Filter
Top Products
When confi gured at 1 Gbps, the 1000BASE-T Ethernet
feature operates in full duplex mode only and supports
jumbo frames when in QDIO mode (CHPID type OSD).
OSA-Express QDIO data connection isolation for the z/VM
environment
Multi-tier security zones are fast becoming the network
confi guration standard for new workloads. Therefore, it is
essential for workloads (servers and clients) hosted in a
virtualized environment (shared resources) to be protected
from intrusion or exposure of data and processes from
other workloads.
With Queued Direct Input/Output (QDIO) data connection
isolation you:
• Have the ability to adhere to security and HIPAA-security
guidelines and regulations for network isolation between
the operating system instances sharing physical network
connectivity
• Can establish security zone boundaries that have been
defi ned by your network administrators
•
Have a mechanism to isolate a QDIO data connection (on
an OSA port), ensuring all internal OSA routing between
the isolated QDIO data connections and all other shar-
ing QDIO data connections is disabled. In this state, only
external communications to and from the isolated QDIO
data connection are allowed. If you choose to deploy
an external fi rewall to control the access between hosts
on an isolated virtual switch and sharing LPARs then an
external fi rewall needs to be confi gured and each indi-
vidual host and or LPAR must have a route added to their
TCP/IP stack to forward local traffi c to the fi rewall.
Internal “routing” can be disabled on a per QDIO connec-
tion basis. This support does not affect the ability to share
an OSA-Express port. Sharing occurs as it does today, but
the ability to communicate between sharing QDIO data
connections may be restricted through the use of this sup-
port. You decide whether an operating system’s or z/VM’s
Virtual Switch OSA-Express QDIO connection is to be non-
isolated (default) or isolated.
QDIO data connection isolation applies to the device
statement defi ned at the operating system level. While
an OSA-Express CHPID may be shared by an operating
system, the data device is not shared.
QDIO data connection isolation applies to the z/VM 5.3 and
5.4 with PTFs environment and to all of the OSA-Express3
and OSA-Express2 features (CHPID type OSD) on System
z10 and to the OSA-Express2 features on System z9.
Network Traffi c Analyzer
With the large volume and complexity of today’s network
traffi c, the z10 BC offers systems programmers and net-
work administrators the ability to more easily solve net-
work problems. With the introduction of the OSA-Express
Network Traffi c Analyzer and QDIO Diagnostic Synchro-
nization on the System z and available on the z10 BC,
customers will have the ability to capture trace/trap data
and forward it to z/OS 1.8 tools for easier problem determi-
nation and resolution.
This function is designed to allow the operating system
to control the sniffer trace for the LAN and capture the
records into host memory and storage (fi le systems), using
existing host operating system tools to format, edit, and
process the sniffer records.
29