IBM 890 manual Network Virtualization and Security

Page 90

(virtual images). Although these APIs are primarily intended for managing Linux virtual images, they can be used to manage many types of z/VM virtual machine. All enhancements to the APIs in z/VM V5.1 have been imple- mented using Version 2 (V2) of the RPC server. In addi- tion to usability enhancements, new functions include:

DASD volume management for virtual images

VMRM confi guration fi le management

Query status of active images

Query VMRM measurement data

Removal of user ID entries in an authorization fi le with a single request

Query all shared storage segments instead of one at a time

A new programming service is provided by an emulated DIAGNOSE instruction that helps enable a guest virtual machine to specify an action to be taken by CP when the guest becomes unresponsive. A time interval and action are specifi ed by the guest. If the guest fails to reissue the DIAGNOSE instruction within the specifi ed time interval, CP performs the action.

A new publication, Getting Started with Linux on zSeries, describes z/VM basics and how to confi gure and use z/VM functions and facilities to create and manage Linux servers running on zSeries processors. The publication is designed to help systems personnel (system pro- grammers, administrators, and operators) with limited knowledge of z/VM deploy Linux servers on z/VM more quickly and more easily.

Network Virtualization and Security

The virtual IP switch, introduced in z/VM V4.4, was designed to improve connectivity to a physical LAN for hosts coupled to a guest LAN. The virtual switch has been enhanced to provide enhanced failover support for less disruptive recovery for some common network failures helping to provide business continuity as well as infrastructure reliability and availability. With the PTFs

for APARs VM63538 and PQ97436, z/VM V5.1 supports Layer 2 mode for OSA-Express and OSA-Express2. The enhanced virtual switch support provides a new trans- port option to allow the virtual switch to operate in Layer 2 mode. In this mode, each port on the virtual switch is referenced by its Media Access Control (MAC) address instead of by an Internet Protocol (IP) address. Data is transported and delivered in Ethernet frames, providing the ability to send and receive protocol-independent traffi c for both IP (IPv4 or IPv6) and non-IP, such as IPX, NetBIOS, or SNA.

Authorization capabilities have been enhanced for z/VM guest LANs and virtual switches by using Resource Access Control Facility (RACF) or any equivalent Exter- nal Security Manager (ESM) that supports this function. It is designed to provide ESM centralized control of authorizations and Virtual LAN (VLAN) assignment.

More Device Connections for TCP/IP for z/VM

TCP/IP stack utilization improvements for OSA-Express For the z890 and z990 servers, the number of TCP/IP stacks that can share an OSA-Express increases per logical partition (LPAR) from 84 to 160 on October 29, 2004. This increase provides additional connections to enable more virtual machines to be connected to an external network and is supported with the PTFs for APARs PQ91421 and VM63524 for z/VM 3.1, 4.3, 4.4, and 5.1.

Improved virtualization supporting more TCP/IP stacks with OSA-Express2

With the new OSA-Express2 feature on the z890 and z990, available January 28, 2005, the number of con- nections (TCP/IP stacks) allowed can be increased up to 640. Support for 640 TCP/IP stacks is applicable to the OSA-Express2 features (Gigabit Ethernet SX, Gigabit Ethernet LX, 10 Gigabit Ethernet LR) running in QDIO mode only. z/VM V5.1 supports this new capabil- ity to allow additional connections to virtual machines, particularly Linux images, with the PTFs for APARs PQ91421 and VM63524.

90

Page 89 Page 91
Image 90
Page 89 Page 91
Contents IBM zSeries 890 and z/OS Reference Guide JanuaryTable of Contents zSeries Overview What does an on demand company look like?The New zSeries from IBM Tools for Managing e-businessz/Architecture z/Architecture Operating System Supportz/Arch IBM zSeriesOperating System 31-bitBase Number of CPsEstimated Ratio z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported z890 Family Models z890 Performance ComparisonIBM On/Off Capacity on Demand for z890 Page z800 to z890 and z890 Model Upgrades On/Off CoD Testz800 z890 z890 Performance Comparisons z890 Cage Layout z890 I/O Subsystemz890s Positioning in the zSeries Family CEC I/O CagePhysical Channel IDs PCHIDs SubSystem Greater than 15 Logical Partitions LPARsUp to 30 Logical Partitions Logical Channel SubSystem LCSS SpanningUp to 420 ESCON Channels z890 Channels and I/O ConnectivityChannel Spanning Up to 40 FICON Express ChannelsIntegrated Cluster Bus-3 ICB-3 Up to 80 FICON Express2 ChannelsInterSystem Channel-3 ISC-3 Integrated Cluster Bus-4 ICB-4Fibre Channel Connectivity Native FICON ChannelsFICON CTC function FICON Connectivity FICON Support for Cascaded DirectorsFCP Channels Preview - FCP LUN Access Control FCP Full fabric connectivityFICON Express enhancements for Storage Area Networks FICON purge path extended FICON Express2 LX A New Generation for SANs - FICON Express2FICON Express2 Doubles the Channel Capacity FICON Express2 SXModes of Operation Concurrent UpdateContinued Support of Spanned Channels and LPARs CascadingConcurrent LIC update Layer OSA-Express2 Gigabit EthernetOSA-Express2 10 Gigabit Ethernet LR Queued Direct Input/Output QDIO One port per featureLarge send for TCP/IP traffic New functions in OSA-Express2Improved virtualization - now 640 TCP/IP stacks OSA-Express2 large send for the z/OS environment previewOSA-Express2 concurrent LIC update - an availability enhancement Layer 2 support - ideal for server consolidationOpen Systems Adapter-Express Features OSA-Express TCP/IP stack utilization improvement for OSA-Expressz890 OSA-Express 1000BASE-T Ethernet OSA-Integrated Console Controller Queued Direct Input/Output QDIOz890 OSA-Express Gigabit Ethernet NON-QDIO operational mode z890 OSA-Express Token-RingNote Statement of Direction IPv6 Support Server to User connectionsLPAR Support of OSA-Express Performance enhancements for virtual serversHiperSockets LCSS1 z/VMLCSS0 HiperSockets CHPIDCryptography HiperSockets Network ConcentratorLogical Partitions zSeries Security Certification Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation Operating Systems Common Criteria Certifi cation SUSE LINUX on zSeriesThe Crypto Express2 feature supports the following Enabling use of less than 512-bit keys for clear key RSA operations Cryptographic support for 19-digit PANs2048-bit key RSA management for PCICC on z800, z900 TKE 4.2 and Smart Card Reader Support TKE 4.2 codeAvailability z890 Capacity Upgrade on Demand CUoDz890 Server Capacity BackUp CBU Plan Ahead and Concurrent ConditioningOn/Off CoD Testing Automatic Enablement of CBU for GDPSz890 Customer Initiated Upgrade CIU Order Staging for CIU-Express and On/Off CoDAdvanced Availability Functions Concurrent MaintenanceConcurrent Capacity BackUp Downgrade CBU Undo Transparent SparingParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Route A Parallel Sysplex Coupling ConnectivityGDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Route Bz890 and z990 Theoretical Maximum Coupling Link Speed ConnectivityOptions LPAR CPU Management Intelligent Resource DirectorzSeries IRD Scope Dynamic Channel Path ManagementParallel Sysplex Professional Services Channel Subsystem Priority QueuingGDPS GPDS/PPRC HyperSwap Re-IPL in place of failing operating system images GDPS/PPRC and GDPS/XRC FlashCopy SupportGDPS/PPRC Multiplatform Resiliency for zSeries Site takeover/failover of a complete production siteGDPS/Global Mirror - preview Automatic Enablement of CBU for GDPSconfigurations Performance enhancements for GDPS/PPRC and GDPS/XRCSysplex Continuous Availability Recommended Configuration for ParallelFacilities Components and assumptionsz890 Support for Linux Key attributes can includeLinux on zSeries IBM Middleware Integrated Facility for Linux IFL Linux Distribution Partnersz/VM Version 4 and Version OSA-Express Ethernet for LinuxOSA-Express Enhancements for Linux HiperSocketsFibre Channel Protocol FCP channel Support for Linux Cryptographic Support for LinuxLinux Support Processor Memory zSeries 890 Family Configuration DetailProcessor Unit Assignments Channelsz890 Frame and I/O Configuration Content Planning for I/O Cryptographic FeaturesOSA-Express Features General Informationz890 Dimensions Physical Characteristicsz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA Coupling Facility - CF Level of SupportFiber-Optic Cabling and System Connectivity Integrated system services z/OSz/OS.e Support for 64-bit real memory and 64-bit virtual storage64-bit Support zSeries Application Assist Processorz/OS Scalability LPAR CPU Management Dynamic Channel Path Managementz/OS Version 1 Release 6 optional priced features System ServicesAutomation Support z/OS Version 1 Release 6 base elementsSense and Respond with Workload Manager WLM Improvements for WebSphereData Management with DFSMS CICS/VSAM enabled for 24x7 availability Parallel SysplexJES2 and JES3 System Management Services Console EnhancementsEnhancements Advanced System Automation Security ServicesSMP/E RACFRACF enhancements Multilevel SecurityLDAP ICSFa restriction where the private key had to reside in the RACF database PKI Services Network Authentication ServiceFirewall Application Enablement Services Language EnvironmentC/C++ Unicode Communication ServicesJava REXX FunctionsSysplex Distributor Intrusion Detection Services IDSDynamic Virtual IP Address Takeover IPv6HiperSockets z/OS UNIXHighlights UNIX System Services benefits can includeDistributed Computing Services zSeries File System zFSDistributed File Services DFS Server Message Block SMB Internet ServicesPrint Services Infoprint CentralSoftcopy Publications Support Integrated TestingLibrary Center PublicationsInstallation Considerations z/OS 1.6 is supported on the following IBM serversMigration/Coexistence Migration, installation and customization enhancements zSeries Bimodal Support for z/OSWizards z/VM Order z/OS through the Internetz/VM Version 3 z/VM Version 4Exploiting New Technology Systems Management New technological enhancements in z/VM V4.4 provideManagement and control of VLAN topology by the z/VM virtual switch Application EnablementNetworking with z/VM C/C++ for z/VM Compiler 5654-A22z/VM Version 5 Virtualization Technology and Linux Enablement Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Value Unit Pricing helps you toNetwork Virtualization and Security Technology Exploitation Systems Management ImprovementsFor further information see the z/VM Reference Guide, GM13-0137 VSE/ESA VSE/ESAz/VSE To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents