IBM 890 manual Network Virtualization and Security

(virtual images). Although these APIs are primarily intended for managing Linux virtual images, they can be used to manage many types of z/VM virtual machine. All enhancements to the APIs in z/VM V5.1 have been imple- mented using Version 2 (V2) of the RPC server. In addi- tion to usability enhancements, new functions include:

–DASD volume management for virtual images

–VMRM confi guration fi le management

–Query status of active images

–Query VMRM measurement data

–Removal of user ID entries in an authorization fi le with a single request

–Query all shared storage segments instead of one at a time

•A new programming service is provided by an emulated DIAGNOSE instruction that helps enable a guest virtual machine to specify an action to be taken by CP when the guest becomes unresponsive. A time interval and action are specifi ed by the guest. If the guest fails to reissue the DIAGNOSE instruction within the specifi ed time interval, CP performs the action.

•A new publication, Getting Started with Linux on zSeries, describes z/VM basics and how to confi gure and use z/VM functions and facilities to create and manage Linux servers running on zSeries processors. The publication is designed to help systems personnel (system pro- grammers, administrators, and operators) with limited knowledge of z/VM deploy Linux servers on z/VM more quickly and more easily.

Network Virtualization and Security

•The virtual IP switch, introduced in z/VM V4.4, was designed to improve connectivity to a physical LAN for hosts coupled to a guest LAN. The virtual switch has been enhanced to provide enhanced failover support for less disruptive recovery for some common network failures helping to provide business continuity as well as infrastructure reliability and availability. With the PTFs

for APARs VM63538 and PQ97436, z/VM V5.1 supports Layer 2 mode for OSA-Express and OSA-Express2. The enhanced virtual switch support provides a new trans- port option to allow the virtual switch to operate in Layer 2 mode. In this mode, each port on the virtual switch is referenced by its Media Access Control (MAC) address instead of by an Internet Protocol (IP) address. Data is transported and delivered in Ethernet frames, providing the ability to send and receive protocol-independent traffi c for both IP (IPv4 or IPv6) and non-IP, such as IPX, NetBIOS, or SNA.

•Authorization capabilities have been enhanced for z/VM guest LANs and virtual switches by using Resource Access Control Facility (RACF) or any equivalent Exter- nal Security Manager (ESM) that supports this function. It is designed to provide ESM centralized control of authorizations and Virtual LAN (VLAN) assignment.

•More Device Connections for TCP/IP for z/VM

–TCP/IP stack utilization improvements for OSA-Express For the z890 and z990 servers, the number of TCP/IP stacks that can share an OSA-Express increases per logical partition (LPAR) from 84 to 160 on October 29, 2004. This increase provides additional connections to enable more virtual machines to be connected to an external network and is supported with the PTFs for APARs PQ91421 and VM63524 for z/VM 3.1, 4.3, 4.4, and 5.1.

–Improved virtualization supporting more TCP/IP stacks with OSA-Express2

With the new OSA-Express2 feature on the z890 and z990, available January 28, 2005, the number of con- nections (TCP/IP stacks) allowed can be increased up to 640. Support for 640 TCP/IP stacks is applicable to the OSA-Express2 features (Gigabit Ethernet SX, Gigabit Ethernet LX, 10 Gigabit Ethernet LR) running in QDIO mode only. z/VM V5.1 supports this new capabil- ity to allow additional connections to virtual machines, particularly Linux images, with the PTFs for APARs PQ91421 and VM63524.