IBM Z10 EC manual Network Traffic Analyzer, Dynamic LAN idle for z/OS

When confi gured at 1 Gbps, the 1000BASE-T Ethernet fea- ture operates in full duplex mode only and supports jumbo frames when in QDIO mode (CHPID type OSD).

OSA-Express QDIO data connection isolation for the z/VM environment

Multi-tier security zones are fast becoming the network confi guration standard for new workloads. Therefore, it is essential for workloads (servers and clients) hosted in a virtualized environment (shared resources) to be protected from intrusion or exposure of data and processes from other workloads.

With Queued Direct Input/Output (QDIO) data connection isolation you:

•Have the ability to adhere to security and HIPAA-security guidelines and regulations for network isolation between the operating system instances sharing physical network connectivity

•Can establish security zone boundaries that have been defi ned by your network administrators

•Have a mechanism to isolate a QDIO data connec- tion (on an OSA port), ensuring all internal OSA routing between the isolated QDIO data connections and all other sharing QDIO data connections is disabled. In this state, only external communications to and from the iso- lated QDIO data connection are allowed. If you choose to deploy an external fi rewall to control the access between hosts on an isolated virtual switch and sharing LPARs then an external fi rewall needs to be confi gured and each individual host and or LPAR must have a route added to their TCP/IP stack to forward local traffi c to the fi rewall.

Internal “routing” can be disabled on a per QDIO connec- tion basis. This support does not affect the ability to share an OSA-Express port. Sharing occurs as it does today, but the ability to communicate between sharing QDIO data connections may be restricted through the use of this sup- port. You decide whether an operating system’s or z/VM’s

Virtual Switch OSA-Express QDIO connection is to be non- isolated (default) or isolated.

QDIO data connection isolation applies to the device statement defi ned at the operating system level. While an OSA-Express CHPID may be shared by an operating system, the data device is not shared.

QDIO data connection isolation applies to the z/VM 5.3 and

5.4with PTFs environment and to all of the OSA-Express3 and OSA-Express2 features (CHPID type OSD) on System z10 and to the OSA-Express2 features on System z9.

Network Traffic Analyzer

With the large volume and complexity of today’s network traffi c, the z10 EC offers systems programmers and network administrators the ability to more easily solve network problems. With the introduction of the OSA- Express Network Traffi c Analyzer and QDIO Diagnostic Synchronization on the System z and available on the z10 EC, customers will have the ability to capture trace/trap data and forward it to z/OS 1.8 tools for easier problem determination and resolution.

This function is designed to allow the operating system to control the sniffer trace for the LAN and capture the records into host memory and storage (fi le systems), using existing host operating system tools to format, edit, and process the sniffer records.

OSA-Express Network Traffi c Analyzer is exclusive to the z10 EC, z10 BC, z9 EC and z9 BC, and is applicable to the OSA-Express3 and OSA-Express2 features when confi gured as CHPID type OSD (QDIO), and is supported by z/OS.

Dynamic LAN idle for z/OS

Dynamic LAN idle is designed to reduce latency and improve network performance by dynamically adjusting the inbound blocking algorithm. When enabled, the z/OS TCP/IP stack is designed to adjust the inbound blocking algorithm to best match the application requirements.