IBM z/OS Server User Manual


 
84
The guest LAN support provided in z/VM V4.2 simulates
the HiperSockets function for communication among
virtual machines without the need for real IQD channels,
much as VM simulates channel-to-channel adapters for
communication among virtual machines without the need
for ESCON, FICON, or other real channel-to-channel con-
nections. With the guest LAN capability, customers with
S/390 servers can gain the benefi ts of HiperSockets com-
munication among the virtual machines within a VM image,
since no real IQD channels are required.
z/VM V4.4 further enhances its virtualization technology by
providing the capability to deploy virtual IP switches in the
guest LAN environment. The z/VM virtual switch replaces
the need for virtual machines acting as routers to provide
IPv4 connectivity to a physical LAN through an OSA-
Express adapter. Routers consume valuable processor
cycles and require additional copying of data being trans-
ported. The virtual-switch function alleviates this problem
and also provides centralized network confi guration and
control. These controls allow the LAN administrator to
more easily grant and revoke access to the network and to
manage the confi guration of VLAN segments.
TCP/IP for z/VM provides numerous self-protection func-
tions. A Secure Sockets Layer (SSL) server is available to
facilitate secure and private conversations between z/VM
servers and external clients. The upgraded SSL server in
z/VM V4.4 provides appropriate RPM format packages
for the SUSE LINUX Enterprise Server 7 (SLES 7) at the
2.4.7 kernel level, SUSE LINUX Enterprise Server 8 (SLES
8) powered by UnitedLinux at the 2.4.19 kernel level,
and Turbolinux Enterprise Server 8 (TLES 8) powered by
United Linux at the 2.4.19 kernel level. Security of the
TCP/IP stack has been improved to help prevent additional
types of Denial of Service (DoS) attacks including: Smurf,
Fraggle, Ping-o-Death, Kiss of Death (KOD), KOX, Blat,
SynFlood, Stream, and R4P3D. The overall security and
auditability of the TCP/IP for z/VM stack and the integrity of
the z/VM system have been improved by providing better
controls, monitoring, and defaults. An IMAP user authenti-
cation exit has been added that removes prior user ID and
password length restrictions and eliminates the need for
every IMAP client to have a VM user ID and password.
TCP/IP for z/VM, formerly a priced, optional feature of
VM/ESA and z/VM V3, is packaged at no additional charge
and shipped enabled for use with z/VM V4 and V5. The
former priced, optional features of TCP/IP — the Network
File System (NFS) server and TCP/IP source — are also
packaged with TCP/IP for z/VM at no additional change.
In addition to the new function provided by the Performance
Toolkit for VM, RealTime Monitor (RTM), and Performance
Reporting Facility (PRF) are still available in z/VM V4.4 to
support new and changed monitor records in z/VM. RTM
simplifi es performance analysis and the installation man-
agement of VM environments. PRF uses system monitor
data to analyze system performance and to detect and
diagnose performance problems. RACF for z/VM is avail-
able as an priced, optional feature of z/VM V4 and provides
improved data security for an installation. RTM, PRF, and
the Performance Toolkit are also priced, optional features of
z/VM V4 as is the Directory Maintenance Facility (DirMaint
).