IBM Z10 EC manual Network Traffic Analyzer, Dynamic LAN idle for z/OS

Page 28

When confi gured at 1 Gbps, the 1000BASE-T Ethernet fea- ture operates in full duplex mode only and supports jumbo frames when in QDIO mode (CHPID type OSD).

OSA-Express QDIO data connection isolation for the z/VM environment

Multi-tier security zones are fast becoming the network confi guration standard for new workloads. Therefore, it is essential for workloads (servers and clients) hosted in a virtualized environment (shared resources) to be protected from intrusion or exposure of data and processes from other workloads.

With Queued Direct Input/Output (QDIO) data connection isolation you:

Have the ability to adhere to security and HIPAA-security guidelines and regulations for network isolation between the operating system instances sharing physical network connectivity

Can establish security zone boundaries that have been defi ned by your network administrators

Have a mechanism to isolate a QDIO data connec- tion (on an OSA port), ensuring all internal OSA routing between the isolated QDIO data connections and all other sharing QDIO data connections is disabled. In this state, only external communications to and from the iso- lated QDIO data connection are allowed. If you choose to deploy an external fi rewall to control the access between hosts on an isolated virtual switch and sharing LPARs then an external fi rewall needs to be confi gured and each individual host and or LPAR must have a route added to their TCP/IP stack to forward local traffi c to the fi rewall.

Internal “routing” can be disabled on a per QDIO connec- tion basis. This support does not affect the ability to share an OSA-Express port. Sharing occurs as it does today, but the ability to communicate between sharing QDIO data connections may be restricted through the use of this sup- port. You decide whether an operating system’s or z/VM’s

Virtual Switch OSA-Express QDIO connection is to be non- isolated (default) or isolated.

QDIO data connection isolation applies to the device statement defi ned at the operating system level. While an OSA-Express CHPID may be shared by an operating system, the data device is not shared.

QDIO data connection isolation applies to the z/VM 5.3 and

5.4with PTFs environment and to all of the OSA-Express3 and OSA-Express2 features (CHPID type OSD) on System z10 and to the OSA-Express2 features on System z9.

Network Traffic Analyzer

With the large volume and complexity of today’s network traffi c, the z10 EC offers systems programmers and network administrators the ability to more easily solve network problems. With the introduction of the OSA- Express Network Traffi c Analyzer and QDIO Diagnostic Synchronization on the System z and available on the z10 EC, customers will have the ability to capture trace/trap data and forward it to z/OS 1.8 tools for easier problem determination and resolution.

This function is designed to allow the operating system to control the sniffer trace for the LAN and capture the records into host memory and storage (fi le systems), using existing host operating system tools to format, edit, and process the sniffer records.

OSA-Express Network Traffi c Analyzer is exclusive to the z10 EC, z10 BC, z9 EC and z9 BC, and is applicable to the OSA-Express3 and OSA-Express2 features when confi gured as CHPID type OSD (QDIO), and is supported by z/OS.

Dynamic LAN idle for z/OS

Dynamic LAN idle is designed to reduce latency and improve network performance by dynamically adjusting the inbound blocking algorithm. When enabled, the z/OS TCP/IP stack is designed to adjust the inbound blocking algorithm to best match the application requirements.

28

Image 28
Contents IBM System z10 Enterprise Class z10 EC Reference Guide Table of Contents IBM System z10 Enterprise Class z10 EC Overview Just-in-time deployment of IT resources Specialty engines offer an attractive alternativeOrder of introduction Numerical computing on the chipArchitecture Liberating your assets with System zEvolving for your business Z10 EC ArchitecturePage Commitment to system integrity Page TPF VSELinux on System z Z10 EC Operating System ESA/390Page Page Z10 EC Design and Technology Z10 EC Model Z10 EC model upgrades Z10 EC Base and Sub-capacity OfferingsLarge System Performance Reference Z10 EC PerformanceCPU Measurement Facility Z10 EC I/O Subsystem System I/O Configuration AnalyzerZ10 EC Channels and I/O Connectivity Concurrent Update Ficon Express4 and Ficon Express2 PerformanceSupport of Spanned Channels and Logical Partitions Modes of OperationFCP Channels Ficon Support for Cascaded DirectorsFCP increased performance for small block sizes Scsi IPL now a base function FCP Full fabric connectivityFicon and FCP for connectivity to disk, tape, and printers Platform and name server registration in Ficon channelIt will register NPort ID Virtualization Program Directed re-IPLOSA-Express3 Ethernet features Summary of benefits Feature Infrastructure Ports perPort density or granularity Features OSA-Express2 availabilityPurpose/Traffic TypeOSA-Express3 10 Gigabit Ethernet SR OSA-Express3 Gigabit Ethernet LXOSA-Express3 Gigabit Ethernet SX Four-port exploitation on OSA-Express3 GbE SX and LXNetwork Traffic Analyzer Dynamic LAN idle for z/OSLink aggregation for z/VM in Layer 2 mode Layer 2 transport mode When would it be used?Direct Memory Access DMA OSA Layer 3 Virtual MAC for z/OSHardware data router IBM Communication Controller for Linux CCLRemove L2/L3 LPAR-to-LPAR Restriction OSA Integrated Console ControllerOSA/SF Virtual MAC and Vlan id Display Capability HiperSockets HiperSockets Enhancement for zIIP Exploitation Can Do IT securely Security CryptographyCP Assist for Cryptographic Function Cpacf Configurable Crypto Express2 Dynamically add crypto to a logical partition Secure Key AESTKE 5.3 workstation and support for Smart Card Reader Enhancement with TKE 5.3 LICTKE additional smart cards System z10 EC cryptographic migrationRemote Key Loading Benefits Remote Loading of Initial ATM KeysImproved Key Exchange With Non-CCA Cryptographic Systems On Demand Capabilities Capacity on Demand Temporary CapacityAmendment for CBU Tests Capacity Provisioning OS Capacity provisioning allows you to set up rules System z9 System z10Reliability, Availability, and Serviceability RAS RAS Design FocusHardware System Area HSA Availability FunctionsEnhanced Book Availability Concurrent Physical Memory Upgrade Concurrent Physical Memory ReplacementConcurrent Defective Book Replacement Enhanced Driver MaintenanceTransparent Sparing Plan Ahead MemoryService Enhancements Power MonitoringPower Estimation Tool Environmental EnhancementsParallel Sysplex Cluster Technology IBM Systems Director Active Energy ManagerImproved service time with Coupling Facility Duplex Coupling Facility Control Code Cfcc LevelSystem-Managed CF Structure Duplexing Coupling Facility Configuration AlternativesParallel Sysplex Coupling Connectivity Introducing long reach InfiniBand coupling links Coupling Connectivity for Parallel SysplexZ10 Coupling Link Options Z10 EC MaxServer Time Protocol STP Time synchronization and time accuracy on z10 ECPreview Improved STP System Management with Enhanced Network Time Protocol NTP client support Continuous availability of NTP servers used as ExterNTP server on Hardware Management Console HMC Enhanced STP recovery when Internal Battery FeatureApplication Programming Interface API to automate Internal Battery Feature Recommendation HMC System Support Family Machine TypeInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerHMC z/VM Tower systems management enhancements Implementation Services for Parallel Sysplex GdpsFiber Quick Connect for Ficon LX Environments Z10 EC Physical Characteristics Z10 EC Configuration Detail Z10 EC Dimensions Z9 EC Number of Frames 2 FrameZ10 EC Environmentals Model O Cage Model O CageProcessor Unit Features Model OSA-Express3 and OSA-Express2 Features Min MaxCPs IFLs ICFsGeneral Information Coupling Facility CF Level of Support Z9 BCStatement of Direction Following Redbook publications are available now PublicationsResource Link ZSO03018-USEN-02