IBM AIX — Complete Guide to Enterprise UNIX
IBM AIX is a feature-rich enterprise UNIX operating system from IBM, designed for Power Systems servers, offering advanced Logical Volume Manager storage, Workload Partitions virtualization, and the SMIT configuration tool for streamlined system administration.
What You’ll Learn & Why It Matters
In this tutorial, you’ll learn AIX’s unique approach to storage management with LVM, OS-level virtualization through WPARs, security via RBAC and trusted execution, performance monitoring with topas, and network-based provisioning using NIM. AIX runs the world’s most critical infrastructure — understanding it opens doors to high-stakes enterprise environments.
Real-world use: The London Stock Exchange, Bank of America, and the US Department of Defense run mission-critical applications on AIX. SAP HANA on Power Systems uses AIX as its reference platform. When lives or billions of dollars depend on uptime, AIX is often the OS of choice.
AIX: The Enterprise UNIX Powerhouse
AIX (Advanced Interactive eXecutive) was first released in 1986 as IBM’s version of UNIX for their workstation line. Over four decades, it has evolved into one of the most reliable and feature-complete UNIX operating systems in existence.
graph LR
AIX1["AIX 1.0 (1986)
IBM RT/PC"] --> AIX3["AIX 3.0 (1990)
JFS, LVM intro"]
AIX3 --> AIX5["AIX 5L (2001)
Linux affinity,
Dynamic LPAR"]
AIX5 --> AIX6["AIX 6.1 (2007)
WPARs, RBAC,
Trusted Execution"]
AIX6 --> AIX7["AIX 7.1 (2010)
Multi-Core, DLPAR,
Live Partition Mobility"]
AIX7 --> AIX73["AIX 7.3 (2021)
Current release,
Power10 support"]
style AIX5 fill:#1565C0,color:#fff
style AIX73 fill:#4CAF50,color:#fff
LVM: Logical Volume Manager — Storage That Adapts
AIX’s Logical Volume Manager (LVM) was one of the first production-ready volume managers in any operating system. It abstracts physical disks into flexible logical volumes that can grow, shrink, and move without downtime.
The LVM Stack (Bottom to Top)
| Layer | AIX Term | Analogy |
|---|---|---|
| Physical disk | Physical Volume (PV) | A single bookshelf |
| Disk group | Volume Group (VG) | A library room |
| Virtual disk | Logical Volume (LV) | A filing cabinet |
| File system | JFS/JFS2 | The folders inside |
Why LVM Exists
Imagine you have one 100GB disk and it’s almost full. You add a second 200GB disk. Without LVM, you’d need to move files to the new disk manually — and any file larger than 100GB still wouldn’t fit anywhere. With LVM, you add the second disk to the volume group and extend the logical volume. The file system sees one 300GB space.
# View existing volume groups
lsvg
# Display detailed VG info
lsvg rootvg
# Show logical volumes in rootvg
lsvg -l rootvg
# Create a new volume group with two physical volumes
mkvg -y appvg -s 512 hdisk1 hdisk2
# Create a logical volume (2GB, mirrored)
mklv -y applv -t jfs2 -c 2 appvg 4096Expected output (first command):
rootvg
appvgExpected output (lsvg rootvg):
VOLUME GROUP: rootvg
VG IDENTIFIER: 00c9f3a200004c0000000163d4b8f5e5
VG STATE: active
PP SIZE: 512 megabyte(s)
TOTAL PPs: 1092 (559104 megabytes)
FREE PPs: 462 (236544 megabytes)Extending a File System Online
This is where AIX shines — you can grow a file system while it’s in use, zero downtime:
# Extend the logical volume by 500MB
extendlv applv 500
# Grow the file system to use the new space
mount /dev/applv /appdata
chfs -a size=+500M /appdata
# Verify the new size
df -g /appdataExpected output:
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/applv 2.50 1.20 52% 4500 2% /appdataWPARs: AIX’s Lightweight Virtualization
Workload Partitions (WPARs) are AIX’s answer to OS-level virtualization — similar to Solaris Zones or Docker containers, but designed specifically for AIX workload isolation.
Full WPAR vs Versioned WPAR
| Type | Description | Use Case |
|---|---|---|
| Full WPAR | Complete AIX environment with its own file system, users, network | Isolating dev/test environments |
| Versioned WPAR | Runs a different AIX version than the host | Testing app compatibility across AIX 6.1 and 7.x |
Creating and Managing WPARs
# Create a full WPAR
mkwpar -n devwpar -h devwpar.example.com -N address=192.168.10.50/24 -N interface=en0
# Start the WPAR
startwpar devwpar
# Log into it
logonwpar devwpar
# From inside — it looks like a standalone AIX box
hostname
uname -a
lslpp -L | head -5
# Check WPAR status from the global host
lswpar -LExpected output (lswpar -L):
Name State Type Hostname Dir
devwpar Active Full devwpar.example.com /wpars/devwparWPAR Resource Controls
WPARs can have CPU, memory, and disk I/O limits enforced by the AIX kernel:
# Set CPU cap for devwpar (max 50% of one core)
chwpar -r cpu -a capacity=0.5 devwpar
# Set memory limit
chwpar -r memory -a max=2G devwpar
# Verify resource settings
lswpar -L devwparSMIT: The System Management Interface Tool
SMIT (System Management Interface Tool) is AIX’s crown jewel for administration. It provides a menu-driven interface that generates the underlying commands — so you learn the CLI by using the menus.
Why SMIT Exists
In the 1980s, UNIX administration required memorizing hundreds of arcane commands with cryptic flags. IBM created SMIT so administrators could navigate menus, find the operation they needed, see the command it runs, and learn the CLI gradually.
# Launch SMIT (full screen)
smit
# Launch SMIT for a specific area
smit storage
smit security
smit tcpip
# Launch the "fast path" for LVM
smit lvmExpected output (when you run smit lvm):
Logical Volume Manager
Move cursor to desired item and press Enter.
Volume Groups
Logical Volumes
Physical Volumes
Paging Space
...
F1=Help F2=Refresh F3=Cancel F8=Image
F9=Shell F10=Exit Enter=DoThe SMIT Command Log
Every SMIT operation logs the exact command it ran to smit.script. This is gold for learning:
# See what SMIT ran
cat smit.scriptExpected output:
#!/bin/sh
mklv -y'loglv01' -t'jfs2log' -a'e' -c'2' rootvg 1 hdisk0 hdisk1This means: every time you use SMIT, you’re building a library of working command examples. Run SMIT for the safety of menus, then use the logged commands to automate later.
AIX Security: Defense in Depth
AIX’s security model goes far beyond standard UNIX permissions. It was designed for environments where a single breach could have catastrophic consequences.
Role-Based Access Control (RBAC)
Traditional UNIX gives you root or not-root. AIX RBAC lets you grant specific privileges to specific users — like “can restart Apache but cannot change network config.”
# Create a custom role
mkrol -a authorizations='aix.system.config.network' -a rolelist='' netadmin
# Add a user to the role
chuser roles=netadmin john
# Verify
lsuser -a roles johnExpected output:
john roles=netadminTrusted Execution
Trusted Execution (TE) ensures that only approved binaries can run on the system. If malware replaces /usr/bin/ssh, TE blocks it because the checksum doesn’t match.
# Add a program to the trusted database
trustchk -a file=/opt/myapp/bin/myserver
# Verify trust status
trustchk -d file=/opt/myapp/bin/myserver
# List all trusted files
trustchk -lEncrypted File System (EFS)
AIX’s Encrypted File System encrypts individual files or directories transparently — even the file names are encrypted:
# Create an encrypted directory
efsmkdir /finance/reports
# Add a crypto key
efsaddkey -k password -p /finance/reports
# Files written here are automatically encrypted
echo "secret data" > /finance/reports/q4.txt
# Verify encryption
efsls /finance/reportsPerformance Tuning: topas, iostat, vmstat
AIX provides powerful performance monitoring tools that reveal exactly where your system is spending its time.
topas — The All-in-One Monitor
# Launch interactive topas
topas
# One-shot snapshot
topas -n 5 -i 2Expected output (topas -n 5 -i 2):
Topas Monitor for: aix73 Interval: 2 (snapshot)
Thu Jun 15 10:30:45 2026 MB MB
CPU User% Kern% Wait% Idle% PhysMB Total InUse Free PSp
ALL 22.3 7.5 12.8 57.4 Memory 8192 5234 2958 256
Network KBPS I-Pkts O-Pkts errs
en0 1452.8 120 134 0
Disk Busy% KBPS TPS Queue
hdisk0 45.2 12045.8 245 0.8
hdisk1 12.5 2341.2 45 0.1iostat — Disk Performance Deep Dive
# Monitor disk I/O every 5 seconds
iostat -d 5 5Expected output:
System configuration: lcpu=16 drives=4
Disks: % tm_act Kbps tps Kb_read Kb_wrtn
hdisk0 45.2 12045.8 245.0 45238912 15023456
hdisk1 8.3 4231.5 87.0 12345678 9876543
hdisk2 78.9 23456.1 567.2 98765432 45678901vmstat — Virtual Memory Analysis
# Show memory and paging stats every 2 seconds
vmstat 2 5Expected output:
System configuration: lcpu=16 mem=8192MB ent=0.50
kthr memory page faults cpu
r b avm fre re pi po fr sr cy in sy cs us sy id wa
1 0 5234 2958 0 0 0 0 0 0 245 1234 345 15 5 67 13
2 0 5238 2954 0 0 0 0 0 0 256 1345 367 22 7 55 16
graph TD
TOPAS["topas
Top-level health"] --> IOSTAT["iostat
Disk I/O analysis"]
TOPAS --> VMSTAT["vmstat
Memory & paging"]
TOPAS --> NETSTAT["netstat
Network connections"]
IOSTAT --> FILEMON["filemon
File-level tracing"]
VMSTAT --> PS["ps
Process detail"]
NETSTAT --> TCPTRACE["tcptrace
Session analysis"]
style TOPAS fill:#1565C0,color:#fff
style IOSTAT fill:#4CAF50,color:#fff
style VMSTAT fill:#FF9800,color:#fff
NIM: Network Installation Manager
NIM lets you install, update, and manage hundreds of AIX machines over the network from a single master server. Instead of inserting CDs or USB drives, you boot a machine, point it at the NIM server, and it installs the OS automatically.
NIM Architecture
| NIM Component | Purpose |
|---|---|
| NIM Master | Central server storing OS images, resources |
| NIM Client | Machine being installed or managed |
| LPP_SOURCE | Licensed Program Product (software) repository |
| SPOT | Shared Product Object Tree (boot + runtime image) |
| mksysb | System backup image for cloning |
# Define a NIM client
nim -o define -t standalone -a if1="find_net clientnet 0" -a cable_type1=bnc client1
# Perform a base AIX installation
nim -o bos_inst -a source=mksysb -a spot=spot_res client1
# Customize with a script
nim -o cust -a lpp_source=lpp_source_res -a filesets="openssl.base" client1Common Errors & Mistakes
1. Running Out of Paging Space
Mistake: Creating only the default paging space (usually 512MB) and wondering why the system slows to a crawl under load.
Fix: AIX uses paging space aggressively. Rule of thumb: paging space should equal 1-2× physical RAM. Create additional paging space with mkps -s -n -a rootvg -a num=4 and monitor usage with lsps -a.
2. Not Using JFS2 Logs Properly
Mistake: Creating JFS2 file systems without a dedicated log device, causing slow recovery after a crash.
Fix: Each JFS2 file system needs a log device. Use the inline log (default) for simple setups, or a dedicated log device (in a separate VG) for high-performance databases. Check with lslv -l loglv00.
3. Editing Files Directly Instead of Using SMIT
Mistake: Manually editing /etc/inittab or /etc/filesystems and making syntax errors that prevent boot.
Fix: Use SMIT for critical system configuration. It validates inputs and generates correct entries. When you need CLI speed, use the commands SMIT would have run — you can find them in smit.script.
4. Forgetting That AIX Uses EBCDIC for Some System Files
Mistake: Copying system configuration files between Linux and AIX without converting character encodings.
Fix: AIX system files are ASCII on modern releases, but some legacy tools expect EBCDIC. Use iconv -f 8859-1 -t 1047 when transferring files to older systems. Modern AIX 7.x is ASCII-native, but check lsattr -E -l sys0 -a charset.
5. Overlooking WPAR Resource Limits
Mistake: Running multiple WPARs without setting memory limits, causing one WPAR to starve others.
Fix: Always configure chwpar -r memory -a max=N and -a min=N for each WPAR. Use chwpar -r cpu -a capacity=0.N to limit CPU. Monitor with lswpar -L and topas -W.
Practice Questions
Question 1
What are the four layers of AIX’s Logical Volume Manager, from bottom to top?
Show answer
Physical Volume (PV) → Volume Group (VG) → Logical Volume (LV) → File system (JFS/JFS2). PVs are physical disks, VGs pool them into groups, LVs carve virtual disks from the pool, and file systems sit on LVs.Question 2
What is the purpose of SMIT, and how does it help administrators learn AIX commands?
Show answer
SMIT provides a menu-driven interface for all system administration tasks. It logs every command it runs to `smit.script`, so administrators can see the exact CLI command for any operation they performed through the menus — turning GUI learning into CLI knowledge.Question 3
How do Full WPARs differ from Versioned WPARs?
Show answer
Full WPARs provide a complete AIX environment with its own file system, network, and users, all running the same AIX version as the host. Versioned WPARs can run a different AIX version than the host, allowing application compatibility testing without installing separate hardware.Question 4
What does AIX Trusted Execution protect against?
Show answer
Trusted Execution maintains a checksum database of approved binaries. If an unauthorized or modified binary (e.g., from malware or a compromised package) attempts to execute, TE blocks it because the checksum doesn't match the trusted database. This prevents rootkits and trojaned binaries from running.Question 5
What is NIM and when would you use it?
Show answer
NIM (Network Installation Manager) is a centralized tool for installing, updating, and managing AIX systems over a network. You use it when you need to deploy AIX to dozens or hundreds of servers, apply patches consistently, or perform automated OS recovery — eliminating the need for physical media or manual intervention on each machine.Challenge
Design and implement a high-availability AIX environment spanning two physical servers:
- Configure LVM with mirrored volume groups across both servers
- Create WPARs for each application tier (web, app, database)
- Set up RBAC roles for each team (developers get app WPAR access only, DBAs get database WPAR access, security team gets audit access)
- Configure Trusted Execution to protect all production binaries
- Write a NIM configuration that can reinstall any failed server in under 30 minutes
Real-World Task
Your organization is migrating banking applications from older AIX 6.1 to AIX 7.3 on new Power10 hardware. Plan the migration:
- Set up versioned WPARs on AIX 7.3 to test application compatibility
- Use NIM to capture mksysb backups of all existing systems
- Implement RBAC so each team has minimal permissions during migration
- Create a performance baseline using topas/iostat/vmstat before migration
- Document the rollback procedure using alt_disk_install
- Validate data integrity with cksum and trusted execution checks after migration
Mini Project: AIX System Health Dashboard Script
Build a Bash script that produces a comprehensive AIX health report:
#!/bin/bash
# aix-health.sh — AIX System Health Dashboard
echo "========================================"
echo " AIX System Health Report"
echo " Hostname: $(hostname)"
echo " OS Level: $(oslevel -s)"
echo " Uptime: $(uptime | sed 's/.*up //' | sed 's/,.*//')"
echo "========================================"
echo ""
echo "--- CPU ---"
lparstat -i | grep -E "Online Virtual CPUs|Maximum Capacity"
echo ""
echo "--- Memory ---"
echo "Total: $(lsattr -E -l sys0 -a realmem | awk '{print $2/1024" MB"}')"
echo "Free: $(vmstat -s | grep "free pages" | awk '{print $1*4/1024" MB"}')"
echo ""
echo "--- Paging Space ---"
lsps -a
echo ""
echo "--- Top 5 Storage Volumes ---"
lsvg -o | while read vg; do
echo "VG: $vg"
df -M | grep "$vg" | sort -k2 -rn | head -3
done
echo ""
echo "--- WPAR Status ---"
lswpar -L
echo ""
echo "--- Recent Errors ---"
errpt -a | tail -10
echo ""
echo "========================================"
echo " Report complete: $(date)"
echo "========================================"Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.
📖 Author: DodaTech | Last updated: June 15, 2026
DodaTech tutorials are built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro — security tools used by millions worldwide.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro