Author: Iain Roberts
AIX was developed primarily for administrators, whereas Linux has been developed for and by hackers. Right from the start, a key goal of commercial Unixes is to make things easy for the people running them (though they don’t always succeed). Only recently has this been a major factor in the Linux world. Some deficiencies can be fixed with improved tools, while others are more fundamental to the operating systems.
The benefit of proprietary hardware
AIX runs only on IBM’s own hardware, based around the POWER family of processors, of which the POWER5 is the latest. (Apple’s G5 chip is the baby brother of the POWER4.) Pretty much all the adapters and components that run in those servers are either made or rebadged by IBM. In the past IBM has almost given AIX away, making money from the hardware and services instead of the operating system software.
Using a single hardware architecture removes a big headache for AIX developers. There is no struggling to write device drivers for thousands of obscure devices, for a start. By controlling the hardware platform IBM can offer high-end hardware features such as hot-swap adapters and logical partitioning, not to mention servers where the firmware (equivalent of the BIOS) can be accessed through a Web browser when the server is powered off.
There is a significant price premium for this hardware, but there are great benefits too. CPU and memory are not all that matters (though IBM’s latest model comes with up to 512GB of RAM, which should be enough for most people). Many companies are happy to pay more, or sacrifice speed, to improve reliability, availability, and serviceability. If an hour of downtime costs your business tens of thousands of dollars, this is a big deal.
Luckily, Linux is coming to have the best of both worlds. Those who want to take advantage of IBM’s fancy hardware features can now run SUSE or Red Hat Linux on just about any server than IBM makes and, with logical partitioning, can even run Linux and AIX on the same server at the same time.
Linux has always been somewhat clumsy at device management. I often find myself trawling through
dmesg and playing “guess the device” to figure out if some device is there and how it has been configured. Whether a particular piece of information about a device is available often seems a matter of luck. A variety of other commands with different syntaxes and outputs help to cobble together an overall picture of the hardware on a system.
AIX is a breath of fresh air in comparison. Devices can be queried easily through a few commands. The syntax for amending device settings is clear and consistent across all devices, and the amount of information available on each device is huge.
If new devices are added to a running system, a single command configures them all and installs device drivers where needed.
On my home PC, with a handful of disks and adapters, maybe I don’t need the device information to be so easy to access and update. On an enterprise server with 150 PCI adapters and a few hundred disks, however, it becomes a lot more important to have good accurate information about exactly what and where everything is and what it is all doing.
For new and experienced AIX administrators alike, AIX’s Systems Management Interface Tool (SMIT) is a useful (and often essential) tool. Think of it as YaST2 with fewer sexy graphics but more functionality. About 80% of administration tasks on an AIX system can be done using SMIT. It’s simple, easy to understand, mature, and it works. One nice feature is that it always saves the command or script it has run to a file, so you can do something once in SMIT and then script it thereafter. You can even say “don’t do this for real, but log the command you would have run.”
AIX also has a Web administration tool which, while slow (accessing via the bundled Windows or Linux PC client speeds it up) and occasionally buggy, is still a long way ahead of anything Linux has to offer. Want to set up ipsec? AIX has a nice wizard that makes it easy.
Linux is improving quickly with systems management, but some developers still seem to feel that if is isn’t obscure and complicated, there’s something wrong. That’s fine for hackers, but companies want to employ administrators to run their systems, not hackers, and administrators like things to be easy, especially when they’ve got a few hundred systems to manage.
Installation and upgrades
Major OS upgrades are still a weak point for Linux. I’ve tried upgrades on a number of different Linux distros. Sometimes they work, sometimes they don’t, and more often than not, I end up installing from scratch.
In comparison, AIX very rarely has a problem with upgrades, even when jumping several versions. I go into an AIX upgrade confident that it will work, and I go into a Linux upgrade with a feeling that it’s 50/50.
For new installations, the picture is more balanced. AIX has few problems with new installs. If Linux has a problem, it’s normally with some odd hardware — not a problem AIX has to deal with, of course. Where AIX falls down is the lack of installation options. Only in the latest version of AIX has it been possible to specify a graphics-free installation, and the ability to choose packages at installation time is very limited.
AIX includes the Network Installation Manager (NIM), which can perform new installations, upgrades, software installation, and a number of other tasks across the network. It is easy to set up (via command line, menu, or wizard) and it works well. Similar tools exist for Linux, but right now they lack some of the functionality.
The proprietary Unixes have traditionally fallen down a little on security, and AIX is no exception. From a commercial perspective it makes sense to not alienate your users, so usability has always taken precedence over security. The last thing IBM or Sun wants is businesses performing upgrades that stop their applications working correctly.
The result of this corporate caution is that a fresh install of AIX has gaping security holes. Services such as telnet, ftp, and rshd are enabled by default. Secure Shell (SSH) and TCP Wrappers aren’t even installed (IBM ships both, but on a separate CD). AIX does come with some basic packet filtering, but there’s no firewall on by default and it isn’t easy to configure. Filesystem and swap space encryption aren’t there either.
Compare this to Linux, where SSH is the default, most insecure services are disabled, a wealth of security software is shipped with almost every distro, and much effort has been put into helping users secure their systems.
AIX can be configured securely. IBM has a nice white paper that guides you through a lot of the tasks, but it isn’t trivial to do, and the result is that a lot of companies don’t, and tools like telnet are still a lot more common than they should be.
Managing disks and filesystems
Disk and filesystem management is an area where AIX is still well ahead of Linux. AIX doesn’t have partitions or slices — it has a logical volume manager instead. Logical volumes and volume groups are fundamentals on AIX, not add-ons.
To show how this can help, let’s look at some of the things than can be done on AIX while the system is running normally, all using software.
Data can be mirrored and unmirrored online between any two disks. Want to mirror data between a local SCSI disk and a NAS-attached iSCSI disk of different sizes? No problem. A mirror copy can be broken off to create a “point-in-time” backup of how the system looked at that moment, then re-integrated later on.
Whole filesystems can be moved between disks, or spread out over different disks, all while users carry on oblivious. How about setting up a group of disks and making one a spare, so if another fails the spare automatically takes over, the data being copied over to it? That’s simple too.
The OS can even be upgraded on a running system. You can create a copy of the OS disks, upgrade the copy, and then reboot from the upgraded disk; if it doesn’t work, just switch back to the old one.
All of these, and more, come standard with the AIX operating system and can be done from simple command lines and menus. By contrast, even something like software mirroring on Linux is complicated in comparison to the one-line AIX commands.
A perpetual problem with high-end computers is that they have too much computing capacity. Both Sun and IBM believe that their servers are often no more than 20% utilised. Luckily, all the major vendors have come up with solutions to help customers make effective use of the computing power they’ve spent so much money on.
Logical partitioning is the flavour of the day, with the ability to split servers up and have multiple instances running. Sun have extended this with its N-1 Grid Containers, effectively an advanced chrooted environment with multiple instances running under the same OS environment.
IBM have achieved a similar result in a slightly different way. With IBM’s latest hardware, what looks like a separate computer can run on as little as one-tenth of a CPU, meaning that twenty instances of AIX can run on a dual-processor server. Even better, they can share Ethernet adapters and disks, so there is no need to have hundreds of adapters (though you can if you want to). You can even have your partitions talk to each other over the network adapter, using a virtual switch (with VLAN functionality) held in the server firmware. These partitions do not sit on top of an underlying OS; they run directly on the server.
Most of these functions are available for SUSE and Red Hat Linux on the POWER5 platform too, for those with generous hardware budgets.
Linux has come a long way in the last few years, but for high-end functionality and maturity, the likes of AIX and other high-end Unixes still have a significant edge. When it comes to security, though, Linux is ahead of the game, so the catching up is on the other side.
Iain Roberts is an IT freelancer specialising in Unix and Linux.