HP-UX 11i v3 Installation and Update Guide, September 2010
Sec00Tools
Installs the security infrastructure. Does not implement any security changes
during installation or updating, but ensures the required software is installed.
The higher security levels are dependent on Sec00Tools. Recommended
(default-installed).
Sec10Host
Installs a host-based lock-down system. Most network services are disabled,
but they can be reinstated by running the bastille(1M) command. Optional
(customer-selectable).
Sec20MngDMZ
Installs a managed lock-down system that blocks most incoming traffic with
an HP-UX IPFilter firewall. Optional.
Sec30DMZ
Installs a DMZ full host-based and IPFilter network lock down. HP-UX IPFilter
blocks most incoming connections, except HP-UX Secure Shell. Optional.
You can change these security settings after installing or updating your system. For more
information about HP-UX Bastille, including security levels, see the HP-UX Bastille User Guide
(http://www.hp.com/go/hpux-security-docs).
IMPORTANT:
Due to increased system hardening requirements, some locked-down services and protocols
might be used by other applications and have adverse effects on the behavior or functionality
of these applications. For more information about configuring HP Serviceguard with HP-UX
Bastille and IPFilter, see the HP-UX Bastille User Guide.
Installing VxFS and VxVM
Starting with the September 2009 OEUR, the default-install of VxFS has changed from 4.1 to 5.0
and VxVM 4.1 has been replaced by VxVM 5.0. This has important implications for several install
scenarios. For instructions and information about how this impacts you, consult Appendix B:
“Installing VxFS and VxVM” (page 87).
System tuning for VxFS
If your system has the minimum amount of memory, you might need to manually set VxFS
tunables for optimal performance after cold-installing or updating to HP-UX 11i v3. Two VxFS
tunables, vx_ninode and vxfs_bc_bufhwm, have an effect on system memory consumption. For
guidelines on setting them for machines with relatively low RAM, see the Veritas File System 4.1
Administrator's Guide at http://hp.com/go/hpux-core-docs.
Next generation mass storage stack
Mass storage stack for HP-UX 11i v3
HP-UX 11i v3 introduces a new representation of mass storage devices, known as the agile view.
In the agile view, disk devices and tape drives are identified by the actual object, not by a hardware
path to the object. In addition, paths to the device can change dynamically and multiple paths
to a single device can be transparently treated as a single virtualized path, with I/O being
distributed across those multiple paths.
In HP-UX 11i v3, there are three different types of paths to a device: legacy hardware path,
lunpath hardware path, and LUN hardware path. All three are numeric strings of hardware
components, with each number typically representing the location of a hardware component on
the path to the device.
The new agile view increases the reliability, adaptability, performance, and scalability of the
mass storage stack, all without the need for operator intervention. For more information, see the
white papers “The Next Generation Mass Storage Stack: HP-UX 11i v3” and “HP-UX 11i v3
Persistent DSF Migration Guide” (http://hp.com/go/hpux-core-docs ).
30 Before you begin