Managing AIX environments at enterprise scale means dealing with strict security policies, restricted networks, and multiple client systems managed through NIM. Until now, system administrators faced limitations when using emgr_check_ifixes and emgr_download_ifix—especially in networks where internet access requires a proxy. Additionally, these tools weren’t designed to run centrally from a NIM server or validate the authenticity of downloaded eFixes.
We’re delivering three major enhancements that simplify the AIX patching and remediation process.
The update introduces three major capabilities that significantly enhance how emgr & related commands operates across AIX environments
Earlier, the commands worked only on networks with direct internet access. With this update:
- emgr_check_ifixes
- emgr_download_ifix
now automatically detect and use proxy configuration from SUMA’s config file (/var/suma/data/config.suma) when needed.
This ensures seamless fix download in environments where:
- Direct network access is restricted
- Internet access is routed through authenticated or unauthenticated proxies
- Multiple proxy paths exist, and priority-based fallback is required
1. Remote Execution from NIM Server
Admins no longer need to log in to every client and run fix operations. The new -c flag enables a NIM server to run fix checks on behalf of multiple NIM clients without logging into each system.
Example:
emgr_check_ifixes -c "clientA clientB" -D
This triggers server to:
- Gather client OS & firmware data retrieval
- validates the client list
- performs fix discovery centrally
- Optional download on a per-client basis
2. Retrieve Fixes Based on OS & Firmware (Without a Client)
Using the new -d option, an admin can check fixes using only:
OS Level + Firmware Version
Example:
emgr_check_ifixes -d 7300-01-01-2246:VL950_098
This allows proactive planning — especially for:
- Offline systems
- Golden image preparation
- NIM deployments
3. Secure eFix Signature Validation Built Into emgr
Security validation is now integrated into the core emgr command.
Behavior summary:
| Scenario |
Action |
| Signature exists |
Validate using OpenSSL and IBM public certificates |
| Signature invalid |
Halt installation |
| No signature file |
Proceed as legacy unsigned eFix |
This greatly improves compliance when handling security fixes across enterprise infrastructure.
Benefits summary:
- Works seamlessly in corporate proxy-controlled environments
- Reduces manual operational overhead for multi-LPAR estates
- Enables secure automated fix distribution through NIM
- Improves operational compliance with verifiable eFix integrity
AIX is now more secure, scalable, and easier to maintain with these enhancements. Available from AIX 7.3 TL4 (7300-04-00), the update introduces proxy support, NIM-based execution, and signature validation—modernizing the entire emgr workflow. Administrators can now patch faster, work with less manual effort, improve security, and streamline overall maintenance operations.