IBM Z10 BUISNESS CLASS Z10 BC User Manual

Page 29

Advertising
background image

When confi gured at 1 Gbps, the 1000BASE-T Ethernet

feature operates in full duplex mode only and supports

jumbo frames when in QDIO mode (CHPID type OSD).

OSA-Express QDIO data connection isolation for the z/VM

environment

Multi-tier security zones are fast becoming the network

confi guration standard for new workloads. Therefore, it is

essential for workloads (servers and clients) hosted in a

virtualized environment (shared resources) to be protected

from intrusion or exposure of data and processes from

other workloads.

With Queued Direct Input/Output (QDIO) data connection

isolation you:

• Have the ability to adhere to security and HIPAA-security

guidelines and regulations for network isolation between

the operating system instances sharing physical network

connectivity

• Can establish security zone boundaries that have been

defi ned by your network administrators

• Have a mechanism to isolate a QDIO data connection (on

an OSA port), ensuring all internal OSA routing between

the isolated QDIO data connections and all other shar-

ing QDIO data connections is disabled. In this state, only

external communications to and from the isolated QDIO

data connection are allowed. If you choose to deploy

an external fi rewall to control the access between hosts

on an isolated virtual switch and sharing LPARs then an

external fi rewall needs to be confi gured and each indi-

vidual host and or LPAR must have a route added to their

TCP/IP stack to forward local traffi c to the fi rewall.

Internal “routing” can be disabled on a per QDIO connec-

tion basis. This support does not affect the ability to share

an OSA-Express port. Sharing occurs as it does today, but

the ability to communicate between sharing QDIO data

connections may be restricted through the use of this sup-

port. You decide whether an operating system’s or z/VM’s

Virtual Switch OSA-Express QDIO connection is to be non-

isolated (default) or isolated.

QDIO data connection isolation applies to the device

statement defi ned at the operating system level. While

an OSA-Express CHPID may be shared by an operating

system, the data device is not shared.

QDIO data connection isolation applies to the z/VM 5.3 and

5.4 with PTFs environment and to all of the OSA-Express3

and OSA-Express2 features (CHPID type OSD) on System

z10 and to the OSA-Express2 features on System z9.

Network Traffi c Analyzer

With the large volume and complexity of today’s network

traffi c, the z10 BC offers systems programmers and net-

work administrators the ability to more easily solve net-

work problems. With the introduction of the OSA-Express

Network Traffi c Analyzer and QDIO Diagnostic Synchro-

nization on the System z and available on the z10 BC,

customers will have the ability to capture trace/trap data

and forward it to z/OS 1.8 tools for easier problem determi-

nation and resolution.

This function is designed to allow the operating system

to control the sniffer trace for the LAN and capture the

records into host memory and storage (fi le systems), using

existing host operating system tools to format, edit, and

process the sniffer records.

29

Advertising
See also other documents in the category IBM Computers: