IBM 890 Network Card User Manual


 
88
The guest LAN support provided in z/VM V4.2 simulates
the HiperSockets function for communication among
virtual machines without the need for real IQD channels,
much as VM simulates channel-to-channel adapters for
communication among virtual machines without the need
for ESCON, FICON, or other real channel-to-channel con-
nections. With the guest LAN capability, customers with
S/390 servers can gain the benefi ts of HiperSockets com-
munication among the virtual machines within a VM image,
since no real IQD channels are required.
z/VM V4.4 further enhances its virtualization technology by
providing the capability to deploy virtual IP switches in the
guest LAN environment. The z/VM virtual switch replaces
the need for virtual machines acting as routers to provide
IPv4 connectivity to a physical LAN through an OSA-
Express adapter. Routers consume valuable processor
cycles and require additional copying of data being trans-
ported. The virtual-switch function alleviates this problem
and also provides centralized network confi guration and
control. These controls allow the LAN administrator to
more easily grant and revoke access to the network and to
manage the confi guration of VLAN segments.
TCP/IP for z/VM provides numerous self-protection func-
tions. A Secure Sockets Layer (SSL) server is available to
facilitate secure and private conversations between z/VM
servers and external clients. The upgraded SSL server in
z/VM V4.4 provides appropriate RPM format packages for
the SUSE LINUX Enterprise Server 8 (SLES 8). Security
of the TCP/IP stack has been improved to help prevent
additional types of Denial of Service (DoS) attacks includ-
ing: Smurf, Fraggle, Ping-o-Death, Kiss of Death (KOD),
KOX, Blat, SynFlood, Stream, and R4P3D. The overall
security and auditability of the TCP/IP for z/VM stack and
the integrity of the z/VM system have been improved by
providing
better controls, monitoring, and defaults. An IMAP
user authentication exit has been added that removes prior
user ID and password length restrictions and eliminates the
need for every IMAP client to have a VM user ID and pass-
word.
TCP/IP for z/VM, formerly a priced, optional feature of
VM/ESA and z/VM V3, is packaged at no additional charge
and shipped enabled for use with z/VM V4 and V5. The
former priced, optional features of TCP/IP — the Network
File System (NFS) server and TCP/IP source — are also
packaged with TCP/IP for z/VM at no additional change.
In addition to the new function provided by the Performance
Toolkit for VM, RealTime Monitor (RTM), and Performance
Reporting Facility (PRF) are still available in z/VM V4.4 to
support new and changed monitor records in z/VM. RTM
simplifi es performance analysis and the installation man-
agement of VM environments. PRF uses system monitor
data to analyze system performance and to detect and
diagnose performance problems. RACF for z/VM is avail-
able as an priced, optional feature of z/VM V4 and provides
improved data security for an installation. RTM, PRF, and
the Performance Toolkit are also priced, optional features of
z/VM V4 as is the Directory Maintenance Facility (DirMaint).
z/VM Version 5 (V5)
z/VM continues the evolution of its premier world-class
zSeries virtualization technology with a new version z/VM Ver-
sion 5 Release 1, offering traditional capabilities to manage
zSeries operating systems, including Linux, on a single main-
frame as guests of z/VM. z/VM V5.1 is designed to operate
only on zSeries servers that support the z/Architecture (64-
bit) including the z990, z890, z900, and z800 or equivalent.