and


Security is a core competency

of HP, which designed aportfolio of products – HP

Secure Advantage – to help

customers securely share

information; improve identity

management and compliance

controls; ensure business

continuity; and defend

against network attacks.




compliance controls; ensure business continuity; and defend against network attacks. While

Secure Advantage brings HP’s entire security value proposition together across all of its

Enterprise Server and Storage (ESS) platforms, several key components of the portfolio are

based on Integrity and HP-UX, including the following bundled (in HP-UX 11i) components:»

HP-UX Host Intrusion Detection. Integrated into the kernel, this package monitors HP-UX

systems for user or application security breaches.

»

HP-UX Identity Management is a powerful suite of identity management products that al

work together on HP-UX. The suite includes Red Hat Directory Server; Identity Managemen

Integration (IdMI), which works with HP OpenView Select Access; and an AAA

(Authentication, Access Control, and Accounting) server. The suite allows administrators to

implement single sign-on, which can authorize users to access appropriate applications with

one account and password. The AAA server provides a directory front end to control access

to the network – a function critical to ISPs that need to control access to the network and

provide detailed transaction billing information. The AAA server also implements One Time

Password Authentication (OTP) with two-factor authentication, which helps to protec

networks from phishing attacks, unauthorized network access, and identity theft. HP-UX has

long delivered on the promise of centralized LDAP-based user management with the Red HaDirectory Server (now replaced with a port of the Open Source Fedora 389 Directory Server

and the HP-UX LDAP-UX client software for platform enablement. HP-UX also bundles the

Select Access server, which layers on top of the LDAP director to facilitate simplified user

and access management across a broad range of platforms, devices, and applications

Further, the HP-UX IdMI client software layers on top of LDAP-UX for more powerful login

and access control.

» HP-UX Security Containment enables a server to be divided into distinct compartments

capable of hosting applications with different security profiles. Compartments adhere to role

based access control (RBAC) rules and may communicate via Inter-Process Communications

(IPC). Better server utilization is thus achieved by application stacking in a secure manner.

» A secure disk erase tool, included in HP-UX, can render sensitive hard drive data

unrecoverable in a way that is compliant with Department of Defense specifications.

Table 4. Security Functions in HP-UX vs. Other UNIX Systems


Role-Based Access

Control (RBAC)

Yes Yes Yes

Storage Encryption

File-Based

Encryption

Yes Future Yes

Volume-Based

Encryption

Yes Future No

Security Configuration

Lockdown Tools HP-UX Bastille Via “aixpert” Solaris Security

Toolkit

Secure by Default Yes Yes Yes

Host-Based Intrusion

Detection

Yes No No

HP-UX and AIX each support the most essential improvements to UNIX security. Both systems,

as well as Solaris, also provide tools that help administrators properly configure security in the

notoriously porous UNIX OS environment. HP-UX, AIX, and Solaris all support a “secure by


HP-UX stands out for

including a unique setof host-based intrusion

detection functions in the

base operating system.




default” installation mode, whereby the OS begins operating with high security settings

configured out of the box. However, HP-UX provides a particularly easy mechanism to select

between different security levels.

Role-Based Access Control (RBAC)

Role-based access control (RBAC) enables administrators to designate rights for any UNIX

command. The RBAC mechanism lets administrators define rights profiles for individual users

with the specific rights and privileges necessary for them to perform their job functions. In this

manner, full trusted access to the entire network does not need to be granted to every low

level administrator. The ability to safely delegate such limited authority allows more

experienced administrators to avoid spending their time being interrupted by trivial tasks

Currently, HP-UX, Solaris, and AIX all provide RBAC functions. However, HP-UX is particularly

advanced in its integration with RBAC and Identity Management. HP bundles Select Access for

use with HP-UX for free, and also offers the necessary components to “back-end” RBAC to its

IdMI solution.

Encryption

While encryption has long been employed in different parts of IT infrastructure, particularly in

networking, attention has turned more recently toward applying encryption to the data itself as

it resides in storage. Since the operating system plays a direct role in controlling how data

passes back and forth between storage systems and applications, it is a natural place fo

encryption functions to be applied in order to protect sensitive data as soon as it enters the

system. HP-UX 11i v3 and AIX 6.1 each support storage encryption. However, while AIX

supports encryption at the file level, HP-UX 11i supports encryption at both the individual-file

and entire-volume levels. Developers are working on encryption capabilities for the ZFS file

system in Solaris, but these functions are not yet shipping in the production versions of Solaris.

Host-Based Intrusion Detection

Host-based intrusion detection and prevention tools help to protect servers from “crackers” andviruses by auditing kernel activity to detect when malicious programs may be active. HP-UX

stands out for including a unique set of host-based intrusion detection functions in the base

operating system. HP-UX 11i bundles and integrates HP’s Praesidium IDS 9000 host-based

intrusion detection package. IDS 9000 can monitor one or more HP-UX systems for users o

applications that try to break security. IDS 9000 includes Kernel Data Source, which provides a

kernel-auditing system that yields secure and robust data on the use of kernel functions. The

tool correlates data from the kernel and other data sources to determine when attacks are

mounted against HP-UX systems. The other UNIX systems require the installation of layered

software to fully match the intrusion detection capabilities that are built into HP-UX.

The IDEAS Bottom Line

In recent years, UNIX systems have matured sufficiently to meet the functional requirements of

the most demanding environments in the industry. HP was one of the first major vendors toenvision the market potential of an enriched and robust UNIX operating system, and to adopt i

as its strategic business platform over 25 years ago. Since then, HP has been continuously

refining the capabilities of its HP-UX version of UNIX, culminating with the release of HP-UX 11

v3. As a result of this continuous development, HP-UX 11i v3 has a very strong portfolio of

functions compared to AIX and Solaris. Its balanced functionality of core OS features, its

superior integration between critical components, and its flexible deployment options in a

variety of hardware form factors and virtualization approaches, make HP-UX 11i v3 ideal fo

broad deployment across the enterprise.

Americas

Ideas International, Inc.

800 Westchester Avenue

Suite N337

Rye Brook, NY 10573-1354

USA

Tel + 1 914 937 4302

Fax +1 914 937 2485

Asia/Pacific and Worldwide

Headquarters

Ideas International Limited

Level 3

20 George Street

Hornsby, NSW, 2077

Australia

Tel +61 2 9472 7777

Fax +61 2 9472 7788

Europe, Middle East, Africa

Ideas International Europe

Milton Park Innovation Centre

99 Milton Park

Abingdon, Oxon OX14 4RY

United Kingdom

Tel + 44 (0) 1235 462 890

Fax + 44 (0) 1235 462 891

actionable intelligence

www.ideasinternational.com

Documents

1 13012 HPUX Eng for Critical Workloads Ideas WP