IBM 890 Network Card User Manual


 
75
Dynamic Virtual IP Address Takeover
VIPA represents an IP address that is not tied to a specifi c
hardware adapter address. The benefi t can be that if an
adapter fails, the IP protocol can fi nd an alternate path to
the same software, be it the TCP/IP services on a zSeries
server or an application.
In case of a failure of the primary IP stack, VIPA Takeover
introduced in OS/390 V2.8 can support movement to a
backup IP stack on a different server in a Parallel Sysplex
cluster. Dynamic VIPA Takeover can enhance the initial
V2.8 functions, providing VIPA takeback support. This can
allow the movement of workload back from the alternate to
the primary IP stack.
With Sysplex-Wide Security Associations (SWSA) in z/OS
V1.4, IPSec protected workloads are expected to now
realize all the benefi ts derived from workload balancing,
such as optimal routing of new work to the target system
and server application based on QoS and WLM advice,
increased availability by routing around failed components
and increased fl exibility in adding additional workload in a
nondisruptive manner.
Sysplex Distributor
Introduced in OS/390 2.10, Sysplex Distributor is a soft-
ware-only means of distributing IP workload across a
Parallel Sysplex cluster. Client connections appear to be
connected to a single IP address, yet the connections are
routed to z/OS images on servers on different zSeries 800/
900 or S/390 servers. In addition to load balancing, Sys-
plex Distributor simplifi es the task of moving applications
within a Parallel Sysplex environment.
In z/OS we have taken the functions provided by the
Cisco MNLB Workload Agent and Systems Manager, and
integrated them into Enhanced Sysplex Distributor. This
can eliminate the need for separate Cisco LocalDirector
machines in the network and the need for MNLB work-
load agents to be run on the zSeries servers. It can also
improve performance, while allowing the Sysplex Distribu-
tor to decide, based on priority supplied by WLM, the
Service Policy Agent and the TCP/IP stack status, on the
application instance the packet is sent to.
z/OS supports Enterprise Identity Mapping (EIM). EIM
defi nes a user’s security context that is consistent through-
out an enterprise, regardless of the User ID used and
regardless of which platform the user is accessing. RACF
commands are enhanced to allow a security administrator
to defi ne EIM information for EIM applications to use. The
EIM information consists of the LDAP host name where the
EIM domain resides, the EIM domain name, and the bind
distinguished name and password an application may use
to establish a connection with the domain.
Intrusion Detection Services (IDS)
Introduced in z/OS V1.2 and enhanced in V1.5, IDS
enables the detection of attacks on the TCP/IP stack and
the application of defensive mechanisms on the z/OS
server. The focus of IDS is self-protection. IDS can be used
alone or in combination with an external network-based
Intrusion Detection System. IDS is integrated into the z/OS
Communications Server stack.
IPv6
IPv6 (Internet Protocol version 6) is supported in z/OS
and can dramatically increase network addressability
in support of larger internal and multi-enterprise net-
works. z/OS provides compatibility with existing network
addressing and mixed-mode addressing with IPv4.