BOS installation options

Edit online

The available options for installing BOS are described.

The installation options are available under the Security Model menu (Option 3) and the More Options menu (option 4) in the Installation and Settings window. The options under the More Options field vary based on the installation type (overwrite, preservation, or migration) and security options.

The following options are available under the Security Model menu:
LV Encryption

Before you begin the BOS installation, evaluate whether your system needs encryption at a logical volume (LV) level. Ensure that the key size of the Platform keystore (PKS) is at least 4k bytes. For overwrite installation, ensure that a minimum of 3 PKS slots are available. For preservation or migration installation, if you run out of available slots then a warning message is displayed, but this warning does not stop the installation.

Note: Starting with AIX 7.3, Technology Level 3, key server authentication of the LVs of rootvg is not supported.
Overwrite installation
For overwrite installation, under the Security Model menu, LV Encryption is the first menu item. By default, the LV Encryption is disabled. To enable encryption during the overwrite installation, choose the option 1 to toggle the LV Encryption menu to Yes.

The following screen is displayed when you toggle LV Encryption menu to Yes:

          Select LVs for Encryption

Type the number of your choice and press Enter.

Available PKS Slots:  19
1. hd4         /........................................... Yes
2. hd2         /usr........................................ No
3. hd9var      /var........................................ Yes
4. hd3         /tmp........................................ No
5. hd1         /home....................................... Yes
6. hd10opt     /opt ....................................... No
7. hd11admin   /admin...................................... No
8. dumplv      Dump device................................. No
9. hd6         Paging device............................... no
10.livedump    Livedump device............................. no


>>> 0   Return to security model options.

    88  Help ?
    99  Previous Menu

>>> Choice [0]:

To enable or disable the LV Encryption, type the number of your choice, and press Enter. The LVs that are set to Yes in the Select LVs for Encryption screen are the default LVs that will be encrypted.

Preservation and migration installation

For preservation and migration installation, under the Security Model menu, LV Encryption is the second menu item. By default, the LV Encryption is in Preserve mode.

The following values are the valid values for LV Encryption in preservation and migration installation:
  • Preserve: The Preserve mode retains the previous LV encryption state for all the LVs. This mode is the default mode for LV encryption.
  • No: The No mode disables LV encryption for all the LVs and keeps the LVs plain. When the LV Encryption option is No, all the encrypted LVs are decrypted during the installation operation.
  • Yes: The Yes mode enables LV encryption in the selected LVs. The following screen is displayed when you toggle LV Encryption menu to Yes:
              Select LVs for Encryption

Type the number of your choice and press Enter.

Available PKS Slots:  19
1. hd4         /........................................... Preserve
2. hd2         /usr........................................ Preserve
3. hd9var      /var........................................ Preserve
4. hd3         /tmp........................................ Preserve
5. hd1         /home....................................... Preserve
6. hd10opt     /opt ....................................... Preserve
7. hd11admin   /admin...................................... Preserve
8. dumplv      Dump device................................. Preserve
9. hd6         Paging device............................... Preserve
10.livedump    Livedump device............................. Preserve


>>> 0   Return to security model options.

    88  Help ?
    99  Previous Menu

>>> Choice [0]:
    In the Select LVs for Encryption screen, all the listed LVs can have the following modes:
    • Preserve: Retain the previous state of LV.
    • No: Decrypt the LV if previously encrypted.
    • Yes: Encrypt the LV.

    By default, all the LVs are in Preserve mode. To change the LV Encryption option for an LV to No or Yes, type the number of your choice, and press Enter.

start of changeThe PKS encryption slots are allocated in the following order:
  1. root (hd4)
  2. var (hd9var)
  3. home (hd1)
  4. usr (hd2)
  5. tmp (hd3)
  6. opt (hd10opt)
  7. admin (hd11admin)
  8. dump device (dumplv)
  9. paging device (hd6)
  10. livedump device (livedump)
end of change
Digital Signature Policy
The Digital Signature Policy applies to additional software installation after the operating system installation is complete. This option is offered only for overwrite and preservation installation of the operating system. The Digital Signature Policy is a global setting that is used by the installp command to determine the level of check that must be performed on a digital signature of a software package. Software packages are digitally signed when they are created. The digital signatures of software packages might be checked again before installing software packages to ensure that the software packages are not altered. The Digital Signature Policy option can be set with one of the following values:
  • None- The digital signature is not checked during software package installation.
  • Low- If the digital signature is invalid, a warning message is displayed. However, the software package is installed.
  • Medium- If the digital signature is invalid, you must confirm to proceed with the software package installation.
  • High- If the digital signature is invalid, the software package is not installed.
Secure by Default
The Secure by Default applies only to overwrite installation. The Secure by Default option installs a minimal software, and removes all clear password access such as Telnet and rlogin. Secure by Default also applies the AIX Security Expert high-security settings. The Secure by Default option requires direct-connect access to the system, such as terminal type (tty), or direct-connect display, or a secure means of remote access such as ssh or IPsec Virtual Private Network. For more information about Secure by Default option or AIX Security Expert, see Security.

The following options are available under the More Options field:

Desktop
The Desktop option is a choice only with graphical consoles. The default option is CDE for new and complete overwrite installations. If you select NONE, a minimal configuration is installed including X11, Java™, perl, SMIT (if Graphics Software is selected).

If you select GNOME or KDE, the BOS installation process prompts you for the AIX Toolbox for Linux® Applications media. If this media is not available, you can type q to continue the installation without the AIX Toolbox for Linux Applications media. You can select additional desktops from the Install More Software menu.

Import User Volume Groups
The Import User Volume Groups option applies to migration installation and preservation installation. After the installation is complete, you can retain the user volume groups that were imported. These volume groups can be manually imported later.
Graphics Software
The Graphics Software option applies to the new and complete overwrite installation, and the preservation installation. The Graphics Software option installs graphics software support.
System Management Client Software
The System Management Client Software option installs Java, service agent software, and Power Systems server Console runtime software.
TCP/IP ftp and telnet Software
The TCP/IP ftp and telnet Software option applies to the new and complete overwrite installation, and the preservation installation. To install the bos.net.tcp.ftp, bos.net.tcp.ftpd, bos.net.tcp.telnet, and bos.net.tcp.telnetd filesets, set the TCP/IP ftp and telnet Software option as Yes.
Enable System Backups
If you select Enable System Backups to install any system, all devices are installed so that a system backup can be installed on a different system. For more information about installing a system backup to a different system, see Cloning a system backup.
Install More Software
The Install More Software option applies to the new and complete overwrite installation method, and the preservation installation method. Select Install More Software to choose additional software to install after the BOS installation process finishes. A software bundle file corresponds to each selection that contains the required packages and filesets. The following software bundles are available:
	                     Install More Software                         
                                                                           
 1. Kerberos_5 (Expansion Pack)....................................... No 
 2. Server  (Volume 2)................................................ No 
 3. GNOME Desktop (Toolbox for Linux Applications).................... No 
 4. KDE Desktop (Toolbox for Linux Applications)...................... No 
                                                                          
                                                                          
>>> 0  Install with the current settings listed above.                    
                                                                          
    88  Help ?                                                            
    99  Previous Menu                                                     
                                                                          
>>> Choice [0]:
The new and complete overwrite installation options (with no security models) are similar to the following screen:
                     Install Options                               
                                                                             
 1.  Desktop..................................................... NONE, CDE, KDE, GNOME   
 2.  Graphics Software......................................................... Yes
 3.  System Management Client Software......................................... Yes
 4.  TCP/IP ftp and telnet Software............................................ No
 5.  Enable System Backups to install any system............................... Yes
     (Installs all devices)

>>> 7.  Install More Software

    0  Install with the current settings listed above.

    88  Help ?
    99  Previous Menu

>>> Choice [7]:
The migration installation options are similar to the following screen: 
                     Install Options                                  

 1.  Enable System Backups to install any system...................... Yes
     (Installs all devices)
 2.  Import User Volume Groups........................................ Yes
  

>>> 0  Install with the current settings listed above.

    88  Help ?
    99  Previous Menu

>>> Choice [0]:
Select Edition
Type the number of the Select Edition option to toggle through the edition types standard, enterprise, or private_cloud. The edition selection defines the signature file that is copied to the /usr/lib/bos/swidtag directory. The signature file is used by the IBM License Metric Tool to facilitate licensing compliance.