AIX 7.3.2 Release Notes
Review the changes and issues for IBM® AIX® 7.3.2.
Read before installing
Before you use this software, you must go to the Fix Central website and install the latest available fixes that address security vulnerabilities and other critical issues.
The installation hints and tips are available at the AIX Installation tips article.
Software license agreements
In some instances, the software license agreements (SLA) might not be displayed correctly. In this event, the license agreements can be viewed for all languages at the Software license agreements website.
Software maintenance agreement
In AIX 7.3, a separate software maintenance agreement (SWMA) acceptance window displays during installation immediately after the license acceptance window. The response to the SWMA acceptance (accept or decline) is stored on the system, and either response allows the installation to proceed, unlike license acceptance, which requires you to accept to proceed.
The SWMA acceptance window is displayed during a new overwrite or preservation installation from base DVD media.
For NIM installations, if licenses are accepted either from the choices that are made when you
initialize the installation, or by using the
ACCEPT_LICENSES field in a customized
bosinst.data file, SWMA acceptance is constituted.
AIX Software Maintenance (SWMA) update access key
IBM Power10 processor-based servers, or later, include technology that helps you keep your Software Maintenance Agreements (SWMA) current so that you can apply AIX updates and receive support from IBM. The server uses an AIX update access key (UAK) that indicates the expiration date of the associated AIX SWMA agreement for the server and provides notification of SWMA expiration to ensure continued and uninterrupted software support. For more information about AIX UAKs, see the AIX update access key topic. You can find additional information in the Management of AIX Update Access Keys support article.
Fixes and problem-solving databases
You can download AIX fixes and search technical databases (including APARS and tips for AIX administrators) at the Fix Central website.
Security subscription services are available at the My notifications website.
After you subscribe to the AIX security advisories, you will receive the advisories by email when they are published.
AIX 7.3, and later includes support for enhancing AIX software with mitigation against speculative-execution vulnerabilities. AIX applications and kernel extensions can use the new cpu_context_barrier and cpu_speculation_barrier services to protect against attacks from untrusted sources. For more information about these services, view their description on the IBM Docs for AIX Technical Reference.
Review the following information to determine the minimum and recommended system requirements that are needed to run AIX 7.3.2.
Only 64-bit Common Hardware Reference Platform (CHRP) machines that are running selected POWER8, POWER9, and Power10 processors in POWER8, or later, processor compatibility mode that implement the Power Architecture® Platform Requirements (PAPR) are supported.
prtconf | grep 'Processor Type'
I/O devices IPL limitation
Because of a limitation on the firmware memory size, only I/O devices in the first 144 I/O slots that are assigned to a logical partition or single system image partition can be used as an IPL (boot) source.
- Select .
- Click the Bus column to sort the I/O devices in ascending order.
The first 144 I/O devices in the sorted list are in the bootable adapter slots.
If you are using a partition or single-system image partition with more than 144 assigned I/O slots, the following scenarios and their results and resolutions are possible.
|Attempting to boot from a device beyond the first 144 I/O slots for installation or diagnostic purposes.||The device is not selectable as a boot source from the SMS menus.||Use a device in the first 144 I/O slots.|
|Booting from a device in the first 144 I/O slots, and then attempt to select a target installation device in a slot beyond the first 144 I/O slots.||The boot succeeds to the installation menus, but devices beyond the first 144 I/O slots are not listed as bootable installation targets in the AIX menus.||Select a device that is available and marked as bootable.|
|Using an MPIO configuration where one adapter is in the first 144 I/O slots and another adapter is in a slot beyond the first 144 I/O slots. Both adapters are present at boot time.||The boot succeeds to the installation menus, and the device is listed as
bootable in the AIX installation menus. The installation
proceeds, but it fails with the bootlist command failure
||Use a device in the first 144 I/O slots for all paths.|
|Using DLPAR to add an adapter in a slot beyond the first 144 I/O slots, and then attempting to run the alt_disk_install command for the newly added device.||The device is not listed as bootable.||Use a device in the first 144 I/O slots.|
|Using DLPAR to add an adapter in a slot beyond the first 144 I/O slots, and by using the bootlist command to add the device as a bootable device (for example, by dynamically adding a redundant path to a current boot device or setting up for a network boot). Then removing the original adapter and rebooting.||The bootlist command succeeds, but the boot fails from the specified device, and AIX does not receive control.||Use a device in the first 144 I/O slots.|
|Using DLPAR to add an adapter whose probe order makes it displace a current bootable device, and then rebooting.||The boot fails, and AIX does not receive control.||Move the boot device to one of the first 144 I/O slots or remove the previously added device.|
|Selecting a device in a slot beyond the first 144 I/O slots as a dump device for a firmware-assisted dump.||The sysdumpdev command does not allow devices in slots beyond the first 144 I/O slots to be selected as firmware-assisted dump storage devices. An error occurs during the firmware-assisted dump configuration, and a traditional AIX dump automatically becomes available.||Use a device in the first 144 I/O slots for firmware-assisted dumps.|
|Using DLPAR to add an adapter whose probe order will make it displace a currently valid firmware-assisted dump target device, and then rebooting after the dump.||The firmware-assisted dump process fails during the boot process and displays an error message. The traditional AIX dump still runs to retrieve the dump image.||Avoid displacing the selected firmware-assisted dump target device or reconfiguring the sysdumpdev command for the firmware-assisted selection of the dump target device, and specify a device within the first 144 I/O slots.|
|Using DLPAR to add an adapter whose probe order makes it displace a currently valid firmware-assisted dump target device, and then rebooting.||The sysdumpdev command does not allow devices in slots beyond the first 144 I/O slots to be selected as firmware-assisted dump storage devices. An error occurs during the firmware-assisted dump configuration, and a traditional AIX dump automatically becomes available.||Use a device in the first 144 I/O slots for firmware-assisted dumps.|
AIX 7.3.2 minimum current memory requirements vary, based on the configuration.
A minimum current memory requirement for AIX 7.3.2 is 2 GB.
AIX 7.3.2 requires the minimum current memory requirement to increase as the maximum memory configuration or the number of devices scales upward, or both. Larger maximum memory configurations, LMB sizes, or extra devices scale up the minimum current memory requirement. If the minimum memory requirement is not increased along with the maximum memory configuration, the partition hangs during the initial program load (IPL).
Paging space requirements
AIX 7.3, and later creates a 512 MB paging space (in the /dev/hd6 directory) for all new and complete overwrite installations.
Boot logical volume size requirement
Starting with AIX 7.3, the minimum size of the boot logical volume (hd5) is 40 MB.
The installation operation, which includes the operating system overwrite installation, operating system preservation installation, and operating system migration installation, create or increase the size of the hd5 logical volume to a minimum of 40 MB.
Before you migrate an operating system, run the pre-migration script that is available in the usr/lpp/bos directory, in your media, or in your NIM Shared Product Object Tree (SPOT). The pre-migration script checks whether the size of the hd5 boot logical volume is at least 40 MB. If the size of the hd5 logical volume does not meet the requirements, the pre-migration script checks whether the required free partitions are available. The partitions that are allocated for the hd5 boot logical volume must be contiguous and must be located within the first 4 GB space of the disk.
AIX 7.3, and later, requires a minimum of 20 GB of physical disk space for a default installation that includes all devices, the Graphics bundle, and the System Management Client bundle.
|File system||Allocated (Used)|
|/||128 MB (51 MB)|
|/usr||2368 MB (2123 MB)|
|/var||192 MB (39 MB)|
|/tmp||128 MB (2 MB)|
|/admin||128 MB (1 MB)|
|/opt||64 MB (18 MB)|
|/var/adm/ras/livedump||256 MB (1 MB)|
- If the /tmp directory has less than 64 MB, it is increased to 64 MB during a migration installation so that the AIX 7.3.2 boot image is successfully created at the end of the migration.
Format the SAS disk properly before you install the AIX operating system on it. The AIX operating system requires the disk to be formatted to a sector size supported by the attached SAS controller. All AIX SAS controllers support 512-byte sector SAS disks. The 522-byte sector SAS disks are supported only when they are attached to SAS RAID controllers. If the disk is formatted for SAS RAID, but is not attached to a SAS RAID controller, the disk might not configure. If the disk does configure, it might be unreadable in the AIX environment. In some instances, the certify function and the format function in AIX diagnostics can be used to reformat the disk for the attached SAS controller.
If any existing file system has a mount point in the /opt directory, or a mount point of /opt itself, the new logical volume, and file system are not created.
The AIX_FCPARRAY driver is not supported in AIX 7.3, and later. Before you migrate to AIX 7.3, or later, you must use the manage_disk_drivers command to convert any FCP array disks from the AIX_FCPARRAY driver to the AIX_AAPCM driver. The AIX_AAPCM driver supports Multipath I/O (MPIO) devices.
Serial Attached SCSI (SAS) RAID controllers and Fibre Channel controllers support attached arrays and disks with capacities, which exceed 2 TB. The maximum supported capacity (beyond 2 TB) is limited by either the attached storage subsystem or the higher-level logical storage management.
For more information about SAS RAID controllers, see the SAS RAID controller for AIX topic.
For more information about AIX capacity limitations for logical storage, see the Limitations for logical storage management topic.
File system and file size capacity limitations
For AIX 7.3, and later, the qualified and supported maximum capacity of the Enhanced Journaled File System (JFS2) file and file system is 128 TB.
For AIX 7.3.1, and later, the network file system (NFS) client supports file sizes that are greater than 16 TB. The current tested and supported maximum file size is 256 TB. For improved performance, use the NFS direct I/O (DIO) option with very large files.
File system and logical volume manager updates
- Larger maximum memory configurations
- The mkvg command by default creates a scalable type of volume group that can accommodate up to 1024 physical volumes, 256 logical volumes, and 32768 physical partitions. Use the -a flag in the mkvg command to create a small volume group type that can accommodate up to 32 physical volumes and 255 logical volumes.
- The mkvg command by default enables the data encryption in the volume group.
- The mklv command by default creates a
jfs2type logical volume.
- The mklv command by default creates a logical volume with passive mirror write consistency as the default mirror write consistency policy for large type and scalable type of volume groups.
- The crfs command by default creates a file system with INLINE log device.
File extension update
Starting with AIX 7.3, the default file name extension is changed from .Z to .gz for the pax file that is compressed by using the snap command. The snap.pax.gz file is the default pax file that is compressed by using the snap command.
- Uses SSHA-256 as the default password algorithm for overwrite and migration installation. The passwords in the SSHA-256 algorithm can contain up to 255 characters for the default AIX configuration.
- Enables UNIX® password compatibility by default for overwrite and migration installation.
- Sets the permission for new users on the default home directory to 750 for overwrite and migration installation.
- Supports longer usernames for overwrite installation, by default.
- Removes the deprecated LDAP cache timeout functionality for overwrite installation.
- Strengthens the user default password policy with the latest security industry standards for overwrite installation.
- Strengthens security of AIXPert default password policy with the latest industry standards for overwrite installation.
- Enables the sendmail application to support Simple Authentication and Security Layer (SASL) based authentication.
- Encrypts the physical volume that uses the small computer systems Interconnect® (SCSI) protocol. You can use the hdcryptmgr command to manage encryption of physical volumes.
- Supports IBM Cloud® Hyper Protect Crypto Services (HPCS) for encryption in logical volumes and physical volumes.
Active Memory Expansion (AME)
AME on AIX now has a default page size of 64 KB on Power10 processor-based systems.
AIX MPIO default settings updates
- The reserve_policy attribute value is changed to
- The algorithm attribute value is changed to
- The queue_depth attribute value is changed to 64 for the IBM DS8000 family and 32 for the IBM SAN Volume Controller or IBM Flash Systems family.
VPM throughput mode updates for Power10
When Power10 systems run in shared processor mode, the default value of the throughput mode for the virtual processor management (VPM) is 2. When you migrate the system to or from a Power10 system, and later, the AIX operating system automatically changes the default value of the throughput mode for the VPM. During boot operation, the AIX operating system selects the default value of the vpm_throughput_mode tunable parameter of the schedo command based on the type of server on which the LPAR is running. The value of the vpm_throughput_mode tunable parameter that is selected by the AIX operating system is preserved and used on the destination server.
Starting with AIX 7.3 Technology Level 2, the default value of the vpm_throughput_mode tunable parameter of the schedo command is selected based on the destination server. If the value of the vpm_throughput_mode tunable parameter is modified at the source server, the same value is preserved at the destination server.
On Power10 systems, you can switch to the recommended value of 2 for the vpm_throughput_mode tunable parameter by using the following command:
schedo -d vpm_throughput_mode
This section contains information about installing AIX 7.3, and later, that supplements the information that is contained in the Installation and Migration topic.
Installing AIX 7.3.2
- Complete overwrite installation
- Preservation installation
- Migration installation
- OpenSSH client and OpenSSH server filesets are installed by default for overwrite, preservation, and migration installations. Any bos.net.tcp filesets that are available on your system before migration remains on your system after migration, and those filesets will be upgraded to the newer levels.
- The bos.net.tcp.bind and bos.net.tcp.bind_utils filesets of AIX 7.3.0 are replaced by the bind.rte fileset. The bind.rte fileset is not installed by default.
A new bundle offering is available to install the following filesets that are not installed by default: bos.net.tcp.ftp, bos.net.tcp.ftpd, bos.net.tcp.telnet, and bos.net.tcp.telnetd.
# installp -e /tmp/install.log -aXd software_source bos.dsc
If you use the base media to update, some ODM settings (such as SRC subsystems settings) might be lost. If you use base media, or a software source that is created from base media, for an update_all operation, previous history of your software installation is removed. The history of the fileset installations is reset when a base image is installed. The history is maintained when service updates are used for an update_all operation.
The minimum size of the boot logical volume is 40 MB. If your current boot logical volume is
lesser than this value, the installation process tries to increase it. However, partitions in a boot
logical volume must be contiguous, and within the first 4 GB on the disk. If your system does not
have free space that meets these requirements, a message indicates that the system does not have
enough space to expand
hd5 (the boot logical volume).
To install AIX 7.3.2, follow the instructions in the Installing the base operating system topic.
Logical Volume encryption enhancements
Starting with AIX 7.3, encryption is enabled on the root volume group for new and complete overwrite installation. You can select the logical volumes that must be encrypted in the Base Operating System Install menus, or by using a bosinst_data resource for network installation.
You can select the following logical volumes to be encrypted during the installation: hd2 (/usr), hd9var (/var), hd3 (/tmp), hd1 (/home), hd10opt (/opt), hd11admin (/admin), dumplv (lg_dumplv). For more information, see BOS installation options.
All logical volumes that are encrypted during the operating system installation are initialized with the Platform keystore (PKS) authentication method. You are prompted to add a passphrase recovery method after the system starts. You can add other encryption key-protection methods to the logical volumes, but you must have the PKS method on logical volumes that are created during the installation. For more information, see Encrypted logical volumes.
- Hardware requirement
- POWER9 and later processor-based systems
- For installations that use mksysb images, alt_disk_copy and alt_disk_mksysb commands, PKS and passphrase authentication methods are created again automatically. Any other encryption methods that were present must be created again by the system administrator.
- You can restore an encrypted data volume group or user volume group by using the restvg command or SMIT on the target system. You cannot restore an encrypted data volume group or user volume group by using NIM.
- The multibos command is not supported on a system that contains encrypted logical volumes.
Security model updates in AIX 7.3.2
- Trusted AIX
- Trusted AIX LAS/EAL4+ Configuration Install
- BAS and EAL4+ Configuration Install
Installing AIX by using a USB flash drive
AIX 7.3, and later, supports
installation by using a USB flash drive on POWER8 systems,
and later. A USB flash drive that contains an AIX installation
image can be created by first downloading the AIX installation
image from the IBM Entitled System Support website. A
single volume installation image of AIX
7.3.2 is made available on the IBM Entitled System
Support website for writing to USB flash memory. After downloading the AIX installation image, the image can be written to a USB flash drive. IBM recommends that you use a recently manufactured USB flash
drive. The minimum capacity requirement of the USB flash drive for AIX installation is 16 GB. On an AIX or a Linux® based system, the image can be written to a USB flash
drive by using the
$ dd if=/dev/cd0 of=/dev/usbms0 bs=4k
Comparable commands exist on Windows™-based machines for writing the installation image to a USB flash drive.
bootlistcommand can recognize the USB flash drive (usbmsX) as a bootable device if the USB flash drive was present during IPL of the AIX partition. On POWER8 systems, and later, the SMS menus can always be used to assign the USB flash drive as the boot source.
AIX and IBM Power Systems USB implementation is compliant with relevant USB standards. In the unlikely event when a USB flash drive is not properly recognized by AIX, IBM recommends that you use a different brand of device.
NIM installations with updated LPP_SOURCE
- When you run the lsnim command operation on the SPOT, the output shows
missing images, similar to the following example
missing = "network boot image" missing = bos.net.nfs.client missing = bos.net.tcp.bootp
- You might see errors with regards to space or
chfsin the SPOT log file.
If any of these symptoms occur, remove the incomplete SPOT, increase the space in the file system, and re-create the SPOT.
NIM installations by using an LPP_SOURCE directory that contains base images from a prior release and that contains updates to the current release require that you use an image_data resource during operating system installations.
When you use an LPP_SOURCE directory that contains base images from a prior release and updates to the current release, create a image_data resource to use for any operating system installations. The SPOT must be updated with the updates that are added to the LPP_SOURCE directory, or a new SPOT must be created. In that SPOT, copy the image.template file that is found at SPOT_LOCATION/lpp/bosinst/image.template to a new location outside of the SPOT. Create a NIM image_data resource that points to that location. Use that NIM image_data resource for all operating system installations.
Certain file systems might grow in size, and the default image.data file that is used during an operating system installation comes from the BOS image in your LPP_SOURCE directory, which is the prior release image.data file.
installp: APPLYING software for: bos.net.tcp.sendmail 188.8.131.52 Successfully updated the Kernel Authorization Table. Successfully updated the Kernel Role Table. Successfully updated the Kernel Command Table. Successfully updated the Kernel Device Table. Successfully updated the Kernel Object Domain Table. Successfully updated the Kernel Domains Table. Successfully updated the Kernel RBAC log level. Successfully updated the Kernel Authorization Table. Successfully updated the Kernel Role Table. Successfully updated the Kernel Command Table. Successfully updated the Kernel Device Table. Successfully updated the Kernel Object Domain Table. Successfully updated the Kernel Domains Table. Successfully updated the Kernel RBAC log level. exec(): 0509-036 Cannot load program /usr/sbin/sendmail because of the following errors: 0509-022 Cannot load module /usr/lib/sasl/libntlm.so(shr.o). 0509-150 Dependent module libcrypto_compat.a(libcrypto.so) could not be loaded. 0509-022 Cannot load module libcrypto_compat.a(libcrypto.so). 0509-026 System error: A file or directory in the path name does not exist.
After installation of bos.net.tcp.sendmail fileset for AIX version 184.108.40.206, if the bos.net.tcp.sendmail fileset is updated to a later version during the OS installation operation, all the errors are resolved.
Network Installation Management
Network Installation Management (NIM) includes a readme file that is installed with the NIM Master bos.sysmgt.nim.master fileset. The path name of the file is /usr/lpp/bos.sysmgt/nim/README.
AIX mksysb image and DVD
In AIX 7.3, and later, you can continue to use DVD media to write and restore the mksysb image. However, based on the broader industry trends, the AIX operating system has reduced emphasis on DVD as a core technology for the backup and restore operations of the mksysb image. If you rely only on DVD mksysb image, you are encouraged to explore alternative methods of using mksysb image capabilities.
AIX cloud-ready images
In addition to installation images, cloud-ready images are available in
format that can be readily deployed with PowerVC. These images contain a default AIX base media installation configuration that includes the cloud-init software
package and its dependencies.
Starting with AIX 7.3, the cloud-ready images in
qcow2 format are no longer available.
Java Technology Edition
IBM software development kit (SDK) and Java™ Runtime Environment (JRE) for AIX, Java
Technology Edition is released in JavaV.x
filesets, where V represents the version of Java, such as Java 8, and x is the
individual fileset, such as
|Java Version||Base media DVD1||Base media DVD2||Expansion pack|
|Java Version 6 (32 bit)||None||None||None|
|Java Version 6 (64 bit)||None||None||None|
|Java Version 7 (32 bit)||None||None||All|
|Java Version 7 (64 bit)||
|Java Version 7.1 (32 bit)||None||None||None|
|Java Version 7.1 (64 bit)||None||None||None|
|Java Version 8 (32 bit)||None||None||All|
|Java Version 8 (64 bit)||All except non-Japanese message filesets||Remaining message filesets||None|
Only Java Version 8, 64-bit, is installed for new overwrite
or preservation operating system installation. For these installations, the PATH
variable in the /etc/environment file points to
you perform an operating system migration to AIX
7.3, or later, all previous levels of Java remain on
the system, and the /etc/environment
PATH variable is not changed. Later, if you remove the previous levels of Java (Java Version 6 and Java Version 7), then you must change the
PATH variable to point to
It is recommended to use
java8_64. There is no support for security
vulnerabilities in Java Version 6.
To check whether a more recent service refresh is available for a version of Java, see the AIX Download and service information website.
- Python 3.9 64-bit binary distribution (installed by default)
- Python 3.9 64-bit self-test suite
- Bash shell (installed by default). For more information about local support, see the Bash Locale Support technote.
- Parallel implementation of GZIP (installed by default)
- BIND 9.16 Domain Name System support for the AIX operating system
Starting with AIX version 7.3, Technology Level 1, the bos.net.tcp.bind and bos.net.tcp.bind_utils filesets are replaced by the bind.rte fileset. The bind.rte fileset is not installed by default.
Starting with AIX 7.3, the bos.net.tcp.ntp and bos.net.tcp.ntpd filesets are replaced by the ntp.rte fileset that is installed by default.
Starting with AIX 7.3, the zlibNX accelerated zlib compression library is moved from the expansion pack to the base media and the compression library is installed by default. The bos.perf.pmaix package is no longer part of the AIX operating system.
bos.net.tcp.*filesets are shipped as individual images, instead of including them with the
bos.netimage. You can now remove unwanted filesets from a NIM installation that uses an
The core code for each original fileset is in the bos.net.tcp.client_core and bos.net.tcp.server_core filesets. Requisites for software that is shipped with the AIX operating system (the bos.net.tcp.client and bos.net.tcp.server filesets) are changed to the bos.net.tcp.client_core and bos.net.tcp.server_core filesets. Additional requisites are added to the other new fileset as needed.
The original filesets still exist to satisfy any requisites from other software. The original filesets have requisites to all the new filesets to ensure that all the requirements are met.
To remove any of the new filesets, you must first remove either the bos.net.tcp.client fileset or the bos.net.tcp.server fileset. To remove the bos.net.tcp.client fileset, the bos.net.tcp.server fileset, or a new fileset, run the lslpp -d fileset_name command. If no other software has requisites to the fileset that you want to remove, the removal is possible.
During an operating system migration, code changes occur, so that all the system configuration and user configurable files, which were owned by the bos.net.tcp.client and bos.net.tcp.server filesets, are merged by the new filesets that now own the files.
The list of new filesets follows:
The encoded software in the bos.net.uucp fileset moved to the bos.net.uucode fileset.
You can migrate your operating system version to AIX 7.3.2 from any prior version.release of the AIX operating system, on a system that supports AIX 7.3.2 boot. Installing any new level of AIX requires more disk space than previous levels. Verify that you have enough free space in the file systems, or that you have free partitions in the rootvg. Migrating requires slightly more free space than a basic installation.
If you are using a NIM
lpp_source created with a prior level base media and
later levels of updates that are added, you must initially create the
with the base media at the same release date or later than the level of AIX 5.3, AIX 6.1, or AIX 7.1 that you are migrating from. The last 4 digits of the output of the
oslevel -s command represent the year and week of the service pack currently
ioo -p -o j2_inodeCacheSize=400 -o j2_metadataCacheSize=400
If the issues are not fixed after you change the values for the j2_inodeCacheSize and the j2_metadataCacheSize tunable parameters, you can contact IBM Support.
IBM License Metric Tool
The IBM License Metric Tool version 7.3 is no longer supported. To learn more about the replacement version of IBM License Metric Tool Version 9.x, go to IBM License Metric Tool 9.2.
IBM PowerSC Trusted Surveyor
IBM PowerSC Trusted Surveyor is not supported in AIX 7.3, and later. If you are migrating to AIX 7.3, or later, you must remove the powersc.ts fileset before you start the migration process. If you have WPARs that you are migrating, you must verify that the powersc.ts fileset is not installed on the WPARs.
Reliable Scalable Cluster Technology (RSCT)
When you upgrade to AIX 7.3, or later, RSCT Version 220.127.116.11 is installed and replaces the previous version of RSCT. For more information about RSCT, see the IBM Docs for RSCT 3.3.
AIX 7.3 (and later) and RSCT Version 18.104.22.168 no longer support the Virtual Shared Disk (VSD) and low-level application programming interface (LAPI) products. If these products are already installed from an older code level, both the rsct.vsd and rsct.lapi.rte filesets must be removed before migrating to AIX 7.3, or later. If you have third-party products that use VSD, you must review the current Spectrum Scale product offerings for a replacement.
The filesets that end with
.sp are no longer used by any products currently. If
you still have these filesets that are installed at any supported AIX version, you can uninstall them whenever convenient. The filesets that end with
.hacmp are still needed by some products at older AIX versions, but no longer required in AIX 7.3, and later. If you still have these
filesets that are installed after you migrate to AIX 7.3, or later, you can then remove them
The dsm.core fileset ships a /etc/ibm/sysmgt/dsm/overrides/dsm.properties file that allows you to override SSH configuration. If this file was modified, the file needs to be backed up manually before an update or a migration, as it is overwritten.
If you migrate any previous version of the AIX Common Operating System Image (COSI) and associated AIX Thin Servers to the AIX 7.3 (or later), it is recommended that you delete any dump device that is associated with the migrated Thin Servers and re-create the Thin Servers.
Also, you must install the devices.tmiscsw.rte fileset on the NIM master for the AIX 7.3 Thin Server to create a dump device. The devices.tmiscsw.rte fileset is available in the AIX Expansion Pack.
IBM Subsystem Device Driver
AIX Version 7.3, and later, does not support the IBM Subsystem Device Driver (SDD) for IBM TotalStorage Enterprise Storage Server®, the IBM TotalStorage DS family, and the IBM System Storage SAN Volume Controller. If you are using SDD, you must move to Subsystem Device Driver Path Control Module (SDDPCM) or AIX Path Control Module (PCM) for the multipath support on AIX for IBM SAN storage. SDD to SDDPCM migration scripts are available to help you with the transition.
Contact IBM storage technical support to request access to the migration scripts.
For more information about the available Multipath I/O solutions and supported AIX versions for IBM SAN storage products, see the IBM System Storage Interoperation Center (SSIC) website.
IBM Db2® Version 11.1 with FP5 is available on the AIX base media. You can upgrade your Db2 environment from Db2 Version 10.5, 10.1, or 9.7 to Db2 Version 11.1. For more information about upgrading to Db2 Version 11.1, see the Upgrade to Db2 Version 11.1 topic.
This section contains information about configuring the AIX operating system.
Dynamic attribute update
When you change a device attribute while the device is in the open state, the device attribute changes dynamically. In the AIX operating system, you can change specific device attributes while the device is in the open state by running the chdev command with the -U flag. Some of the device attributes in AIX 7.3, and later, that support dynamic change are as follows:
- queue_depth attribute for MPIO disk devices
- rw_timeout attribute for Serial Attached SCSI (SAS) Fibre Channel and iSCSI disk
- num_cmd_elems attribute for Fibre Channel adapter protocol devices
Dynamic network options
You can adjust the protocol stack of your unique networking environment by using the AIX networking options. You can now use the no command to dynamically configure the following TCP retransmission timeout values:
AIX 7.3, and later, supports scheduling periodic diagnostics multiple times a day instead of only once per day. To schedule periodic diagnostics multiple times a day, run the diag command and select and specify a time interval between each test.
AIX 7.3, and later, supports formatting and certifying up to 10 disks in parallel instead of a single at a time. To format or certify multiple disks, run the diag command and from the Task Selection menu, select Certify Media in Parallel or Format Media in Parallel. All eligible resources are displayed in a list. You can select up to 10 disks from the list. The status of the operation is updated every 5 seconds. The time the operation takes to complete for each disk is based on various factors such as disk type, size, and speed.
The usage of the trace facility is now limited to the root user by default.
Updates in Korn shell
AIX 7.3, and later, updated the Enhanced Korn shell (ksh93) from the t version to the u+ version. Applications that rely on the specific exit values for the shell (instead of 0 or nonzero) might not be compatible with the u+ version of the ksh93 shell. The exit status of the ksh93 shell is modified to align with the ksh93 community. For compatibility with earlier versions of AIX, the default shell remains ksh (also known as ksh88). The ksh shell is not enhanced for any new functions or performance. However, if feasible, support is provided to address any critical security vulnerabilities. The users of the ksh shell must consider to use the ksh93 shell. In AIX 7.3.2, the bash shell is also available. A future AIX update might replace the default AIX shell with the ksh93 shell.
Collecting processor frequency and EnergyScale information
You can use the lparstat -E 1 command to report the calculated processor frequency per logical partition. You can use the mpstat -E 1 command to report the calculated processor frequency per virtual processor. AIX 7.3, and later, enhances the pmcycles -M command to report the measured processor frequency. AIX 7.3 (and later) also supports collection of EnergyScale power and performance mode and processor frequency information on Power10 processor-based servers, and later, by using the lparstat -N command.
Updates in getcwd and getwd subroutines
Starting with AIX 7.3, Technology Level 2, getcwd and getwd subroutines use a caching algorithm to retrieve the path name of the current working directory. To disable the caching operation, set the environment parameter AIX_CWD_CACHE to OFF.
Limitations and Restrictions
This section lists restrictions and limitations that apply to AIX 7.3, and later.
Limitations with Java8.jre 22.214.171.1245
When you migrate from AIX 7.2 to AIX 7.3, or later, if the logical partition has Java 8 32-bit SR6FP35 (VRMF 126.96.36.1995) installed, you must upgrade the Java version to a later level that can be downloaded from the Java SDK on AIX page. Java 8 32-bit SR6FP35 (VRMF 188.8.131.525) might not load properly on AIX 7.3 (or later).
If a newer version of Java is not available, Java 8 32-bit SR6FP30 (VRMF 184.108.40.2060) images are provided on AIX 7.3.2 Expansion pack. You can force-install this Java image to revert to an earlier version that does not have any loading issues.
Upgrading IBM Security Verify Directory
Starting with AIX 7.3 Technology Level 2, IBM Security Directory Server (ISDS) is upgraded and is renamed as IBM Security Verify Directory (ISVD). The fileset for ISDS Version 220.127.116.11 is upgraded to ISVD Version 10.0.0.1. The fileset version and the name change for the directory have no impact on how the ISVD functions. The ISVD Version 10.0.0.1 fileset is shipped with AIX 7.3 Technology Level 2 and AIX 7.2 Technology Level 5 base packs. The AIX 7.3 with Technology Level 2 base pack also includes the latest and stable Lightweight Directory Access Protocol (LDAP) filesets that provide fixes for the earlier issues.
OpenSSL version 3.0
Starting with AIX 7.3 Technology Level 1, Open Source Secure Sockets Layer (OpenSSL) is updated from version 1.0.2 to 3.0.7. As a result of new updates in AIX 7.3 Technology Level 1, a few APIs are deprecated, weak ciphers are removed, support for Transport Layer Security (TLS) version 1.3 is introduced, and provider concepts are introduced.
Starting with AIX 7.3 Technology Level 2, the OpenSSL version is updated to 18.104.22.1681. The OpenSSL version 22.214.171.1241 contains performance optimization for Advanced Encryption Standard (AES) with Galois/Counter Mode (AES-GCM) cipher and ChaCha20 stream cipher on Power10 systems.
The new symbols that are introduced in the OpenSSL 3.0 configuration file are stored in the /var/ssl/openssl.cnf file. It is recommended to backup and save the changes in the old configuration file because the old OpenSSL configuration file is not retained for the use.
openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1
For more information about updates between OpenSSL 1.0.2 and OpenSSL 3.0, see the community migration guide (https://www.openssl.org/docs/man3.0/man7/migration_guide.html).
To raise any queries, see IBM AIX support website.
OpenSSH Version 8.1p1
- The OpenSSH fileset includes the patch for GSSAPI Key Exchange feature.
- The OpenSSH fileset is compiled with OpenSSL 1.0.2u version.
- All the vulnerabilities reported in the higher version of OpenSSH (including the 8.7p1 release) are back ported to this fileset.
OpenSSH 6.0p1 with VRMF 126.96.36.19904, or earlier, OpenSSH 7.1p1 with VRMF 188.8.131.520, or earlier, and OpenSSH 7.5p1 with VRMF 184.108.40.2060 or earlier are no longer supported. To download the latest version of the OpenSSH fileset, go to the AIX Web Download Pack Programs website.
AIX 7.3, and later, includes OpenSSH as part of the minimal AIX installation.
GSKit version requirement for NIST compliance
GSKit version 220.127.116.11 is provided on the AIX 7.3 Expansion Pack media.
Use GSKit version 18.104.22.168, or later, when you use IP Security with Rivest-Shamir-Adleman (RSA) key lengths that are greater than 2048 bits. The minimum RSA key length of 2048 bits is a requirement for complying with the National Institute of Standards and Technology (NIST) standard as defined in Special Publication 800-131A. When you generate certificates for IP security (IPsec), consider the requirements that are listed in Installing the IP security feature.
The previous version of Perl was upgraded to Perl Version 22.214.171.124. Perl is a separate 3rd-party open source package that is not owned by IBM. The Perl package might not preserve full compatibility across all versions. If you are moving Perl scripts to version 126.96.36.199, you must complete an evaluation of the scripts to verify that they continue to work as expected. For more information about Perl, see the Perl Programming Documentation website.
RPM package manager (RPM)
Starting with AIX 7.3 Technology level 2, the RPM version
is upgraded to 4.18.1. The RPM version 4.18.1 uses
sqlite3 library package as a
database backend instead of the
db library package and is built with OpenSSL
nspr library packages. The
db library packages are removed
from the AIX base image as these library packages were used
internally and are no longer needed. You can get the
db library packages from the AIX toolbox if required.
DBX and IBM OpenXL C/C++ compiler
The DBX debugger utility is not compatible with IBM OpenXL C/C++ compiled binary files because of the missing features in DBX DWARF support. Full DWARF support is available in a subsequent release of DBX.
YUM and DNF
Code and functions removed from AIX 7.3
- The InfiniBand adapter feature 5283 and feature 5285 (PCIe2 dual-port 4X InfiniBand QDR adapter) are not supported in AIX 7.3.
- The CAPI adapter feature EJ17 and feature EJ18 (PCIe3 CAPI Fibre Channel (FC) Flash Accelerator adapters) are not supported in AIX 7.3.
- The AIX Multipath I/O (MPIO) Active Passive (AP) PCM is removed from AIX 7.3.
- AIX USB support for diskette and audio devices is removed from AIX 7.3.
- IPFilter version 4.1.13 (ipfl.rte 188.8.131.52) is removed from AIX 7.3.
- Filesets for devices that are not supported by POWER8, and later systems are removed from AIX 7.3.
- Trusted AIX is removed in AIX 7.3. If you want to implement a fine-grained security model where privileges are separated across different users based on applying a labeled model to users and resources, consider the AIX Domain RBAC feature.
CIFS client fileset
The bos.cifs_fs software package is moved to the AIX 7.3 Expansion Pack media. The Common Internet File System (CIFS) client is provided as-is (without support).
The AIX operating system supports up to 240 dedicated or virtual processors. AIX 7.3 supports Simultaneous Multi-threading (SMT-8, SMT-4, SMT-2), and single-threaded (SMT-1) configuration. Each processor contains up to eight hardware threads that allows up to 1920 logical processors to be assigned to a single LPAR when the AIX operating system is configured in SMT-8 mode. You can use the smtctl command to switch the SMT mode that is used by the AIX operating system.
Network Time Protocol (NTP) updates
AIX 7.2, and earlier, supports both NTP version 3 and NTP version 4. Both NTP versions are supported by using symbolic links from the /usr/sbin directory to the NTP binary files of one of the NTP versions. Starting with AIX Version 7.3, support for NTP version 3 is removed. For compatibility with earlier versions of NTP, the symbolic links point to NTP version 4 binary files by default so that the same commands continue to work.
|NTPv4 binary files in the /usr/sbin/ntp4 directory||Default symbolic link to NTP version 4 binary files from the /usr/sbin directory|
Berkeley Internet Name Domain (BIND) updates
AIX version 7.3, and earlier, supports BIND version 9.4.1. Starting with AIX 7.3, Technology Level 1, support for BIND version 9.4.1 is removed and support for BIND version 9.16 is added. For compatibility with earlier versions of BIND, the symbolic links point to BIND version 9.16 binary files to ensure that the same commands continue to work.
BIND version 9.16 is included in the bind.rte fileset in AIX 7.3, Technology Level 1, base media package. The bind.rte fileset is not installed by default. During migration from the previous AIX version to AIX 7.3, Technology Level 1, the bos.net.tcp.bind and bos.net.tcp.bind_utils filesets that are installed on the previous AIX versions are removed, and the bind.rte BIND fileset is installed. During the update operation, the bind.rte fileset must be explicitly selected for installation. Otherwise, the bos.net.tcp.bind and bos.net.tcp.bind_utils BIND filesets remain in the updated system.
|BIND binary files in /usr/sbin/bind_9_16 directory||Default symbolic link to BIND version 9.16 binary files|
IBM AIX 7.3 Documentation
To view the most current version of the AIX 7.3 information, see the AIX Documentation website.
AIX Dynamic System Optimizer
The IBM AIX Dynamic System Optimizer (DSO) extends the features that are provided by the Active System Optimizer (ASO) to automatically adjust some system settings to maximize the efficiency of the AIX operating system. The DSO automates the difficult job of manually tuning the specific system settings to optimize eligible workloads. The additional features that are provided by DSO are large page optimization and data stream prefetch optimization.
DSO is no longer a stand-alone feature and is included in AIX 7.3, Technology Level 1, or later, as a part of ASO. For more information about DSO and ASO, see AIX Dynamic System Optimizer.
Server-side support for new Unicode locales
For more information about server-side support for new Unicode locales, see the Supported languages and locales topic.