IBM Z10 BC manual Network Traffic Analyzer

Page 29

When confi gured at 1 Gbps, the 1000BASE-T Ethernet feature operates in full duplex mode only and supports jumbo frames when in QDIO mode (CHPID type OSD).

OSA-Express QDIO data connection isolation for the z/VM

environment

Multi-tier security zones are fast becoming the network confi guration standard for new workloads. Therefore, it is essential for workloads (servers and clients) hosted in a virtualized environment (shared resources) to be protected from intrusion or exposure of data and processes from other workloads.

With Queued Direct Input/Output (QDIO) data connection isolation you:

Have the ability to adhere to security and HIPAA-security guidelines and regulations for network isolation between the operating system instances sharing physical network connectivity

Can establish security zone boundaries that have been defi ned by your network administrators

Have a mechanism to isolate a QDIO data connection (on an OSA port), ensuring all internal OSA routing between the isolated QDIO data connections and all other shar- ing QDIO data connections is disabled. In this state, only external communications to and from the isolated QDIO data connection are allowed. If you choose to deploy

an external firewall to control the access between hosts on an isolated virtual switch and sharing LPARs then an external firewall needs to be confi gured and each indi- vidual host and or LPAR must have a route added to their TCP/IP stack to forward local traffi c to the fi rewall.

Internal “routing” can be disabled on a per QDIO connec- tion basis. This support does not affect the ability to share an OSA-Express port. Sharing occurs as it does today, but the ability to communicate between sharing QDIO data connections may be restricted through the use of this sup- port. You decide whether an operating system’s or z/VM’s Virtual Switch OSA-Express QDIO connection is to be non- isolated (default) or isolated.

QDIO data connection isolation applies to the device statement defi ned at the operating system level. While an OSA-Express CHPID may be shared by an operating system, the data device is not shared.

QDIO data connection isolation applies to the z/VM 5.3 and

5.4with PTFs environment and to all of the OSA-Express3 and OSA-Express2 features (CHPID type OSD) on System z10 and to the OSA-Express2 features on System z9.

Network Traffic Analyzer

With the large volume and complexity of today’s network traffi c, the z10 BC offers systems programmers and net- work administrators the ability to more easily solve net- work problems. With the introduction of the OSA-Express Network Traffi c Analyzer and QDIO Diagnostic Synchro- nization on the System z and available on the z10 BC, customers will have the ability to capture trace/trap data and forward it to z/OS 1.8 tools for easier problem determi- nation and resolution.

This function is designed to allow the operating system to control the sniffer trace for the LAN and capture the records into host memory and storage (fi le systems), using existing host operating system tools to format, edit, and process the sniffer records.

29

Page 28 Page 30
Image 29
Page 28 Page 30
Contents IBM System z10 Business Class z10 BC Reference Guide Table of Contents Think Big, Virtually Limitless IBM System z10 Business Class z10 BC OverviewSpecial workloads, Specialty engines, affordable technology More Solutions, More AffordableNew Face Of System z Architecture operating system support ArchitectureZ10 BC Architecture Page Commitment to system integrity TPF VSEOperating System ESA/390 Linux on System zZ10 BC Page Page Z10 BC Design and Technology Memory Dimm sizes 2 GB and 4 GB Z10 BC ModelZ10 BC capacity identifiers Z10 BC Model Capacity IDs Z10 BC model upgradesCPU Measurement Facility Z10 BC PerformanceLarge System Performance Reference System I/O Configuration Analyzer Z10 BC I/O SubsystemZ10 BC Channels and I/O Connectivity Modes of Operation Concurrent UpdateSupport of Spanned Channels and Logical Partitions FCP Channels Ficon Support for Cascaded DirectorsScsi IPL now a base function FCP increased performance for small block sizesFCP Full fabric connectivity High Performance Ficon improvement in performancePlatform and name server registration in Ficon channel Preplanning and setup of SAN for a System z10 environmentFicon Express enhancements for Storage Area Networks DistanceNPort ID Virtualization Program Directed re-IPLFeature Infrastructure Ports per Serviceability EnhancementsFicon Link Incident Reporting OSA-Express3 the newest family of LAN adaptersOSA-Express2 availability OSA-Express3 Ethernet features Summary of benefitsPurpose/Traffic FeaturesType OSA-Express3 10 Gigabit Ethernet LRFour-port exploitation on OSA-Express3 GbE SX and LX OSA-Express3-2P Gigabit Ethernet SXOSA-Express3 1000BASE-T Ethernet OSA-Express3-2P 1000BASE-T EthernetNetwork Traffic Analyzer Dynamic LAN idle for z/OS Link aggregation for z/VM in Layer 2 modeOSA Layer 3 Virtual MAC for z/OS Layer 2 transport mode When would it be used?Hardware data router Direct Memory Access DMAIBM Communication Controller for Linux CCL OSA-Express3 and OSA-Express2 OSN OSA for NCPOSA/SF Virtual MAC and Vlan id Display Capability OSA Integrated Console ControllerRemove L2/L3 LPAR-to-LPAR Restriction HiperSockets HiperSockets Enhancement for zIIP Exploitation CP Assist for Cryptographic Function Cpacf Security CryptographyCan Do IT securely Crypto Express2-1P Enhancements to CP Assist for Cryptographic Func Tion CpacfConfigurable Crypto Express2 Support for RSA keys up to 4096 bits Support for ISODynamically add crypto to a logical partition Secure Key AESTKE 5.3 workstation Support for 13- thru 19-digit Personal Account NumbersEnhancement with TKE 5.3 LIC Smart Card ReaderSystem z10 BC cryptographic migration TKE additional smart cards new featureRemote Loading of Initial ATM Keys Remote Key Loading BenefitsCapacity on Demand Temporary Capacity On Demand CapabilitiesAmendment for CBU Tests Capacity Provisioning System z9 System z10 OS Capacity provisioning allows you to set up rulesRAS Design Focus Reliability, Availability, and Serviceability RASAvailability Functions Enhanced Driver MaintenanceHardware System Area HSA Redundant I/O InterconnectConcurrent Memory Upgrade Dynamic Oscillator SwitchoverService Enhancements Transparent SparingPower Estimation Tool Power MonitoringEnvironmental Enhancements IBM Systems Director Active Energy ManagerCoupling Facility Control Code Cfcc Level Improved service time with Coupling Facility DuplexParallel Sysplex Cluster Technology System-Managed CF Structure Duplexing Coupling Facility Configuration AlternativesIntroducing long reach InfiniBand coupling links Parallel Sysplex Coupling ConnectivityCoupling Connectivity for Parallel Sysplex Time synchronization and time accuracy on z10 BC Z10 Coupling Link OptionsServer Time Protocol STP Server Time Protocol enhancementsPreview Improved STP System Management with Continuous Availability of NTP servers used as Exter Enhanced STP recovery when Internal Battery FeatureApplication Programming Interface API to automate Internal Battery Feature RecommendationFamily Machine Type HMC System SupportInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerHMC z/VM Tower System Management Enhancements Enhanced installation support for z/VM using the HMCImplementation Services for Parallel Sysplex Gdps Fiber Quick Connect for Ficon LX EnvironmentsZ10 BC System Power Z10 BC Physical CharacteristicsZ10 BC Highlights and Physical Dimensions Z9 BC Physical PlanningZ10 BC Concurrent PU Conversions Z10 BC Configuration DetailZ10 BC Minimum Maximum Z10 BC Model StructureIBF Z10 BC IBF hold uptime Drawer DrawersZ890 Coupling Facility CF Level of SupportStatement of Direction Following Redbook publications are available now PublicationsAvailable in the Library section of Resource Link Resource LinkZSO03021-USEN-02
Top Page Image Contents