AIX 7.3TL2 Benefits for VIOS 4.1 supported on Power 8, 9 and 10

Performance

• Enhanced fork/exec performance
• Power10 optimized data movement (e.g.memcpy, memzero)
• Network and storage stack performance improvements
• HW GZIP for SSH/SCP, dump, and pigz

Optimized Security

• AIX program updates for OpenSSL 1.1 or later
• AIX audit check performance
• Security aligned install defaults for networking components
• SSHA-256 password algorithm
• Out of the box long password support (up to 255 chars)
• LVM Encryption option for VIOS rootvg and dump devices

Security features

• Supports Trusted Execution, Trusted Update and Secure Boot.
• VIOS boot is made more secure (Secure Boot) and only administrator allowed programs and Kernel Extensions can run with the Trusted Execution feature. This protects system from malicious software & trojans.
• Trusted Update feature ensures that only images that are digitally signed by IBM are allowed to update the existing filesets on the system.
• Default passwords are stronger with the SHA-256 algorithm and also support out of the box long passwords with the maximum of 255 characters.
• Physical volumes that uses the SCSI protocol can be encrypted with hdcryptmgr command (under oem_setup_env), using data encryption key.
• Data protection is enhanced with LVM encryption for rootvg and dump devices.
• Services that are not secure like rexec, rsh are removed. Telnet / ftp services are disabled. If required, users can enable telnet / ftp services.
• ksh93 is used as the default shell in VIOS commands and scripts

Enhanced Availability

• Enhanced LLDP reporting
• Enhanced MPIO (faster FC failover, FPIN traffic optimization)
• DLPAR performance for CPU and RAM changes
• Reduced boot time
• Enhanced concurrent change management

Automation and Modernization

• Python bundled for Ansible readiness
• Bash

BM’s PowerVM virtualization software has been at the AIX 6.1 level for many years. On November 9, 2018, IBM made PowerVM 3.1 available and this level has a base of AIX 7.2 TL3. PowerVM 3.1 is a major update that includes an updated hypervisor, a new VIO server version and a new NovaLink agent. It includes significant improvements in performance, resilience, security and I/O.

It should be noted that if you are running PowerVM 2.2.4 or earlier then your VIO servers are out of support. 2.2.5 is supported for most of 2019 and 2.2.6 is supported until at least 2021. 2.2.6 is withdrawn from marketing as of September 30, 2020. The latest level prior to v3.1 is 2.2.6.32.

VIOS 3.1 adds support for iSCSI (network storage) virtualization for AIX and Linux workloads, storage multi-pathing and USB flash drive installation. It also provides native compatibility mode for POWER8 and POWER9. LPM is updated to use the POWER9 on-chip compression/encryption functionality to encrypt and compress LPARs during LPM operations. This can significantly improve LPM performance on POWER9. The iSCSI supports allows iSCSI disks to be exported to client LPARs as vSCSI disks. This is supported on v3.1 of the VIO and requires FW 860.20 or later (POWER8 and POWER9). However, booting from an iSCSI disk and using SSP on iSCSI devices are still not supported. iSCSI client LPARs can run either AIX or Linux.

There are many other changes within v3.1, but one important change is that this level no longer supports IVM (integrated virtualization manager).

VIO servers from v2.2.x.x can be upgraded to v3.1 using the viosupgrade command on the NIM master. The viosupgrade command becomes available at AIX 7.2 TL3 SP1 on the NIM server. On the VIO server it becomes available at VIO 2.2.6.30. This allows you to do a bosinst install from NIM to upgrade the VIO server or you can use the altdisk option so that the upgrade goes to an alternate disk on the VIO server. An example of this would be:

viosupgrade -t altdisk -n vios1 -m vios_3.1.0.0 -p vios_3.1.0.0_spot -a hdisk1

The above tells the system to do an alternate disk upgrade of vios1 to hdisk1 and to update it to v3.1.0. You can then reboot the vio from hdisk1 when you are ready to try the upgrade. You can monitor the upgrade using:

viosupgrade -q vios1

You can get help on the command using: viosupgrade -h

viosupgrade with bosinst from the NIM server is supported for upgrading VIO servers that are at 2.2.4.x or higher. The -t altdisk option is not available until you are at 2.2.6.30 on the VIO servers.

If the VIOS is at 2.2.6.30 or higher then the viosupgrade command can be used directly on the VIO server. Follow the instructions to create a mksysb image from the 3.1 DVDs, then use viosupgrade to do an alternate disk install to a different disk (in this case hdisk1):

viosupgrade -l -I vios31.mksysb -a hdisk1

If you are using SSPs (shared storage pools) be sure to follow the instructions that are specific to the SSPs. And in all cases don’t forget to run viosbr to back up the virtual information and take a mksysb. Copy the viosbr output file to a remote location just in case.

There are two different viosupgrade commands—the one on the NIM server has a different syntax to the one on the VIO server.

Post v3.1.0 Install Once v3.1.0 base is installed you should then apply the service pack 3.1.0.10. The service pack requires that the LPAR is at 3.1.0 prior to the update being applied. The update is applied using the updateios command.

http://ibmsystemsmag.com/aix/administrator/virtualization/a-closer-look-at-the-ibm-powervm-3-1-update/