IBM 890 manual z/VM Version 5

The guest LAN support provided in z/VM V4.2 simulates the HiperSockets function for communication among virtual machines without the need for real IQD channels, much as VM simulates channel-to-channel adapters for communication among virtual machines without the need for ESCON, FICON, or other real channel-to-channel con- nections. With the guest LAN capability, customers with S/390 servers can gain the benefi ts of HiperSockets com- munication among the virtual machines within a VM image, since no real IQD channels are required.

z/VM V4.4 further enhances its virtualization technology by providing the capability to deploy virtual IP switches in the guest LAN environment. The z/VM virtual switch replaces the need for virtual machines acting as routers to provide IPv4 connectivity to a physical LAN through an OSA- Express adapter. Routers consume valuable processor cycles and require additional copying of data being trans- ported. The virtual-switch function alleviates this problem and also provides centralized network confi guration and control. These controls allow the LAN administrator to more easily grant and revoke access to the network and to manage the confi guration of VLAN segments.

TCP/IP for z/VM provides numerous self-protection func- tions. A Secure Sockets Layer (SSL) server is available to facilitate secure and private conversations between z/VM servers and external clients. The upgraded SSL server in z/VM V4.4 provides appropriate RPM format packages for the SUSE LINUX Enterprise Server 8 (SLES 8). Security of the TCP/IP stack has been improved to help prevent additional types of Denial of Service (DoS) attacks includ- ing: Smurf, Fraggle, Ping-o-Death, Kiss of Death (KOD), KOX, Blat, SynFlood, Stream, and R4P3D. The overall security and auditability of the TCP/IP for z/VM stack and the integrity of the z/VM system have been improved by providing better controls, monitoring, and defaults. An IMAP

user authentication exit has been added that removes prior user ID and password length restrictions and eliminates the need for every IMAP client to have a VM user ID and pass- word.

TCP/IP for z/VM, formerly a priced, optional feature of VM/ESA and z/VM V3, is packaged at no additional charge and shipped enabled for use with z/VM V4 and V5. The former priced, optional features of TCP/IP — the Network File System (NFS) server and TCP/IP source — are also packaged with TCP/IP for z/VM at no additional change.

In addition to the new function provided by the Performance Toolkit for VM, RealTime Monitor (RTM), and Performance Reporting Facility (PRF) are still available in z/VM V4.4 to support new and changed monitor records in z/VM. RTM simplifi es performance analysis and the installation man- agement of VM environments. PRF uses system monitor data to analyze system performance and to detect and diagnose performance problems. RACF for z/VM is avail- able as an priced, optional feature of z/VM V4 and provides improved data security for an installation. RTM, PRF, and the Performance Toolkit are also priced, optional features of z/VM V4 as is the Directory Maintenance Facility (DirMaint).

z/VM Version 5 (V5)

z/VM continues the evolution of its premier world-class zSeries virtualization technology with a new version z/VM Ver- sion 5 Release 1, offering traditional capabilities to manage zSeries operating systems, including Linux, on a single main- frame as guests of z/VM. z/VM V5.1 is designed to operate only on zSeries servers that support the z/Architecture (64- bit) including the z990, z890, z900, and z800 or equivalent.