Implementation Guide › Installing and Customizing a UNIX Endpoint › Native Installations › AIX Workload Partitions (WPAR) Implementation

AIX Workload Partitions (WPAR) Implementation

AIX provides virtualized operating system environments within a single instance of AIX called Workload Partitions (WPAR). Workload Partitions are software partitions that are created from and share the resources of a single instance of the AIX operating system. AIX contains a master partition called global environment and workload partitions that run alongside it.

You can protect each partition in your environment using CA ControlMinder. This lets you define different rules and policies for each partition, and therefore define different access restrictions for each partition.

Review the following considerations and limitations before you install CA ControlMinder on AIX WPAR:

• You can install CA ControlMinder on AIX 7.1or later only.
• Regular script installation (install_base) is not supported. Use the native package installation to install CA ControlMinder on AIX WPAR.
• If you select to use AIX WPAR in shared mode, where the /opt and /usr directories are shared by all partitions, use a private installation directory. For example: specify to install CA ControlMinder in /CA/AccessControl/ directory and not in /opt/CA/AccessControl.
• AIX WPAR Live Migration is not supported.
• To use the keyboard logger on the workload partitions using the keyboard logger, verify that CA ControlMinder is running and that the keyboard logger is enabled on the Global Environment and on each workload partition.
• CA ControlMinder file protection rules that are applied to the workload partitions do not protect from users access from the Global Environment. To protect the Global Environment, apply the file protection rules on the Global Environment.
• Before you can install CA ControlMinder on AIX WPAR 5.2 and up, you must customize the CA ControlMinder installation package. You cannot use the installation package that you customize to install CA ControlMinder on AIX WPAR 7.1 and up.
• CA ControlMinder PAM features that identify user login attempts (for example: segrace, serevu, and audit log records) are not supported on AIX WPAR 5.2.