actionable intelligence

www.ideasinternational.com

HP-UX 11i V3: ENGINEERED

FOR CRITICAL WORKLOADS
An Ideas International White Paper
Prepared for:
Hewlett-Packard
August 2010

WHITE PAPER
HP-UX 11i V3:
ENGINEERED FOR CRITICAL WORKLOADS
custom consulting services

PREPARED FOR

HP
TABLE OF CONTENTS
Executive Summary ............................. 1
HP-UX 11i Optimized for
24x7 Global Enterprises ...................... 1
HP-UX Operating Environment Bundles . 2
HP-UX Design Goals ............................. 1
Virtualization ....................................... 3
HP-UX 11i v3s Complete Portfolio of
Virtualization Techniques ...................... 1
Online Migration .................................... 5
Workload Management Tools ................ 1
HP Insight Dynamics VSE ................... 6
Performance Optimization Tools ............ 7
Availability ........................................... 1
Error-Handling Architecture ................. 10
HA Cluster and DR Options ................. 10
Security ............................................. 11
Role-Based Access Control (RBAC) .... 13
Encryption ........................................... 13
Host-Based Intrusion Detection ........... 13

August 2010
Executive Summary
This white paper presents a technical comparison of HP-UX 11i v3, AIX 6.1, and Solaris 10
UNIX operating systems, focusing on their functional capabilities in terms of virtualization,
reliability, and security. In each of these areas, the paper identifies some critical technical
requirements, describes the significance of these requirements in current customer
environments, and then shows how well HP-UX 11i v3 meets these requirements compared to
the other UNIX systems.
HP-UX, AIX, and Solaris all offer very strong functionality today, with each leading in one area
or another. But HP-UX stands out for its balance. It does not lag its competitors in any one
area, and it breaks out with leading functionality in several areas valued by business users. One
particular area of strength for HP-UX is the unique level of integration between virtualization,
workload management, and high availability (HA) / disaster recovery in HP Insight Dynamics
VSE. The combination of HP-UX and Insight Dynamics VSE gives customers the full benefit of
virtualization in a highly available environment. In the newest version of HP-UX, online
migration of Integrity Virtual Machines is up to two times faster than the previous release, and
encryption is supported for live migration of sensitive workloads. Live migration has also been
fully integrated into the VSE-OE and DC-OE operating environments. HP-UX can now become
the basis for truly virtual infrastructure, in which computing resources are treated as a single
pool of resources that can be drawn upon on demand by workloads. HP-UX 11i v3 deployment
is facilitated by HPs Reference Architectures for Insight Dynamics VSE, which document best
practices for deploying ISV solutions from IBM, Oracle, SAP, and SAS in an Insight Dynamics
VSE environment on HP Integrity servers.
In the area of security, HP-UX 11i v3 has superior storage encryption capabilities compared to
the other UNIX systems, with the unique ability to encrypt both entire storage volumes and
individual files. HP-UX 11i v3 also offers unique, host-based intrusion detection functions that
are integrated into the operating system; such functions require installation of add-ons in the
other UNIX systems.
By addressing some of the major Total Cost of Ownership (TCO) concerns customers have
today, these capabilities help to put HP-UX in a leadership position for delivering the proven
benefits of UNIX platforms.

The IDEAS Bottom Line ..................... 13

HP-UX 11i Optimized for 24x7 Global Enterprises

Hewlett-Packard has long been a leading supplier of commercial UNIX solutions, succeeding in
part by emphasizing business-oriented factors such as quality, investment protection, consulting
abilities, and support. Today, HP-UX is the strategic operating system for HP Integrity servers,
bringing leadership mission-critical performance and virtualization to businesses of all sizes. HP-UX
11i provides a powerful, standards-based platform that can virtualize and automatically adjust

This document is copyrighted by Ideas International, Inc. (IDEAS) and is protected by U.S. and international copyright laws and conventions. This document may not be copied, reproduced, stored in a retrieval system, transmitted in
any form, posted on a public or private website or bulletin board, or sublicensed to a third party without the written consent of IDEAS. No copyright may be obscured or removed from the paper. All trademarks and registered marks of
products and companies referred to in this paper are protected.
This document was developed on the basis of information and sources believed to be reliable. This document is to be used as is. IDEAS makes no guarantees or representations regarding, and shall have no liability for the accuracy
of, data, subject matter, quality, or timeliness of the content. The data contained in this document are subject to change. IDEAS accepts no responsibility to inform the reader of changes in the data. In addition, IDEAS may change its
view of the products, services, and companies described in this document.
IDEAS accepts no responsibility for decisions made on the basis of information contained herein, nor from the readers attempts to duplicate performance results or other outcomes. Nor can the paper be used to predict future values or
performance levels. This document may not be used to create an endorsement for products and services discussed in the paper or for other products and services offered by the vendors discussed.

AUGUST 2010

IDEAS RECOMMENDATIONS FOR USERS

Ideas International (IDEAS) offers the
following recommendations for users
who are considering the deployment of
HP-UX versus AIX and Solaris:

Scalability. Assess operating

systems in terms of scale-up
capabilities such as the number of
threads supported in SMP
configurations, memory capacity,
and storage range. Also consider the
maturity of SMP implementations
and the tools that are available for
the operating system that will help
administrators and developers
extract the most possible
performance from an application
running on a server with that OS.

Virtualization. Measure the

manageability benefits resulting from
HPs superior integration between
HP-UX virtualization and HA/DR
capabilities in HP Insight Dynamics
VSE against the workload
migration capabilities in competing
UNIX systems such as AIX.

Availability. Weigh the importance

of avoiding disruption caused by
introducing major changes in
hardware or OS software against the
pressures from workload growth
and/or variation.

Security. Assess the risk of hosting

critical workloads on systems that
are externally accessible from a
network, which significantly
increases the importance of setting
up processes for detecting intrusions
by unauthorized users.

Management. Determine the role

that UNIX systems will play as
server, storage, and network
infrastructures converge. If blade
servers are considered strategic,
establish the tradeoffs between HPUX and other UNIX systems in terms
of their ability to be deployed in
blade form factors.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

infrastructures to achieve 24x7 lights-out computing and dramatically reduce total cost of
ownership all integrated and rigorously tested to operate as a single system.
HP-UX is now fully integrated into HPs Converged Infrastructure, a blueprint for data centers
that is designed to eliminate boundaries between IT silos, so that customers can invest more of
their IT budget on business innovation rather than maintenance. HP Converged Infrastructure
enables administrators to easily provision predefined server and storage capacity for HP-UX
Integrity systems, and HP-UX can be deployed on server hardware that is optimized for a
mission-critical Converged Infrastructure, such as HP BladeSystem Matrix.

HP-UX Operating Environment Bundles

HP-UX offers leadership integration and the most robust set of integrated system software
bundles compared to operating systems from other vendors. These bundles, known as HP-UX
Operating Environments (OEs), reflect typical user environments (see Figure 1). An often
overlooked benefit of HPs OE approach is in the effort that HP has put forth to pre-test and
integrate the most frequently used software products (such as HP Serviceguard Solutions and
HP Insight Dynamics VSE). Pioneered by HP, this concept of pre-integration makes the
purchasing, installation, patching, and support processes more streamlined, and it removes the
necessity for the initial customers to act by default as external beta testers.
HP-UX OEs include the Base Operating Environment (BOE), which is intended for customers
requiring less complex installations; the Virtual Server Operating Environment (VSE-OE), which
is targeted at customers seeking higher resource utilization or at those who are embarking on
consolidation projects; and the High Availability Operating Environment (HA-OE), which is
intended for customers focused on increasing uptime for large, business-critical applications.
There is also a superset known as the Data Center Operating Environment (DC-OE), which
includes all the functionality from BOE, VSE-OE, and HA-OE.
While the Operating Environments are nested for ease of procurement, customers can still add
on single software products should they wish to pick and choose. In addition, HP offers a series
of Reference Architecture (RA) best-practices to help customers minimize deployment time.

Figure 1. HP-UX 11i v3 Operating Environments

Data Center Operating Environment (DC-OE)
Integrates all Operating Environments into a virtualized mission critical OS

High Availability OE (HA-OE) integrates:

Serviceguard clusters
Fast failover
100% online
maintenance
Fully IPV6 compliant
Congestion free
Advanced file system
and volume management
Scalable, secure, and
available data

Virtual Server OE (VSE-OE) integrates:

Base OE (BOE)

The UNIX OS plus HP innovation

Scalable systems and storage

UNIX performance
Centralized, single-pane system
management

Comprehensive security
Consolidation safeguards secure
resource and hard partitions

Single system RAS

Insight Dynamics VSE

Provision infrastructure
Optimize infrastructure
Protect continuity of
services

Advanced file system

and volume management
Scalable, secure, and
available data

Source: HP

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

HP-UX Design Goals

Software such as HP Insight

Dynamics VSE and HP
Serviceguard Solutions
extend the reliability,
scalability, and flexibility of
HP-UX so that it benefits
workloads, data centers,
and IT infrastructures on
an end-to-end basis.

HP-UX 11i v3 was released in early 2007. Individual releases of HP-UX are supported for a
decade or so to enable customers to upgrade when it makes the most sense for the business to
do so. Investment protection is provided through binary compatibility for source, data, and
binaries.
With HP-UX 11i v3, HP focused on continued improvements to RAS to meet the needs of the
24x7 global enterprise. It also focused on the agile enterprise and the increasing need to
transport and store large amounts of data a change driven by compliance and archiving
regulations as well as evolving data types and ever-expanding media files. HP designed the
current release of HP-UX 11i v3 to provide flexibility with mission-critical virtualization; capacity
for the most demanding workloads; affordable data-center-class availability and security; and
centralized expert control. The newest release of HP-UX, in the spring of 2010, introduced a
number of functional enhancements that significantly strengthen its appeal as a data center
computing platform. The core OS includes several new capabilities to reduce downtime, both
unplanned and planned. In particular, online migration of Integrity Virtual Machines is up to
two times faster than the previous release, and migrations are made more secure with
encryption. HP also added a suspend/resume capability for Integrity Virtual Machine guests,
which provides increased flexibility for deploying workloads in virtual machines.
In addition to being faster and more secure, Online Virtual Machine Migration for HP Integrity
Virtual Machines has been fully integrated into the VSE-OE and DC-OE operating environments.
Software such as HP Insight Dynamics VSE and HP Serviceguard Solutions extend the
reliability, scalability, and flexibility of HP-UX so that it benefits workloads, data centers, and IT
infrastructures on an end-to-end basis. With complete flexibility to move virtual machines
according to business policies driven by availability and service levels, HP-UX can now become
the basis for truly virtual infrastructure, in which computing resources are treated as a single
pool of resources that can be drawn upon on demand by workloads.
It is clear that HP is continuing to invest in enhancing the functionality of HP-UX, following its
traditional approach of responding to specific needs that its customers have raised. But how
does HP-UX compare with the other leading UNIX systems on the market today? The next few
sections compare the functionality of HP-UX 11i v3 with the latest releases of its major
competitors: IBMs AIX 6.1 and Oracles Solaris 10. The comparison focuses on several key
functional areas, including virtualization support, reliability functions, and security functions.

Virtualization
Virtualization continues to take hold across the industry with the proven ability to deliver a
variety of business and operational benefits, including consolidation and improved resource
utilization; simplified resource provisioning; simplified implementation of high availability (HA)
and disaster recovery (DR); legacy application support; and improved test and development
processes. One of the most basic enablers of virtualization is the ability to run multiple
operating systems simultaneously on a single server. There are a number of ways to
accomplish this feat, depending on the goals of a virtualization deployment. For example, in
some cases (e.g., web server farms), it may be acceptable (or necessary) to run multiple
instances of the same OS. In other cases, particularly with consolidation, it may be desirable to
run heterogeneous operating systems either different release or patch levels of the same
operating system, or entirely different operating systems altogether simultaneously on a
single server.
From an implementation standpoint, operating systems can use several possible technologies
to manage multiple operating system instances. Such approaches include server partitioning,
hardware assistance, virtual machines, and virtual operating systems (i.e, virtual servers).

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

HP-UX 11i v3s Complete Portfolio of Virtualization Techniques

The range of virtualization

approaches available for HPUX allows users to match
applications with virtualization
methods based on their
specific performance,
isolation, and flexibility
requirements.

HP-UX supports all of these virtualization types in some form on Integrity servers. For the most
demanding workloads that require their own copies of an operating system (either HP-UX or
heterogeneous), HP-UX offers several approaches:

HP nPartitions (nPars). HP nPars are hard partitions that provide complete electrical isolation
between operating system instances, so that hardware or software errors in one partition
cannot crash or panic other partitions (requires cell-based servers). Electrical isolation also
enables a key nPars advantage in online serviceability (i.e., the ability to add/replace real
memory/CPU resources without impacting the entire system). Further, nPars incur no
performance overhead with respect to I/O performance, since the operating system has
direct access to the I/O, just as on a physical system. HP-UX 11i v3 also supports Dynamic
nPartitions, which allow nPars to be reconfigured online at the granularity of cell boards. The
ability to reconfigure Dynamic nPartitions introduces several benefits, including the capability
to: perform hardware maintenance on a server while that server continues to run mission
critical applications; add cell boards needed to accommodate growth without shutting the
server down; and migrate cell boards to different partitions in response to changing
workloads without incurring downtime. nPars within an HP Integrity server can run multiple
operating systems in parallel: HP-UX, including different release levels, or OpenVMS.

HP Virtual Partitions (vPars). HP vPars are soft partitions that offer finer granularity than
nPars. They can be as small as a single CPU, and can be used to host multiple instances of
either HP-UX 11i v2 or HP-UX 11i v3, each of which can be independently managed. Both
CPUs and memory can be dynamically moved between vPars without a reboot. Since the OS
still has direct access to the CPUs, memory, and I/O resources that are assigned to it, vPars
offer close to standalone server performance with the flexibility of software partitions.

HP Integrity Virtual Machines (VMs). HP Integrity VMs offer the finest granularity for running
multiple complete operating system instances (up to 20 per processor or core). HP Integrity
VMs are a true virtual machine implementation with fully virtualized processors, memory,
and I/O. HP Integrity VMs can run either HP-UX 11i v3 or the older HP-UX 11i v2, and they
can be deployed within an nPar. HP Integrity VMs support up to eight virtual CPUs and
capping of CPU resources. Resources can be dynamically moved between guests without
affecting the operation of the running applications, and online migration enables relocation
of an entire virtual machine from one host to another without interrupting its processing.

HP Secure Resource Partitions (SRPs). HP SRPs provide many of the benefits of a virtual
operating system, enabling applications to be stacked securely within a single instance of
HP-UX 11i. HP SRPs combine the HP-UX Security Containment function with HP Process
Resource Manager (PRM) resource management. HP SRPs allow discrete sets of processes
and files to be contained within compartments; provide role-based access control to
administer privileges for these compartments; and provide rules that dictate intercompartmental communication.

The variety of virtualization functions on HP Integrity makes it possible to deploy them in

innovative ways. For example, with HP-UX it is possible to nest different virtualization functions
i.e., deploy HP vPars or HP Integrity VMs inside of HP nPars. The range of virtualization
approaches available for HP-UX allows users to match applications with virtualization methods
based on their specific performance, isolation, and flexibility requirements.
AIX and Solaris each match many of the basic virtualization capabilities in HP-UX (see Table 4).
Virtualization in AIX is generally based on Dynamic LPARs (dLPARs) and Micro-Partitions, a
hypervisor-based partitioning approach that matches much of the value of HPs Integrity Virtual
Machines in terms of the ability to support multiple operating system instances at very fine
levels of granularity (i.e., fractions of processors). IBM does not have a partitioning solution
that is equivalent to nPars for providing complete electrical protection between OS instances,
which might be necessary for applications that demand the highest levels of isolation.

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

In the newest version of

HP-UX, online migration of
Integrity Virtual Machines is
up to two times faster than
the previous release, and it
has now been fully integrated
into the VSE-OE and DC-OE
operating environments.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

Solaris supports several methods for running multiple operating instances simultaneously on a
single server. Some high-end SPARC64 servers have a hard partitioning function called dynamic
domains, which is similar in design to HPs nPars. Oracle also offers a more flexible
virtualization function called Oracle VM Server for SPARC (formerly called Logical Domains, or
LDOMs), which allow multiple separate instances of Solaris to run on a single processor.
However, Oracle VM Server for SPARC is only supported on Oracle servers that have chip
multithreading technology (CMT). Finally, Solaris Containers allow multiple private execution
environments to be created within a single instance of Solaris 10, similar to HPs Secure
Resource Partitions.

Table 1. Server Partitioning Functions in HP-UX vs. Other UNIX Systems

HP-UX 11i v3

AIX 6.1

Solaris 10

Multiple OS Instances
(Same OS)

vPars, nPars, Integrity

VMs

dLPARs and MicroPartitions

Dynamic domains,
Oracle VM Server for
SPARC

Multiple OS Instances
(Older OS)

vPars, nPars, Integrity

VMs

dLPARs and MicroPartitions

Dynamic domains

OS Virtualization

Secure Resource
Partitions

dLPARs and Workload

Partitions

Solaris Containers

HW/FW-Assisted
Hypervisor

None

dLPARs and MicroPartitions

Oracle VM Server for

SPARC

Electrical Isolation

nPars

None

Dynamic domains

Integrity VMs

Micro-Partitions,
Workload Partitions

Warm migration with

Oracle VM Server for
SPARC; live migration
with Oracle VM Server
forx86

Hardware Assistance

Online Migration

Online Migration
Most forms of virtualization to some degree isolate workloads from the details about the
servers on which they are hosted. As a result, the use of virtualization generally makes it easier
to move a workload from one machine to another without disturbing the workloads application
environment. The ability to transfer virtualized workloads across the network in this manner
enables a number of benefits that can greatly affect operational costs, including reduced
downtime and better controls for maintaining service levels.
HP-UX 11i v3 supports live migration for Integrity Virtual Machines, allowing the state of an
Integrity Virtual Machine to be relocated from one physical host to another without interrupting
its processing. In the newest version of HP-UX, online migration of Integrity Virtual Machines is
up to two times faster than the previous release, and it has now been fully integrated into the
VSE-OE and DC-OE operating environments. The new release also adds the ability to encrypt
virtual machines during migration, which will be valuable for using virtualization to maintain
service levels in sensitive workloads. Finally, HP added a suspend/resume capability for
Integrity Virtual Machine guests, which provides increased flexibility for deploying workloads in
virtual machines. Among other uses, administrators can use this mechanism to maintain
libraries of pre-built virtual machines containing various workloads.
AIX 6.1 has two different ways of moving virtualized workloads across systems without
interrupting applications. The first method, called Live Partition Mobility, can transfer an

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

A core component of the HPUX 11i v3 Virtual Server

Operating Environment (VSEOE) is HP Insight Dynamics
VSE. Insight Dynamics VSE
is advanced infrastructure
lifecycle management software
that allows customers to
instantly adjust their environment to dynamic business
demands.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

operating system from one POWER server to another while the operating system continues
running. 1 The other method, Live Application Mobility, is a function of AIX 6.1 that can be used
to move Workload Partitions (virtualized operating systems similar to Solaris Containers or HP
Secure Resource Partitions) from one host to another. Neither of these options supports
encryption, however. Solaris Containers support cold migration, in which the state of a
Container is captured in a file for migration from one host to another. Oracle VM Server for
SPARC supports warm migration, in which partitions can be moved from one host to another
with minimal interruption, but the approach incurs some downtime. Oracle VM Server for x86
supports live migration of Solaris, with encryption.

Workload Management Tools

HP-UX offers several powerful tools for managing resources at a fine level of granularity, both
on single systems and across multiple systems. The tools work by efficiently allocating system
resources such as CPU, memory, and I/O to different applications via flexible scheduling
policies. HP was a pioneer in delivering resource management functions for UNIX systems,
releasing the first version of its resource management tools for HP-UX in 1994 well before
other UNIX vendors such as IBM or Oracle. HP-UX resource management functions have
continuously improved since then, and they now offer the broadest capabilities available for a
UNIX system:

HP Process Resource Manager (PRM) enables consolidation of applications within a single

copy of HP-UX with the assurance that no single application will monopolize server resources
and thus adversely affect other applications. PRM is a mature resource management tool
that controls CPU, memory, and I/O utilization based on a defined set of priorities. It can
also be used to adjust resources the fly.

Global Workload Manager (gWLM) is an intelligent policy engine that automatically allocates
resources among multiple workloads to increase server utilization while meeting service
levels for high-priority applications. Designed to work across multiple HP-UX 11i, OpenVMS,
and Linux environments, the workload management features are ideal for large, centralized
IT environments that host applications for many departments.

HP Insight Dynamics VSE

A core component of the HP-UX 11i v3 Virtual Server Operating Environment (VSE-OE) is HP
Insight Dynamics VSE. Insight Dynamics VSE is advanced infrastructure lifecycle
management software that allows customers to instantly adjust their environment to dynamic
business demands. It integrates workload management (PRM, gWLM) with partitioning
technologies (nPars, vPars, Integrity VMs); capacity planning capabilities for continuous
consolidation and infrastructure provisioning; high-availability solutions (HP Serviceguard
Solutions); and HP Utility Pricing offerings, including Instant Capacity (iCAP), Temporary iCAP,
Global iCAP and Pay per Use. The gWLM capability of Insight Dynamics helps users maintain
service levels and increase business agility with critical workloads. Administrators can control
which applications are the most important, designate how much of the available computing
resources those applications get, and automatically change those allocations on an ongoing
basis. Insight Dynamics VSE will also automatically and dynamically readjust resource
allocations in response to changes in workload demand or failure conditions. For instance, if
customers experience a disaster, they may only want their top-tier applications to be operating
for the first few days.

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

Requires that the guest OS uses the Virtual I/O server to virtualize the I/O connections, rather than
running the I/O directly through the hardware.

AUGUST 2010

In an HP Integrity Virtual
Machine environment, HP
Serviceguard can monitor the
application in addition to the
guest OS, the host OS, and
the hardware. It can protect
from failures at any level.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

Alternatively, users may want to use the failover capability to move software application
packages between servers in a cluster whenever desired, not just in a failed cluster node
scenario. In an HP Integrity Virtual Machine environment, HP Serviceguard can monitor the
application in addition to the guest OS, the host OS, and the hardware. It can protect from
failures at any level. Most virtual machine failover solutions only monitor the hardware,
hypervisor, or the guest OS, and not the actual application. Upon failure, Serviceguard can
move virtual machines automatically to the failover node. This failover works seamlessly, since
HP Serviceguard can be loaded directly into the Integrity VM host to monitor the applications
running within the VM, or loaded onto the host to monitor the VMs themselves.
Further, Insight Dynamics VSEs workload management can be leveraged to automatically
reallocate (or invoke) resources after failover to retain service-level goals. Insight Dynamics
VSEs integration of the HP Serviceguard Solutions portfolio of clustering and disaster recovery
with virtualization and workload management functions, as well as HPs utility pricing offerings,
means that workloads can automatically maintain service levels even in the event of failures
within a data center, or of up to two entire data centers. As a result, overall system utilization
is improved offering the following benefits:

Provides business isolation for applications while making optimum use of server resources.
Protects applications from failure or degradation caused by hardware or software problems
in other parts of the affected server.

Optimizes application performance and behavior by isolating applications within their own
operating environments where they can have dedicated resources.

Provides resource isolation within an operating environment such that applications sharing
an operating system image can receive dedicated system resources in order to meet servicelevel objectives.

Increases server flexibility through easy resizing of partitions.

Improves Return on IT (RoIT) through optimized server utilization with minimal overhead.
Neither AIX nor Solaris match the powerful resource management capabilities in HP-UX and
Insight Dynamics VSE. Both offer some workload management tools, including AIX Workload
Manager (WLM) and Solaris Resource Manager (SRM). However, these tools do not match the
functional capabilities or the degree of integration with virtualization functions that HPs
workload management capabilities offer. With the ability to define business-driven, closed-loop
workload management policies, administrators can prioritize workloads in a way that
guarantees performance for high-priority business applications under varying application and
system loads. Further, when integrated with iCAP, HPs Global Workload Management can
automatically activate and deactivate additional resources or just signal the need to do so.
In the spirit of tight integration, tested application stacks, and rapid deployment, HP also offers
Reference Architectures for Insight Dynamics VSE. These are documented best practices and
step-by-step guides to easily deploy solutions in an Insight Dynamics VSE environment, HP
Integrity servers, and key industry applications from IBM, Oracle, SAP, and SAS. While both
IBM and Oracle do provide some level of integration between their respective virtualization
functions and HA/DR tools, neither offers a solution that matches the breadth and depth of
Insight Dynamics VSE.

Performance Optimization Tools

To extract the maximum performance from systems as virtualization is introduced,
administrators require extensive visibility over the behavior of system components in real time,
so that they can diagnose performance bottlenecks and failures. HP offers a strong set of tools
for interactively managing the performance of the HP-UX operating system and its workloads.
These include GlancePlus Pak and Perfview for optimizing the performance of systems (both of

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

HP offers a strong set of tools

for interactively managing the
performance of the HP-UX
operating system and its
workloads. These include
GlancePlus Pak and Perfview
for optimizing the performance
of systems (both of which
also support AIX and Solaris),
as well as HP Caliper and
HPjmeter for optimizing
application performance.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

which also support AIX and Solaris), as well as HP Caliper and HPjmeter for optimizing
application performance. GlancePlus Pak provides an overview of system performance, allowing
administrators to examine system activities; identify and resolve performance bottlenecks; and
tune systems. Administrators can view real-time summaries of data on the performance of HPUX systems, and then drill down to diagnostic details at the system level, application level and
process level. Performance metrics can be collected for analysis on a historical basis, and
alarms can be set up to trigger automated commands or scripts based on any combination of
metrics.

Table 2. Performance Optimization Tools of HP-UX vs. Other UNIX Systems

HP-UX 11i v3

AIX 6.1

Solaris 10

Performance
Management

Perfview, GlancePlus
Pak, Caliper (C++),
HPjmeter (Java)

Low-level commandline tools; IBM

Performance Toolbox
for AIX

Low-level commandline tools

Kernel Tracing

ktracer

ProbeVue

Dynamic Tracing
(DTrace)

HP Caliper is a tool that can be used to analyze the performance of C++ applications. HP
Caliper allows administrators and developers to understand the performance and execution of a
C++ application, and to identify ways to improve its runtime performance. Another tool,
HPjmeter, helps administrators and developers optimize the performance of Java applications
by displaying their behavior in real time, with the ability to automatically detect problems and
alerts in Java code. HPjmeter can provide particularly extensive visibility over the behavior of
memory in Java applications, showing the impact of garbage collection on application
performance and delivering alerts when memory leaks are detected.
HP-UX also has a tool called ktracer, which can be used to analyze the performance of
processes and systems at the kernel level, in order to detect performance bottlenecks and
discover opportunities to improve performance. ktracer is integrated with HP Caliper, and it
provides the user with an overall performance view. It tracks performance bottlenecks and
issues throughout the stack, so that performance can be optimized across both the application
and the kernel.
These interactive tools help administrators, working together with developers, extract the
maximum performance from HP-UX systems. The depth of information provided by HPs tools
enables administrators to find and overcome performance bottlenecks in less time. Moreover,
the graphical user interfaces (GUIs) of HPs tools allow administrators to diagnose and repair
many problems by applying a point-and-click approach, rather than the remember and type
approach that is required for tools with command-line or textual user interfaces (TUIs). As a
result, some performance management tasks in HP-UX can be performed by personnel even if
they do not have a great deal of experience with issuing UNIX commands.
Most of the native performance management capabilities provided by IBM and Oracle for AIX
and Solaris, respectively, are more low-level tools driven by command lines. Solaris 10 includes
a powerful kernel tracing tool called Dynamic Tracing (DTrace), which enables administrators
and developers to monitor operating system behavior in real time and at the kernel level, using
a scripting language to configure diagnostic routines. IBM offers a tool for AIX 6.1 called
ProbeVue, which targets similar functionality to DTrace, taking advantage of prebuilt code in
the AIX kernel to capture the status and parameters of kernel functions. Also, IBMs
Performance Toolbox for AIX provides a graphical user interface to help administrators with
load monitoring, and analyzing system information to diagnose performance bottlenecks.

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

Availability

HP Serviceguard Solutions
work with HPs utility pricing
offerings to automatically
activate capacity as needed,
as in the case of a failed
server. In some cases, downtime can be eliminated as
cluster monitoring is able to
detect potential faults and
address them without an
interruption in business
activities.

Like scalability, availability is a key concern for users in small and medium-sized businesses as
well as in large enterprise organizations. When it comes to availability, the issues that
administrators are concerned with generally fall into two classes: avoiding planned downtime
due to maintenance, and minimizing the impact of unplanned downtime due to failures or
threshold violations. The operating system itself can help to reduce downtime in several ways.
First, it can reduce planned downtime by minimizing the need (and the time required) for
rebooting when maintenance is performed in the hardware or in the operating system software
itself. Further, it can support frameworks for smoothing service-level recovery when a serious
failure does occur, either in hardware or software.
Most advances with regard to UNIX system availability have occurred in three areas: dynamic
reconfiguration (i.e., the ability for operating systems to adapt to the addition and removal of
CPU and memory resources without requiring a reboot); error handling architectures (which
help application and higher-level service infrastructures correctly adapt when failures occur in
hardware or lower-level software); and and high availability (HA) and disaster recovery (DR)
tools (which enable workloads to transparently migrate to alternate hosts when hardware,
software, storage or network failures occur).

Table 3. Availability Functions in HP-UX vs. Other UNIX Systems

HP-UX 11i v3

AIX 6.1

Solaris 10

Online Reconfiguration
OS

Can dynamically add

and remove virtual
CPUs/memory in
nPars, vPars

Can dynamically add

and remove virtual
CPUs/memory in
Micro-Partitions

Can dynamically add

and remove virtual
CPUs/memory in
Dynamic domains

Online Reconfiguration
Hardware

Can dynamically add

and remove real
CPUs/memory

No

Can dynamically add

and remove real
CPUs/memory

Reduced OS Update
Downtime

Dynamic Root Disk

Concurrent
Maintenance

LiveUpgrade

Error Handling
Architecture

System Fault
Management

None

Solaris Fault
Management
Architecture (FMA)

HA Cluster and DR
Options

HP Serviceguard

IBM PowerHA

Oracle Solaris Cluster

Operating systems can help to minimize planned downtime by reducing the number of
administrative tasks that require a system restart, which can consume a great deal of time in
high-end environments. For example, in HP-UX, most of the OS tuning required for a workload
can be performed without a reboot (75% of tuning operations that would have required a reboot
in the past have been eliminated in HP-UX 11i v3). Historically, hardware maintenance was one
scenario in which some downtime was almost certainly unavoidable. However, some advanced
UNIX servers now have the ability to dynamically add and remove processor and memory
modules without being shut down, making it possible to upgrade servers without interrupting
operations. Online CPU and memory addition is especially useful when coupled with utility pricing
programs, which bring resources online only when they are needed by applications.
Moreover, in virtualized environments, where by definition resources such as CPUs and memory
can be created and removed at will, it becomes increasingly critical for operating systems to
have the ability to respond to constantly changing resources. For this hot plug functionality to
work correctly, the operating system must recognize CPU and memory modules as they come

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

AUGUST 2010

HPs portfolio of Serviceguard

Solutions is recognized as
one of the most proven high
availability and disaster recovery stacks in the industry
with some 750,000 licenses
sold worldwide to date.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

online. It is also necessary for the operating system to recognize when the resources are no
longer available, which is somewhat more challenging, since it requires the OS to gracefully
dry up use of resources that reside in the components being detached.
Currently, HP-UX, AIX, and Solaris all have the ability to dynamically add and remove processors
and memory in a running instance of the operating system without reboot. It should be noted,
though, that only Solaris and HP-UX have the ability to add and remove both real and virtual CPU
and memory resources (i.e., support the maintenance and upgrade of hardware online, as well as
support the dynamic reconfiguration of operating systems running in virtual machines). IBM does
not currently support hot-plug CPUs or memory on its POWER servers.
Another way for operating systems to help minimize planned downtime is to reduce the time
required for making major changes to the operating system software itself, by allowing
administrators to install a new version of the operating system while the existing version
continues to operate normally. Instead of replacing the operating system directory structures and
files, the new system is built in a separate root directory structure. Once the installation is
complete, the administrator can quickly reboot from the other root directory and immediately
begin using the new system. Fallback is simple simply reboot the original system and resume
using it. This capability is a major improvement for UNIX, since the traditional installation
procedure would have required a complete tape restore to recover from a bad installation. It also
relieves the fears of those who distrust new releases by providing quick fallback. HP-UX, AIX, and
Solaris now all support this capability, although they have different names for it: HP-UX 11i v3 has
Dynamic Root Disk, Solaris has LiveUpgrade, and AIX 6.1 has Concurrent Maintenance.

Error-Handling Architecture
Despite improvements to the robustness of hardware, faults can still occur in critical hardware
components including processors, memory, and I/O devices that are expensive and
sometimes extraordinarily challenging to replicate. In response, leading-edge UNIX system
developers have introduced error-handling architectures that help workloads recover from
outages by key hardware components in single systems, allowing them to continue functioning
by adapting to critical changes in hardware.
These frameworks allow applications to be adapted for dynamic reconfiguration so that they
behave correctly given a particular combination of CPUs and memory. If applications are not
properly modified to handle dynamic addition or removal of CPUs and memory, they will not
necessarily be optimized to take advantage of available resources. For example, dominant
applications such as database servers typically make assumptions about the number of
processors available. If the number changes while the database is running, performance can
suffer for a variety of reasons. The frameworks sometimes also allow dynamic reconfiguration
operations to be integrated smoothly into day-to-day system management operations,
permitting resource changes to be activated by scripts and other system management
mechanisms. Along these lines, HP-UX 11i v3 has the System Fault Management framework,
while Solaris has its Fault Management Architecture (FMA). AIX has a lower-level mechanism
called First Failure Data Capture (FFDC), which collects diagnostic information about problems
at the time they occur, reducing the need for administrators to recreate the problem at a later
time in order to generate diagnostic information.

HA Cluster and DR Options

Administrators can use HA clusters to maintain the availability of operating system services,
applications, databases, and networks in the event of a failure that affects a portion of the
system or the entire system. HA clusters ensure service restoration within a reasonable time
limit by enabling one or more servers to take over for a server that has crashed or stopped
processing due to any failure in hardware, software, networks, or otherwise. By isolating

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

10

AUGUST 2010

Security is a core competency

of HP, which designed a
portfolio of products HP
Secure Advantage to help
customers securely share
information; improve identity
management and compliance
controls; ensure business
continuity; and defend
against network attacks.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

faults on the failed node, the remaining nodes can continue providing service, keeping the
overall clustered system in operation. HP Serviceguard Solutions work with HPs utility pricing
offerings to automatically activate capacity as needed, as in the case of a failed server. In some
cases, downtime can be eliminated as cluster monitoring is able to detect potential faults and
address them without an interruption in business activities. Clustering can also help with certain
management tasks by absorbing planned downtime in addition to system failures.
Since most HA cluster environments depend on some form of shared storage, the distance
between nodes is often constrained to the maximum length of I/O channels such as SCSI or
Fibre Channel (i.e., at best campus distances up to 100 km). Disaster recovery (DR) options,
which typically work via replication, allow nodes to be separated by geographically significant
or even unlimited distances. DR solutions protect systems from natural and man-made
disasters and provide compliance to government regulations.
HPs portfolio of Serviceguard Solutions is recognized as one of the most proven high
availability and disaster recovery stacks in the industry with some 750,000 licenses sold
worldwide to date. Serviceguard Solutions provide capabilities ranging from cluster failover to
cross-city (Metrocluster) and cross-continent (Continentalclusters) disaster recovery, supporting
failover distances of up to 300 km through dark fiber, and unlimited distances over WAN
connections. Failover can be either fully automated or operator-initiated and with the latest
update to HP-UX 11iv3, Metrocluster and Continentalclusters are now simpler to configure and
easier to manage, with optimized failover times. Serviceguard is fully integrated with Integrity
Virtual Machines, allowing clusters to be deployed in virtual machines so that the computing
resources assigned to cluster nodes can be precisely calibrated.
Using HP-provided toolkits, Serviceguard Solutions can be integrated with Insight Dynamics VSE
and software products from third-party vendors, including Oracle and SAP, to reduce overall time
to production deployment and enhance monitoring capabilities for these products. Unlike other
UNIX vendors, HP integrated its Serviceguard availability and DR solutions with Symantecs
VERITAS Storage Foundation offerings (available only through HP as Serviceguard Storage
Management Suite) to provide a comprehensive solution that delivers improved availability,
manageability, and performance to business-critical environments on HP-UX.
IBM is also recognized for its very strong HA and DR capabilities, which include PowerHA and
PowerHA SystemMirror Enterprise Edition with Geographic Logical Volume Manager (GLVM),
and data migration capabilities in its System Storage products. However, IBM does not
currently offer a comparable level of integration between the virtualization functions in AIX
(i.e., Micro-Partitions and WPARs) and the HA and DR options of PowerHA. As a result, IBMs
virtualization solution for AIX may not be able to offer the same levels of flexibility as HPs
Insight Dynamics VSE, or its operational cost benefits. The Solaris Cluster option for Solaris
can be used to stretch clusters over campus and metropolitan areas, as well as geographic
ranges with Solaris Cluster Geographic Edition. However, Solaris Cluster also does not have the
same degree of integration with workload management, virtualization, infrastructure
management, and utility pricing as Insight Dynamics VSE, and thus does not deliver the same
benefits of automation as HPs solution.

Security
The security functions in UNIX systems have continued to evolve as they have been deployed
in ever-more critical roles. The main areas of focus have been on improving control over
allowable actions by users and administrators; supporting data encryption; and improving tools
to help administrators make sure their systems have been properly secured.
Security is a core competency of HP, which designed a portfolio of products HP Secure
Advantage to help customers securely share information; improve identity management and

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

11

AUGUST 2010

HP-UX stands out for

including a unique set
of host-based intrusion
detection functions in the
base operating system.

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

compliance controls; ensure business continuity; and defend against network attacks. While
Secure Advantage brings HPs entire security value proposition together across all of its
Enterprise Server and Storage (ESS) platforms, several key components of the portfolio are
based on Integrity and HP-UX, including the following bundled (in HP-UX 11i) components:

HP-UX Host Intrusion Detection. Integrated into the kernel, this package monitors HP-UX
systems for user or application security breaches.

HP-UX Identity Management is a powerful suite of identity management products that all
work together on HP-UX. The suite includes Red Hat Directory Server; Identity Management
Integration (IdMI), which works with HP OpenView Select Access; and an AAA
(Authentication, Access Control, and Accounting) server. The suite allows administrators to
implement single sign-on, which can authorize users to access appropriate applications with
one account and password. The AAA server provides a directory front end to control access
to the network a function critical to ISPs that need to control access to the network and
provide detailed transaction billing information. The AAA server also implements One Time
Password Authentication (OTP) with two-factor authentication, which helps to protect
networks from phishing attacks, unauthorized network access, and identity theft. HP-UX has
long delivered on the promise of centralized LDAP-based user management with the Red Hat
Directory Server (now replaced with a port of the Open Source Fedora 389 Directory Server)
and the HP-UX LDAP-UX client software for platform enablement. HP-UX also bundles the
Select Access server, which layers on top of the LDAP director to facilitate simplified user
and access management across a broad range of platforms, devices, and applications.
Further, the HP-UX IdMI client software layers on top of LDAP-UX for more powerful login
and access control.

HP-UX Security Containment enables a server to be divided into distinct compartments

capable of hosting applications with different security profiles. Compartments adhere to rolebased access control (RBAC) rules and may communicate via Inter-Process Communications
(IPC). Better server utilization is thus achieved by application stacking in a secure manner.

A secure disk erase tool, included in HP-UX, can render sensitive hard drive data
unrecoverable in a way that is compliant with Department of Defense specifications.

Table 4. Security Functions in HP-UX vs. Other UNIX Systems

HP-UX 11i v3

AIX 6.1

Solaris 10

Yes

Yes

Yes

File-Based
Encryption

Yes

Future

Yes

Volume-Based
Encryption

Yes

Future

No

Lockdown Tools

HP-UX Bastille

Via aixpert

Solaris Security
Toolkit

Secure by Default

Yes

Yes

Yes

Host-Based Intrusion
Detection

Yes

No

No

Role-Based Access
Control (RBAC)
Storage Encryption

Security Configuration

HP-UX and AIX each support the most essential improvements to UNIX security. Both systems,
as well as Solaris, also provide tools that help administrators properly configure security in the
notoriously porous UNIX OS environment. HP-UX, AIX, and Solaris all support a secure by

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

12

AUGUST 2010

HP-UX 11i V3: ENGINEERED FOR CRITICAL WORKLOADS

default installation mode, whereby the OS begins operating with high security settings
configured out of the box. However, HP-UX provides a particularly easy mechanism to select
between different security levels.

Role-Based Access Control (RBAC)

Role-based access control (RBAC) enables administrators to designate rights for any UNIX
command. The RBAC mechanism lets administrators define rights profiles for individual users
with the specific rights and privileges necessary for them to perform their job functions. In this
manner, full trusted access to the entire network does not need to be granted to every lowlevel administrator. The ability to safely delegate such limited authority allows more
experienced administrators to avoid spending their time being interrupted by trivial tasks.
Currently, HP-UX, Solaris, and AIX all provide RBAC functions. However, HP-UX is particularly
advanced in its integration with RBAC and Identity Management. HP bundles Select Access for
use with HP-UX for free, and also offers the necessary components to back-end RBAC to its
IdMI solution.

Encryption
Americas
Ideas International, Inc.
800 Westchester Avenue
Suite N337
Rye Brook, NY 10573-1354
USA
Tel + 1 914 937 4302
Fax +1 914 937 2485
Asia/Pacific and Worldwide
Headquarters
Ideas International Limited
Level 3
20 George Street
Hornsby, NSW, 2077
Australia
Tel +61 2 9472 7777
Fax +61 2 9472 7788
Europe, Middle East, Africa
Ideas International Europe
Milton Park Innovation Centre
99 Milton Park
Abingdon, Oxon OX14 4RY
United Kingdom
Tel + 44 (0) 1235 462 890
Fax + 44 (0) 1235 462 891
actionable intelligence
www.ideasinternational.com

WHITE PAPER | 2010 IDEAS INTERNATIONAL, INC.

While encryption has long been employed in different parts of IT infrastructure, particularly in
networking, attention has turned more recently toward applying encryption to the data itself as
it resides in storage. Since the operating system plays a direct role in controlling how data
passes back and forth between storage systems and applications, it is a natural place for
encryption functions to be applied in order to protect sensitive data as soon as it enters the
system. HP-UX 11i v3 and AIX 6.1 each support storage encryption. However, while AIX
supports encryption at the file level, HP-UX 11i supports encryption at both the individual-file
and entire-volume levels. Developers are working on encryption capabilities for the ZFS file
system in Solaris, but these functions are not yet shipping in the production versions of Solaris.

Host-Based Intrusion Detection

Host-based intrusion detection and prevention tools help to protect servers from crackers and
viruses by auditing kernel activity to detect when malicious programs may be active. HP-UX
stands out for including a unique set of host-based intrusion detection functions in the base
operating system. HP-UX 11i bundles and integrates HPs Praesidium IDS 9000 host-based
intrusion detection package. IDS 9000 can monitor one or more HP-UX systems for users or
applications that try to break security. IDS 9000 includes Kernel Data Source, which provides a
kernel-auditing system that yields secure and robust data on the use of kernel functions. The
tool correlates data from the kernel and other data sources to determine when attacks are
mounted against HP-UX systems. The other UNIX systems require the installation of layered
software to fully match the intrusion detection capabilities that are built into HP-UX.

The IDEAS Bottom Line

In recent years, UNIX systems have matured sufficiently to meet the functional requirements of
the most demanding environments in the industry. HP was one of the first major vendors to
envision the market potential of an enriched and robust UNIX operating system, and to adopt it
as its strategic business platform over 25 years ago. Since then, HP has been continuously
refining the capabilities of its HP-UX version of UNIX, culminating with the release of HP-UX 11i
v3. As a result of this continuous development, HP-UX 11i v3 has a very strong portfolio of
functions compared to AIX and Solaris. Its balanced functionality of core OS features, its
superior integration between critical components, and its flexible deployment options in a
variety of hardware form factors and virtualization approaches, make HP-UX 11i v3 ideal for
broad deployment across the enterprise.

13