IBM 890 manual Dynamic Virtual IP Address Takeover, Sysplex Distributor, IPv6

Page 75

Dynamic Virtual IP Address Takeover

VIPA represents an IP address that is not tied to a specifi c hardware adapter address. The benefi t can be that if an adapter fails, the IP protocol can fi nd an alternate path to the same software, be it the TCP/IP services on a zSeries server or an application.

In case of a failure of the primary IP stack, VIPA Takeover introduced in OS/390 V2.8 can support movement to a backup IP stack on a different server in a Parallel Sysplex cluster. Dynamic VIPA Takeover can enhance the initial V2.8 functions, providing VIPA takeback support. This can allow the movement of workload back from the alternate to the primary IP stack.

With Sysplex-Wide Security Associations (SWSA) in z/OS V1.4, IPSec protected workloads are expected to now realize all the benefi ts derived from workload balancing, such as optimal routing of new work to the target system and server application based on QoS and WLM advice, increased availability by routing around failed components and increased fl exibility in adding additional workload in a nondisruptive manner.

Sysplex Distributor

Introduced in OS/390 2.10, Sysplex Distributor is a soft- ware-only means of distributing IP workload across a Parallel Sysplex cluster. Client connections appear to be connected to a single IP address, yet the connections are routed to z/OS images on servers on different zSeries 800/ 900 or S/390 servers. In addition to load balancing, Sys- plex Distributor simplifi es the task of moving applications within a Parallel Sysplex environment.

In z/OS we have taken the functions provided by the Cisco MNLB Workload Agent and Systems Manager, and integrated them into Enhanced Sysplex Distributor. This

can eliminate the need for separate Cisco LocalDirector machines in the network and the need for MNLB work- load agents to be run on the zSeries servers. It can also improve performance, while allowing the Sysplex Distribu- tor to decide, based on priority supplied by WLM, the Service Policy Agent and the TCP/IP stack status, on the application instance the packet is sent to.

z/OS supports Enterprise Identity Mapping (EIM). EIM

defi nes a user’s security context that is consistent through- out an enterprise, regardless of the User ID used and regardless of which platform the user is accessing. RACF commands are enhanced to allow a security administrator to defi ne EIM information for EIM applications to use. The EIM information consists of the LDAP host name where the EIM domain resides, the EIM domain name, and the bind distinguished name and password an application may use to establish a connection with the domain.

Intrusion Detection Services (IDS)

Introduced in z/OS V1.2 and enhanced in V1.5, IDS enables the detection of attacks on the TCP/IP stack and the application of defensive mechanisms on the z/OS server. The focus of IDS is self-protection. IDS can be used alone or in combination with an external network-based Intrusion Detection System. IDS is integrated into the z/OS Communications Server stack.

IPv6

IPv6 (Internet Protocol version 6) is supported in z/OS and can dramatically increase network addressability in support of larger internal and multi-enterprise net- works. z/OS provides compatibility with existing network addressing and mixed-mode addressing with IPv4.

75

Page 74 Page 76
Image 75
Page 74 Page 76
Contents January IBM zSeries 890 and z/OS Reference GuideTable of Contents What does an on demand company look like? zSeries OverviewTools for Managing e-business The New zSeries from IBMz/Architecture Operating System Support z/Architecture31-bit IBM zSeriesOperating System z/ArchBase Number of CPsEstimated Ratio z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported z890 Family Models z890 Performance ComparisonIBM On/Off Capacity on Demand for z890 Page z800 to z890 and z890 Model Upgrades On/Off CoD Testz800 z890 z890 Performance Comparisons CEC I/O Cage z890 I/O Subsystemz890s Positioning in the zSeries Family z890 Cage LayoutLogical Channel SubSystem LCSS Spanning Greater than 15 Logical Partitions LPARsUp to 30 Logical Partitions Physical Channel IDs PCHIDs SubSystemUp to 40 FICON Express Channels z890 Channels and I/O ConnectivityChannel Spanning Up to 420 ESCON ChannelsIntegrated Cluster Bus-4 ICB-4 Up to 80 FICON Express2 ChannelsInterSystem Channel-3 ISC-3 Integrated Cluster Bus-3 ICB-3Fibre Channel Connectivity Native FICON ChannelsFICON CTC function FICON Connectivity FICON Support for Cascaded DirectorsFCP Channels Preview - FCP LUN Access Control FCP Full fabric connectivityFICON Express enhancements for Storage Area Networks FICON purge path extended FICON Express2 SX A New Generation for SANs - FICON Express2FICON Express2 Doubles the Channel Capacity FICON Express2 LXCascading Concurrent UpdateContinued Support of Spanned Channels and LPARs Modes of OperationQueued Direct Input/Output QDIO One port per feature OSA-Express2 Gigabit EthernetOSA-Express2 10 Gigabit Ethernet LR Concurrent LIC update LayerOSA-Express2 large send for the z/OS environment preview New functions in OSA-Express2Improved virtualization - now 640 TCP/IP stacks Large send for TCP/IP trafficLayer 2 support - ideal for server consolidation OSA-Express2 concurrent LIC update - an availability enhancementOpen Systems Adapter-Express Features OSA-Express TCP/IP stack utilization improvement for OSA-Expressz890 OSA-Express 1000BASE-T Ethernet OSA-Integrated Console Controller Queued Direct Input/Output QDIOz890 OSA-Express Gigabit Ethernet NON-QDIO operational mode z890 OSA-Express Token-RingNote Statement of Direction Performance enhancements for virtual servers Server to User connectionsLPAR Support of OSA-Express IPv6 SupportHiperSockets HiperSockets CHPID z/VMLCSS0 LCSS1HiperSockets Network Concentrator CryptographyOperating Systems Common Criteria Certifi cation SUSE LINUX on zSeries zSeries Security Certification Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation Logical PartitionsThe Crypto Express2 feature supports the following Enabling use of less than 512-bit keys for clear key RSA operations Cryptographic support for 19-digit PANs2048-bit key RSA management for PCICC on z800, z900 TKE 4.2 code TKE 4.2 and Smart Card Reader SupportPlan Ahead and Concurrent Conditioning z890 Capacity Upgrade on Demand CUoDz890 Server Capacity BackUp CBU AvailabilityOrder Staging for CIU-Express and On/Off CoD Automatic Enablement of CBU for GDPSz890 Customer Initiated Upgrade CIU On/Off CoD TestingTransparent Sparing Concurrent MaintenanceConcurrent Capacity BackUp Downgrade CBU Undo Advanced Availability FunctionsParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Route B Parallel Sysplex Coupling ConnectivityGDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Route Az890 and z990 Theoretical Maximum Coupling Link Speed ConnectivityOptions Dynamic Channel Path Management Intelligent Resource DirectorzSeries IRD Scope LPAR CPU ManagementChannel Subsystem Priority Queuing Parallel Sysplex Professional ServicesGDPS GPDS/PPRC HyperSwap Site takeover/failover of a complete production site GDPS/PPRC and GDPS/XRC FlashCopy SupportGDPS/PPRC Multiplatform Resiliency for zSeries Re-IPL in place of failing operating system imagesPerformance enhancements for GDPS/PPRC and GDPS/XRC Automatic Enablement of CBU for GDPSconfigurations GDPS/Global Mirror - previewComponents and assumptions Continuous Availability Recommended Configuration for ParallelFacilities Sysplexz890 Support for Linux Key attributes can includeLinux on zSeries IBM Middleware OSA-Express Ethernet for Linux Linux Distribution Partnersz/VM Version 4 and Version Integrated Facility for Linux IFLHiperSockets OSA-Express Enhancements for LinuxFibre Channel Protocol FCP channel Support for Linux Cryptographic Support for LinuxLinux Support Channels zSeries 890 Family Configuration DetailProcessor Unit Assignments Processor MemoryGeneral Information Cryptographic FeaturesOSA-Express Features z890 Frame and I/O Configuration Content Planning for I/OCoupling Facility - CF Level of Support Physical Characteristicsz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA z890 DimensionsFiber-Optic Cabling and System Connectivity z/OS Integrated system servicesSupport for 64-bit real memory and 64-bit virtual storage z/OS.eLPAR CPU Management Dynamic Channel Path Management zSeries Application Assist Processorz/OS Scalability 64-bit Supportz/OS Version 1 Release 6 base elements System ServicesAutomation Support z/OS Version 1 Release 6 optional priced featuresSense and Respond with Workload Manager WLM Improvements for WebSphereData Management with DFSMS CICS/VSAM enabled for 24x7 availability Parallel SysplexJES2 and JES3 System Management Services Console EnhancementsEnhancements RACF Security ServicesSMP/E Advanced System AutomationMultilevel Security RACF enhancementsLDAP ICSFa restriction where the private key had to reside in the RACF database PKI Services Network Authentication ServiceFirewall Application Enablement Services Language EnvironmentC/C++ REXX Functions Communication ServicesJava UnicodeIPv6 Intrusion Detection Services IDSDynamic Virtual IP Address Takeover Sysplex Distributorz/OS UNIX HiperSocketszSeries File System zFS UNIX System Services benefits can includeDistributed Computing Services HighlightsInternet Services Distributed File Services DFS Server Message Block SMBInfoprint Central Print ServicesPublications Integrated TestingLibrary Center Softcopy Publications SupportInstallation Considerations z/OS 1.6 is supported on the following IBM serversMigration/Coexistence Migration, installation and customization enhancements zSeries Bimodal Support for z/OSWizards Order z/OS through the Internet z/VMz/VM Version 4 z/VM Version 3Exploiting New Technology New technological enhancements in z/VM V4.4 provide Systems ManagementC/C++ for z/VM Compiler 5654-A22 Application EnablementNetworking with z/VM Management and control of VLAN topology by the z/VM virtual switchz/VM Version 5 Value Unit Pricing helps you to Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Virtualization Technology and Linux EnablementNetwork Virtualization and Security Technology Exploitation Systems Management ImprovementsFor further information see the z/VM Reference Guide, GM13-0137 VSE/ESA VSE/ESAz/VSE To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents