2001 DH Bao S Report

D.H. Brown Associates, Inc. http://www.dhbrown.
com
A summary of this report is available to all of our subscribers free of charge. Sponsors of our collaborative
program in Systems Software (SS) receive the full report as part of our comprehensive services. Those interested
in the program should contact Ken Mewes, Vice President Marketing at kmewes@dhbrown.com or 914-937-
4302, ext. 272.
2001 UNIX Function Review
EXECUTIVE SUMMARY
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
AIX 4.3.3
Tru64 UNIX 5.1
HP-UX 11i
Solaris 8
Poor OK Good Very Good
Aver age of t he f unct i onal r at i ngs f or Scal abi l i t y, RAS, Syst em Management ,
I nt er net and Web- Appl i cat i on Suppor t , and Di r ect or y and Secur i t y Ser vi ces.
FIGURE 1: Overall Functional Ratings as of January 1, 2001
In the leap-frogging game that is continuously played in the brutally competitive
commercial-server arena, Solaris 8 surges ahead to capture the overall lead for
UNIX operating-system functions. Now that Sun has finally completed shipping
all promised components in its operating environment, Solaris 8 occupies the top
spot in RAS (Reliability, Scalability, and Serviceability) and Directory and Security
Services, and also achieves a strong standing in Internet and Web-Application
Services. HP-UX 11i and Tru64 UNIX 5.1 remain in a dead heat for second
place. The two systems share the lead in System Management; and Tru64 UNIX
leads in Scalability, while HP-UX occupies at least second place in all studied
areas. AIX 4.3.3 leads in Internet and Web-Application Services, but trails the
RISC UNIX systems in most other areas. UnixWare 7.1.1 falls short of the RISC
UNIX systems in all studied areas, suffering particular shortcomings in RAS and
Directory and Security Services.
SCALABILITY
Tru64 UNIX achieves the highest scalability rating, benefiting from
extraordinarily large file system and memory capacities that derive from the
maturity of its early 64-bit design. Compaq tests and supports Tru64 UNIX file
systems and files up to 16 TB, while the remaining vendors support at most 1 or
2 TB on their file systems. Tru64 UNIX also supports 256 GB of memory on the
AlphaServer GS320, a range that is matched only by HP-UX 11i. Tru64 UNIX
rates very competitively in other key areas such as Shared-Memory
FIGURE 1:
Overall Functional
Ratings as of
January 1, 2001
SS, March 2001
2 Copyright 2001 D.H. Brown Associates, Inc.
Multiprocessing (SMP) scalability, thanks to its proven database performance on
32-way GS320 server hardware, and a complete set of low-level kernel
optimizations.
HP-UX 11i follows, supporting the second-highest file system range at 2 TB, and
matching Tru64 UNIX for 256 GB memory support on HPs Superdome server
hardware, which has achieved good database benchmark results on 48-way SMP
configurations. For building web-server farms, HP-UX 11i includes a production
version of the Resonate load-balancing tool.
Solaris supports up to 128 GB of memory, and 1 TB file systems and files. AIX
supports up to 96 GB of memory and 1 TB file systems, but files can be no larger
than 64 GB. AIX occupies a strong position in HPC technical clusters and has
proven support for very high-end database clusters. Otherwise, AIX and Solaris
have roughly equivalent scalability ratings. Both demonstrate particularly strong
SMP capabilities, albeit succeeding by differing criteria. While Solaris has been
tested with industry-standard benchmarks on SMP servers using more processors
than any other studied system (64), AIX was able to achieve the highest results on
the same tests using the fewest processors (24).
UnixWares scalability fundamentally depends on the capabilities of the Intel
server architecture, which will not complete its transition to 64-bits until later this
year. UnixWare supports advanced enterprise servers based on current IA-32
processors, including the Unisys ES7000, a mainframe-class machine. UnixWare
can be configured with up to 32 processors and up 64 GB of memory.
1
Although
UnixWare supports all 32 processors in ES7000, the maximum SMP
configuration for which UnixWare has produced credible database benchmark
evidence is eight processors. As with AIX and Solaris, UnixWare supports file
systems and files up to 1 TB.
RAS (RELIABILITY, AVAILABILITY, AND SERVICEABILITY)
Solaris leads strongly in the RAS area, offering several functions not yet available
from competitors, particularly in the Dynamic Reconfiguration (DR) and
Partitioning categories.
2
Solaris 8 can arbitrarily add and remove CPUs online, and
is the only studied product capable of adding and removing memory online. Also,
Suns Dynamic Domains function on the E 10000 server is the only available
UNIX-partitioning function that allows the hardware partitions between OS
instances to be adjusted while keeping them online. All of the other hardware
partition solutions currently require the affected partitions to be rebooted after
reconfiguration. Solaris 8 also introduces significant enhancements to the
manageability of these functions with its Reconfiguration Coordination Manager
(RCM), which provides a standard Application Program Interface (API) for

1
Although UnixWare remains a 32-bit system, it can exploit the extra memory in such systems using Intels Process
Addressing Extension (PAE) mechanism. Normal UnixWare applications still run in a 32-bit address space, while critical
applications and the operating system itself can use the large memory for caching purposes.
2
Suns RAS strengths at the operating-system level are orthogonal to the reliability issues it faced at the hardware level during
the last year due to the Error-Correcting Coded (ECC) memory failures on its high-end servers.
SS, March 2001
Copyright 2001 D.H. Brown Associates, Inc. 3
applications to adjust online to changing domain configurations. With this trait,
they can dynamically optimize their use of available resources (i.e., processors and
memory). RCM also allows reconfiguration to be automated through scripting,
maximizing the ability of servers using Dynamic Domains to flexibly
accommodate tasks that vary with business schedules. Some key software
packages, such as Oracle 9i, already exploit RCM.
HP-UX follows, offering strong functions to handle component failure, leading
resource-management tools, first-class Fibre Channel (FC) support, and strong
Disaster Recovery options. HP-UX is one of only two systems that can detect and
recover from memory errors online. HP-UX Workload Manager is a leader
because it is the only goal-based resource-management tool currently available.
This means that administrators can define targets in terms of overall application
performance, rather than the performance of any one subsystem. Besides HP-
UX, only one other system supports all studied FC capabilities. HPs
MC/ ServiceGuard CampusCluster, ContinentalCluster, and MetroCluster
packages share the lead for Disaster Recovery capabilities.
Although all studied systems include a Journaling File System (JFS), only HP-UX
11i and Tru64 UNIXs AdvFS file system offer Full Journaling. This concept
applies logging to maintain the integrity of the files themselves in addition to that
of the file system. Tru64 UNIX also possesses the strongest Cluster File System
(CFS), with the only CFS implementation that works on the root-file system. Like
HP-UX, Tru64 UNIX can scrub and correct double-bit memory errors online.
Tru64 UNIX is the only other system with complete support for all studied Fibre
Channel functions.
AIX manifests the most complete support for handling processor failure, and has
particularly strong Disaster Recovery functions in its GeoRM Geographic
Mirroring and HAGEO wide-area failover options. AIX is also the only system to
match the capabilities of Suns Live Upgrade feature, allowing installation of an
operating system image to occur simultaneously with production use.
UnixWare supports a number of important resiliency features, notably Multipath
I/ O, and supports static hardware partitions provided by high-end Intel-based
servers such as the Unisys ES7000. UnixWare also supports SCOs powerful
NonStop Clusters, a sophisticated High Availability (HA) package that supports
up to 32 nodes, a cluster file system, and advanced HA functions such as process
pairs. However, UnixWare lacks advanced resource-management tools, and offers
only basic Fibre Channel capabilities.
SYSTEM MANAGEMENT
HP-UX and Tru64 UNIX share the lead for system management, supporting all
studied capabilities. HP-UX, Solaris, and Tru64 UNIX provide improved event-
management mechanisms, which have the ability to track, view, and notify
administrators about many different types of system events using a single
consistent format, along with a unified interface. This allows a central event log to
SS, March 2001
serve as the only stored log required for debugging purposes. This approach helps
administrators manage the profusion of messages from a variety of sources that
pop up during day-to-day administration. AIX, HP-UX, and Tru64 UNIX also
maintain a slight advantage over competitors due to their ability to allow patches
to be installed using two-phase commits. The other systems do not provide
formal mechanisms allowing system administrators to back out of patches by
automatically restoring software to its preexisting state if necessary.
Otherwise, differentiation has shrunk considerably in the UNIX system-
management area. While early UNIX leaders were able to establish leadership
through a variety of features related to ease-of-use or value-added tools
facilitating production usage, most of the studied UNIX systems now cover all of
those bases well. For example, all of the systems now fully address storage
management, and include a Logical Volume Manager (LVM) in the base operating
system, which allows storage to be managed through virtual disks or
volumes made up of one or more physical disks. All studied systems also
enable plug-and-play hardware configuration, and provide system-management
tools that are useable by administrators with a variety of skill levels. Of particular
note, all have graphic-user-interface (GUI) tools that will appear familiar to users
accustomed to Windows PCs and therefore provide ease of use at all levels
and support some level of administrative role delegation for management
functions that normally require broad administrative privileges. In this
environment, full trusted access to the entire network does not need to be granted
to every administrator nor to lower-level employees. All studied systems except
UnixWare provide some form of a registry mechanism to keep track of software,
extensions, and patches that have been installed.
Remote administration capabilities have now matured as well. All of the studied
systems include system-management tools that have been optimized for web
usage, in some cases allowing ordinary web browsers to be used as entry-points.
All of the studied systems contain some form of template installation tool, which
allows large numbers of identical servers to be configured at once using a
cookie-cutter methodology.
INTERNET AND WEB-APPLICATION SERVICES
AIX has the lead in the Internet and Web-Application Services area. AIX offers
the broadest support for the basic protocols needed to support sophisticated web
infrastructures. Also, AIX and Solaris are the only studied systems to build HTTP
acceleration functions into their kernels. This helps to boost web-server
performance on their respective hardware platforms. Finally, AIX and Solaris
provide the most complete support for various Enterprise Java Beans (EJB) web-
application server add-ons, and share the lead for Network File System (NFS)
capabilities, both supporting all possible NFS enhancements. Both also have the
best level of support for the Distributed File System (DFS).
All studied UNIX servers now achieve good interoperability with Microsoft
CIFS-based file-sharing networks. HP-UX and Tru64 UNIX break ahead of the
SS, March 2001
pack for offering some level of single sign-on across their systems and Windows
NT, both providing mechanisms able to synchronize user and password
information between UNIX and Windows NT security infrastructures.
Otherwise, all of the systems have available ready-to-run tools (based on either
the Open Source Samba technology, or various proprietary mechanisms) that
match virtually all of the file- and print-sharing capabilities of Windows NT.
These tools allow all systems to provide basic file- and print-sharing services to
Windows clients, appearing as virtual Windows NT servers on the network. They
can mount remote Windows NT disks, allowing UNIX applications to access data
from them as if they were local. In addition, all support Advanced Server for
UNIX add-ons, which allow them to host Windows NT Primary Domain
Controllers (PDCs).
In terms of Linux interoperability, Solaris 8 and UnixWare break out of the pack
with the ability to actually run existing Linux binaries natively.
3
By contrast,
Compaq, HP, and IBM are currently focusing on API-level compatibility with
Linux, targeting developers who want to port their Linux applications to the
respective UNIX systems, rather than making any effort to run existing Linux
applications in binary form.
DIRECTORY AND SECURITY SERVICES
Solaris leads in Directory and Security Services, offering the most complete
support for directory services other than LDAP. Solaris also provides Suns entire
Kerberos authentication mechanism for free with the base operating system,
while some other systems charge a premium. Finally, Solaris also shares the lead
with Tru64 UNIX for integrating LDAP with basic operating system functions.
HP-UX achieves the highest level of support for network-security functions,
sharing the lead with AIX for including secure networking tools. In particular,
HP-UX stands out for including real-time host-based intrusion detection
functions in the base operating system. Tru64 UNIX also provides strong support
for directory services other than LDAP, but lacks native support for the
PKCS#11 cryptographic hardware API. AIX also includes a Kerberos server in
the base operating system, and provides strong network-security functions, but
lacks the Pluggable Authentication Module (PAM) capability of most competitors.
All of the studied systems except UnixWare support cryptographic hardware,
which offloads the encryption task to special-purpose processors, boosting the
scalability of secure web sites. Indeed, SCO has historically focused on supporting
departmental and small-business applications using traditional access methods
such as terminals. UnixWare includes relatively few tools for managing enterprise
networks or web-based infrastructures. UnixWare also offers little support for
LDAP, runs the fewest non-LDAP directory services, and includes none of the
studied network security functions except for TCP/ IP wrappers.

3
Note that only the Intel X86 version of Solaris supports this function.
SS, March 2001
TABLE OF CONTENTS
EXECUTIVE SUMMARY...................................................................................................................................... 1
SCALABILITY........................................................................................................................................................ 1
RAS (RELIABILITY, AVAILABILITY, AND SERVICEABILITY)........................................................................................ 2
SYSTEM MANAGEMENT ........................................................................................................................................ 3
INTERNET AND WEB-APPLICATION SERVICES ........................................................................................................ 4
DIRECTORY AND SECURITY SERVICES .................................................................................................................. 5
UNIX PRODUCT OVERVIEW.............................................................................................................................. 8
AIX 4.3.3............................................................................................................................................................ 8
HP-UX 11I.......................................................................................................................................................... 9
SOLARIS 8......................................................................................................................................................... 10
TRU64 UNIX 5.1............................................................................................................................................... 12
UNIXWARE 7.1.1............................................................................................................................................... 13
METHODOLOGY................................................................................................................................................ 14
SCALABILITY .................................................................................................................................................... 16
SUMMARY ......................................................................................................................................................... 16
SMP RANGE..................................................................................................................................................... 17
STORAGE SCALABILITY ...................................................................................................................................... 19
64-BIT SUPPORT ............................................................................................................................................... 20
SCALABILITY CLUSTERING OPTIONS ................................................................................................................... 23
LOW-LEVEL OPTIMIZATIONS ............................................................................................................................... 26
RAS (RELIABILITY, AVAILABILITY, AND SERVICEABILITY) ...................................................................... 28
SUMMARY ......................................................................................................................................................... 28
COMPONENT FAILURE RESILIENCE ..................................................................................................................... 30
DYNAMIC RECONFIGURATION............................................................................................................................. 32
JOURNALING FILE SYSTEM................................................................................................................................. 33
HIGH AVAILABILITY (HA) CLUSTER OPTIONS....................................................................................................... 34
WORKLOAD-MANAGEMENT TOOLS ..................................................................................................................... 38
SYSTEM MANAGEMENT.................................................................................................................................. 44
SUMMARY ......................................................................................................................................................... 44
HARDWARE MANAGEMENT ................................................................................................................................. 45
OPERATING-SYSTEM MANAGEMENT ................................................................................................................... 46
SOFTWARE MANAGEMENT.................................................................................................................................. 48
EVENT MANAGEMENT ........................................................................................................................................ 49
STORAGE MANAGEMENT.................................................................................................................................... 51
REMOTE ADMINISTRATION.................................................................................................................................. 52
INTERNET AND WEB-APPLICATION SERVICES........................................................................................... 54
SUMMARY ......................................................................................................................................................... 54
WEB-PROTOCOL SUPPORT ................................................................................................................................ 55
WEB SERVICES ................................................................................................................................................. 59
FILE AND PRINT SHARING................................................................................................................................... 60
JAVA SUPPORT.................................................................................................................................................. 62
WEB-APPLICATION SERVER AVAILABILITY........................................................................................................... 63
WINDOWS NT INTEROPERABILITY....................................................................................................................... 64
LINUX INTEROPERABILITY................................................................................................................................... 66
SS, March 2001
DIRECTORY AND SECURITY SERVICES........................................................................................................ 68
SUMMARY ......................................................................................................................................................... 68
DIRECTORY SERVICES ....................................................................................................................................... 69
PLUGGABLE SECURITY....................................................................................................................................... 71
SECURE NETWORKING TOOLS............................................................................................................................ 71
CRYPTOGRAPHIC HARDWARE SUPPORT ............................................................................................................. 73
SS, March 2001
UNIX PRODUCT OVERVIEW
AIX 4.3.3
AIX was the first major second-generation UNIX product to ship after Sun and
HP established its UNIX beachheads in the 1980s. AIX was also the first system
that had a design focus of fusing open systems advantages with traditional
production quality values, of which IBM had plenty to draw from its supremely
established mainframe business. Moreover, unlike some earlier attempts at
commercial-grade UNIX, AIX did not sacrifice functionality, modularity,
manageability, or efficiency in order to gain standards conformance and openness.
After enduring a few painful early years while its implementation matured, AIX
managed to seize a significant functional lead thanks to the strength of its
foundation a lead it was able to maintain until D.H. Brown Associates, Inc.s
(DHBAs) most recent UNIX function study in early 2000.
AIX is now in a period of transition. As before, the current version of AIX,
release 4.3.3, is exclusively available on PowerPC hardware from IBM and OEM
partners such as Groupe Bull. However, in November 2000, IBM also began
shipping an early adopters release of AIX 5L, which is the first version of AIX to
support platforms other than IBMs Power-based hardware. That version also
runs on systems based on Intels upcoming 64-bit Itanium processor, putting
IBM in a strong position to seize an early lead on IA-64 with a production-grade
UNIX system available on the day of shipment. To develop AIX 5L, IBM allied
itself with Santa Cruz Operation (SCO) in 1998 to develop an enterprise-grade
UNIX implementation for Itanium that would compete with IA-64 UNIX
versions promised from Sun and HP for the enterprise-server market.
4
The
project with SCO involved porting IBMs new 64-bit kernel based on AIX to IA-
64, endowing it with a number of user-level features from the UnixWare
environment, and then porting the result back to PowerPC. SCO will not ship its
version of the Monterey code until IA-64 hardware begins to ship in volume,
focusing instead on fusing the current UnixWare implementation with Linux as
part of its Linux Kernel Personality (LKP) initiative.
IBM will ship the new version, called AIX 5L Version 5.1, in full production in
the spring of this year. Many new functions and features of AIX 5L Version 5.1
will be exploited when IBM begins shipping its next-generation high-end server
hardware in the fall.

4
See TechnologyTrends, SCO Jumps to AIX for IA-64, D. H. Brown Associates, Inc. October 26, 1998.
SS, March 2001
HP-UX 11i
HP has long been a leading supplier of commercial UNIX solutions, succeeding
in part by emphasizing business-oriented factors such as quality, investment
protection, consulting abilities, and support. In the 80s, HP was one of the first
major vendors to envision the market potential of an enriched and robust UNIX
operating system and to adopt it as its strategic business platform. As early as
1988, HP launched a mainframe alternative initiative, persuading independent
software vendors (ISVs) of selected vertical markets (hospitality, for example) to
co-develop versions of their software for the HP-UX platform.
After adding volume-oriented solutions based on Intel X86 servers and Windows
NT to its strategic focus, HP has recently redoubled its UNIX efforts as it seeks
to provide a leading-edge operating environment for its newly-introduced high-
end Superdome servers. HP also seeks to position HP-UX as the preferred
enterprise UNIX for next-generation commodity servers based on IA-64, and will
introduce a version for its Itanium systems as soon as they become available. HP
believes that it has a better chance of becoming the de-facto high-end UNIX
standard by virtue of its total focus on the IA-64 platform. While IBM will
continue offering separate UNIX solutions based on Power and Intel
architectures going forward, and Sun has minimized its marketing efforts to drive
Solaris on the Intel platform,
5
HP will transition all of its servers from the PA-
RISC architecture to IA-64 over time. Moreover, during the migration to IA-64,
HPs users can take advantage of the binary compatibility with PA-RISC that HP
managed to introduce in the IA-64 processor architecture early on, which will
help to minimize disruption.
Due in part to its focus on the needs of business users, HP has a history of
introducing advanced UNIX functions conservatively in HP-UX, optimizing
instead for criteria such as stability and investment protection. But with HP-UX 11i,
announced in July 2000, HP clearly showed its seriousness about pushing HP-UX
technically, including a burst of competitive tactical features in the newest release.
HPs consistent adoption of mainframe development and deployment disciplines,
and implementation of mainframe-like functions in HP-UX have clearly paid off.
A number of advanced HP-UX 11i features, such as memory-failure resiliency
functions and strong workload-management tools, provide particular advantages
in addressing the requirements of new web applications, clicks-and-mortar
users trying to migrate their operations to web infrastructures, and traditional-
enterprise IT environments.
HP has also invested in simplifying the packaging for HP-UX. Instead of requiring
users to order and install HPs software options on an individual basis, HP offers
preconfigured Operating Environment packages of the HP-UX 11i base operating
system and key add-ons for different application requirements (see Table 1).

5
However, Sun has continued developing the Intel X86 version of Solaris, which includes almost all of the features in the
SPARC version. Moreover, as a result of offering the Intel X86 version of Solaris 8 for free via web download (or minimal
media costs), Sun was able to build a base of more than 400,000 registered users for that product.
SS, March 2001
TABLE 1: Overview of HP-UX 11i Package Contents
HP-UX 11i
Operating Environment
(Base Package)
HP-UX 11i
Enterprise
HP-UX 11i
Mission Critical
HP-UX 11i
Technical Computing
HP-UX 11i core functions
(including 32-bit and 64-
bit HP-UX kernels)
EMS Framework
ObAM5
Partition Manager
Software Distributor
Apache Web Server
CIFS/9000 Server
CIFS/9000 Client
Java JPI
Java Runtime
Environment
Netscape Communicator
PAM Kerberos
ServiceControl Manager
EMS HA Monitors
MirrorDisk/UX
Online JFS (v3.3)
OV GlancePlus
Process Resource
Manager
Plus all functions in
HP-UX 11i base
ECM Toolkit
MC/ServiceGuard
ServiceGuard NFS
Workload Manager
Plus all functions in HP-
UX 11i Mission Critical
3D Graphics
Apache Web Server
CIFS/9000 Server
CIFS/9000 Client
FirstSpace VRML Viewer
Java 3D
Java JPI
Java Runtime
Environment
MLIB
MPI
Netscape Communicator
PAM Kerberos
Visualize Conference
SOLARIS 8
Sun originally made UNIX fashionable. After establishing itself as a leading
supplier of high-performance workstations during the 1980s and early 1990s, Sun
shifted its strategic goal to becoming a first-tier vendor of enterprise servers.
While such a major strategic transformation would be risky for any company, Sun
managed to overcome the challenge with considerable success, benefiting from
the confluence of three major forces:
Sun maintained a total focus on UNIX and SPARC at a time when most
other UNIX vendors strayed to Windows NT and Intel X86 architectures.
These other vendors were caught off guard when functional gains for
Windows NT and Intel X86 servers materialized more slowly than expected,
just as the surge in web usage and e-business requirements introduced a
dramatic new need for reliability and scalability, which commodity systems
could not meet. Also, in an adroit and remarkably successful response to the
encroachment of the Wintel juggernaut, Sun kept its SPARC servers
competitive at the low-end of the server market a space that most other
vendors left to commodity systems running Windows NT. Sun accomplished
this by embracing and extending the characteristics of PC servers as much as
possible in its SPARC-based workgroup-server hardware, adopting similar
component and manufacturing technologies that minimized the pricing
SS, March 2001
premium of its proprietary platform. As a result, Solaris now enjoys a unique
benefit amongst UNIX systems: it provides a single line of binary-compatible
platforms that span the range from very price-competitive low-end servers
and workstations up to clusters of high-end, mainframe-like SMP servers. By
contrast, most of the other vendors fragment their product lines across
commodity servers running Windows NT or Linux at the low-end, and RISC-
based UNIX systems at the high-end, thus sacrificing binary compatibility.
In 1997, Sun gained a three-year head-start over its competitors for bringing
several key mainframe-like functions into the UNIX space when it introduced
the Enterprise 10000 server. Suns lead came about as a result of an
astonishing stroke of fortune in 1996 when it acquired the Business Systems
Division (BSD) of Cray Research, which had designed the StarFire system.
Based on SPARC and Solaris, StarFire had very high-end SMP capabilities.
Solaris exploited these capabilities handily thanks to design choices that had
been forced by hardware conditions a few years earlier.
6
These included a
leading-edge RAS feature developed by Cray called Dynamic Domains, which
remains the closest comparable function to mainframe Logical Partitions
(LPARs) that is currently available for UNIX. Even now, few of the leading
UNIX suppliers have matched the E 10000s SMP range, and none have yet
fully matched Suns Dynamic Domains function. Coupled with Suns
legendary marketing prowess, the E 10000 earned the company extraordinary
visibility in traditional IT datacenters at a time when interest in high-end
UNIX systems was beginning to surge.
Simultaneously with its efforts at the systems level, Sun gained significant
traction in the enterprise middleware space with its Java technology. Java has
been adopted by a broad set of vendors and IT managers. While Java
originally received much attention as a platform for neutralizing the barriers
between client platforms, it has proven to be an effective mechanism for
developing server-side applications as well. By investing in value-added server
software options based on Java from iPlanet, Sun has strengthened its ability
to provide an end-to-end solution for critical server infrastructures based on
Solaris.
Sun announced Solaris 8 in November 1999 and began shipping the new system
in early 2000. However, many of the critical layered software products for Solaris,
including Sun Cluster and PC/ NetLink, did not begin shipping on Solaris 8
immediately.
7
Now, Sun has not only shipped the entire Solaris 8 product set, but
has also delivered key enhancements to some of those layered options, including
shipment of a major update to its HA clustering capabilities with Sun Cluster 3.0
in November 2000. Although Sun has yet to ship the long-awaited midrange and

6
When Solaris 2 began shipping, Suns SuperSPARC processor was trailing most competing RISC processors in performance.
Sun responded by investing heavily in developing SMP capabilities for its workstations and servers. As part of the effort,
Solaris was optimized for SMP earlier than most other UNIX systems. For example, Solaris was the first major RISC-based
UNIX system to introduce sophisticated kernel-thread mechanisms for optimizing applications.
7
DHBAs previous UNIX Function Review covered Solaris 7, even though Solaris 8 had already been announced at the time
of publication. See 1999-2000 OperatingSystemFunctionReview, D.H. Brown Associates, Inc., March 2000.
SS, March 2001
high-end server hardware based on its next-generation UltraSPARC III processor,
it is currently positioned very well from a UNIX-system software standpoint.
TRU64 UNIX 5.1
Tru64 UNIX derives from a long and sometimes contentious relationship
between UNIX culture and Digital Equipment Corporation, which Compaq
purchased in early 1998. UNIX was born and bred on Digital hardware in the
1970s. AT&T and universities mostly drove UNIX development, but Digital
always maintained a UNIX group to develop and support drivers as well as to test
new designs on UNIX. Digital eventually released ULTRIX, which was UNIX
improved by clearer documentation, enhancements specific to Digital hardware,
and support services.
Digital continued to develop its VAX/ VMS systems while universities and AT&T
continued to develop UNIX, and all vendors waged the UNIX Wars, which
lasted through multiple standardization attempts. As industry began to use UNIX
more, Digital, along with other vendors, funded efforts such as the X Window
System, the Open Software Foundation (OSF) initiative, and also played an early
role in the creation of Linux by donating resources and equipment so that Linux
had a native Alpha port by 1994.
Digital responded to a perceived lack of commitment to UNIX by leapfrogging
its competition with overwhelming technical force. The company introduced
blistering performance with its 64-bit Alpha RISC processor and 64-bit UNIX.
Tru64 UNIX became the first in the industry to move to 64 bits and used an
implementation based on state-of-the-art OSF/ 1 operating-system technology.
Strictly in terms of technology, the investments have clearly paid off well. Alpha
routinely resides in the leading position for processor performance, and Tru64
UNIX has consistently stayed at the head of the pack for operating system
functions.
Compaq has continuously maintained its investment in Alpha UNIX products,
recognizing that to be considered a credible enterprise player, it needs to balance
its burgeoning commodity PC business with differentiated proprietary offerings.
Extending its product line to the high end of the UNIX space, Compaq finally
shipped the 32-way AlphaServer GS320 (formerly code-named Wildfire) last
summer, accompanied by a steady stream of functional improvements in Tru64
UNIX V5.1, released in the fall of 2000.
Today, Compaqs Alpha UNIX business is focused on five strategic markets:
Business Intelligence, High Performance Technical Computing, Telco and
Internet Applications, and Enterprise Applications. Within the past year, there
have been several impressive, high profile wins in these segments, such as the
Pittsburgh Supercomputing project in HPTC, and Ericsson in Telco.
SS, March 2001
UNIXWARE 7.1.1
Santa Cruz Operation (SCO) historically dominated the UNIX-on-Intel market
with over 85% of marketshare and a deep understanding of the platform. SCO
achieved its position through its long-standing OpenServer product. This product
generated a respectable set of third-party solutions for meeting small-business
requirements. More important, SCO gained expertise in supporting the vast and
diverse array of hardware that permeates the Intel X86 landscape, offering a
competency matched only by Microsoft. In recent years, SCO has focused on the
more advanced UnixWare, which it acquired from Novell in 1996. UnixWare is
an implementation of System V Release 5 (SVR5) with PC-oriented networking
extensions, integrated Internet connectivity, and enhancements targeting reliability
and scalability.
UnixWare 7 allowed SCO to make the leap from targeting small-to-medium-sized
businesses to become a serious UNIX competitor, poised to take on enterprise
requirements. However, despite its early success in lining up OEM partners, SCO
was unable to continue the investments in UnixWare required to compete with
the heavyweight UNIX systems from Sun, HP, IBM, and Compaq. SCO
announced in late 1998 that it would no longer position UnixWare as an
enterprise platform when IA-64 arrived, choosing instead to embrace the AIX
kernel as the foundation for the next-generation Monterey product.
Since then, SCO took a step further and announced that it would sell all of its
UNIX products, including OpenServer and UnixWare, to Caldera Systems Inc., a
leading Linux-distribution supplier. The transaction has not yet been completed,
8
but Caldera has stated that it will sustain SCOs efforts to enhance UnixWare for
IA-32 platforms, which will remain relevant for some time until IA-64 enters
mainstream markets. Caldera also plans to introduce a Linux Kernel Personality
(LKP) for UnixWare that will allow it to run Linux applications. Caldera plans to
position UnixWare as a kind of super-charged Linux environment that is fully
compatible with other Linux distributions, but has more powerful functions
under the hood than the traditional Linux kernel. To deliver on this promise,
however, Caldera will have to marshal sufficient development resources to keep
up with the investments of the established enterprise competitors.

8
The acquisition is due to be completed by second quarter 2001.
SS, March 2001
METHODOLOGY
This study ranks five leading UNIX operating systems IBM AIX 4.3.3, Hewlett-
Packard HP-UX 11i, Sun Solaris 8, Compaq Tru64 UNIX 5.1, and SCO
UnixWare 7.1.1 based on their functional capabilities as of January 1, 2001.
Each operating system receives a rating for its support of more than 100
functional items across five criteria: Scalability; Reliability, Availability, and
Serviceability (RAS); SystemManagement; Internet and Web-Application Services; and
Directory and Security Services.
This study primarily notes items for their existence or non-existence on a given
platform, although it judges some items according to the quality and breadth of
their implementation. Systems receive maximum credit only for functions that are
bundled and integrated. They take a penalty if the function requires a separately
priced option, and suffer a greater penalty if the function is not available directly
from the operating systems supplier (i.e., if it requires involvement of a third-
party supplier). They receive a maximum penalty if a function is unavailable for
the platform, or if it can be implemented only through a workaround, which is
almost always an awkward process.
Each individual rating sums to a score for each one of the five functional
categories, based on weights indicated at the beginning of each chapter. The
overall ranking derives from the average of all category rankings each of the
major functional areas rates an equal weight toward the total.
To determine its ratings for the studied functional items, DHBA evaluated each
operating system and its layered products using a variety of approaches, including,
hands-on evaluation,
examination of system documentation and related publications, and
discussions with marketing and engineering staff from each operating-system
vendor.
DHBA must emphasize that this report represents a technology assessment,
which exposes findings that remain distinct from other types of research, such as
marketshare statistics, customer-satisfaction surveys, or laboratory-based stress
testing. One cannot extrapolate the results of this assessment to draw conclusions
in other domains. The industry has frequently shown that the best technology
does not always win in the marketplace.
To arrive at a complete profile of an operating-system product, users should
consider a number of factors in addition to those addressed by this study,
including,
Application Portfolio: An operating system is only as useful as the applications
available for it. The suitability of an application portfolio for a given user,
however, ultimately depends on that users specific requirements.
SS, March 2001
Quality: As with any other complex technical product, an operating system
may ship with a number of defects, which are independent of its relative
technical richness. Formal methods to measure quality vary from stress testing
to collecting empirical data based on customer-satisfaction surveys.
Vendor Support: At the high end of software complexity, operating systems
introduce a notoriously high support burden, especially when deployed on
servers. The ability of vendors to meet those support requirements may vary.
Vendor Experience: Vendors offering multiple operating systems may have
different levels of experience within their respective product lines, depending
on when they entered the market and with what level of commitment.
Skills Availability: This factor applies both to the skills available within a users
organization and in the market as a whole.
Hardware/ SystemCapabilities: Since an operating system will only perform as
well as its underlying hardware, users must remain aware of factors such as
processor performance and the SMP ranges available on host platforms.
Cost: A complex and contentious area, this factor depends not only on
operating-system software prices and associated client license fees, but also on
any necessary add-on packages, the price and price/ performance of
underlying hardware, and a wide variety of hard-to-measure soft costs
related to ongoing management and training.
SS, March 2001
SCALABILITY
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
AIX 4.3.3
Solaris 8
HP-UX 11i
Tru64 UNIX 5.1
FIGURE 2: Scalability Ratings
SUMMARY
All five of the systems rank in the Good to Very Good categories. Tru64
UNIX receives the highest scalability rating, benefiting from extraordinarily large
storage and memory capacities that derive from the maturity of its early 64-bit
design. Compaq tests and supports Tru64 UNIX file systems and files up to 16
TB, while the remaining vendors support at most one or two TB on their storage
systems. Tru64 UNIX also supports 256 GB of memory on the AlphaServer
GS320, a range that is matched only by HP-UX 11i. Tru64 UNIX now also rates
very competitively in other key areas such as SMP scalability, thanks to its proven
database performance on 32-way GS320 server hardware, and a complete set of
low-level kernel optimizations.
HP-UX 11i follows, supporting the second-highest file system range at 2 TB, and
matching Tru64 UNIX for 256 GB of memory support on HPs Superdome
server hardware, which has achieved good database benchmark results on 48-way
SMP configurations. For building web-server farms, HP-UX 11i includes a
production version of the Resonate load-balancing tool.
Solaris supports up to 128 GB of memory, and 1 TB file systems and files. AIX
supports up to 96 GB of memory and 1 TB file systems, but files can be no larger
than 64 GB.
AIX achieves a strong position in High Performance Computing (HPC) technical
clusters and proven support for very high-end database clusters. Otherwise, AIX
and Solaris have roughly equivalent scalability ratings. Both have particularly
strong SMP capabilities, albeit succeeding by differing criteria. While Solaris has
been tested with industry-standard benchmarks on SMP servers using more
processors than any other studied system (64), AIX was able to achieve the
highest results on the same tests using the fewest processors (24).
UnixWares scalability fundamentally depends on the capabilities of the Intel-
server architecture, which will not complete its transition to 64-bits until later this
FIGURE 2:
Scalability Ratings
SS, March 2001
year. UnixWare supports state-of-the-art enterprise servers based on current IA-
32 processors, including the Unisys ES7000, a mainframe-class machine that can
be configured with up to 32 processors and up to 64 GB of memory.
9
Although
UnixWare supports all 32 processors in ES7000, the maximum SMP
configuration for which UnixWare has produced credible database-benchmark
evidence on is eight processors. Like AIX and Solaris, UnixWare supports file
systems and files up to 1 TB.
SMP Range
30%
64-Bit
Support
20%
Storage
Scalability
25%
Low-Level
Optimizations
10%
Scalability
Clustering
Options
15%
FIGURE 3: Scalability Criteria and Weightings
SMP RANGE
Shared-Memory Multiprocessing (SMP) boosts system performance by harnessing
multiple processors within a single server that all share the same memory and I/ O
resources. Because SMP incurs fewer penalties related to management and
processing overhead than other multiprocessing techniques, and is also relatively
easy for application developers to exploit in their code, it remains one of the most
effective ways to increase system performance for many key business applications,
including database servers and Online Transaction Processing (OLTP) functions.
Since all processors in an SMP server must be able to access all system resources
simultaneously, operating systems are deeply involved in the quality of an SMP
implementation. Indeed, enabling a kernel to effectively manage large numbers of
processors has traditionally presented an extraordinary and tedious challenge for
operating-system developers. Typically, hardware and software design teams must
cooperate closely and consider a variety of factors throughout the system,
including memory-bus bandwidth and cache sizes, to optimize their
implementation. Moreover, they must gather huge amounts of empirical data to

9
Although UnixWare remains a 32-bit system, it can exploit the extra memory in such systems using Intels Process
Addressing Extension (PAE) mechanism. Normal UnixWare applications still run in 32-bit address space, while critical
applications and the operating system itself can use the large memory for caching purposes.
FIGURE 3:
Scalability Criteria
and Weightings
SS, March 2001
determine how well their design works with a variety of applications, a process
that can last for years before good results are achieved.
While there is no generally applicable way to predict exactly how well an
application will scale on an SMP system under real-world conditions, certain
benchmark tests provide a reasonable approximation. In particular, the
Transaction Processing Performance Councils TPC-C benchmark remains the
most widely accepted method to assess the SMP range of server systems. In
addition to being truly vendor-neutral and subject to rigorous auditing
procedures, the TPC-C test stresses a number of system components that are
frequently exercised in commercial-server applications, including I/ O, inter-
processor communication, and cache management.
When using benchmarks such as TPC-C to assess the quality of SMP
implementations, it is tempting to focus on the absolute tpmC (transactions per
minute) reached or the greatest number of processors used as proof of an
operating systems SMP capabilities. However, TPC-C performance actually
depends on a broad set of factors related to hardware and software, including the
processor performance of the systems involved (i.e., Intel X86 compared to
RISC), their cache size, the hardware-interconnect design and performance, the
database or web server used, and the applications involved. Of course, price-
performance (which must be reported as part of the TPC-C test) represents a
critical aspect as well when vendors decide to issue a result. All of these factors
must be assessed when gauging the ability of the operating system itself to exploit
SMP hardware.
At this point, the RISC-based UNIX systems all rate roughly the same for SMP
capabilities, having been extensively optimized for SMP over a number of years.
All support SMP hardware with at least 24 processors as well, which should meet
the requirements of most high-end commercial-server applications. Further, the
capabilities of all the RISC-based UNIX systems have been validated with TPC-C
results based on high-end server configurations. Figure 4 shows the maximum
TPC-C results for each studied system, along with the number of processors used
to produce the results. The RISC-based UNIX systems have all produced results
above 150,000 tpmC, although the number of processors used to achieve the
respective results varies.
SS, March 2001

0
50
100
150
200
250
AIX HP-UX Solaris Tru64 UNIX UnixWare
t
p
m
C

(
t
h
o
u
s
a
n
d
s
)
0
8
16
24
32
40
48
56
64
C
P
U
s
tpmC (x1000) CPUs
Oracle 8i Oracle 8 Sybase ASE Oracle 8.1.7 Oracle 8i
Source: Transaction Processing Council (www.tpc.org)
FIGURE 4: Maximum TPC-C Results vs. Processor Range by Operating System/ Database
AIX stands out for reaching the highest TPC-C result of all studied UNIX
systems (220,807 tpmC) on SMP hardware. Moreover, AIX was able to achieve
these results using the fewest processors (24). By contrast, Solaris required 64
processors to deliver competitive results, due in part to the lagging performance
of Suns UltraSPARC II processor and the aging design of its E 10000 server.
Note, though, that Solaris ability to manage more processors under benchmark
conditions than any other studied system bodes well for a performance surge
when high-end servers based on Suns more powerful UltraSPARC III processor
arrive later this year.
UnixWare supports up to 32 processors in SMP systems, but very few Intel X86-
based servers currently support more than eight processors. TPC-C results for
UnixWare have only been produced on an eight-way server (41,085 tpmC on the
Unisys ES2085R). However, Unisys recently began shipping a 32-way ES7000
server that supports UnixWare, so more competitive results may well appear in
the future.
STORAGE SCALABILITY
Storage consumption has surged dramatically with the growth of the web, as data
stores have evolved from passive receptacles into active participants in the IT
infrastructure. Storage hardware developers have responded with highly scalable
technologies such as Storage Area Networks (SANs) and Network Attached
Storage (NAS). To fully support these devices, operating systems need to manage
FIGURE 4:
Maximum TPC-C
Results vs. Processor
Rangeby Operating
System/ Database
SS, March 2001
file systems and files that range far beyond the 4 GB originally permitted by 32-bit
systems.
All of the studied environments support large file systems, and provide the
necessary base operating system functions and Application Program Interfaces
(APIs) to support 64-bit files, through which properly written applications can
theoretically access up to 16 exabytes (EB) of data. However, the studied systems
vary in terms of the storage configurations that their vendors actually test and
support, resulting in some differentiation in terms of their practical storage
scalability (see Table 2).
TABLE 2: Maximum Tested/ Supported File System and File Sizes
Tru64 UNIXs storage scalability clearly benefits from Compaqs early leadership
in 64-bit technology. Compaq supports file systems and files ranging up to 16 TB
on its AlphaServers running Tru64 UNIX, much more than any other vendor.
HP follows, supporting 2 TB file systems and files on PA-RISC systems running
HP-UX. IBM, Sun,
10
and SCO each support file systems up to 1 TB on their
respective servers. Sun and SCO support files up to 1 TB as well, while AIX 4.3.3
is limited to 64 GB files.
64-BIT SUPPORT
Support for 64-bit processing can deliver significant benefits for certain types of
commercial applications, primarily those that depend on large databases, which
can use direct 64-bit memory access to cache entire database indexes (or even the
database contents themselves) in physical memory, thus cutting access time by an
order of magnitude of two over queries requiring disk access. However, because
even database applications do things other than queries (and because disk I/ O is
typically overlapped, buffered, and cached by the operating system), performance
improvements in real-world situations with real workloads may prove
substantially more modest. For example, the benefit to TPC-C results for various
64-bit vendors has typically been closer to a factor ranging from 10% to two
times.
Indeed, benefits deriving from switching to a 64-bit architecture are quite different
and less obvious than those stemming from the previous microprocessor
evolutions. Widening the internal and external data paths from 8 to 16 and finally to

10
For applications that need to manage more storage, Sun directs its users to the Veritas VxFS file system, a third-party option
that supports greater ranges. Veritas v3.4 supports file system sizes up to 2 TB. To minimize the burden on the user for
obtaining and managing the Veritas option, Suns VOS (Veritas, Oracle, Sun) program involves joint engineering work
among Veritas, Oracle, and Sun to get Veritas and Oracle ready the first day on every release of Solaris.
File System Size File Size
Tru64 UNIX 5.1 16 TB 16 TB
HP-UX 11i 2 TB 2 TB
Solaris 8 1 TB 1 TB
UnixWare 7.1.1 1 TB 1 TB
AIX 4.3.3 1 TB 64 GB
TABLE 2:
Maximum Tested/
Supported File
System and File Sizes
SS, March 2001
32 bits wide had a direct impact upon speed because fewer cycles were required
to transfer a typical 32-bit word that contained either a floating-point quantity or an
instruction containing a complete memory address. Because most of the individual
data items or instructions are no more than 32 bits (even with the new
architectures), the benefits of a 64-bit data path are less apparent.
In general, operating systems can provide 64-bit capabilities at three incremental
levels:
Run on 64-bit processors such as Alpha, MIPS, PA-RISC, PowerPC, or
UltraSPARC.
Support largephysical memory, i.e. real memory greater than four GB.
Provide large virtual memory, which allows applications to run in a 64-bit
process address space. Only operating systems with this capability qualify as
full 64-bit processing environments.
AIX, HP-UX, Solaris, and Tru64 UNIX have all run natively on 64-bit processors
for years, and have been fully tuned and optimized for their respective
environments (see Table 3 below). Of this group, Tru64 UNIX has the most
mature 64-bit implementation, while Solaris introduced its full 64-bit capabilities
most recently of the studied RISC systems. HP-UX and AIX each have
moderately established 64-bit implementations. However, AIX 4.3.3 provides a
64-bit application environment on top of a 32-bit kernel. While this
implementation allows AIX to support older 32-bit device drivers in a 64-bit
environment, it also causes some 64-bit applications to endure a small
performance penalty at very high transaction rates for checking, reshaping, and
creating internal kernel data structures.
UnixWare currently lacks full 64-bit capabilities, since it only runs on servers
using the 32-bit Intel X86 architecture. Intel is scheduled to introduce its 64-bit
IA-64 architecture later this year with the Itanium processor. Future versions of
UnixWare will exploit the capabilities of the Itanium.
11
TABLE 3: Relative Maturity of 64-Bit Hardware Support

11
These versions will be based on the Monterey technology co-developed with IBM, which is based on the AIX kernel.
64-Bit
Processor
64-Bit Hardware
Introduced
Full 64-Bit
Addressing Introduced
Tru64 UNIX Alpha 1992 1992
HP-UX PA-RISC 1996 1997
AIX PowerPC 1994 1997
Solaris Solaris 1995 1998
UnixWare IA-64 2001 2001
TABLE 3:
RelativeMaturity of 64-
Bit HardwareSupport
SS, March 2001
Since the RISC-based UNIX systems are now all fully 64-bit enabled, they easily
support memory ranges far beyond the 4 GB limit imposed by 32-bit hardware.
However, the systems vary in terms of the large memory configurations vendors
actually test and support with their hardware, resulting in some differentiation in
terms of practical processing scalability that can vary considerably from
theoretical limits (see Table 4).
* Fujitsu GP7000
TABLE 4: Maximum Physical Memory Supported
HP-UX and Tru64 UNIX support the largest amount of physical memory of all
studied systems, managing 256 GB on HPs Superdome and Compaqs
AlphaServer GS320 hardware, respectively. Solaris follows, supporting 128 GB
on Fujitsus GP7000 server and 64 GB on Suns own E 10000 server, while AIX
supports 96 GB, the maximum physical memory available for IBMs servers.
Although current Intel X86 processors all have 32-bit instruction sets, newer
Pentium Pro and Pentium II Xeon processors support 36-bits of real memory
through Intels Physical Address Extensions (PAE). UnixWare exploits PAE,
allowing it to manage up to 64 GB of physical memory.
12
When moving to 64-bit operating systems from their earlier 32-bit
implementations, concerns sometimes arise related to compatibility with existing
32-bit applications and device drivers. Indeed, in some cases, these concerns have
slowed the adoption of newer 64-bit operating systems, despite their offering
advanced functions in other areas. Tru64 UNIX and HP-UX have largely
overcome their migration hurdles, with most of their key applications and device
drivers having made the leap to 64-bits. The transition remains a work-in-progress
for IBM and Sun, however. IBM is shipping a new 64-bit kernel in AIX 5L, which
requires existing 32-bit device drivers to be recompiled before they can be used,
13
and many Solaris users still run the 32-bit 2.5.1 and 2.6 versions. Since the 64-bit
transition will not truly begin for UnixWare until Intels Itanium processor ships
later this year, its future backwards compatibility with 32-bit applications and
device drivers still remains unclear.

12
UnixWare can manage more than 4 GB of memory despite the fact that its applications have only 32-bit addressing
available, by providing special APIs for use by appropriate applications. For example, specially modified database systems
can use the extra physical memory to cache data that would otherwise reside on disk, boosting performance transparently
for 32-bit applications accessing the database.
13
One luxury of the 32-bit/ 64-bit hybrid kernel approach used in earlier versions of AIX was backwards-compatibility for 32-
bit device drivers.
Maximum Physical
Memory Supported
64-Bit
Addressing Supported
HP-UX 11i 256 GB Yes
Tru64 UNIX 5.1 256 GB Yes
Solaris 8 128 GB* Yes
AIX 4.3.3 96 GB Yes
UnixWare 7.1.1 64 GB No
TABLE 4:
Maximum Physical
Memory Supported
SS, March 2001
SCALABILITY CLUSTERING OPTIONS
Clusters can be used to increase system capacity, including performance and
storage, for some types of applications. To scale performance on a cluster,
applications work in concert with clustering software to partition their workloads
into subtasks, which the clustering software then distributes across the clustered
servers. However, since even the fastest cluster interconnects usually have lower
bandwidth and greater latency than the bus in an SMP system (in some cases by
several orders of magnitude), synchronization among the subtasks becomes a
critical bottleneck that systems must minimize. Identifying opportunities for
coarse-grained parallelism proves key to effective scalability on clusters. A variety
of parallel programming tools and techniques have emerged to assist in
partitioning applications for clusters. Their use requires considerable expertise
though, and some classes of applications fundamentally cannot be adapted at all.
If sufficiently partitioned, applications can exploit clustered systems containing
hundreds or even thousands of nodes, delivering monumental gains in
performance.
Performance clustering options typically fall into one of three broad categories:
High-PerformanceComputing(HPC) Clusters address some of the worlds deepest
computational problems, including simulation of natural phenomena, finite
element analysis, and mechanical design. While most HPC applications fall
into the engineering and scientific domain, HPC is increasingly penetrating
business computing as well, where it can be employed for sophisticated
financial analysis algorithms. Most HPC-application designs have converged
around two public-domain parallel-processing packages, Message-Passing
Interface (MPI) and Parallel Virtual Machine (PVM), which handle dispatch,
collection, and management of processing tasks across cluster nodes.
DatabaseClusters boost transaction throughput by spreading workload across
multiple instances of a database server running in parallel. While most OLTP-
oriented tasks tend to scale better on SMP systems, which suffer a much less
severe penalty with regard to inter-processor communication, a few
commercial applications rely on analysis as well and thus lend themselves well
to cluster deployment. For example, data warehousing involves scanning large
databases for patterns that can be used to help make business decisions
(decision support is typically cited as a key benefit of data-warehousing
applications). Many classes of data-warehousing applications can partition
their data sets so as to minimize inter-node synchronization, allowing them to
achieve good scalability on clusters. However, data partitioning and
distribution must be implemented at the core of a database engine to work
effectively, meaning that database systems require modifications to properly
support clustered operation. Several commercial database systems, including
Oracle Parallel Server (OPS), IBM DB2 Universal Database (UDB), and
Informix XPS, have been extended to work in parallel on clusters of servers
connected by high-speed interconnects.
Web-Server Farms (IP clusters) allow ISPs or corporate Intranet sites to map all
the traffic destined for a single website (i.e., home.netscape.com) to a
SS, March 2001
farm of multiple web servers across which the Internet traffic is balanced.
IP clustering can take place either in hardware, at a router-like device sitting in
front of the web-server farm, or in software, on a separate server that sits in
front of the web-server farm. These techniques allow operating systems to
support the largest websites on the Internet, some of which have to process
millions of hits per day, which can exceed the capabilities of a single server.
AIX, HP-UX, Solaris, and Tru64 UNIX all support the necessary tools to develop
HPC clusters, including native versions of Message Passing Interface (MPI) and
PVM, along with value-added utilities that simplify management of clusters for
scientific-computing applications. However, the studied systems still vary
significantly in terms of the degree to which they are actually deployed in HPC-
cluster environments. This divergence may result from a variety of factors that are
independent of operating-system capabilities, including vendor focus, hardware
performance and price/ performance. But the mindshare established for a
platform has a significant effect on its credibility as an HPC environment, since it
affects application availability and access to expertise. One key indicator of the
degree to which the studied environments have penetrated the HPC space can be
found in the list of the worlds 500 most powerful computer systems that has
been compiled by the TOP500 organization
14
twice a year since 1993 based on
the LINPACK benchmark. LINPACK measures peak Floating Point Operations
Per Second (FLOPS).
AIX
43%
Tru64 UNIX
2%
HP-UX
1%
Solaris
16%
Other
38%
Highest rank: #1
Highest rank: #31
Highest rank: #91
Highest rank: #133
FIGURE 5: UNIX Operating System Representation in TOP500 Supercomputer
Sites (November 2000)

14
See http:/ / www.top500.org
FIGURE 5:
UNIX Operating System
Representation in TOP500
Supercomputer Sites
(November 2000)
SS, March 2001
Shown above is the UNIX operating system representation among the TOP500
sites. IBM dominated the November 2000 TOP500
15
list, capturing the number
one performance slot and representing 43% of all 500 entries with systems
running AIX (see Figure 5). Solaris has the next highest representation in the list,
running on 16% of all entries and delivering the 133rd-highest performance.
Systems running HP-UX and Tru64 UNIX reach higher performance levels
(number 91 and 31, respectively), but have relatively insignificant representation
overall at 1% and 2%, respectively. UnixWare is not represented on the list .
Both Sun and Compaq have redoubled their efforts to grow their share of the
HPC market. Solaris 8 supports Suns recently acquired GridWare technology,
which provides a sophisticated toolkit for taking advantage of contributed
processing cycles from large numbers of heterogeneous systems.
Compaq has also stepped up the pursuit of high-end supercomputer applications
with its TruCluster technology, and has captured several key accounts by
highlighting its superior ability to manage HPC-cluster resources. For example,
the U.S. Department of Energy (DOE) announced that Compaq would provide
the project technology for a Cooperative Research and Development Agreement
between Sandia National Laboratories and Celera Genomics, which will build a
100 TeraOPS (trillions of operations per second) supercomputer. The DOE
National Nuclear Security Administration (NNSA) selected Compaq to build
what is expected to be the worlds fastest and most powerful supercomputer. The
National Science Foundation selected Compaq and the Pittsburgh
Supercomputing Center to build and manage the worlds largest supercomputer
for nonmilitary, scientific applications. Compaq AlphaServer systems running
Tru64 UNIX played a critical role in Celeras mapping of the human genome, as
well as at the two largest sequencing centers supporting the public Human
Genome Project. The French Atomic Energy Commission (CEA) recently
selected Compaq to build the largest supercomputer in Europe.
AIX, HP-UX, Solaris, and Tru64 UNIX all support the leading parallel-database
servers including IBM DB2, Informix XPS, and Oracle Parallel Server (OPS).
Further, Compaq, IBM, and Sun have each boosted their credibility in parallel-
database environments by validating cluster configurations of their operating
systems with industry-standard benchmarks such as TPC-H and TPC-C (see
Table 5). IBM stands out in particular for pushing its DB2 clusters up to 32 nodes
on AIX.

15
See IBM DominatesTOP500, D. H. Brown Associates, Inc., December 2000.
SS, March 2001
TABLE 5: Database Cluster Benchmark Results for UNIX Operating Systems
OS Hardware Database # Nodes CPUs/ Node Benchmark Date Result
AIX RS/6000 SP 550 DB2 UDB 32 4 TPC-H 4/27/00 12,867 QphH
Tru64 UNIX AlphaServer GS140 Informix XPS 8 8 TPC-H 11/1/99 6,514 QphH
AIX RS/6000 S70 OPS 5 12 TPC-C 6/30/99 110,434 tpmC
Solaris Enterprise 6500 Oracle 8i 4 24 TPC-C 9/24/99 135,461 tpmC
All of the studied operating systems can be deployed in concert with hardware-
based web-server farm solutions such as Cisco LocalDirector, which takes
incoming Internet Protocol (IP) sessions and rewrites the IP headers of a packet
stream to redirect them to a particular server. The process uses a technique called
Network Address Translation, defined in RFC 1631. This approach requires no
changes to DNS configurations and only minimal configuration of web servers,
other than to insure that the web servers have mirrored data or are operating
from a common network-based file store. Hardware-based solutions can balance
a broad range of TCP/ IP-based functions beyond web services, including e-mail
or FTP.
However, even though hardware-based web-server farm solutions work well and
are widely used, their deployment can be expensive, particularly since a second
backup unit is typically needed to avoid a single point of failure. Also, hardware-
based load-balancing approaches do not necessarily have the ability to dynamically
balance IP connections according to the load on each server in the web-server
farm. Software-based IP load-balancing options such as iPlanet Proxy Server or
Resonate Central Dispatch can be more flexible in this regard. While most of
these tools are available for the studied UNIX systems, HP-UX stands out for
bundling the Resonate tool with a license to manage up to three servers.
Tru64 UNIX and UnixWare offer somewhat limited support for traditional web-
server farm options iPlanet Proxy Server and Resonate support neither
platform. Instead, Compaq promotes load-balancing capabilities for IP services
using its TruCluster HA clustering package, a technique that is also supported in
Sun Cluster and UnixWare NonStop Clusters. These approaches also pass on the
benefit of HA failover to other types of services.
LOW-LEVEL OPTIMIZATIONS
Over the years, UNIX operating-system developers have introduced a variety of
low-level optimizations that can boost performance in certain types of
applications. For example, all of the studied UNIX systems now support kernel-
based asynchronous I/ O, which allows applications to continue processing while
waiting for time-consuming I/ O operations to complete, and direct I/ O, which
allows critical applications to bypass the caching mechanism normally used by file
systems to manage storage access. Some differentiation remains due to other
performance optimizations, including,
SS, March 2001
Memory FileSystem: Some UNIX systems provide a file-system implementation
that resides entirely in virtual memory, i.e., no permanent file structures or
data are written to disk. This capability, which is referred to as /tmpfs (or
temporary file system) is available in all of the studied systems except HP-
UX.
16
Dynamic Page Sizing: Historically, UNIX operating systems used fixed-size
pages to perform I/ O operations. However, some classes of applications may
benefit from variable page sizes. For example, applications that involve use of
many small files (such as e-mail servers) may operate more efficiently with
small page sizes, while I/ O-intensive applications implementing large block
transfers may run better with large page sizes. Tru64 UNIX and UnixWare
each allow administrators to set I/ O page sizes by process. HP-UX supports
variable-sized virtual memory pages and dynamically adjusts the page sizes
used for application to optimize performance. No administrator intervention
is required.
Kernel Thread Architecture: All studied environments now support kernel
threads, which are required to effectively scale multithreaded applications on
SMP systems, and enable key programming techniques such as asynchronous
I/ O. While traditional kernel thread mechanisms used one-to-one (1-1)
approaches in which each application thread has one corresponding kernel
thread more advanced implementations employ MxN thread approaches,
in which the kernel multiplexes a configurable number of user threads over a
fixed (but also configurable) number of kernel threads. For some application
classes, MxN thread-scheduling can boost efficiency, since the user threads
can avoid calling kernel functions directly, thus reducing the overhead of
saving and restoring the kernel state when making those calls. An MxN thread
architecture also allows the creation of many more user threads, because it
requires a smaller overhead per thread. All of the studied UNIX systems
support MxN threads except HP-UX, which will introduce this capability in
the second half of 2001.

16
HP-UX 11i ships with a Memory File System that provides comparable functionality, but HP does not advertise it as a
tmpfs.
SS, March 2001
RAS (RELIABILITY, AVAILABILITY,
AND SERVICEABILITY)
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
AIX 4.3.3
Tru64 UNIX 5.1
HP-UX 11i
Solaris 8
FIGURE 6: RAS Ratings
SUMMARY
Solaris has a strong lead in the RAS area, offering several functions not yet
available from any competitors, particularly in the Dynamic Reconfiguration (DR)
and partitioning categories. Solaris 8 can arbitrarily add and remove CPUs online,
and is the only studied product that can add and remove memory online. Also,
Suns Dynamic Domains function on the E 10000 server is the only available
UNIX partitioning function that allows the hardware partitions between
operating-system instances to be adjusted while keeping them online. All of the
other hardware partition solutions currently require the affected partitions to be
rebooted after reconfiguration. Solaris 8 also introduces significant enhancements
to the manageability of these functions with its Reconfiguration Coordination
Manager (RCM), which provides a standard API for applications to adjust online
to changing domain configurations so that they can dynamically optimize their
use of available resources (i.e. processors and memory). RCM also allows
reconfiguration to be automated through scripting, maximizing the ability of
servers using Dynamic Domains to flexibly accommodate tasks that vary with
business schedules. Some key software packages, such as Oracle 9i, already exploit
RCM.
HP-UX follows, offering strong functions to handle component failure, leading
resource management tools, first-class Fibre Channel support, and strong Disaster
Recovery options. HP-UX is one of only two systems that can detect and recover
from memory errors online. HP-UX Workload Manager is the only goal-based
resource-management tool currently available. Using this product, administrators
can define targets in terms of overall application performance, rather than the
performance of any one subsystem. HP-UX is one of two systems that supports
all studied fibre channel capabilities, and HPs MC/ ServiceGuard CampusCluster,
ContinentalCluster and MetroCluster packages share the lead for Disaster
Recovery capabilities.
FIGURE 6:
RAS Ratings
SS, March 2001
Although all studied systems include a Journaling File System (JFS), only HP-UX
11i and Tru64 UNIXs AdvFS file system offer Full Journaling, which applies
logging to maintain the integrity of the files themselves in addition to that of the
file system. Like HP-UX, Tru64 UNIX can scrub and correct double-bit memory
errors online. Tru64 UNIX is also the only other system with complete support
for all studied Fibre Channel functions. Tru64 UNIX also offers the strongest
Cluster File System (CFS), with the only CFS implementation that works on the
root file system. For Disaster Recovery, Tru64 UNIX supports the optional Data
Replication Manager (DRM), and Oracle Log Shipping. TruClusters can also use
Fibre Channel in place of Memory Channel, which extends cluster ranges to three
kilometers.
AIX provides the most complete support for handling processor failure, and
offers particularly strong Disaster Recovery functions in its GeoRM Geographic
Mirroring and HAGEO wide-area failover options. AIX is also the only system to
match the capabilities of Suns Live Upgrade feature, which allows installation of
an operating-system image to occur simultaneously with production use.
UnixWare supports a number of vital resiliency features, notably Multipath I/ O,
and sustains static hardware partitions provided by high-end Intel-based servers
such as the Unisys ES7000. UnixWare also supports SCOs powerful NonStop
Clusters, a sophisticated HA package that works with as many as 32 nodes, a
Cluster File System, and advanced HA functions such as process pairs. However,
UnixWare lacks sophisticated resource-management tools, and has only basic
Fibre Channel capabilities.
Component
Failure
Resilience
9%
Journaling File
System
6%
HA Clustering
Options
30%
Operational
Improvements
10%
Workload
Management
30%
Dynamic
Reconfiguration
15%
FIGURE 7: RAS Criteria and Weightings
FIGURE 7:
RAS Criteria
and Weightings
SS, March 2001
COMPONENT FAILURE RESILIENCE
Server hardware has become more reliable over time. Server designs increasingly
use highly integrated components. These components reduce complexity and
hence the number of points of failure. Systems also now build in redundant
components, which further improves reliability. For example, areas that are
vulnerable to mechanical failure, such as storage, can be protected through
redundancy techniques such as RAID.
Despite these improvements, failures can still occur in critical components that
are expensive and sometimes extraordinarily challenging to replicate at the
hardware level, including processors, memory, and I/ O devices. In response,
leading-edge UNIX-system developers have introduced resiliency functions that
allow operating systems to adapt to outages by key hardware components in
single systems. In many cases, designers have drawn on techniques that have
traditionally been implemented in mainframes. Emerging operating-system
technology that enables such self-healing includes,
DynamicProcessor Resilienceallows an operating system to adapt to processor
failure by isolating failed CPU components. In the event of a soft error (a
non-fatal error that allows the system to continue processing), the system
gracefully discontinues use of the failed unit. If a processor failure results in a
system crash, the system restarts automatically after isolating the failed unit.
DynamicMemoryResilienceallows an operating system to dynamically cordon off
memory that has suffered single-bit errors so that software no longer risks
using potentially unreliable areas. Most systems can typically detect and
correct single-bit failures with Error-Correcting Code (ECC) memory. With
dynamic-memory resilience, however, the operating system registers repeated
single-bit failures in software so that it can isolate affected areas before fatal
double-bit errors occur.
Virtual IP Addresses allow IP connections to remain unaffected if physical
network interfaces fail. System administrators define a virtual IP address for
the host, which from a TCP connection standpoint is decoupled from the
IP address associated with physical interfaces.
AlternateI/ O Pathing(also known as Multipath I/ O) allows an operating system
to recover from the failure of I/ O devices such as disk or network adapters
by re-routing I/ O to a backup device, while preserving logical references to
the device so that applications continue processing without interruption.
Tru64 UNIX and HP-UX 11i share the lead in the component-failure-resistance
category, each deriving a major advantage from its ability to detect and recover
from memory errors online. HP-UX 11i continuously checks memory to
determine which type of error has occurred, a Single-Bit hard Error (SBE), or a
repeating set of soft errors. If either type has occurred, the four-KB page of
memory involved in the failure is deallocated online to prevent a second and
fatal
17
bit error. HP-UX 11i also logs these errors for later analysis or reboot so

17
Error-Correcting Code (ECC) memory detects SBEs, but cannot correct them.
SS, March 2001
the bad memory is permanently kept offline throughout succeeding boot cycles.
Tru64 UNIX includes a Memory Error Troller, which scans memory at a
configurable rate to flush out SBEs, which are scrubbed/ corrected by PALcode
in the AlphaServer hardware. Double-Bit Errors (DBEs) are detected by the
Troller, which causes the page to be marked as bad, and hence moved to the
bad page list whenever possible. Note that in both cases, errors could still be
encountered as unrecoverable by an application or by the kernel at the time of
failures, i.e., prior to deallocation, which potentially results in some application
failures.
AIX has the most complete support for handling processor failure. Consider
these typical scenarios. If AIX discovers a processor with too many recoverable
errors during runtime, it will dynamically turn off that processor, while the rest of
the system keeps running.
18
If AIX discovers a sick processor or memory block
during its boot process, the defective part is turned off and not used. Also, if a
system is halted for a sick processor or memory block, the processor and block
are turned off and not used when the system reboots. By contrast, HP-UX,
Solaris, and Tru64 UNIX all offer partial support for handling processor failure.
HPs memory-error detector works on processor cache memory in addition to
main memory. HP-UX 11i will also trap and check for processor failure when
certain types of page faults occur. If a processor has failed, HP-UX will notify an
administrator who can take the processor down while the rest of the system stays
up. Tru64 UNIX can take processors offline automatically if their internal cache
goes bad (using Tru64 UNIXs Memory Error Troller), and allows administrators
to start/ stop processors manually online (including the boot processor). The
Open Boot PROM (OBP) in Suns servers has a Blacklist feature that prevents
configuration of components during Power On Self Test (POST). Solaris allows
administrators to dynamically reconfigure (DR) a board out, blacklist the CPU,
and DR the board back in without bringing the server down. This approach gives
Solaris the additional advantage of being able to deallocate CPUs even if they are
bound to I/ O.
All of the studied systems except UnixWare support Virtual IP Addresses in the
base operating system. HP-UX actually provides three ways to deliver the
capability:
LAN Monitor, which protects from the failure of network-adapter cards and
directs IP traffic, which has been routed to failover cards;
Auto Port Aggregation (APA), which provides trunking of multiple network
pipes into a large virtual pipe; and
MC/ Serviceguard, HPs HA clustering extension that protects many areas
including network adapters.
HP-UX also supports relocatable IP addresses, which resembles a virtual host IP
address that can be assigned to an application. Solaris 8s IPMP (IP Multipathing)
supports load balancing, auto-failover of connections, and re-establishment of

18
See AIX cpudisable command.
SS, March 2001
failed links when repaired. IPMP also reacts to Dynamic Reconfiguration events
to include newly inserted Network Interface Cards (NICs) while the system is
running. Tru64 UNIX supports virtual IP addresses as well.
All of the studied systems except AIX support alternate I/ O pathing in the base
operating system. HP-UX offers this capability via two functions: PVLinks, which
is used by HPs MC/ ServiceGuard clustering extension, and Auto Port
Aggregation (APA), which provides load balancing across adapters. HP-UX also
includes native storage failover functions for EMC storage devices when a disk
fails, redirection to another disk occurs automatically. Solaris supports Alternate
Pathing (AP) for most of Suns I/ O devices, with particularly strong Dynamic
Reconfiguration for services such as IP networking. UnixWare supports
Multipath I/ O for certain disk adapters. Tru64 UNIX offers fully dynamic and
automatic Multipath I/ O, including support for EMC storage devices. Tru64
UNIXs function includes automatic failover and load balancing, not just for
Compaq devices, but for any supported device (including EMC). Tru64 UNIX
also performs load balancing across multiple paths, (where some others only do
failover, and may be limited to two paths only), and also supports multipath tapes
and media changers.
DYNAMIC RECONFIGURATION
As IT infrastructures become increasingly web-based and globally oriented,
servers truly must be able to respond to requests 24 hours a day and 365 days a
year. Operating systems can help to minimize downtime by reducing the number
of administrative tasks that require a system restart, which can consume a great
deal of time in high-end environments. Dynamic reconfiguration differentiates
operating systems by allowing online addition and removal of components for
repairs or upgrades with rebooting. Capabilities of this highly prized quality may
include,
OnlineCPU and memory reconfiguration allows processors and memory to be
added or removed without rebooting the operating system. Dynamic removal
of memory is especially challenging, since it requires the operating system to
gracefully dry up use of resources that reside in components being
detached. Online CPU and memory addition is especially useful when coupled
with Capacity-On-Demand programs (see below).
OnlineI/ O reconfigurationallows I/ O devices such as disk adapters and network cards
to be added or removed when coupled with current hardware-reconfiguration
capabilities, i.e., hot-plug Peripheral Component Interconnect (PCI ).
Capacity-On-Demand (COD) options allow users to increase the processing
power of systems without disrupting operations. Typically, COD programs
involve the purchase of fewer processors than are actually installed in the
system, introducing a distinction between the physical installation and the
purchasers license to use. Extra processors remain idle until more capacity is
needed, at which time users license these processes and the operating system
activates them. COD options have long been available to users of traditional
high-end commercial systems such as mainframes, for which users could
SS, March 2001
lease capacity by paying a regular fee. They have now proven particularly
attractive for addressing the wildly fluctuating workloads of web applications
related to e-commerce. Compaq, HP, IBM, and Sun each offer COD
programs for servers running their respective UNIX systems.
Solaris 8 has a major advantage over its competitors in the Dynamic
Reconfiguration (DR) category, fully supporting all studied functions. Solaris 8
can arbitrarily add and remove processors online, and is the only studied product
that achieves this. Further, the Automatic Dynamic Reconfiguration (ADR)
function in Solaris 8 automates the DR process by simple scripting so that
administrators do not have to be present when DR is performed. Solaris 8 also
includes a toolkit that applications can use to behave correctly given a particular
combination of CPUs and memory. The Reconfiguration Coordination Manager
(RCM) provides a standard API for applications to adjust dynamically to available
resources.
19
Compaq has traditionally focused its RAS efforts on HA clusters, rather than
single-system reliability enhancements. Thus, Compaq seeks to deliver Dynamic
Reconfiguration features by optimizing the Single-System Image (SSI) capabilities
in TruCluster Server. Compaqs AlphaServers allow online replacement of
processors and memory at the hardware level, but Tru64 UNIXs software
support for the capability still lags.
20
Tru64 UNIX allows all processors except the
AlphaServers Master/ Boot CPU to be taken offline and brought back online, but
does not yet support the addition of new processors. AIX allows administrators
to turn off processors manually. HP-UX allows administrators to take CPUs
offline, and bring them back online.
21
All of the studied systems except Tru64
UNIX support dynamic addition and removal of PCI peripherals.
JOURNALING FILE SYSTEM
A JournalingFileSystem(JFS) boosts storage reliability by protecting the integrity of
the file system. This reduces dramatically the time required to boot a system
configured with large amounts of storage after unplanned shutdowns. Journaling
employs transaction-based logging techniques similar to those of database
systems. Before updating any file system control information (i.e., metadata), the
operating system enters information concerning the update into a disk-based log.
Only after the system has confirmed that it has written the user data safely to disk
does it attempt to update the actual metadata. If the system loses power or
otherwise fails during the metadata update, the JFS can reconstruct the all-
important metadata from information in the log. In this way, file systems always

19
If applications are not properly modified to handle Dynamic Reconfiguration, they will not necessarily be optimized to take
advantage of available resources. For example, dominant applications such as database servers typically make assumptions
about the number of processors available. If the number changes while the database is running, performance can suffer for a
variety of reasons. Indeed, the Solaris version of Oracle 9i already takes advantage of RCM to deal with this very problem on
Suns hardware.
20
Tru64 UNIX will have full CPU hot-swap support in an upcoming release (V5.1A, the same release that will incorporate the
ARMTech functionality).
21
HPs vPartitions, due to ship in first quarter 2001, will allow processors to be added/ deleted dynamically.
SS, March 2001
move from one consistent state to another, never attempting unsafe writes. All of
the studied systems include Journaling File Systems in their base distributions.
Full Journalingis more powerful. It maintains the integrity of the files and the file
system. Traditional JFS implementations guarantee the consistency of the file
system, but make no effort to protect the consistency of the files themselves. In
the event of system outage, a file that was being written to at the time of failure
could potentially be in anystate when the operating system restarts: fully written,
partially written, or wiped out. Full Journaling employs transaction-logging
techniques to maintain the consistency of the files themselves. This approach
boosts uptime by allowing applications to continue accessing critical files that are
kept in an expected format.
All of the studied UNIX systems now include Journaling File Systems in their
base operating-system packages, but HP-UX 11i and Tru64 UNIXs AdvFS file
system offer Full Journaling.
22
UnixWare provides a variation of the traditional,
but highly regarded Veritas VxFS file system. Solaris 8 includes Suns DiskSuite
extensions to the standard UNIX File System (UFS), and AIX 4.3.3 includes
IBMs Journaling File System (JFS).
HIGH AVAILABILITY (HA) CLUSTER OPTIONS
Administrators can use High Availability (HA) cluster techniques to maintain the
availability of operating-system services and applications by failing over to a
backup system in the event of system outage due to any failure hardware,
software, or otherwise. HA clusters allow one or more servers to take over for a
server that has crashed or stopped processing normally, allowing processing to
continue. By isolating faults on the failed node, the remaining nodes can continue
functioning, keeping the overall clustered system in operation, albeit at reduced
capacity.
Unlike Fault Tolerant (FT) systems, most HA clusters do not necessarily
guarantee continuous service they only try to ensure service restoration within a
reasonable time limit. In fact, at the time of a failure, cluster clients will likely
receive errors while the cluster completes state-transition changes. FT systems
tend to use specifically-designed and usually costly proprietary mechanisms to
enable truly continuous availability, while clusters emphasize the use of standard
building blocks (i.e., traditional servers used to construct meta-systems with
some level of a single-system image). As part of the design tradeoff, a clusters
failover process does not necessarily occur immediately or transparently.
A complete assessment of HA clustering solutions is beyond the scope of this
study.
23
However, full-function HA clustering solutions must usually include
several key components, including FailureDetection, Recovery, and Configuration tools.

22
HP provides this capability using the datainlog mount option to JFS.
23
For a detailed competitive review of HA clustering products from Compaq, HP, IBM, Sun, and several other vendors, see
CompetitiveAnalysisof UNIX Cluster HA Functionality Part Oneof a Two-Part HA Study, D. H. Brown Associates, Inc. March,
2000.
SS, March 2001
Clustering software monitors the health of systems and applications by running
agents that continuously probe for certain conditions. Vendors usually provide
agents for monitoring hardware, the operating system, and key applications such
as databases and messaging systems. They typically also provide an API that
developers can use to configure monitoring of their own applications. When
agents detect a failure, they can trigger a variety of actions, depending on the
configurability of the clustering package. First, the system must decide whether to
attempt a local recovery or initiate a failover, in which the workload is moved to a
backup server. In failover situations, support for more than two nodes becomes a
significant added value, because of the ability to perform cascading and
multidirectional failover. Cascading failover provides higher levels of reliability by
allowing the workload to continue migrating to yet another backup node if the
primary backup node fails. Multidirectional failover allows a failed nodes
workload to be split and failed over to multiple backup nodes.
24
Since the nodes of an HA cluster must be able to take over the workloads of
other nodes, they must share access to application data. Thus, HA clustering
inherently depends on the ability for multiple servers to access the same storage
devices. In the past, when most UNIX-oriented storage devices were attached
directly to servers using SCSI I/ O adapters, shared storage was accomplished by
taking advantage of SCSIs built-in ability to chain together multiple devices and
hosts on a shared physical bus. Disks were simply chained along a single SCSI bus
that was terminated at either end with a host adapter connected to a node. This
approach was relatively simple, but limited the number of hosts that could share
storage to relatively small numbers, since attaching SCSI devices to more than 2-4
hosts at a time becomes awkward.
Currently, the industry focus is on phasing out direct-attached storage in favor of
storage devices that are connected directly to the network. Network Attached
Storage (NAS) devices are connected to the mainstream network, just like
traditional servers, whereas Storage Area Networks (SANs) involve use of a
private, high-speed network dedicated to sharing data. In the latter case, the
preferred network protocol in current use is Fibre Channel (FC), an industry-
standard, high-speed serial data transfer interface that can be used to connect
systems and storage in point-to-point or switched topologies. Operating systems
can offer varying degrees of support for Fibre Channel, including,
Basicdrivers for FC adapters may be sufficient to attach to FC networks based
on Arbitrated Loop (FC-AL) topologies, in which up to 255 storage devices
can be attached in a relatively simple loop topology.
Support for FC switches(FC-SW) allows attachment to many more devices at once.

24
For example, in a four-node cluster, if node 1 runs three applications, A, B, and C, with multidirectional failover, A could
failover to node 2, B to node 3, and C to node 4. Without multidirectional failover, average node use could not be allowed
to exceed 50% per node, since the workload assigned to the single available backup node would demand more than 100% of
the nodes capacity, causing it to become overloaded and degrade system performance after a failover. In a four-node
cluster, each node could run at 75% average use since one-third of the failed nodes workload (equaling 25% use of a node)
could be failed over to each of the remaining nodes. An 8-node cluster would allow up to 87.5% use per node, and so on.
SS, March 2001
Ability to boot fromswitches permits systems to access their operating system
software from FC networks.
Cascading authorizes operating systems to support multiple levels of FC
switches, and hence to enable deployment of much larger FC networks.
Zoning allows configuration of segregated and protected storage zones
representing different domains, each with its own storage security (i.e.,
administrators can create a confidential zone for Finance, another one for
Marketing, another one for R&D, etc.)
The basic definition of a cluster has long invited contentious debate in both
marketing and academic circles. The one concept agreed upon by all, however,
relates to the fundamental requirement for a single-systemimage the ability to view
and operate the cluster as if it were a single virtual server. The availability of a
Cluster FileSystem(CFS) represents a particularly significant differentiator among
the studied systems in terms of the ability to provide such a single system image.
With a CFS, every cluster node shares a single, consistent view of all shared
storage in the entire cluster, and enjoys access to all shared data even if any given
node in the cluster fails. If the CFS works with the root-filesystem, it can help to
simplify cluster management, because program and configuration files need not
be duplicated and maintained on all nodes only a single system install to the
CFS would be needed for the files to be available to all nodes in the cluster.
Otherwise, from an operator standpoint, cluster administration should involve a
single point of interaction, and management tools should hide the implementation
details of multiple servers as much as possible.
Since most HA cluster environments depend on some form of shared storage, the
distance between nodes is often constrained by the maximum length of I/ O
channels such as SCSI or FC, i.e., at best campus ranges of a thousand yards or
so. Disaster Recovery(DR) options allow nodes to be separated by geographically
significant distances, measured in miles or even continents. Typically, DR options
work through replication, i.e., synchronizing the contents of different servers on a
regular basis. The greater distances afforded protect systems from outages that
affect entire sites, such as floods, terrorist attacks, or asteroid impact.
TABLE 6: Native High Availability (HA) Clustering Options
Although all of the studied systems now supports very competitive HA clustering
options (see Table 6), AIX and Tru64 UNIX share the overall lead in this
category. Compaqs TruCluster Server and IBMs HACMP held first and second
OS HA Cluster Package
AIX HACMP
HP-UX MC/ServiceGuard
Solaris Sun Cluster 3.0
Tru64 UNIX TruCluster Server
UnixWare UnixWare NonStop Clusters
TABLE 6:
NativeHigh
Availability (HA)
Clustering Options
SS, March 2001
place, respectively, in DHBAs most recent HA clustering evaluation.
25
IBM also
provides very strong Disaster Recovery capabilities for AIX in its GeoRM
Geographic Mirroring option, which implements software-based replication for
unlimited-distance failover, and HAGEO option, which supports wide-area
application failover. IBM recently introduced a Cluster File System for AIX.
Based on its General Parallel File System (GPFS), this system was carried over
from its SP systems, and supports all studied FC functions except the ability to
boot from an FC switch. Tru64 UNIX supports all of the studied Fibre Channel
capabilities, and offers the strongest Cluster File System (CFS), with the only CFS
implementation that works on the root file system.
Solaris follows, offering a newly strengthened set of HA cluster functions in Sun
Cluster 3.0. Including a Cluster File System, the 3.0 version began shipping in
November, 2000.
26
Solaris 8 supports basic drivers for FC adapters and switches,
as well as cascading. However, Solaris still lacks FC zoning capabilities, and the
ability to boot from an FC switch.
HP also supports all studied FC capabilities, but HPs HA clustering package,
MC/ ServiceGuard, now remains the only studied HA clustering option not to offer
a Cluster File System. However, HP offers strong Disaster Recovery options with
its MC/ ServiceGuard CampusCluster, ContinentalCluster and MetroCluster
packages for HP-UX. CampusCluster allows systems and storage to be placed in
different buildings to achieve higher levels of availability. For architectural
flexibility, CampusCluster can be based on either Fibre Channel or EMC
Symmetrix Remote Data Facility (SRDF), which provides support of distances
between nodes up to 10km. MetroCluster can be configured with Continuous
Access XP or EMC SRDF, and enables dispersed HP-UX clusters to be combined
into a single, manageable system with automatic failover of applications in the event
of a fault, failover or disaster. MetroCluster provides complete integration with
HPs XP storage-server family and EMCs Symmetrix storage products.
ContinentalClusters provides a dual-cluster solution that enables the highest levels
of availability with no distance limitation based on wide area network connections.
This offers flexibility in positioning data centers at economic or strategic locations.
UnixWare supports several HA clustering options, including SCO Reliant-HA and
SCO NonStop Clusters, a sophisticated package that was adapted from Tandem
Computers Fault-Tolerant technology. NonStop Clusters supports up to 32 nodes,
and includes advanced HA capabilities such as process pairs. These pairs consist of a
primary process and a backup process that run on separate processors. The primary
process sends checkpoint messages to its backup process as needed, so the backup
process contains all of the process-state information it needs to take over in the event
of either hardware or software failure. NonStop Clusters also include a Cluster File
System, but UnixWare currently has minimal Fibre Channel support.

25
See CompetitiveAnalysisof UNIX Cluster HA Functionality Part Oneof a Two-Part HA Study, D.H. Brown Associates, Inc.,
March 2000.
26
The most recent DHBA evaluation of HA cluster products covered Sun Cluster 2.2. Although DHBAs High Availability
Software and Hardware/ Clusters (HASH) research program has not yet updated its assessment for Sun Cluster 3.0, for
purposes of this study, we assume solid improvements.
SS, March 2001
WORKLOAD-MANAGEMENT TOOLS
As administrators react to the rampant server proliferation that has resulted from
client-server computing by consolidating multiple workloads on larger systems,
centralization has once again become fashionable. UNIX SMP servers have
become particularly attractive options for consolidating applications and server
functions. Their support for 24 or more processors in SMP servers allows them
to consolidate multiple smaller (four- and eight-way) servers now used
predominantly for managing departmental and branch functions. However, when
administrators try to run multiple dominant applications on a single server all
of these applications expect to consume all available resources (i.e., database
servers) the challenge is ensuring consistent responsiveness. Workload-
management tools can help to overcome this problem by allowing large numbers of
resource-intensive applications to run simultaneously on a single server through
flexible scheduling policies, and are thus a key enabler for a variety of server-
consolidation tactics.
UNIX systems currently support two classes of workload-management tools:
Logical Partitions (LPARs) allow administrators to run multiple instances of an
operating system within a single server. Each instance behaves as if it were
running on a standalone machine. Bullet-proof barriers between the
different environments maintain overall system robustness, so that even the
most extreme application failure or operating system crash in one partition
leaves the others unaffected. The entire environment, i.e., all partitions, can be
managed from a single point. A variety of mechanisms have emerged for the
studied UNIX systems that promise various levels of LPAR capabilities. The
current generation of UNIX LPAR technology depends on underlying
hardware to manage the separation between environments.
27
While this
approach guarantees the protection of resources within an environment,
reconfiguring partitions can be unwieldy, requiring substantial operator
intervention. Further, hardware-based LPARs usually work only on the
granularity of processors or processor sets, which potentially wastes resources
in workloads that do not match the processor count exactly.
28
The most
sophisticated implementations allow the boundaries of a partition to be
changed online (i.e., without rebooting any of the partitions involved). This
capability allows a single server to host multiple department systems by day,
and add their resources into the central database servers partition at night to
run large batch jobs.

27
There is considerable debate as to the advantages of hardware-based partitions over the more flexible software partitions.
Hardware and software partitions can both increase system utilization, high availability, flexibility, and reduce the overall
datacenter operational costs pertaining to hardware and software maintenance, system management, and administration.
While hardware partitions are limited by physical-boundary granularity, the software partitions can better use resources with
finer-grained control of CPU and memory resources. In addition, software partitions enable partition capabilities on low-
end and midrange systems.
28
The original mainframe LPAR functions worked at sub-processor granularity, in theory allowing multiple environments to
run simultaneously within a single processor. In these cases, partitions were actually managed by software, which was truly
able to maintain the fail-safe isolation between environments.
SS, March 2001
Resourcemanagement tools work within a single operating system instance to
effectively manage massive, constantly-changing workloads so that multiple
dominant applications can coexist in a single environment. The tools work by
efficiently allocating system resources such as CPU, memory, and I/ O to
different applications with flexible scheduling policies. These resource-
management functions effectively override the operations of the default
UNIX scheduler, instead taking customized policies into consideration.
Solaris presents a unique advantage relative to all studied UNIX systems by virtue
of its support for Dynamic Domains in Suns E 10000 server, which was
introduced in early 1997. Dynamic Domains are the only available UNIX-
partitioning function that allow the hardware partitions between multiple
instances of the Solaris operating system to be adjusted online.
29
All of the other
hardware-partition solutions currently require the affected partitions to be
rebooted after reconfiguration. Moreover, while Suns initial implementation (and
some current competing implementations) depended largely on operator
intervention to change boundaries, Solaris 8 introduced significant enhancements
to the manageability of Dynamic Domains, including the Reconfiguration
Coordination Manager (RCM). The RCM allows domain reconfiguration to be
automated through scripting, and provides a standard API for applications to
adjust dynamically to changing domain configurations so that they optimize their
use of available resources (i.e., processors and memory) for a given configuration.
These enhancements maximize the ability of servers using Dynamic Domains to
flexibly accommodate tasks that vary with business schedules. Solaris also
provides competitive resource-management tools, including the Solaris Resource
Manager (SRM), an unbundled option based on technology acquired from
Aurema (formerly ShareII). SRM can allocate CPU cycles and virtual memory by
user or application. The Solaris 8 version of SRM is coupled with Solaris
Bandwidth Manager, a quality-of-service feature that manages the bandwidth
used by different applications, and can be used to guarantee a minimum amount
of bandwidth to an application.
HPs new Superdome server can simultaneously run multiple instances of HP-UX
using its nPartitions physical-partitioning capabilities. HP-UX 11i introduces
significant enhancements to the manageability of the partitioning functions with
its Partition Manager (ParMgr) which provides a very user friendly interface for
managing the initial and ongoing configurations of partitions and manages the
entire multi-partition complex (multiple OS instances). The Partition Manager has
a GUI interface as well as a command line interface, plus it can be launched from
a PC web browser. In addition, the Partition Manager has a series of detectors
built-in which find and report possible hardware or configuration issues before
they become problems. HP-UX and Solaris share the unique ability for inter-
partition networking. This capability involves using the backplane switch of an SMP
server directly as a high-bandwidth, low-latency network interconnect between
partitions, enabling deployment of high-performance cluster applications on a

29
This capability is fundamentally enabled by Suns unique memory DR functions, since a key part of expanding and
contracting Dynamic Domains relates to adding and removing memory online to a running Solaris image.
SS, March 2001
single, multi-partition server. However, unlike Suns Dynamic Domains, HPs
nPartitions currently need to be rebooted if their size is changed.
30
HP-UX has a distinct lead in resource management, benefiting from HPs lead in
focusing on resource management before any of the other studied vendors. HP-
UX Workload Manager (WLM) now leads as the only goal-based resource
management tool currently available, meaning that administrators can define
targets in terms of overall application performance, rather than the performance
of any one subsystem. By contrast, the resource-management tools provided by
other UNIX systems are all entitlement-based (though they each implement
entitlements differently). HPs approach automates the processes of performance
feedback and the adjustment of allocation policies. This allows users to deliver
more consistent service levels to enterprise customers, external customers,
suppliers, and partners at lower costs, and to accurately plan for increases in
system resources to maximize application performance. HP-UX WLM
automatically collects performance data, compares it to some predefined goal, and
then takes action to adjust the amount of resources applied. Administrators write
custom code to make this work with any given application. Essentially, the
administrator writes a tool that defines what should be measured, measures it,
and reports the results back to WLM. The tool needs to include instructions for
attaching to the application, collecting the necessary performance data for the
metric, and passing that data to WLM via calls to the WLM API. Then, based on
a comparison of the results returned by the user tool with the number that WLM
uses as its goal, the system will add (or reduce) resources based on a priority
scheme. WLM can dynamically control CPU entitlement by providing automatic
distribution of CPU shares, and allows manual control of disk bandwidth and
memory shares.
HPs original resource-management tool, HP-UX Process Resource Manager
(PRM), remains available as well. PRM can allocate CPU cycles, real memory, and
disk I/ O by user or by application. Further, HP-UXs WebQoS function extends
resource management to network bandwidth.
Some of Compaqs AlphaServers support hardware partitioning as well, allowing
them to run multiple copies of Tru64 UNIX simultaneously. However, like HPs
Superdome, Compaqs approach requires that partitions be rebooted when their
boundaries are changed. For resource management, Compaqs Tru64 UNIX 5.0
bundles a class scheduler that can allocate CPU cycles and real memory by user or
application. While this capability is currently somewhat underpowered compared
to competitors, Compaq will soon introduce next-generation resource-
management technology licensed from Aurema, the original developer of Suns
SRM.
AIX currently lacks any support for hardware partitioning, since IBM will not be
introducing this feature in its UNIX server hardware until later this year.

30
HP also announced more flexible vPartitions for HP-UX 11i, which are software-managed and can adjust boundaries
between partitions dynamically. However, vPartitions have not yet begun to ship.
SS, March 2001
However, AIX rates competitively for resource management. IBM introduced its
workload manager, AIX WLM, in AIX 4.3.3. AIX WLM can allocate CPU cycles
and memory by user or program, based on different priorities. Like HP-UX PRM,
it can also allocate real (i.e., physical) memory, because AIX WLM is implemented
in the AIX kernel. IBM has now enhanced AIX WLM with improved
classification procedures and the ability to test and tune workload management
before putting WLM policies into effect.
UnixWare supports hardware partitions provided by high-end Intel-based servers
such as the Unisys ES7000, but requires that partitions be rebooted when their
boundaries are changed. UnixWare does not currently offer any noteworthy
resource-management tools.
TABLE 7: Serviceability Function Support
Enterprise-systems administrators require a broad portfolio of tools to help them
manage an operating system during both testing and production phases. They use
these tools to harden the system against failures (usually by performing post-
mortems on past failures) and to tune it for optimal performance. Some of the
studied UNIX systems have introduced enhancements that can represent
significant serviceability differentiators.
In traditional UNIX operating-system designs, certain key parameters that affect
kernel behavior required reboots whenever they were adjusted. Some UNIX
systems now support dynamictuning, in which kernel parameters can be changed
on the fly and take effect immediately. No system reboot is required, allowing
easy modification for optimum performance. Although some systems require use
of a kernel debugger to achieve this, or allow only limited sets of specific kernel
functions to be adjusted online, others rely on broader architectural support for
dynamically adjusting a variety of kernel parameters.
UNIX-system-software upgrades traditionally required a complete backup of the
existing version of the operating system prior to installing a new version. Now,
some systems have introduced a live-upgradefeature, allowing the administrator to
use an existing version of the operating system to build a new system while
operations continue normally. Instead of replacing the operating-system directory
structures and files, the new system is built in a new root-directory structure.
Then, the administrator can reboot with the new root and immediately begin
using the new system. Fallback in this case is simple. Simply reboot the original
Memory File System
AIX
4.3.3
HP-UX
11i
Solaris
8
Tru64
UNIX 5.1
UnixWare
7.1.1
Efficient kernel dump facility
Dump analysis tools Partial
Dynamic tuning of kernel parameters
Live Upgrade
Hot Patching
TABLE 7:
Serviceability
Function Support
SS, March 2001
system and resume using it. This is a major improvement for UNIX since prior to
this, fallback required a complete tape restore to recover from poor installation. It
definitely targets higher-production availability, and relieves the fears of those
who distrust new releases by providing quick fallback.
If it becomes necessary for engineers to work with a customer to diagnose or
correct an operating-environment bug, hot patchingallows them to patch key areas
of the operating-system kernel without rebooting. These dynamically-applied
patches re-vector crucial kernel code to the patched code without interrupting the
operation of applications. This greatly reduces the downtime to diagnose, test,
analyze, and correct operating-environment problems.
Extreme software failures can result in operating-system crashes. Post-mortem
crash analysis is a key part of hardening systems for enterprise usage. As with
application crashes, developers can examine dump files containing a snapshot of
the entire system memory at the time of failure. Operating systems can provide
enhanced dump-analysis tools to perform examinations of these crash dumps. Also,
on high-end servers configured with very large amounts of memory especially
64-bit systems crash-dump files can grow to enormous sizes that can
overwhelm traditional media and consume significant time to produce. Operating
systems can make analysis of such files more effective by reducing the amount of
data through efficient kernel-dump facilities that apply compression or eliminate
irrelevant information
Solaris 8 offers the strongest overall set of operational improvements, offering a
unique architecture for hot-patching its kernel, and a live-upgrade feature that is
matched only by AIX. Solaris hot-patching provides a facility for patching
functions in a live kernel without having to halt and reboot the operating system.
A command-line utility allows the system administrator to enable or disable
loaded hot patches so that hot patches can be taken offline, superceded with
newer versions, or enabled only when the problem under investigation occurs.
31
Solaris 8 also supports Live Upgrades, which means that instead of replacing the
operating-system directory structures and files, the new system is built during
production runtime in a new, parallel root-directory structure. The administrator
can then start the new system version simply by rebooting with the new root
directory, and is immediately able to begin using the new system. Fallback in this
case is simple simply reboot with the original root directory. Solaris 8 provides
kernel-dump compression, and introduces new kernel-dump options to show
both kernel and user address space.
AIX follows in this category, allowing over 60 kernel parameters to be tuned
dynamically, almost all of which allow changes to take effect immediately. Also,
AIX is the only other studied system to match Suns Live Upgrade capability with

31
Suns technique works by detecting when a kernel thread starts to execute the target function, and revectoring the flow of
execution to the new version. This is achieved by replacing the first instruction of the target function with a software trap
instruction and adding a new trap handler to do the work of redirecting the flow of execution to the appropriate hotpatch
function. Note that this function would rarely be made accessible to users themselves, but would instead benefit qualified
service personnel seeking to patch an environment without incurring any downtime at all for the user.
SS, March 2001
its alternate disk-installation procedure, which allows installing the system while
it is still up and running so that downtime related to installation or upgrade is
decreased considerably. AIX supports selective dumps to be compressed on the
fly, along with automatic dump analysis. This accelerates customer support and
saves time over full dump transmission. AIXs dump-compression and capacity
warning helps avoid situations where the dump exceeds system recording
capacity. Also, AIX device drivers can specify that they need to add something to
the dump, and can then query the device for additional data.
HP-UX and Tru64 UNIX rate about equally in serviceability, each supporting
primarily dynamic tuning of kernel parameters. All of the studied systems provide
efficient kernel-dump facilities, and all provide enhanced dump-analysis tools.
Tru64 UNIX supports full, partial, and compressed dumps, plus
partial/ compressed dump-to-memory options for fast recovery. Tru64 UNIX
also contains several value-added tools for analyzing crashes, including Compaq
Analyze, a hardware-oriented analysis tool that supports event correlation.
Compaq also includes its Canasta NG tool in Tru64 UNIX for automated on-site
crash-dump analysis. Canasta can create a signature of a crash and compare that
signature to a database of other crash signatures and the faults that caused them,
allowing a match to yield a quick diagnosis. Also, Compaqs Revision and
Configuration Management Tool (RCM), a hardware/ software revision checker,
reads a part number and compares it to an approved configuration topology.
RCM takes a snapshot of hardware and operating-system software, along with
anything that is bundled with the OS, and compares the snapshot with a database
of previous state stored in a Compaq support center. UnixWare supports dump
analysis with the kcrash utility included in the Data Center Feature Supplement
(DCFS), which began shipping in November. The DCFS provides for unattended
reboot after saving a system dump, and a dump-on-demand command. The new
system dump analysis utility kcrash provides a macro language to aid in
examining system dumps.
SS, March 2001
SYSTEM MANAGEMENT
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
AIX 4.3.3
Solaris 8
Tru64 UNIX 5.1
HP-UX 11i
FIGURE 8: System Management Ratings
SUMMARY
HP-UX and Tru64 UNIX share the lead for system management, supporting all
studied capabilities. HP-UX, Solaris, and Tru64 UNIX also provide improved
event-management mechanisms, offering the ability to track, view, and notify
administrators about many different types of system events, using a single
consistent format along with a unified interface. This concept allows a central
event log to serve as the only log that must be stored for debugging purposes,
helping administrators manage the profusion of messages from a variety of
sources that pop up during day-to-day administration. AIX, HP-UX, and Tru64
UNIX achieve a slight advantage over competitors due to their ability to allow
patches to be installed using two-phase commits. The other systems do not
provide formal mechanisms allowing system administrators to back out of
patches by automatically restoring software to its preexisting state if necessary.
Otherwise, differentiation has shrunk considerably in the UNIX system-
management area. While early UNIX leaders were able to establish leadership
through a variety of features related to ease-of-use or value-added tools
facilitating production usage, most of the studied UNIX systems now cover those
bases well. All of the systems now fully address storage management, and include
a Logical Volume Manager in the base operating system, which allows storage to
be managed in terms of virtual disks or volumes made up of one or more
physical disks. All studied systems enable plug-and-play hardware configuration,
and provide system-management tools that are useable by administrators with a
variety of skill levels. Of special note, all employ GUI tools that should appear
familiar to users accustomed to Windows PCs, and support some level of
administrative role delegation for management functions that normally require
broad administrative privileges. In this manner, full trusted access to the entire
network does not need to be granted to every administrator or to those
employees at lower levels. All studied systems except UnixWare provide some
form of a registry mechanism to keep track of software, extensions, and patches
that have been installed.
FIGURE 8:
System
Management
Ratings
SS, March 2001
Remote-administration capabilities have now matured as well. All of the studied
systems include system-management tools that have been optimized for web
usage, in some cases allowing ordinary web browsers to be used as entry-points.
All of the studied systems offer some form of template-installation tool, allowing
large numbers of identical servers to be configured at once through a cookie-
cutter methodology.
Hardware
Management
10%
Event
Management
18%
Remote
Administration
20%
Storage
Management
25%
Operating
System
Management
14%
Software
Management
14%
FIGURE 9: System Management Criteria and Weightings
HARDWARE MANAGEMENT
Hardware maintenance represents one of the most basic system-management
activities. It includes adding and replacing memory; disks and storage arrays;
processors; adapters for I/ O and networking; terminals; printers; and other
devices. Hardware management usually works through several phases:
Physically installing and connecting the hardware;
Reflecting the state of installed hardware at a low level (i.e., firmware);
Updating the operating system with appropriate device drivers; and
Making hardware resources available to applications.
In the past, performing these steps on UNIX environments required an in-depth
understanding of server architectures and some knowledge of the operating
systems innards. For example, configuring the operating system to use the
hardware frequently required issuing arcane commands or editing complex
configuration files a tedious and error-prone process. This meant that only
expensive field-support technicians or in-house experts were up to the job.
However, as more systems begin to use industry-standard parts for disk,
peripherals, and memory, the emphasis has shifted to providing plug-and-play
FIGURE 9:
System Management
Criteria and Weightings
SS, March 2001
hardware-installation procedures akin to those found on PC desktop systems,
whereby new hardware virtually configures itself after being attached physically.
At this point, all of the studied UNIX systems have simplified hardware
installation to the point where relatively little operator intervention is required.
AIXs Object Data Manager (ODM) architecture has dealt the longest with the
issue of detecting and installing hardware changes automatically and transparently.
The ODM acts as a registry (akin to that found in Windows NT today) that
manages all AIX configuration information. When an RS/ 6000 server boots up, a
complex detection and configuration mechanism registers new hardware and
makes sure that necessary device drivers are reflected in the ODM tables.
HP-UX, Solaris, Tru64 UNIX, and UnixWare now each support automatic
configuration of I/ O systems and device drivers at boot-up using various
mechanisms as well. All systems scan the I/ O card space at boot-time, and if new
hardware is discovered, and if the driver is included with the base operating
system, they load the driver automatically. If the driver is not included in the base
operating system, the system administrator is prompted for appropriate media
containing the driver.
OPERATING-SYSTEM MANAGEMENT
In commercial-server environments, routine administration of operating systems
primarily involves user account maintenance, security management, and tuning
the environment for particular application software. The earliest UNIX
implementations had notoriously poor tools for these types of activities. Typically,
UNIX-system management required administrators to hand-edit a large and
dispersed set of cryptic configuration files stored in the /etc directory a crude
and error-prone process.
Thus, most modern UNIX systems have introduced a variety of Graphical User
Interface(GUI) tools that allow less-seasoned administrators to employ the easier-
to-learn approach of recognize and point rather than remember and type. As
networks have expanded across organizations, lowly administrative chores such as
restarting a printer queue or handling a backup procedure often fall to less-
experienced (and less expensive) system administrators. Some operating systems
thus enable administrative-roledelegation for functions that normally require broad
administrative privileges, so that full trusted access to the entire network does not
need to be granted to every low-level administrator. The ability to safely delegate
such limited authority allows more experienced administrators to avoid spending
their time being interrupted by trivial tasks.
The studied systems are relatively undifferentiated with regard to operating-
system management functions. All contain GUI-driven system-management
tools, and provide effective administrative-role delegation:
IBM helped to pioneer GUI-driven UNIX system management with its SMIT
tool for AIX, which has since been complemented with the web-based
SS, March 2001
System Manager, a Java-based administration tool with a Windows-like
interface. For administrative role delegation, AIX administrators can custom-
create a set of SMIT commands to delegate to non-root users.
HP-UX 11i includes a new GUI-driven tool called ServiceControl Manager
(SCM), along with the original GUI-driven System Administration Manager
(SAM). SCM provides a distributed systems-management approach that is
oriented towards controlling homogeneous networks of HP servers. SCM
supports administrative-role delegation via secure role-based management,
role creation and task assignment.
Solaris 8 includes the Solaris Management Console (Solaris MC), a Java-based
tool that integrates legacy and new administrative tools, and supports the
Web-Based Enterprise Management (WBEM) instrumentation that suffuses
the Solaris 8 base operating system. SMC serves as a centralized-integration
point for Solaris system administration and management tools. The console is
configurable and extensible, allowing integration of system-management
applications based on a variety of development methods, including the X
Window System, scripts, Java, and HTML. Sun has also invested substantial
resources in GUI-based installation, as shown by its focus on the Java-based
Web Start installation wizard. Solaris MC uses Solaris 8s Role-Based Access
Control capabilities to verify authorization for specific systems or functions.
Sun also provides a production version of Sun Management Center (SMC), a
distributed system-management tool, which like HPs Service Control
Manager is oriented towards managing homogeneous networks of Sun
servers.
Tru64 UNIX offers the SysMan system-management tool, featuring four
interfaces: a graphical interface based on Java (called SysMan Station); a
graphical interface based on the X Window System; a curses interface for
character environments, and a command-line interface (CLI). Because all four
have the same command structure, users can generally switch interfaces
without requiring retraining. SysMan Station provides some additional real-
time graphical monitoring of the system, depicting the components in a
system hierarchically and highlighting those that encounter errors or fail.
Graphical monitoring even extends to monitoring multiple nodes with shared
busses in cluster scenarios. Thus users can perform cluster management with
the same set of tools as single systems, a commonality not yet available in
many competing cluster options. SysMan enables administrative-role
delegation with its Division of Privileges (DoP). This capability permits
selected users to execute particular applications as super-users without
passwords for greater management flexibility. Roles and privileges are
managed along with all other user-account information.
UnixWare provides SCOadmin, a set of 25 graphical managers for
configuring a variety of system functions, including hardware configuration,
software packages, services, user accounts, and security. SCOadmin uses
Wizards to enable multiple actions with a single GUI click, thereby
simplifying system-management procedures. When administrators create a
new user, they are presented with a list of 30-50 roles that the new user can
fulfill, which affects the operations they have access to.
SS, March 2001
SOFTWARE MANAGEMENT
Software management is also a challenge. This spans control over the installation
of applications, middleware, and system-software patches that sit on top of the
operating system. Administrators typically have to contend with a continuous
cycle of updates in these areas, as well as a stream of customizations that address
particular issues. Several functions can help to simplify this task, including,
Software Registry: a central repository for configuration data related to
hardware, the operating system, and applications that is manipulated and
searched with database-like queries, instead of the traditional UNIX /etc
files for system information and dot files in users home directories.
SoftwareVersion Control and Patch Management Tools, i.e., a rigorous mechanism
to keep track of which versions of applications are installed on the system,
and which patches to system software have been applied.
Two-phase Commit for Patch Installation, in which the patch management
mechanism allows automatic roll-backs if an installation of software or a
patch causes problems to the system, in which case administrators can fully
back out of installations, restoring the system to its original state.
All studied systems except UnixWare provide some form of a registry mechanism
to keep track of software, extensions, and patches that have been installed
(UnixWare uses the traditional UNIX method of /etc files). AIX has the Object
Data Manager (ODM), one of the earliest implementations of a UNIX-system
configuration database. HP-UX maintains a software registry called the System
Configuration Repository (SCR), which provides centralized change management
and tracking across multiple systems. Administrators can compare nodes and, for
troubleshooting, get before and after snapshots to determine what is changed
in the system configuration. HP-UX 11is Service Control Manager also records
role and group settings in the SCR. Solaris includes the Solaris Product Registry, a
mechanism to manage software that is installed using Solaris Web Start 3.0,
Solaris Web Start Wizards, or the Solaris package-management commands (i.e.
pkgadd). The registry allows administrators to view a list of installed and
registered software and some software attributes, install additional software
products, uninstall software, and browse for and launch an installer.
Tru64 UNIX uses a hybrid approach for registering software-configuration
information, in which the traditional /etc files remain in place, but the system
accesses them via a single, consistent framework (internally known as MCL) that
contains component definitions for each file and how it can be read and
modified. The MCL creates a common data model that cleanly maps to (and can
be exported) to Simple Network Management Protocol (SNMP) MIBs. This
model can also be exported in future releases to LDAP directories and the
Common Information Model (CIM) of the cross-platform Web Based Enterprise
Management (WBEM) initiative. MCL provides a structured but user-interface
(UI) independent set of APIs to be used for building management tools in past,
present, and future UI paradigms. This piece of the framework is known as the
Sysman User Interface Toolkit, or SUIT, and all Compaqs UNIX system
SS, March 2001
management tools are built on top of it. Because the MCL/ SUIT approach
maintains the existence of /etc files that are familiar to traditional UNIX
administrators, it allows new system-management methodologies to develop while
preserving old capabilities.
While all of the studied systems provide standard procedures for installing
patches to the base operating system, AIX, HP-UX, and Tru64 UNIX have a
slight advantage over competitors due to their ability to allow patches to be
installed using two-phase commits. AIX gives administrators the option to apply
an update, and then reject or commit to it after testing. The mechanism can be
used with licensed options, patches, and any installable application software.
Tru64 UNIX provides a tool called dupatch for managing patches. This tool
allows administrators to keep preexisting code around, so that patches can be
backed out if necessary. HPs Software Distributor (SD-UX) allows patches to be
in applied status (i.e., they can be rolled back), committed (cannot be rolled back)
or superseded. The other systems do not provide formal mechanisms allowing
system administrators to back out of patches by automatically restoring software
to its preexisting state if necessary.
32
EVENT MANAGEMENT
Event management mechanisms help to deal with one of the most tedious
problems with administering UNIX systems. It does this by simplifying the
management of logs that various system services tend to store all over the system
for registering status updates and error messages. Each of these logs typically has
its own peculiar format for describing a particular event. Further, system logs tend
to grow rapidly, in some cases swelling quickly enough to eat up all available disk
space, and the logs scattered throughout the system often grow at different
paces. Thus, several UNIX vendors have introduced the ability to track, view, and
notify administrators about system events using a consistent format, along with a
unified interface. This allows the central event log to serve as the only log that
must be stored for debugging purposes. It also simplifies tracking of system
events, allowing issues to be addressed more proactively. Previously, such
problems might have been ignored until they generated a crisis. By providing a
single log to capture events as they occur, old logs can be cleaned up and
removed frequently, and its size can be more easily tracked and backed-up as
needed. Indeed, event management brings a quantum improvement in the ability
to monitor a UNIX system. Typically, the event-management mechanism
provides administrators with a single console for tracking the following types of
events on the system:
Disk full,
Disk fails,
CPU error,
System panic,

32
Solaris retains the affected bits for back-out purposes, but does not allow administrators to commit (i.e, remove the
stored bits from the previous software).
SS, March 2001
Configuration change,
Subsystem started/ stopped,
Application started/ stopped,
Application error, and
Repeated failed login.
While event management has been somewhat facilitated by heterogeneous system
management tools like HP OpenView, Tivoli TME10, CA Unicenter, etc.,
integrating this capability within the operating system itself allows a greater range
of system-specific information to be gathered and tracked. This capability further
enables event-management capability for a much broader range of administrators,
who would otherwise need to purchase, install, and configure a complex
framework. Complex frameworks still retain their value for managing networks of
hundreds of systems or of heterogeneous systems.
All of the studied systems except AIX and UnixWare provide improved event-
management mechanisms. HP-UX includes its Event Monitoring Service (EMS),
which is integrated with a variety of HP system-management products and tools
that can take actions based on triggered events, including ServiceControl Manager
(SCM) and OpenView IT/ Operations (IT/ O). EMS provides a unified
framework and user interface for system-wide logging and notification. While the
full suite of capability is optional, the hooks for EMS are bundled into HP-UX
and used by implementations of certain HP-UX features such as dynamic-
processor resilience, which is an EMS monitor. Third parties such as Oracle have
built EMS into some database products so that database errors are linked into the
EMS console via the same communications mechanisms used by other EMS
components. Device drivers need additional code to communicate device failure
to EMS.
Sun offers its Sun Management Center (MC) for Solaris without charge for
production use. Sun MC is a distributed-system management tool that provides
alarm/ event/ threshold proactive/ predictive features, and is integrated with
Enterprise Management systems such as Tivoli, CA-Unicenter, HP OpenView,
and BMC Patrol. Also, now that the DMTF has published the specifications for
the WBEM event-management model, Solaris supports intrinsic events with
notification mechanisms in Solaris WBEM services 2.4, while extrinsic events
(e.g., SNMP traps) are being added.
Tru64 UNIX event management is well integrated into the base operating system,
and provides a significant event-management capability by supporting more than
300 unique, discrete events at no additional cost (i.e., without involving third-
party tools). This feature allows maximum access to key system-event information
for use in managing and tuning the system, resulting in a faster and easier
diagnosis of problems. Tru64 UNIX includes Compaq Insight Manager Agents.
These provide local and remote management capabilities through a dedicated,
corporate-wide HTTP port. Working in conjunction with hardware and firmware,
the agents export system information; monitor various system components such
SS, March 2001
as CPU, memory, and I/ O devices; track storage, networking, and environmental
components such as fans and power supplies; and also provide information on
CPU and file system use. The agents include a sophisticated SNMP-to-HTML
rendering engine, from which management data are displayed dynamically using
smart Java scripts. The agents broadcast their services to other agents on the
network, allowing users to discover and monitor systems in the enterprise from
any system that contains the Compaq Insight Manager agents. Tru64 UNIX,
Windows NT, and other systems can all be managed via this common interface,
providing a bridge between Tru64 UNIX and Windows NT on the management
front.
STORAGE MANAGEMENT
Logical Volume Managers (LVMs) are storage-management tools that allow the
creation of a virtual disk or volume made up of one or more physical
disks. Without an LVM, file systems and individual files remain limited to a size
no larger than individual disks, which becomes a problem for data-intensive
applications such as databases, CAD/ CAM/ CAE, and image processing.
Combining several disks to form a logical volume can increase capacity, reliability,
and/ or performance. Unlike more primitive file-system and physical-partition
approaches, logical volumes allow administrators to manipulate them online,
without requiring a reboot.
LVMs work with disks in terms of logical volumes, rather than physical ones. The
LVM runs as a layer beneath the basic file system, translating requests for logical
disk volumes into physical device commands. Acting as an interpreter, the LVM
can represent several small disks as one large virtual disk (disk spanning), or one
large disk as several smaller disk partitions (disk partitioning). Thus, large files can
span multiple disk units. Other software RAID capabilities such as parity
checking and mirroring can also be incorporated automatically as part of the
abstraction provided by the volume manager.
More important, sophisticated logical-volume managers add the ability to move
volumes to different physical locations and to extend volumes if not enough
space is allocated initially. The system can accomplish both goals while the
volumes remain online and in use. Without the added layer of abstraction
provided by volume management, many of these operations require the system to
be shut down and rebooted, increasing the need for planned downtime to
reconfigure the system. Volumes can also be shrunk, but face a significant
limitation in some cases operating systems that do not support shrinking a file
system will still require a backup/ reconfigure/ restore operation for the data on
that file system.
All of the studied systems include LVMs with the base operating system (See
Table 8).
33

33
While LVMs can vary substantially in terms of the capabilities they offer, a detailed assessment of storage-management
capabilities is beyond the scope of this report.
SS, March 2001
Table 8: Logical Volume Manager Tools
REMOTE ADMINISTRATION
As enterprises depend ever more on networks, the IT infrastructure becomes
more distributed, dramatically increasing the number of servers that need to be
deployed. Large enterprises routinely disperse servers geographically, in some
cases across different continents and time zones. Thus, the capability to
effectively manage operating systems remotely becomes increasingly important. If
an enterprise depends on a thousand servers, for example, it is simply not feasible
to maintain a thousand system administrators locally.
Two key techniques have emerged to help manage operating systems remotely.
They are,
Web-Based System-Management Tools allow administrators to maintain servers
remotely over the Internet, in some cases using ordinary web browsers as
entry-points.
Template-Based Installation Tools employ a cookie-cutter method to be used
for replicating tested configuration across large numbers of servers. Typically,
a template server is created and tested, then replicated across multiple
servers using some distribution mechanism. This technique incurs a cost
based on the fact that the server that hosts the template is not used, but has
the advantage of allowing administrators to press a standard server (which
might be idle or used for low-priority tasks) into service if a critical server
crashes. By changing the configuration of the replacement server,
administrators can make it into a replacement for the critical server, providing
tremendous flexibility for managing systems. As a further step, administrators
may automate the update of common parts so they can ensure all servers are
in fact identical. By making the servers identical, administrators can guarantee
that the backup server will act as the critical server once they change the
configuration. In addition, if a critical server starts behaving in a problematic
fashion, administrators can use an identical server to replicate the problem,
rather than having to take the critical server offline.
All of the studied systems include system-management tools that have been
optimized for web usage. IBM has long offered its Web-Based System Manager, a
comprehensive GUI-driven administration tool that is written in Java, allowing
operators to manage AIX from any platform with a Java Virtual Machine.
Similarly, Tru64 UNIXs Java-based SysMan Station GUI can be run from any
OS Logical Volume Manager
AIX LVM
HP-UX LVM and base Veritas VxVM
Solaris Solstice DiskSuite
Tru64 UNIX Logical Storage Manager (LSM)
UnixWare Online Data Manager (ODM)
TABLE 8:
Logical Volume
Manager Tools
SS, March 2001
Java environment. UnixWares SCOadmin GUI also possesses the ability to run
over a variety of network connection types, including web browsers.
Solaris Management Console also has some ability to be used over the web, but
Sun Management Center (SMC) a distributed system management tool that Sun
provides for free on Solaris has far more comprehensive support for web-based
operations. All HP-UX system-management functions are web-accessible via
HPs ServiceControl Manager (SCM), which has the ability to drive large numbers
of HP-UX servers from a central point of control. SCM provides a single point of
control by integrating several HP-UX management tools and giving them multi-
system capabilities, i.e., making them multi-system aware.
All of the studied systems offer some form of template-installation tool. AIX has
Network Install Manager (NIM), HP-UX has Ignite/ UX, Solaris has JumpStart,
Tru64 UNIX has Remote Installation Services (RIS), and UnixWare has the
UnixWare 7 Replicator Kit (URK).
SS, March 2001
INTERNET AND WEB-APPLICATION SERVICES
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
Tru64 UNIX 5.1
HP-UX 11i
Solaris 8
AIX 4.3.3
FIGURE 10: Internet and Web-Application Service Ratings
SUMMARY
AIX leads in the Internet and Web-Application Services area. AIX offers the
broadest support for the basic protocols needed to support sophisticated web
infrastructures. Also, AIX and Solaris are the only studied systems to build HTTP
acceleration functions into their kernels. This helps to boost web-server
performance on Suns hardware platforms. Finally, AIX and Solaris provide the
most complete support for various Enterprise Java Beans (EJB) web-application
server add-ons, and share the lead for Network File System (NFS) capabilities,
both supporting all possible NFS enhancements. Both also have the best level of
support for the Distributed File System (DFS).
All studied UNIX servers now show good interoperability with Microsoft CIFS-
based file-sharing networks. HP-UX and Tru64 UNIX break ahead of the pack
for offering some level of single sign-on across their systems and Windows NT,
both providing mechanisms that can synchronize user and password information
between UNIX and Windows NT security infrastructures. Otherwise, all of the
systems contain available ready-to-run tools (based on either the Open Source
Samba technology, or various proprietary mechanisms) that match virtually all of
the file- and print-sharing capabilities of Windows NT. These tools allow all
systems to provide basic file- and print-sharing services to Windows clients,
appearing as virtual Windows NT servers on the network, and can mount remote
Windows NT disks. This allows UNIX applications to access data from them as if
they were local. Also, all servers support Advanced Server for UNIX add-ons,
which allows them to host Windows NT Primary Domain Controllers (PDCs).
UnixWare and the Intel X86 version of Solaris 8 have the ability to actually run
existing Linux binaries natively. By contrast, Compaq, HP, and IBM are currently
focusing on API-level compatibility with Linux, targeting developers who want to
port their Linux applications to the respective UNIX systems, rather than making
any effort to run existing Linux applications in binary form.
FIGURE 10:
Internet and
Web-Application
ServiceRatings
SS, March 2001
Web Services
20%
File/Print Sharing
15%
Web Application
Server Availability
20%
Java Support
10%
Windows NT
Interoperability
9%
Linux
Interoperability
6%
Web Protocol
Support
20%
FIGURE 11: Internet and Web-Application Service Criteria and Weightings
WEB-PROTOCOL SUPPORT
Operating systems represent the software backbone of computing infrastructures.
Thus, strong support for the basic network protocols that make up the plumbing
of the web, many of which need to be implemented at the kernel level, in some
cases represent a significant differentiator among the studied UNIX systems. A
variety of extensions to the basic TCP/ IP protocol underlying the web can be
used to improve the reliability, security, and performance of IP-based networks.
While most of these protocols do not directly affect typical end-users accessing
the web from their browsers, they may be heavily used at the back-end of web
infrastructures that are managed by service providers and enterprise IT
organizations. Some of the key extensions to the TCP/ IP protocol include,
IPSec is used to secure traffic that passes over the public Internet by
transparently encrypting IP packets on both the transmission endpoints,
preventing anyone from intercepting it without requiring support in
intervening routers or any special application coding. Support for IPsec
involves security extensions to IPv4 and/ or IPv6 that support authentication
and encryption, transparently adding encryption at the IP layer, so that no
application coding is needed.
IPv6, the next-generation Internet protocol that extends the 32-bit address
range of todays IPv4 protocol to 128 bits (the 32-bit protocol is currently
running out of space, saved only by short-term stopgap solutions). IPv6 also
lays the groundwork for quality-of-service priority flags with IP, encryption
security, and plug-and-play auto configuration when dynamically connecting
notebook computers or other devices to the network. IPv6 remains
unfinished as yet, with some pieces of the standard completed while others
remain in draft form. While operating systems can add support for IPv6
through software upgrades relatively easily, it will take years for the Internet
FIGURE 11:
Internet and Web-
Application Service
SS, March 2001
backbone, ISP routers, and corporate networking hardware to adopt IPv6.
For now, IPv6 packets can only travel over the Internet wrapped inside IPv4
packets, an obvious inefficiency useful primarily for testing purposes. In the
meantime, leading-edge vendors have charged ahead in delivering the IPv6
pieces now available, usually cobbling together the standards most valuable
features on top of the existing IPv4.
Simultaneous IPv4 and IPv6 stacks on the same network, allowing both
protocols to be used by a server at the same time.
IPv6 Gatewayfacilities allow a server to route packets from IPv4 networks to
IPv6 networks, and vice-versa.
Internet Key Exchange (IKE), an automated protocol for establishing,
negotiating, modifying, and deleting Security Associations (SAs) between two
hosts in a network. SAs contain information to establish a secure connection
between the parties on pre-defined terms.
ResourceReservation Protocol (RSVP) can be used to assign varying priority levels
to IPv4 packets, allowing networks to promise varying quality-of-service
guarantees, assuming that intervening routers support RSVP. Using RSVP, an
application asks to reserve resources along a route from the source IP to the
destination IP. Routers along the path then approve or deny the request and,
if approved, reserve the appropriate resources.
IntServ defines how application services describe their bandwidth and latency
requirements, how this information can be made available to routers (typically
via RSVP), and how the appropriate quality of service can be tested and
validated. Unlike DiffServ (see below), IntServ routers must classify packets
based on several IP packet header fields and maintain state information for
each flow.
DiffServ, an emerging IETF standard that attempts to improve quality-of
service capabilities by increasing the Type of Service bits in a standard
TCP/ IP packet header from three to six, and by defining the routing
behaviors associated with those bit patterns. DiffServ routers adopt the
appropriate behavior indicated by the packet and do not retain information
about traffic flows. DiffServ is expected to be used predominantly in IP
backbone environments.
IP Multiplexing(a.k.a IP Aliasing, and not to be confused with IP Multicasting)
allows a single system to be seen as multiple numeric IP addresses, even on
the same network-interface card.
IP Multicastingsimultaneously transmits IP packets to multiple hosts, which
enables subscription messaging for audio, video, software, or data streams.
The technique takes advantage of router functions to reduce upstream
bandwidth requirements during one-to-many IPv4 broadcasting.
TCP selective acknowledgement (SACK) allows TCP to recover from multiple
losses within transmission windows, providing superior performance in lossy
networks, and traffic crossing multiple networks.
ServiceLocation Protocol (SLP) provides a scalable framework for the discovery
and selection of IP network services. Using this protocol, computers using IP-
SS, March 2001
based networks no longer require static configuration of network services for
network-based applications.
Asynchronous Transfer Mode(ATM) IP switching: The ATM protocol supports a
wide range of bandwidth requirements and different classes of traffic at high
capacity, and has thus found widespread acceptance as a multimedia and
conferencing tool. Some operating systems provide the ability to run the IP
protocol used by the web, which is connectionless, over the ATM protocol,
which is oriented towards end-to-end connections.
SOCKS 5, a protocol that a proxy server can use to accept requests from
clients so that they can be forwarded to the web. SOCKS uses TCP/ IP
sockets to represent and keep track of individual connections. Certain web
browsers build in client-side SOCKS support. Proxy servers can use the
server side of SOCKS.
Multilink PPP (Point-to-Point Protocol) allows the operating system to use
two or more communications ports as if they were a single port of greater
bandwidth. Multilink PPP extends standard PPP so that the system can
bond two independent PPP connections on a single machine to deliver
double the throughput. For example, a user with two modems (and two
phone lines and Internet accounts), each running at 56 kilobits per second,
can use Multilink PPP to get 112 kilobits-per-second access.
Ethernet bondingallows a server to harness multiple Network Interface Cards
(NICs) for use as a single Ethernet channel, increasing the effective
bandwidth available for connections.
TCP LargeWindows (RFC1323) improve performance over high-bandwidth
networks such as ATM or high-delay networks such as satellite links by using
windows that exceed the normal 64 KB limit.
TCP/ IP Gratuitous ARP (RFC 2002): A Gratuitous ARP packet sent by a node
causes other nodes to update entries in their Address Resolution Protocol
(ARP) cache. The ARP converts IP addresses to Ethernet addresses for
purposes of transmitting IP over Ethernet, and an ARP cache acts as a
translation cache of Ethernet/ IP address pairs used for setting the destination
Ethernet address of an outbound IP packet. Thus, a Gratuitous ARP can be
used to notify members of the network that the server associated with an IP
address has changed (which typically occurs in clustering environments when
a backup server takes over for a failed primary server).
Path MTU Discovery (RFC 1191) eliminates router breakup of too-large
packets.
Path MTU Discovery over UDP allows use of Path MTU Discovery over
Universal Data Packet (UDP) connections used by many UNIX networking
applications, rather than the typical web-based Internet Protocol (IP).
OpenShortestPathFirst (OSPF - RFC 1533) enables better and faster routing by
replacing the Routing Information Protocol (RIP) used by traditional routing
equipment. Each OSPF router maintains an identical database describing the
Autonomous Systems topology. From this database, a routing table is
calculated by constructing a shortest-path tree. OSPF recalculates routes
SS, March 2001
quickly in the face of topological changes, using a minimum of routing
protocol traffic.
IP Multipath Routing allows applications to specify multiple paths to a
destination on an IP network. System administrators have the option of either
configuring multiple routes for load-balancing purposes, or setting up
alternative paths to direct network traffic when the best route can no longer
perform its tasks.
Table 9 shows which of these functions is supported by the various UNIX
systems. AIX has the broadest overall support for the studied functions, followed
by HP-UX and Tru64 UNIX, which rank equally in this category.
TABLE 9: Overview of Basic Web-Protocol Support
AIX
4.3.3
HP-UX
11i
Solaris
8
Tru64
UNIX 5.0
UnixWare
7.1.1
IPSec
IPv6 Basic support
Simultaneous IPv4/IPv6
stacks on same network

IPv6 Gateway facilities
Internet Key Exchange (IKE)
RSVP
IntServ
DiffServ
IP Multiplexing / aliasing
IP Multicast (server)
TCP selective acknowledgement
(SACK)

Service Location Protocol (SLP)
ATM IP switching
SOCKS 5 support (for proxies)
Multilink PPP
Ethernet bonding (multi-NIC),
MT support

TCP Large Windows
TCP/IP Gratuitous ARP
Path MTU Discovery
Path MTU Discovery over UDP
OpenShortestPathFirst (OSPF) Partial
IP Multipath Routing
TABLE 9:
Overview of Basic
Web-Protocol Support
SS, March 2001
WEB SERVICES
The effectiveness of an operating system as a web-server environment ultimately
depends on the services that are layered on top of the basic Internet protocols to
handle HTML content, e-mail, and sharing of files and printers. UNIX users
typically implement web services using add-on software, obtained from third-
party commercial or public sources. However, operating systems may be
differentiated through optimizations that make particular web services run better,
or by bundling key web-server software packages so that users do not have to
deal with third parties.
The web server itself assumes central importance as the core service in web
environments, serving as the primary interface for providing HTML content to
browsers that connect to a server. As a relatively mature technology, a wide
variety of web servers are available from various third parties. In terms of market-
share, the space is dominated by Apache, an Open Source web server that
currently runs on more than 60% of all websites according to surveys.
34
iPlanet
Web Server, a commercial product that ships in low-end FastTrack and high-end
Enterprise versions, is also widely used in the UNIX space.
A detailed functional evaluation of the tradeoffs between the various web-server
alternatives is beyond the scope of this study. However, it is worth noting which
web servers are bundled for production use
35
by an operating system. A more
significant differentiator derives from possible optimizations to the operating-
system kernel that can dramatically improve the performance of a web server on a
particular platform. For example, some UNIX systems maintain kernel-level caches
for frequently-requested HTML pages, which can dramatically improve the user
load a web server can handle on the respective platform.
While the vast majority of users access web services from desktop browsers, an
increasing number seek to access web services from mobile phones and other
handheld communications devices. Thus, several leading communications
developers, including Nokia and Ericsson, developed the Wireless Application
Protocol (WAP), a standard for serving web content and services to wireless clients
and specialized WAP devices such as mobile phones and terminals. A variety of
third-party server products support the WAP protocol, some of which may be
bundled with an operating system.
E-mail servers, which are arguably just as important as web servers, currently have
minimal differentiation across vendor implementations. The studied UNIX
systems all bundle sendmail, a tool that represents the backbone of UNIX e-
mail infrastructures. The exact version of sendmail that is included with a

34
The Netcraft Web Server Survey (http:/ / www.netcraft.com/ survey) is a survey of web-server software usage on computers
connected to the web. Netcraft collects and collates as many hostnames providing an http service as it can find, and
systematically polls each one with an HTTP request for the server name. In its December 2000 survey, Netcraft received
responses from 25,675,581 sites.
35
Note that vendors sometimes include a commercial web-server product with an operating system, but restrict its usage to
testing and development purposes, rather than production deployment.
SS, March 2001
particular UNIX system may vary, which could affect the availability of certain
features (sendmail v8.9.3 introduces a particularly important feature for
controlling the propagation of spam, i.e., commercially-driven mass e-mailings).
Additionally, UNIX servers can support Post Office Protocol (POP),
36
a service
most web clients use to retrieve e-mail from Internet mail servers. Some systems
also include native support for Internet Message Access Protocol (IMAP), a
method of accessing electronic mail or bulletin-board messages while they are
kept on the mail server, so that clients can access them without the need to
transfer messages or files back and forth.
Solaris and AIX stand out in this arena for including kernel-level mechanisms to
accelerate web traffic. Solaris uses Suns Network Caching Architecture (NCA) to
cache static HTML pages in its kernel, which helps to boost the web-server
performance of SPARC hardware platforms. AIX includes the HTTP Server Fast
Response Cache Accelerator (FRCA), which is installed into the AIX kernel as a
kernel extension, and shipped as part of the AIX in-kernel HTTP Server on the
AIX Bonus Pack. All of the studied systems bundle the popular, Open Source-
based Apache web server. Tru64 UNIX also includes a production version of the
iPlanet Web Server Enterprise Edition, licensed for one CPU, while HP-UX
includes a production version of Nokias WAP Server. All of the systems also
bundle sendmail, and all but UnixWare include v8.9.3 or higher. All of the
systems except HP-UX and Solaris include IMAP and POP servers.
37
FILE AND PRINT SHARING
Network File System (NFS) is the standard file- and printer-sharing mechanism
for UNIX networks. As UNIX has matured and become more widely used in
enterprise networks, vendors have enhanced NFS support in their operating
systems to improve its capabilities. Some of the possible NFS capabilities include,
NFS Version 2 provides basic support for file- and printer-sharing.
NFS Version 3 offers a full 64-bit implementation, helping improve its
performance.
CacheFS is a caching mechanism that improves the efficiency of client-side
NFS access.
AutoFS enables an operating system to automatically mount remote NFS file
systems.
WebNFS is an extension to the NFS standard that enables its deployment
over networks using the IP protocol rather than the UDP protocol for which
it was designed. This allows NFS services to be accessed over the Internet at
large, instead of being limited to Local Area Networks (LANs).
UNIX systems can support several other file-sharing approaches that may be used
in non-UNIX environments, including,

36
The current standard version is POP3, described by RFC 1725.
37
HP-UX requires HPs Smart Internet Messaging option.
SS, March 2001
Common Internet FileSystem(CIFS), Microsofts file-sharing technology. CIFS is
a web-based variation of Microsofts Server Message Block (Server Message
Block Protocol) that is used to share files and printers on Windows networks.
CIFS uses the IP protocol instead of Microsofts NetBEUI protocol, allowing
Windows files and printers to be accessed over the Internet at large, instead of
being limited to LANs.
Distributed FileSystem(DFS), a heterogeneous global file-system architecture
based on the Andrew File System (AFS) developed by Carnegie Mellon
University and IBM. The AFS architecture provides an exceptionally elegant
approach for sharing files by presenting all files and directories on the
network through a single logical view, regardless of the location of physical
servers containing the files. AFS maintains this global directory structure
automatically and transparently, and enhances client performance through
extensive caching so that clients retain local copies of frequently accessed files
and directories. AFS also offers advanced volume management, allowing
critical files and directories to be transparently replicated and moved across
the network while remaining online. The ability to replicate files and
directories and shift them to different servers while remaining online helps
administrators defuse hot spots that inevitably build up in large networks,
causing bottlenecks. Replication also enables high-availability configurations.
While AFS is now Open Source software, and can be obtained for free from a
variety of sources, the DFS version is supported as a commercial package by
Transarc, an IBM subsidiary.
38
AIX and Solaris share the lead for NFS capabilities, both supporting all possible
NFS enhancements. HP-UX lacks WebNFS certification, while Tru64 UNIX
foregoes CacheFS. UnixWare remains at 32-bit NFS Version 2, while the other
systems have all converted to 64-bit NFS V3 implementations. Transarc provides
AFS packages for all of the studied systems except UnixWare, and provides its
commercial DFS product for AIX and Solaris.
All studied systems now have good interoperability with Microsoft CIFS-based
file-sharing networks. The UNIX servers can provide file- and print-sharing
services to Windows clients, appearing as virtual Windows NT servers on the
network. Some UNIX systems can mount remote Windows NT disks, allowing
applications to access data from them as if they were local. All studied systems
support Advanced Server for UNIX (AS/ U), a commercial add-on that uses code
licensed from Microsoft itself rather than reverse-engineered techniques.
39
Also,
all studied systems make available ready-to-run versions of Samba, an Open
Source package that matches virtually all of the capabilities of AS/ U except the
ability to host Primary Domain Controllers (PDCs).

38
Entegrity (www.entegrity.com) supplies the Distributed Computing Environment (DCE) technology that DFS is based on
for some UNIX platforms not covered by Transarc.
39
In fact, AS/ U derives from the same networking code used by Windows NT itself. AT&T secured a license from Microsoft
to port the same code to UNIX kernels and now resells it to third-party OEMs.
SS, March 2001
JAVA SUPPORT
Many UNIX developers favor Java for developing web applications, attracted in
particular to the inherent scalability deriving from Javas portability. Since Java
applications run on everything from PCs to clusters of IBM mainframes,
developers can seed web applications on low-end systems, and move to higher-
end platforms as their performance needs grow. For the more sophisticated web
applications, developers typically use object-oriented software engineering
techniques assembling applications from preexisting, self-contained
components based on Enterprise Java Beans (EJB), which has been widely
recognized as a powerful tool for implementing complex, distributed systems.
Web-based applications involve highly asynchronous behavior while demanding
exceptional degrees of reliability and scalability. This fits particularly well with
distributed EJB objects featuring strong encapsulation, which lend themselves
well to meeting these requirements.
All of the studied UNIX operating systems include Java Virtual Machines (JVMs),
which allow them to run Java code alongside native applications. Their
implementations may be differentiated by degrees of optimization, which
translates into better performance under heavy loads. There are several ways in
which Java-application performance can be enhanced, such as tying Java primitive
functions more closely to native system services, and improving the choice and
implementations of algorithms used in Java execution. In particular, significant
optimizations can be made in the threading and memory management inside a
particular JVM. The Java implementations in all of the RISC UNIX systems all
include significant optimizations, some proprietary (such as IBMs home-grown
optimization technology), and some licensed (such as Suns HotSpot JVM).
Ultimately, though, real-world performance will depend on the specific
applications involved. Some evidence of these optimizations can be derived from
industry-standard benchmarks such as SPECjvm98 (which measures the
execution speed of typical Java primitives) or SPECjbb2000 (which measures
server-side Java performance). Most of the studied UNIX systems have been
tested using both benchmarks (see Tables 10, 11, and 12 below). However, it is
difficult to identify meaningful differentiators based on SPECjvm or
SPECjbb2000 benchmarks that cannot be at least partly attributed to the
performance of underlying hardware. Thus, DHBA rates all of the studied
systems equally in this category.
TABLE 10: Maximum SPECjvm98 Results (Uniprocessor Servers)
OS Server Hardware
MHz
/CPU
System
Memory (MB)
Java Heap
Memory (MB)
SPECjvm98
Tru64 UNIX AlphaServer DS20 6/667 667 256 160 75.8
HP-UX C3600 552 1,024 512 71.5
AIX RS/6000 44P-170 450 1,024 640 57.6
Solaris Ultra 60 450 256 64 33.2
TABLE 10:
Maximum
SPECjvm98 Results
(Uniprocessor Servers)
SS, March 2001
TABLE 11: Maximum SPECjvm98 Results (Two-Way SMP Servers)
TABLE 12: Maximum SPECjbb2000 Results
WEB-APPLICATION SERVER AVAILABILITY
As web browsers become the primary entry point for a growing number of day-
to-day computing activities, application developers have increasingly begun to
explore possibilities for segmenting application designs along web boundaries, i.e.,
shifting application logic from clients to web servers and implementing user
interfaces with HTML-based presentation layers. On the surface, the approach
delivers several benefits, including client independence, since web access is
supported by a wide variety of platforms, and geographic independence, i.e., the
ability to access both applications and data from any location. Further,
organizations that have long struggled to maintain huge networks of PCs sense
that they can potentially use a web-based application approach to ease their
management burden by centralizing applications and simplifying clients as much
as possible, which enables greater efficiency through increased economies of
scale, managed either by in-house IT operations or a new breed of Application
Service Providers (ASPs). Simultaneously, the growing role of e-business and a
profusion of other emerging services available to the public on the Internet has
resulted in the need for vastly more complex applications that are deployed on
servers and can be accessed reliably by huge numbers of globally dispersed web
clients.
There are many ways to develop web applications, but most of the UNIX
vendors covered in this report have all committed strategically to development
architectures based on web-application servers that use Enterprise Java Beans (EJB),
Suns distributed-object environment based on the Java language. Web-
application servers are optimized gateways between web servers and back-end
databases, providing integrated environments that hide the details related to web-
traffic management on the front end and rigorous transaction processing on the
back end, so that developers can focus instead on implementing business-logic
code. Developers program the web-application servers by writing Java Beans that
contain the server-side functions needed to support various applications.
OS Server Hardware
MHz
/CPU
System
Memory (MB)
Java Heap
Memory (MB)
SPECjvm98
Tru64 UNIX AlphaServer DS20 6/667 667 2,048 300 84.3
HP-UX J5600 552 1,024 512 81.1
Solaris Ultra 60 450 512 64 32.8
TABLE 11:
Maximum
SPECjvm98 Results
(Two-Way SMP Servers)
OS Server Hardware
#
CPUs
MHz
/CPU
JVM Initial Heap
Memory / Maximum
Heap Memory (MB)
SPECjbb2000
AIX eServer pSeries 680 12 600 2,048 / 2,048 56,834
HP-UX N4000 8 552 1,625 / 1,625 40,192
Tru64 UNIX AlphaServer ES40 6/667 4 667 3,072 / 3,072 23,787
TABLE 12:
Maximum
SPECjbb2000 Results
SS, March 2001
EJB-based web-application servers act as EJB Containers, which means that they
manage multiple instances of EJB objects called Beans and serve as the
interface between the beans and the outside world. Typically, developers use
Integrated Development Environments (IDEs) to build and test their EJB
objects, and then deploy them on EJB-enabled web-application servers. While
web-application servers themselves represent a highly competitive product area, a
comparison of web-application server functions is beyond the scope of this
study.
40
However, it is worth noting the shipping status of leading web-application
servers for the respective operating systems (see Table 13), where AIX and Solaris
clearly have an advantage.
TABLE 13: EJB Web-Application Server Availability by Platform
WINDOWS NT INTEROPERABILITY
Many Windows PCs that are deployed in large organizations need to access
services and data from UNIX systems, and in some cases, UNIX systems are
responsible for managing the networks connecting PCs. In other cases, Windows
NT and Windows 2000 are gradually taking on more responsibility for managing
networks. While emerging Windows 2000 infrastructures introduce yet new
interoperability requirements at the directory-service level (see next chapter), the
management standard for the vast profusion of NT-based departmental networks
remains the Windows NT 4.0 Primary Domain Controller. Interoperability with
such Windows NT-centric network infrastructures remains a notable
differentiator among UNIX systems.
At the network-protocol level, UNIX-Windows interoperability has been
dramatically simplified, thanks in part to the emergence of the Internet and the
TCP/ IP protocol used by most UNIX systems. In the past, Windows-based
systems required unwieldy extensions to connect to TCP/ IP networks in addition
to their native NetBEUI protocol. Today, virtually all versions of Windows

40
For a detailed review of web-application server functions, see WebApplicationServers Racefor Functional Leadership, D. H.
Brown Associates, Inc., January 2001.
AIX HP-UX Solaris
Tru64
UNIX
UnixWare
BEA Systems
WebLogic Server
WebLogic Enterprise
WebSphere
Standard Edition
Advanced Edition
Enterprise Edition
Other
iPlanet Application Server
Oracle Application Server
TABLE 13:
EJB Web
Application Server
Availability by Platform
SS, March 2001
natively support the TCP/ IP protocol. Thus, UNIX-Windows interoperability
issues have largely shifted to the service level, i.e., the ability to share file, print,
and application resources across both platforms. Historically, accessing UNIX
files and printers from PCs required that each client be configured with
extensions that worked on UNIX terms, such as Suns PC-NFS software a
cumbersome arrangement that incurred significant software costs and
administration burdens. Today, most UNIX systems offer options that allow
them to act as a file and print server to Windows clients using Microsofts native
Server MessageBlock (SMB) protocol.
An important extension to basic SMB compatibility is a function called Advanced
Server for UNIX (AS/ U), an option available for a number of UNIX systems.
AS/ U allows UNIX systems to host Windows NTs Primary Domain Controllers
(PDCs), which are used to maintain Windows NTs Directory Service (NTDS)
and network-authentication protocols. PDC support allows UNIX systems to
take over a number of administrative functions in Windows NT-centric
environments. Among these functions is the ability to authenticate network logins
by Windows clients using NTs native security protocols. With AS/ U, Windows
NT administrative infrastructures can be rehosted entirely on UNIX servers.
(Without PDC support, users must continue to maintain Windows NT servers for
managing user information.)
Some of the UNIX systems provide tools allowing AS/ U services to be protected
with HA clustering packages, which can dramatically boost the reliability of
Windows NT networks. Also, AS/ Us security services can be linked to the native
UNIX security mechanisms through a variety of approaches. This provides single-
logon capabilities for UNIX and Windows NT networks (so that users only have to
use one user ID and password for services hosted by both environments).
Typically, single-logon support involves synchronizing the contents of the
disparate UNIX and Windows NT user and password-information databases at
regular intervals. Some environments also provide native implementations of
other Windows NT services such as the Distributed Component Object Model
(DCOM), representing the foundation of Microsofts web-application platform.
All studied systems offer ready-to-run versions of Samba, an Open Source
package that matches virtually all of the file- and print sharing capabilities of
Windows NT except the ability to host Primary Domain Controllers (PDCs).
With Samba, UNIX servers appear to Windows clients as virtual Windows NT
servers. IBM and SCO each also provide proprietary alternatives with functions
similar to Samba called AIX Fast Connect and SCO VisionFS, respectively. To
deal with PDC interoperability, all of the systems also offer native 32-bit and 64-
bit implementations of Advanced Server for UNIX, albeit at various levels of
accessibility.
41
The ability for AS/ U to serve as a Primary Domain Controller
(PDC) allows Windows NT network infrastructures to be rehosted on the

41
Compaq, HP, SCO, and Sun all provide their implementation of AS/ U directly (i.e., Solaris PC/ NetLink or SCO Advanced
File and Print Services), and sometimes include low-function or test/ development versions in the base operating system
without additional charges. AIX users must obtain AS/ U from Groupe Bull, which sells its own line of servers running AIX.
SS, March 2001
respective UNIX system. HP-UX also includes an extension to Samba called
CIFS/ 9000, which can be used to mount
42
remote Windows NT file systems
locally on UNIX (a function not normally provided by AS/ U).
43
HP-UX and Tru64 UNIX break ahead of the pack in the pursuit of single sign-on
across their systems and Windows NT. Both include extensions to LDAP and
Pluggable Authentication Modules (PAMs) for Kerberos (to authenticate against
Windows 2000) and LAN Manager (to authenticate against Windows NT). These
extensions enable single account management across the respective UNIX
systems and Windows 2000, essentially by turning control of the UNIX user and
password infrastructure to Windows 2000 or Windows NT servers. Tru64 UNIX
also includes an automatic password-synchronization mechanism in its AS/ U
implementation. This can be used to keep security information consistent across
Tru64 UNIX and Windows NT systems.
All of the systems except UnixWare allow their respective Windows NT
networking services to be protected with HA clustering tools. AIX Fast Connect
provides support for all HACMP modes, including mutual takeover. HP allows
CIFS/ 9000 to be integrated into MC/ ServiceGuard HA clusters. Advanced
Server for Tru64 UNIX now takes advantage of all the unique features of
TruCluster Server, allowing system administrators to manage their NT file and
print servers as one single system. Tru64 offers multi-instance for AS/ U, where
some others have only failover, meaning that backup servers can be used to
process AS/ U workloads while the primary server is running normally. Tru64
UNIX also earns a slight advantage in Windows interoperability from its unique
support for a native implementation of Microsofts DCOM distributed-
component model. Although Suns new Sun Cluster 3.0 still lacks the necessary
agents to support the Solaris version of AS/ U, called PC/ NetLink, the capability
is in Sun Cluster 2.2, and is supported on Solaris 8.
LINUX INTEROPERABILITY
Linux is becoming widely deployed as a low-end server environment for hosting
web servers (along with Apache), file- and print-servers (using Samba), network
infrastructure (i.e., firewalls, routers, etc.), and specialized computing tasks in
appliance-like devices. Although Linux is a UNIX-like operating environment
that shares many characteristics with the studied UNIX systems, from a
development and management standpoint, the UNIX systems are nonetheless
differentiated in terms of their ability to interoperate with Linux. Currently, Linux
interoperability can be addressed at several levels:
Run-TimeCompatibility: Linux versions exist for the same server hardware on
which the studied operating systems run. Tools such as lxrun provide the
ability to run Linux binaries on other UNIX systems with the same chip
architecture by converting system calls on the fly.

42
See smbount(8).
43
This capability is available for the Linux implementation of Samba, but not most UNIX versions.
SS, March 2001
GNU Toolset and Compiler Support: Much of the Linux operating environment is
actually defined by the GNU tools and compilers developed in the Open
Source community. Supporting GNU tools on UNIX systems helps Linux
administrators to port scripts and create common management procedures
across platforms, and the availability of GNU compilers lowers barriers for
Linux developers to port their applications to the UNIX systems.
Application ProgramInterface(API) Compatibility: Although Linux APIs are very
similar to those of the studied UNIX systems, there are enough divergences
in the names, syntax, and semantics that porting issues will inevitably arise. To
overcome these barriers, some UNIX vendors have launched efforts to
implement the Linux APIs on their systems as faithfully as possible
44
, seeking
to allow applications to be recompiled on their platforms with relatively few
hitches. The GNU tools and compilers mentioned earlier are of course
important for this purpose as well.
UnixWare and the Intel X86 version of Solaris 8
45
each have the ability to actually
run existing Linux binaries by including the lxrun tool. UnixWare will
strengthen its compatibility for Linux applications with the introduction of its
Linux Kernel Personality (LKP) due in the next release scheduled for June of this
year, which provides support for a full Linux distribution using the UnixWare 7
kernel. UnixWare 7.1.1 also supports device drivers written to the Uniform
Driver Interface (UDI) Version 1.01. Device drivers written to UDI work without
recompilation across a number of platforms, including UnixWare, Linux 2.2, and
AIX 5.1. UDI support helps Independent Hardware Vendors (IHVs) who can
reduce their investment in device-driver maintenance by writing to UDI. UDI
also allows for more advanced execution and protection environments, so that a
driver written to UDI that misbehaves cannot, if running in such an environment,
bring the entire system down, as is the case in most native driver interfaces.
Compaq, HP, and IBM are currently focusing on providing Linux interoperability
at the latter two levels, targeting Linux developers who want to port their
applications to their respective UNIX systems, rather than making any effort to
run existing Linux applications in binary form.
46
Compaq states that Tru64 UNIX
already supports all Linux APIs except clone(), and includes the GNU toolset
and compilers in the standard distribution at no additional charge. HP-UX 11i
also includes native versions of the GNU toolset and compilers, and HP will
introduce support for the Linux APIs in the first quarter of 2001. IBM provides
the AIX Toolbox for Linux, which contains a collection of Open Source and
GNU software built for AIX. Sun includes the complete GNU toolset and
compilers with the Solaris 8 distribution.

44
Note that it is virtually impossible to implement 100% of the Linux API on existing UNIX systems, because Linux
introduces some kernel-based functions in its API that have no counterpart in any UNIX implementation (e.g. clone()).
45
The SPARC version of Solaris does not support this function.
46
HP plans to address binary compatibility with Linux in future releases of HP-UX as they are deployed on IA-64 systems.
SS, March 2001
DIRECTORY AND SECURITY SERVICES
5.50 6.00 6.50 7.00 7.50 8.00 8.50 9.00
UnixWare 7.1.1
AIX 4.3.3
Tru64 UNIX 5.1
HP-UX 11i
Solaris 8
FIGURE 12: Directory and Security Service Ratings
SUMMARY
Solaris leads in Directory and Security Services, offering the most complete
support for directory services other than LDAP. Solaris also shares the lead with
Tru64 UNIX for integrating LDAP with basic operating-system functions.
Finally, Solaris provides Suns entire Kerberos authentication mechanism for free
with the base operating system, while other systems charge a premium. HP-UX
has the highest level of support for network-security functions, sharing the lead
with AIX for including secure networking tools, and receiving the highest
possible rating in all of the other network-security categories. Tru64 UNIX also
provides strong support for directory services other than LDAP, but lacks native
support for the PKCS#11 cryptographic hardware API.
AIX also has strong network-security functions, and provides a Kerberos server
with the base operating system, but lacks the Pluggable Authentication Module
(PAM) capability of most competitors. HP-UX stands out for including real-time
host-based intrusion-detection functions in the base operating system, which is
partially supported in the auditing capabilities included with AIX and Tru64
UNIX. All of the studied systems except UnixWare support cryptographic
hardware, which offloads the encryption task to special-purpose processors,
boosting the scalability of secure websites. Indeed, SCO has historically focused
on supporting departmental and small-business applications using traditional
access methods such as terminals. Thus, UnixWare includes relatively few tools
for managing enterprise networks or web-based infrastructures. UnixWare offers
very little support for LDAP, runs the fewest non-LDAP directory services, and
includes none of the studied network security functions except for TCP/ IP
wrappers.
FIGURE 12:
Directory and Security
ServiceRatings
SS, March 2001
Directory Services
49%
Pluggable Security
10%
Cryptographic
Hardware Support
13%
Secure
Networking Tools
28%
FIGURE 13: Directory and Security-Service Criteria and Weightings
DIRECTORY SERVICES
In large networks, it becomes increasingly difficult for users and administrators to
keep track of user IDs, passwords, server-host IDs, and printers throughout the
organization. System management itself becomes a database problem. Operating
systems used to handle enterprise networks must therefore support a special-
purpose distributed database called a directory service, which provides users and
administrators with an up-to-date and global reference to all network resources.
For example, directory services can authorize users anywhere on the network,
allowing them to log in from any client system, regardless of its geographic
location or the server through which it connects.
While a wide variety of directory-service implementations exist, most of the
industry has converged around the Lightweight Directory Access Protocol (LDAP)
standard for interoperating with them. LDAP is based on a subset of X.500, a
vast and comprehensive information-exchange standard. In addition to providing
basic LDAP-server capabilities, operating systems may be differentiated in terms
of how deeply LDAP has been integrated with system operations. For example,
operating systems can potentially use LDAP to help authenticate user logins or
locate printers, and integrated LDAP functions with e-mail tools such as
sendmail to help users find addresses.
In addition to LDAP-based implementations, a number of other directory
services are in use today, including,
Network Information Service(NIS) has long been used by UNIX systems as a
network store for user IDs and passwords.
Network Information Service+ (NIS+) is a more advanced and secure version of
NIS that provides extensions to store a broader range of system-configuration
information.
FIGURE 13:
Directory and
Security-Service
SS, March 2001
NDS eDirectory is the newest implementation of Novells NetWare Directory
Service (NDS), which it developed for managing its NetWare network-
operating system. While NDS is perhaps the most established scalable
directory service on the market, its penetration has been limited by its
dependency on the NetWare platform. However, Novell now ships some
implementations of NDS eDirectory for UNIX platforms as well.
Windows NT Directory Service (NTDS) manages user authentication on
Windows NT 4.0 networks using Primary Domain Controllers (PDCs) and
Backup Domain Controllers (BDCs). A third-party option called Advanced
Server for UNIX (AS/ U) is available for a number of UNIX systems allowing
them to host Windows PDCs.
Remote Authentication Dial-In User Service (RADIUS) is a special-purpose
directory service for securely managing dial-in remote access. RADIUS
typically increases security for network access by integrating smart-card
authentication with the user-login process.
DynamicDomain NameService(DNS) is a variant of the traditional DNS system
used by web clients to match domain names (i.e., www.xyz.com) with IP
addresses. Dynamic DNS allows clients to alias a dynamic IP address to a
static domain name, allowing servers to change their location while still being
available through the same name.
All of the studied systems except UnixWare include at least one directory service
that is compatible with LDAP V3 (UnixWare still provides an LDAP V2 server).
AIX 4.3.3 includes IBM SecureWay Directory V3.2, an LDAP server that
employs DB2 Universal Database technology. HP-UX 11i bundles the iPlanet
Directory Server, which is licensed for internal enterprise use (external Internet
use must be licensed separately). Solaris 8 also includes the iPlanet Directory
Server (LDAP v3), an approach limited to 200,000 users (additional users must be
licensed separately). Tru64 UNIX includes the OpenLDAP V3 server on the
Open Source Internet Solutions (OSIS) CD that ships with every copy of Tru64
UNIX. Also, the Netscape Directory server V4.11 is on the Associated Product
CD that ships with the Tru64 UNIX base-operating system. The Netscape
Directory server included with Tru64 UNIX can only be used by the UNIX
operating system itself with no restrictions if customers want to customize the
use of the directory server for applications, they must purchase a separate license
from Netscape.
All of the systems except UnixWare allow the LDAP directory service to be
integrated with the user login mechanism in the UNIX base operating system.
AIXs Directory Integration service allows AIX users, groups, and roles to be
stored, replicated and retrieved across a network of systems using LDAP. HP-UX
includes support for using LDAP as both a traditional name service and a PAM-
based authentication system. This includes support for password modification
from an HP-UX client. In addition, HP-UX offers a NIS-to-LDAP gateway to
help migrate from UNIX-user IDs to native LDAP-based stores. Solaris handles
LDAP integration relatively simply with a native LDAP switch
(nsswitch.conf). This changes all directory-enabled services to reliance on
SS, March 2001
LDAP. Tru64 UNIX can authenticate its logins from LDAP-compatible
directories such as Windows 2000 Active Directory via the LDAP V3 client that
is included with the base-operating system. Tru64 UNIX can also access any
other LDAP-compliant directory through tools in the OSIS kit.
All of the studied systems except UnixWare can also integrate the LDAP-
directory service with their e-mail functions, allowing the sendmail that is
included in the base-operating system to perform LDAP X.500 directory lookups.
Solaris and Tru64 UNIX also integrate LDAP services with printing.
Support for directory services other than LDAP varies somewhat, as shown in
Table 14 below. Solaris provides the most complete support for various directory
services, followed by Tru64 UNIX.
TABLE 14: Directory-Service Support
PLUGGABLE SECURITY
Pluggable Authentication Modules (PAMs) allow applications to take advantage
of up-to-date improvements in security mechanisms by letting administrators
simply plug in new modules for various security services, without having to
upgrade the applications themselves. The General Security ServiceAPI (GSSAPI)
allows developers to build support for PAMs into their applications using
standardized interfaces. HP-UX, Solaris, and Tru64 UNIX
47
each support PAMs
that allow them to use different security services for basic system operations. All
of the systems except UnixWare support the GSSAPI in the base-operating
system.
SECURE NETWORKING TOOLS
UNIX systems were historically optimized for single-system security, working at
the granularity of logged-in users and processes. With the rise of enterprise
networks and ubiquitous Internet connectivity, network security has grown
considerably in importance. A comprehensive discussion of network security

47
Compaqs SIA (Security Integration Architecture) provides pluggable authentication mechanisms to plug into the underlying
OS authentication mechanisms.
AIX HP-UX Solaris
Tru64
UNIX
UnixWare
LDAP (V2)
NIS
NIS+
NDS eDirectory Server
Windows NT PDC
RADIUS
Dynamic DNS
TABLE 14:
Directory-ServiceSupport
SS, March 2001
represents a vast topic largely beyond the scope of this report, but operating
systems can provide some functions that facilitate deployment of secure
networks. They include,
Kerberos, a sophisticated mechanism for managing distributed user
authentication. Just as the industry is converging around LDAP for managing
information about network resources, Kerberos is becoming both the defacto
and dejurestandard for managing distributed security.
TCP/ IP wrappers allow administrators to place restrictions on incoming and
outgoing TCP/ IP services and also allow network activity to be logged.
Trusted TCP/ IP commands provide tools that have been modified for secure
network operation. While common UNIX tools such as telnet and ftp
traditionally moved password information in plain text over the network
where it was vulnerable to interception some operating systems have
bolstered network security by providing secure versions of telnet, ftp,
and similar tools that have plugged such holes. Network-directory services
such as NIS can also benefit from secure-network implementations (e.g.,
NIS+). Secure directory services minimize the ability for remote users to
receive encrypted lists of passwords that can be broken with widely-known
dictionary attacks that compare encrypted passwords with a self-generated
encrypted list of frequently-used passwords or dictionary entries.
Host-based intrusion detection and prevention tools help to protect servers from
crackers and viruses by auditing kernel activity.
Solaris provides Suns entire Kerberos authentication mechanism (know as
SEAM) at no charge. AIX bundles a Kerberos server as part of IBMs Network
Authentication Services included in the AIX 4.3.3 Bonus Pack. HP-UX 11i
bundles Kerberos client functions, including Kerberos Pluggable Authentication
Modules (PAM), a Kerberos client library, and Kerberos utilities such as kutil,
kinit, knov, and kpasswd. HP also includes Kerberized r-commands,
including ftp and telnet (both client and server) in its Secure Internet
Services option. Tru64 UNIX bundles a Kerberos client in the base operating
system, but a Tru64 UNIX Kerberos server requires users to obtain the DCE
Authentication Server, a separately priced option. AIX includes Kerberos in
Network Authentication Services Version 1.1 on the AIX 4.3.3 Bonus Pack.
All of the studied systems support TCP/ IP wrappers, and all of the systems
except UnixWare provide trusted TCP/ IP commands. AIX includes secure
telnet and ftp, r* commands (i.e., rsh, rcp, rlogin), NFS, NIS, and
NIS+. HP-UX includes secure telnet and ftp, Remote Procedure Call (RPC),
NIS map updates, and NIS IP address authentication. Solaris includes secure
telnet and ftp, Kerberized r* commands, and secure NFS. Tru64 UNIX
includes a subset of the trusted functions from MLS+, Compaqs secure version
of the operating system.
HP-UX stands out for including host-based intrusion-detection functions in the
base operating system. HP-UX 11i bundles and integrates HPs Praesidium IDS
SS, March 2001
9000 real-time host-based intrusion-detection package. IDS 9000 can monitor in
real-time one or more HP-UX systems for users or applications who try to break
security. IDS 9000 includes Kernel Data Source. This provides a kernel-auditing
system that yields secure and robust data on the use of kernel functions, and the
ISU subsystem, and correlates data from the kernel and other data sources to
determine when attacks are mounted against HP-UX systems. AIX and Tru64
UNIX have partial support for this capability in the auditing tools that they
provide. AIX includes the tcbck program, which is part of Trusted Computing
Base (TCB) bundled with AIX 4.3.3. Tru64 UNIX bundles an auditing subsystem
that provides host-based intrusion-detection capabilities. However, administrators
must monitor the results of these tools manually, or write their own scripts to
detect when intrusions occur. Compaq has also been shipping a Denial of Service
tool called RID on the OSIS CD for the past few months.
CRYPTOGRAPHIC HARDWARE SUPPORT
To protect critical transactions, web servers depend on cryptographic
mechanisms such as Secure Socket Layer (SSL) to encode transmissions. Most
encryption processes consume substantial CPU resources, and if a website uses
encryption, the number of hits it can handle may be reduced by as much as 50%
due to processing overhead. The use of cryptographichardwarecan overcome this
limitation, dramatically increasing the scalability of secure websites by offloading
the encryption task to special-purpose processors, which are typically installed in
the form of customized I/ O peripherals. Since the cryptographic hardware needs
to interface directly with the kernel-security mechanisms, explicit support for the
hardware is required in the operating system. Further, to maximize the value of
the cryptographic hardware for applications, the operating system should support
PKCS#11, an industry-standard specification for interfacing with these types of
peripherals.
All of the studied systems except UnixWare support cryptographic hardware.
AIX, HP-UX, and Solaris each support PKCS#11 in the base-operating system
(see Table 15 below).
TABLE 15: Cryptographic Hardware Support
Operating System Cryptographic Hardware Supported Supports PKCS#11
AIX IBM 4758 PCI card Y
HP-UX HP Praesidium SpeedCard Y
Solaris Sun Crypto Accelerator Board Y
Tru64 UNIX
Compaq PayMaster/PCI ISP
Compaq webSafe2/PCI ISP
N
TABLE 15:
Cryptographic
HardwareSupport

2001 DH Bao S Report

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

2001 DH Bao S Report

Încărcat de

Drepturi de autor:

Formate disponibile

D.H. Brown Associates, Inc. http://www.dhbrown.

S-ar putea să vă placă și