System configuration AIX

system-configuration-aix

Many people buy a system, be it a PC, or enterprise server. They wrongly assume that the out-of-the-box system configuration is going to be both correct, and ideal for them. The reality is very different.

Manufacturers spend a huge amount of time and money developing solutions that should work for perfectly for everybody. However, in the end they have to configure their systems in a way that is the safest, and easiest for them to support. They do this while trying to satisfy the greatest number of their customers.

AIX has literally thousands of configurable items, many of which can change or be reset during upgrades and patching. There are also many different ways to attach storage and networking, and to partition the systems. It should also be noted that many settings are implicit and are automatically adjusted to maintain a fixed relationship with another tuneable (e.g. 2 x RAM). Therefore changing one setting within the system configuration AIX can automatically change many others.

There are two times when it is most important to consider and review how your systems are configured and that is during initial system configuration AIX or replacement. Also before and after patching or upgrading. You should also carefully review all the documentation and release notes in case a setting has been renamed, or changed in some way. This can have a major effect on your system behaviour and performance.

What is normal?

Before you even think about changing anything you should start by establishing a baseline and understanding “what is the normal or expected behaviour” of a new or existing system, and test your monitoring and measuring tools to ensure that they work, and provide the necessary data within a reasonable timeframe.
Once you have baseline, encompassing at least one business cycle, you should then thoroughly document your systems and (be prepared to) regularly revisit and update the system configuration AIX.

The next stage is to use the documentation to find anything that has been changed or differs from the vendor standard, e.g. if you use nine-character usernames and the standard is eight, then ensure that these do not change, or create a problem whenever patches are applied. The same is true of any security tuning you have done e.g. if you removed the telnet executable, does an upgrade or patch reinstate it, or does it actually break the upgrade procedure?

The final piece of the puzzle before or during system configuration AIX is to consider any legal or compliance issues that may arise if the reconfigure something on your system e.g. if AIX 5.3 was FIPS-140 certified, or your auditors accepted your system running at a particular version, will the upgrade change that?

Making Changes to the system configuration AIX

You are now ready to start making changes, however you must first ensure the following:

All system configuration AIX changes are thoroughly tested, documented, and understood, and there is a fall-back procedure, and backups in place.
Only ever make one change at a time, and be prepared to wait long enough to ensure that your change to the system configuration AIX does what you expect across the entire business cycle.
All users and stakeholders (business owners) are aware of the changes, why it is required, and what the risks and benefits are.
Prepare test data and results and run the tests before and after the changes.

 

System Scan AIX is designed to be help you understand how your system was build and to look at highlight potential issues. The software analyse your system as close to “Zero Footprint” as possible and provides you with recommendations for improvement.

In summary System Scan AIX is unique because it is more concerned with how the actual OS has been built and configured, and potential security and performance problems that may not even be included in your policies or practices, thus enabling you to actually improve the way you work now and in the future.

Contact BlueFinch by filling in the form on the right.