IBM z/OS User Manual

84

The guest LAN support provided in z/VM V4.2 simulates

the HiperSockets function for communication among

virtual machines without the need for real IQD channels,

much as VM simulates channel-to-channel adapters for

communication among virtual machines without the need

for ESCON, FICON, or other real channel-to-channel con-

nections. With the guest LAN capability, customers with

S/390 servers can gain the benefi ts of HiperSockets com-

munication among the virtual machines within a VM image,

since no real IQD channels are required.

z/VM V4.4 further enhances its virtualization technology by

providing the capability to deploy virtual IP switches in the

guest LAN environment. The z/VM virtual switch replaces

the need for virtual machines acting as routers to provide

IPv4 connectivity to a physical LAN through an OSA-

Express adapter. Routers consume valuable processor

cycles and require additional copying of data being trans-

ported. The virtual-switch function alleviates this problem

and also provides centralized network confi guration and

control. These controls allow the LAN administrator to

more easily grant and revoke access to the network and to

manage the confi guration of VLAN segments.

TCP/IP for z/VM provides numerous self-protection func-

tions. A Secure Sockets Layer (SSL) server is available to

facilitate secure and private conversations between z/VM

servers and external clients. The upgraded SSL server in

z/VM V4.4 provides appropriate RPM format packages

for the SUSE LINUX Enterprise Server 7 (SLES 7) at the

2.4.7 kernel level, SUSE LINUX Enterprise Server 8 (SLES

8) powered by UnitedLinux at the 2.4.19 kernel level,

and Turbolinux Enterprise Server 8 (TLES 8) powered by

United Linux at the 2.4.19 kernel level. Security of the

TCP/IP stack has been improved to help prevent additional

types of Denial of Service (DoS) attacks including: Smurf,

Fraggle, Ping-o-Death, Kiss of Death (KOD), KOX, Blat,

SynFlood, Stream, and R4P3D. The overall security and

auditability of the TCP/IP for z/VM stack and the integrity of

the z/VM system have been improved by providing better

controls, monitoring, and defaults. An IMAP user authenti-

cation exit has been added that removes prior user ID and

password length restrictions and eliminates the need for

every IMAP client to have a VM user ID and password.

TCP/IP for z/VM, formerly a priced, optional feature of

VM/ESA and z/VM V3, is packaged at no additional charge

and shipped enabled for use with z/VM V4 and V5. The

former priced, optional features of TCP/IP — the Network

File System (NFS) server and TCP/IP source — are also

packaged with TCP/IP for z/VM at no additional change.

In addition to the new function provided by the Performance

Toolkit for VM, RealTime Monitor (RTM), and Performance

Reporting Facility (PRF) are still available in z/VM V4.4 to

support new and changed monitor records in z/VM. RTM

simplifi es performance analysis and the installation man-

agement of VM environments. PRF uses system monitor

data to analyze system performance and to detect and

diagnose performance problems. RACF for z/VM is avail-

able as an priced, optional feature of z/VM V4 and provides

improved data security for an installation. RTM, PRF, and

the Performance Toolkit are also priced, optional features of

z/VM V4 as is the Directory Maintenance Facility (DirMaint

™

).