Introduction
PowerVM VIOS 4.1 is a new version of VIOS that is built on top of AIX 7.3 (7.3 TL 2).
This version of VIOS is enriched with lot of security features like physical volume & logical volume encryption, trusted boot, trusted execution, trusted update and up to 255 character long password support.
Existing users of VIOS 3.1.2.40 and later can upgrade their systems to VIOS 4.1 using the viosupgrade tool. This tool is reliable, user friendly and easy to use for seamless upgrade.
Security features
- Supports Trusted Execution, Trusted Update and Secure Boot.
- VIOS boot is made more secure (Secure Boot) and only administrator allowed programs and Kernel Extensions can run with the Trusted Execution feature. This protects system from malicious software & trojans.
- Trusted Update feature ensures that only images that are digitally signed by IBM are allowed to update the existing filesets on the system.
- Default passwords are stronger with the SHA-256 algorithm and also support out of the box long passwords with the maximum of 255 characters.
- Physical volumes that uses the SCSI protocol can be encrypted with hdcryptmgr command (under oem_setup_env), using data encryption key.
- Data protection is enhanced with LVM encryption for rootvg and dump devices.
- Services that are not secure like rexec, rsh are removed. Telnet / ftp services are disabled. If required, users can enable telnet / ftp services.
- ksh93 is used as the default shell in VIOS commands and scripts
viosbr enhancements
- Restores all the PV backed VTDs if the same PV is mapped to multiple vhosts.
- Restores more than one iscsi controller
Performance enhancements
- Improved fork() / exec() scaling in I/O processing.
- Higher IOPs scaling with Async I/O and low latency storages
- Up to 50 percent improvement in DLPAR of CPU and memory operations time
Other functions / enhancements
- Improved I/O features like faster failover of Fibre Channel paths, Fabric Performance Impact Notifications (FPIN) optimization.
- SSP Rolling Upgrade process automatically upgrades the cluster services after all nodes are upgraded to VIOS 4.1 level.
- Python3 software is bundled.
- alt_root_vg command is enhanced to run in multiple phases which allows it to separate the cloning phase from the update phase.
Simplified & seamless upgrade to VIOS 4.1 version
The systems that are running with VIOS 3.1.2.40 or later can upgrade to VIOS 4.1.x version using the viosupgrade tool. It is a simple and user friendly tool.
For more details, please refer to viosupgrade blogs in IBM PowerVM community.
Below are the major enhancements that are done in viosupgrade in this release.
- Added option -F devname to preserve most of the device names such as vfchost adapters, vhost adapters, fcnvme, nvme, fscsi, iSCSI, hdisk names, physical & virtual network adapter names.
- The options “-k” and “-o rerun” are added to execute a pre-restore script before restoring the virtual configurations on new rootvg.
- Important configuration files like /etc/tunables, padmin user profile, root cronjobs, padmin password, ssh keys can migrate to new rootvg
- User filesystems and respective files present in rootvg, will be created and copied to new rootvg
Discontinued functions / software
- IBM Tivoli Monitoring (ITM) software is not bundled from VIOS 4.1.x onwards. Refer to the VIOS Release notes to get ITM download instructions.
- Active Memory Sharing (AMS) function is not available with VIOS 4.1.
- X11 filesets are not bundled
Availability & Other Details
- GA Date: Nov 10th 2023
- Supported hardware: POWER10, POWER9, POWER8
- USB flash drive install support
- VIOS Recognized Solutions
Contacting the PowerVM Team
Have questions for the PowerVM team or want to learn more? Follow our discussion group on LinkedIn IBM PowerVM or
IBM Community Discussions