IBM AIX to Oracle Solaris 11 Comparison

AIX administrators can kick start their learning experience when planning Oracle Solaris deployments by reviewing the following summary between Oracle Solaris 11 features and AIX 7.2 features. For more information about the Oracle Solaris 11 features, be sure to check out the "Key Links" section in each topic section below. In addition, see the following resources:

Installation

Topic IBM AIX Oracle Solaris 11
Interactive Installation DVD Image (3.5 GB)

Single installation media. No Live Media capability. Additional software available on additional DVDs or on the web.
Interactive Text Installer (~500 MB)
Live Media Installer (~800 MB)

Each installation option has a fixed software selection for different environments: server or developer/desktop. Additional software available in package repositories.
Automated Installation Network Installation Manager (NIM)
Input file: Text based configuration file

The configuration file can be generated by doing an initial installation, and then is edited for use with the command line or SMIT.
Commands: smit, nim
Automated Installer
Input files:
An XML-based configuration file called an AI manifest specifies disk layout, software packages and virtual environments.
XML-based system configuration profiles specify hostname, users, networking, timezone and locale. Can be generated on the command line with sysconfig.

Create an automated install service to install client systems by using installadm. The installadm utility is used to manage several installation profiles for different types of systems, including comprehensive selection criteria based on hostname, IP, MAC address, platform, architecture, CPU, and memory sizes. An easy CLI interface is available to interactively edit an AI manifest without having to understand XML.
Commands: installadm

Initial out-of-the-box configuration includes default AI client services for SPARC and x86 that will install a basic server oriented software selection and run the system configuration interactive tool upon reboot.
System Upgrades/Updates AIX Migration Methods
IBM refers to upgrading from one AIX release to another AIX release as a migration process and the process is mostly manual. These methods are available:
– Migration by using Network Installation Manager (NIM)
– Migration by using a CD or DVD drive
– Migration by using mksysb
– Migration by using an alternate disk migration

See the SUMA section below for information on updating a specific AIX release.

AIX Live Upgrade for Interim Fixes
Allows systems to be patched without a reboot for interim fixes (ifixes), but this is more of a parallel update to a new environment (requiring free disk space) where processes with links to older libraries must be restarted.
Oracle Solaris Updates
Oracle Solaris system software is updated to include new features and fixes. Systems can be updated seamlessly from one Oracle Solaris release to another with a simple package update process. See the "Packaging" section below.
Command: pkg update
Custom Media/Golden Image Creation Create a system backup and clone it.
Commands: mksysb, mkcd, mkdvd, savevg, alt_disk_install
Unified Archive
The Oracle Solaris Unified Archives feature provides a way to of creating clone or a disaster recovery archives from a live running system by taking Oracle Solaris ZFS snapshots and clones. Unified Archives can capture a complete system including all virtual environments. When deployed through the existing Oracle Solaris Zones utilities or Automated Installer, archives can be transformed with physical-to-virtual and virtual-to-virtual translations.
Commands: archiveadm

Distribution Constructor
Input file: XML-based file called a manifest (separate from an AI manifest)

The Distribution Constructor uses the command line utility distro_const to create customized installation media, taking Oracle Solaris ZFS snapshots along the way, which allows administrators to continue the construction process from various checkpoints.

Key Links

Packaging

Topic IBM AIX Oracle Solaris 11
Packaging AIX has the ability to handle multiple different packaging formats. Most common of all is the native packaging format, installp. AIX also has the ability to handle Red Hat's RPM format, interim fixes, and InstallShield Multiplatform (ISMP) packages. The package boundaries within AIX are Licensed Programs (complete software products including all packages associated with that program), Packages (groups of separately installable units that provide a set of functions), Filesets (individually installable providing a specific option), and Bundle (collections of packages, products or individual filesets).
Commands: installp, smit install_latest
Image Packaging System (IPS) The pkg command and graphical Package Manager allows install, uninstall, query, etc. Other commands are available for creating and publishing packages and repositories.
Commands: pkg, pkgsend, pkgrecv, pkgsign, pkgdiff, pkgfmt, pkgmogrify, pkgrepo, pkgsurf

Behind each IPS package is a text-based manifest that outlines some basic meta-information about the package, package dependencies, what contents the package has, and any SMF services it needs to restart during package installation. Unlike RPMs, IPS packages typically include binaries for multiple architectures (SPARC and x86), debug or optimized binaries, man pages, developer documentation and any localization. Through IPS "facets" and "variants" the client system filters the parts of the package they are interested in.
Update SUMA (Service Update Management Assistant) significantly simplifies the AIX maintenance update process by using policy-based automatic downloads of technology updates from the web. For updates, AIX uses a number of different choices: PTF (Program Temporary Fixes), ML (Maintenance Levels), TL (Technology Levels), and SP (Service Packs). Interim fixes can also be applied temporarily using epkg. Multiple instances of AIX can be created on the same rootvg using multibos.

Applying Interim Fixes
IBM support determines whether an interim fix can be applied to a running system without a rebuilding the boot image and rebooting the system. This is called a concurrent ifix, which upon determination, can be applied to memory, disk, or both, by using the emgr command.
IPS provides integrated packaging and patching with a single update operation. With built-in dependency checking, IPS updates software installed on a system to the latest Support Repository Update (SRU). If a system reboot is required, IPS creates a ZFS Boot Environment that you can boot into. Should an update fail for any reason, you can reboot back into the older boot environment, providing for fail-safe system update. Interim Diagnostic Relief (IDR) fixes can also be applied temporarily with existing IPS tools.
Commands: pkg update

Key Links

System Configuration

Topic IBM AIX Oracle Solaris 11
Services System Resource Controller (SRC)
A subsystem that creates and controls programs and processes.
Commands: startsrc, stopsrc, refresh

Run Level Scripts
Start and stop applications based on run level transitions.
File locations: /etc/rc.d/rc<run level>.d
Service Management Framework (SMF)
A configuration repository is divided into a series of configuration layers that allows administrators to record the source of properties, property groups, instances, and services, and better understand what administrative customizations have been made and which were provided by default. In order of priority, any administrative customization made to systems through the SMF command lines take precedent over the site profile location, which take precedent over the system profile location, which take precedent over the manifest location. These layerings are automatically managed by SMF.
Commands: svcadm, svccfg, svcprop, svcs, svcbundle
Manifest location: /lib/svc/manifest
System profile location: /etc/svc/profile/generic.xml, /etc/svc/profile/platform.xml
Site profile location: /etc/svc/profile/site
General System Configuration Change Locale: smit lang
Change Timezone: smit chtz_user
Change Hostname: smit hostname, hostname, mkdev
Locale: svc:/system/environment:init
Timezone: svc:/system/environment:init
Hostname: svc:/system/identity:node
Multisystem Management Puppet
You must download this open source configuration management tool separately. It uses declarative language to describe the system configuration for a system or a set of systems, helping to automate repetitive tasks, quickly deploy applications, and manage change across the data center.

IBM Systems Director
A suite of tools that automates the management of data center operations by implementing cloud-ready virtual infrastructures. This product includes an AIX Profile Manager that allows you to manage AIX system configurations through profiles. Downloading this product requires a proof of entitlement for an IBM branded server.
Puppet
Available from an Oracle Solaris 11 package repository, Puppet is an open source configuration management tool. It uses declarative language to describe the system configuration for a system or a set of systems, helping to automate repetitive tasks, quickly deploy applications, and manage change across the data center.

Oracle Enterprise Manager Ops Center 12c
Included in all Oracle Premier Support agreements, it can be used to manage multiple clients at a greater scale through a web interface, along with other capabilities (firmware, virtualization, fault monitoring, network management, etc.).
Remote System Management   Remote Administration Daemon (RAD)
Available from an Oracle Solaris 11 package repository, RAD is a system management architecture for working with different OS subsystems. Supports autogenerated client-side bindings for Python, C, and Java. Administrators can use RAD to locally and remotely interact with systems. RAD modules are available for zones, services, users, kernel statistics, datalinks, and elastic virtual switches and ZFS. A RESTful RAD client interface is available also.

Key Links

Networking

Topic IBM AIX Oracle Solaris 11
Basic Network Configuration (Automatic vs Manual) Automatic
None

Manual
Manual networking can be set up in a variety of methods, but it typically done through smit or as part of installation through NIM.
Commands: smit commodev, ifconfig
Automatic/Reactive
Automatic networking is managed through a series of network profiles (configuration profiles and location profiles). The automatic profile provides automatic detection of network interfaces and attempts to obtain an IP address through DHCP. Location profiles manage configuration like naming service or IPFilter. Only one network configuration profile and one location profile can be enabled at any one time. Oracle Solaris 11 supports both a graphical interface or command line interface for automatic networking configuration.
Commands: netadm, netcfg

Manual/Fixed
Manual configuration is handled primarily by these commands: dladm, which handles the data-link layer; and ipadm, which handles the IP layer. While ifconfig is still provided for compatibility, it only configures interfaces temporarily and does not persist across a system reboot. You also have the ability to rename data-links to aid network configuration migration across the data center.
Commands: dladm, ipadm
IP configuration (private): /etc/ipadm
Data-link configuration (private): /etc/dladm
Network profiles (private): /etc/nwam
Static routes (private): /etc/inet/static_routes
Network Virtualization IBM's separately licensed PowerVM product provides network virtualization features for Power systems running AIX. Network virtualization is administered at the data-link level with the following building blocks: VNICS, virtual switching, and elastic virtual switch (EVS). Once created VNICs act and feel like physical NICs. Virtual switches are automatically created to properly route the network traffic to the physical NIC device. VNICs can also be created over pseudo devices called "etherstubs" rather than over physical NICs to create private virtual networks with full traffic isolation.
Commands: dladm, flowadm, dlstat, flowstat

Data-link Protection With virtual environments sometimes having exclusive access to a physical or virtual link, extra protections need to be made to ensure that potentially malicious virtual environments don't cause damage to the network. Link protection in Oracle Solaris 11 offers protection from IP and MAC spoofing, and L2 frame spoofing such as Bridge Protocol Data Unit (BPDU) attacks.
Commands: dladm, ipmp
Link Aggregation IPMP
Supported since AIX 5.3.
Commands: route

Link Aggregation
AIX supports both Etherchannel and IEEE 802.3ad Link Aggregation at the link layer though support is required at the switch layer.
Commands: smitty etherchannel
IPMP
IP Network multipathing provides physical interface failure detection, transparent network failover, and packet load spreading for systems with multiple interfaces that are connected to a particular LAN. Similar to link aggregation in concept, IPMP operates at the IP layer (Layer 3). In general, IPMP is used where higher degrees of availability are critical rather than increased network performance. There are 3 methods of failure detection: link state based failure detection, ICMP probe-based failure detection, and transitive probing.
Commands: ipadm, ipmpstat

Link Aggregation
Oracle Solaris 11 supports the organization of network interfaces into link aggregations, via both trunk aggregations and Datalink Multipathing (DLMP) under the 803.2ad Link Aggregation Standard, These are administered at the link layer and in addition DLMP is switch vendor independent and does not require support in the actual switch.
Commands: dladm
IP Tunnels IBM AIX supports generic routing encapsulation (GRE) tunnel for IPv6 over IPv4 and IPv4 over IPv6 tunnel (GIF tunnel).
Commands: smit ctinet6, autoconf6
Oracle Solaris 11 supports IPv4 (IPv4/6 over IPv4 encapsulation), IPv6 (IPv4/6 over IPv6 encapsulation) and 6to4 tunnels (IPv6 over IPv4 encapsulation, as a preferred way of transitioning from IPv4 to IPv6 addressing for networks that don't yet support IPv6).
Commands: dladm
Infiniband Reliable Datagram Sockets (RDS) support for RDMA over Converged Ethernet (RoCE)
For environments that don’t use InfiniBand, this feature allows Ethernet capable infrastructures to leverage increased Oracle RAC optimization from the RDS protocol.
Oracle Solaris 11 supports a full suite of InfiniBand upper layer protocols: IP over IB (IPoIB), Socket Direct Protocol (SDP), RDSv3, NFS over RDMA, iSER, uDAPL, OFUV, and EoIB.
Oracle invented the RDS protocol to support Oracle RAC high performance and scalability. RDS is used extensively to deliver extreme IPC and storage performance in Oracle’s engineered systems.

Key Links

Virtualization

Topic IBM AIX Oracle Solaris 11
Virtualization WPARs
Workload partitions (WPARs) are virtualized operating system environments within a single instance of the AIX operating system. WPARs secure and isolate the environment for the processes and signals that are used by enterprise applications, as well as providing resource management control over each WPAR. Versioned WPARs are available to support AIX 5.2 and 5.3 on AIX 7.
Commands: mkwpar, chwpar, startwpar, wparexec

LPARs
Logical partitions (LPARS) allow you to assign processors, memory, and input/output devices to logical partitions. You can run AIX, Linux, and the Virtual I/O Server in logical partitions.
Commands: installios, mktcpip, cfgassist, cfgdev, mkvdev, lsmap

SR-IOV VNICs
Client LPAR has direct access to the SR-IOV adapter resources residing in VIOS and avoids data copy between client LPAR and virtual I/O server (VIOS).
Oracle Solaris Zones
Oracle Solaris Zones provide native low overhead OS virtualization, with high application isolation and resource management. Kernel Zones increase operational efficiency by allowing independent kernel versions and patch levels, secure live migration, and live reconfiguration of CPU and memory resources.

Oracle Solaris 11 also supports Oracle Solaris 10 Zones, the ability to run applications that require an Oracle Solaris 10 environment within a non-global zone running on Oracle Solaris 11.

Zone installation and data can be made available over shared (SAN) storage over FC, iSCSI, NFS, or SAS protocols for more flexible storage management.
Commands: zoneadm, zonecfg, zonestat, zonename, zone2pvhck

Oracle VM Server
Oracle VM Server for SPARC (previously called Sun Logical Domains) provides highly efficient, enterprise-class virtualization by taking advantage of built-in virtualization capabilities on SPARC systems. Each domain is a full virtual machine that can be started or stopped independently. Domains can take on different roles: control, service, I/O or guest.

Oracle VM Server for SPARC also has the ability to support Single Root I/O Virtualization (SR-IOV) enabling efficient sharing of PCIe network devices among I/O domains so application workloads can achieve near native I/O performance.
Commands: ldm, ldm2v

Physical Domains
Physical domains provide electrically isolated hard partitioning for SPARC Enterprise M-Series servers. Each domain executes a unique instance of Oracle Solaris. Since isolation is instantiated all the way to the hardware, configurations can be created in which software changes, reboots, and potential faults in one domain do not impact applications running in another domain.
Commands: showhardconf, showboards, setupfru, setdcl, addboard, addfru

Key Links

Cloud

Topic IBM AIX Oracle Solaris 11
OpenStack IBM's PowerVC, a separately licensed virtualization management product offering, is built on OpenStack, a popular open source cloud computing software. A full OpenStack distribution is included with Oracle Solaris 11 and is fully supported. This cloud offering is based on Oracle Solaris Zones virtualization for compute (Nova), Elastic Virtual Switching and Oracle Solaris' integrated network virtualization for network (Neutron), and Oracle Solaris ZFS for storage back ends (Cinder and Swift). All the OpenStack software and services and been packaged using IPS and integrated with SMF for service reliability and restart in case of failure. Using the open APIs that OpenStack provides, it is possible to manage a complete data center environment with virtualization technologies from other vendors through a single administrative portal.

Key Links

Storage


Topic IBM AIX Oracle Solaris 11
File Systems JFS2
Default journaling file system. Maximum file size of 32TB (recommended).

Logical Volume Manager (LVM)
A set of commands that allow you to configure and manage logical volume storage. LVM allows logical volumes to span multiple physical volumes.
Commands: smit chfs, smit vg, lsvg, extendvg, smit fs, mkvg, mklv, reorgvg, lslv, lsfs, lspv, migratepv, exportvg, importvg, smit mklvcopy, mirrorvg
Oracle Solaris ZFS
Default file system on Oracle Solaris 11. Maximum file size of 16EB, maximum volume size of 16EB. Oracle Solaris ZFS has built-in redundancy and checksumming and integrated data services: deduplication, encryption, and compression.

ZFS provides mirrored and RAID redundancy levels without requiring a separate volume manager. Shadow migration is used to automatically migrate data from other file systems. Provides support for NFSv4, SMB 2.0, iSCSI, FC, and InfiniBand protocols.
Commands: zfs, zpool

Support for a number of other file systems, including UFS, is also available but not as root file system.
Flash/SSD Support Server Based Flash Caching
Cache pool disks can either be directly assigned to a given AIX LPAR or they can be assigned to the VIOS. Is storage vendor agnostic for both the cache pool storage and the back-end SAN storage devices.
ZFS Read and Write Caches
ZFS supports both read and write caching that can be optimized at the file system level on any local or backend SSD device. Contents of the ZFS read cache persist when the system is rebooted.

Key Links

Security

Topic IBM AIX Oracle Solaris 11
Mandatory Access Control, Role Based Access and Multi-Level Security RBAC
RBAC allows the creation of roles for system administration and the delegation of administrative tasks across a set of trusted system users. In AIX, RBAC provides a mechanism through which the administrative functions typically reserved for the root user can be assigned to regular system users. Domain support in RBAC allows a security policy to restrict administrative access to a specific set of similar resources to specific tenant in a multitenant environment.
Commands: ckauth, chauth, lsauth, mkauth, rmauth, chrole, lsrole, mkrole, rmrole, rolelist, swrole, lssecattr, rmsecattr, setsecattr, lskst, setkst, lspriv, tracepriv, pvi, rbactoldif, setsecconf

Privileges
The privileged command database implements the least privilege principle for processes. Privileges can be granted to a command and the execution of the command can be governed by an authorization. Commands are included in the RBAC list above.

Trusted AIX
Trusted AIX enables Multi Level Security (MLS) capabilities in AIX, also referred to as label-based security. Once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX.
Commands: labck, getsecconf, setsecconf, getsyslab, setsyslab, getrunmode, setrunmode, pdlink, pdmkdir, pdmode, pdrmdir, pdset, bootauth, chuser, lsuser, chsec, lssec, trustchk, lstxattr, settxattr
RBAC
Also known as user rights management, RBAC allows administrators to distribute administrative duties. RBAC is integrated right across the operating system.
Commands: profiles, roleadd, roledel, rolemod, roles, auths

Privileges
Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges. Privileges can be granted to a command, a user, a role, or a system. Many Oracle Solaris commands and daemons run with only those privileges that are required to perform their task. The use of privileges is also called process rights management.
Commands: ppriv, profiles

Trusted Extensions
Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Trusted Extensions is integrated into much of the operating system, including Oracle Solaris Zones.
Commands: tncfg, txzonemgr, setlabel, getlabel, plabel
Hardware Data Protection   Real-time Application Data Integrity (ADI)
A feature in Oracle's SPARC M7 and T7 processors that safeguards against invalid, stale memory references and buffer overflows. The hardware does this by allowing software to mark software buffers with special versions. A version number is stored in a portion of a pointer that access memory and this version number is also maintained in the memory cache lines. When a pointer accesses memory, the hardware checks to make sure the two versions match. A SEGV signal is raised when there is a mismatch. This feature can be used by the Oracle database and user applications that manage memory and the OS.


Oracle Solaris Studio 12.4 supports ADI.
Compliance AIX relies on AIXPert (AIX Security Expert) to provide network and security hardening based on various best practices. However no direct support for compliance assessment and reporting is available as part of the operating system. OpenSCAP Compliance Framework
Oracle Solaris 11 also implements SCAP and integrates the OpenSCAP set of tools and libraries. A new command, compliance, has been developed that wraps these tools that allows administrators to assess and report against different benchmarks including PCI-DSS.
Commands: compliance, oscap
VPN IPsec
AIX implements IPsec for both IPv4 and IPv6 to provide cryptography-based protection of all data at the IP layer of the communications stack. No changes are needed for existing applications.
Commands: smit ips4_basic, smit ips6_basic
IPsec
IP security (IPsec) protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. Oracle Solaris supports IPsec for both IPv4 and IPv6. Because IPsec is implemented well below the application layer, Internet applications can take advantage of IPsec without requiring modifications to their code.
Commands: ipadm, ipsecconf, ipsecalgs, ipseckey
Configuration file: /etc/inet/ipsecinit.conf
Firewall IPFilter
IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services.
Commands: ipf, ipfs, ipfstat, ipmon, ipnat
Configuration files: /etc/ipf.conf
IPFilter
IPFilter provides packet filtering capabilities. IPFilter is integrated into SMF providing the ability for administrators to configure per service firewall rules.
Commands: ipf, ipnat
Configuration files: /etc/ipf/ipf.conf, svc:/network/ipfilter:default
Encryption JFS2
AIX JFS2 supports the Encrypted File System (EFS) which allows users to encrypt data and control access through keyed protection.
Commands: efsenable, efsmgr, efskeymgr, crfs

AIX Public Key Cryptography
AIX provides two tools for managing cryptographic systems: the PKCS #11 Key Management Administration tools. There is also a programmatic interface.
Commands: p11km, p11admin
ZFS
Supports full data encryption during file system creation.
Commands: zfs

Oracle Solaris Cryptographic Framework
The Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements.
Commands: cryptoadm, pktool

Key Links

High Availability

Topic IBM AIX Oracle Solaris 11
Availability IBM PowerHA System Mirror
PowerHA SystemMirror is an optional offering that provides on-demand failover to make applications highly available. It delivers continuous availability of services by eliminating single points of failure. It is integrated with AIX 7.1 to increase capabilities to monitor and recover from failures.

Cluster Aware AIX
This clustering support provides commands and programming APIs to create a cluster from a group of AIX instances and provides kernel-based heartbeat, monitoring and event infrastructure. This infrastructure supports common device naming for storage devices across the cluster. However, you will still need a separate cluster product to build a cluster that provides high availability capabilities, such as node failover/takeover.

CAA Automation with Repository Replacement 
If the Storage Framework (SFW) detects a primary (active) repository disk is DOWN, it notifies CAA and CAA automatically replace the failed repository disk with a user-specified backup repository disk.
SMF and FMA
The Service Management Framework and Fault Management Architecture provide Oracle Solaris' self-healing capability, monitoring the operating system for faults whether it's individual hardware components or system or application services, and silently works to isolate those faults or automatically restart services. State notifications have been added to Oracle Solaris 11 so administrators can send emails or SNMP traps for any important events they most are interested in.
Commands: svcadm, fmadm

Oracle Solaris Cluster is an additional offering that provides high levels of availability through clustering for enterprise applications and databases. Oracle Solaris Cluster is integrated with Oracle Solaris 11 features giving significant benefits in terms of detection and recovery from failure.

Key Links

Monitoring

Topic IBM AIX Oracle Solaris 11
Monitoring ProbeVue
ProbeVue provides dynamic tracing with the capability of inserting trace points at run-time. Uses the Vue programming language script to determine where, when, and what to trace.
Commands: probevue

A large selection of other administrative tools provide basic monitoring capabilities, including the following:
Network: netstat
I/O: iostat
File system: topas
CPU: sar, vmstat, xmstat
VM: vmstat, svmon
Process: procmon, top
System Latency: hpmstat

IBM Systems Director
IBM Systems Director provides basic hardware management through advanced cross enterprise management.
DTrace
A dynamic tracing framework that can distribute thousands of probe points (locations of interest) across OS layers for unparalleled observability. A list of providers covers different aspects of the system, the ability to observe individual processes, and a number of different networking protocols. Support for a number of runtimes (Java, Python, PHP, Ruby) is also provided.
Commands: dtrace

A large selection of other administrative tools provides monitoring capabilities, helping to aggregate and display much of the same information you can get from DTrace.
Network: flowstat, dlstat, netstat, acctadm
Oracle Solaris Zones: zonestat
SMF Services: svcs
Fault Management: fmstat
I/O: iostat
File system: fsstat, stat
Kernel: kstate
CPU: mpstat, pgstat
VM: vmstat
Process: prstat, truss, ptree
Resource Management: poolstat
System Latency: latencytop
Power Management: powertop

Oracle Enterprise Manager Ops Center, included with all Oracle Premier Support agreements, provides extensive monitoring at a greater scale.

Key Links

Revision date: January 2017