IBM Systems Magazine, Mainframe Edition - November/December 2010 - (Page 37)

Administrator Getting the most from your systems Network Security The zEnterprise System changes firewall requirements By Peter Spera and Jerry Stevens T he new IBM zEnterprise* System brings with it a new vision for networking and network security. When it comes to consolidation, it’s time to step back and forget about business as usual. For many end-toend solutions, traditional network firewalls will no longer be needed for their network traffic between multitier workloads within a zEnterprise ensemble. Firewall Basics Before we dive into the new network architecture, it’s important to understand networking basics. Networking professionals generally have firewall technology somewhere on their radar. Firewalls come in all shapes and sizes, some with bells and whistles you’ll never use. Unified Threat Management (UTM) solutions do it all—firewall along with intrusion detection and prevention, etc., in one box. Purpose-built firewalls focus on high-speed throughput. Application firewalls focus on protecting Web server or database traffic. Host firewalls protect an individual server from external attack. Network firewalls serve as the gateway between network traffic that must flow from one security zone to another. This article concentrates on the network firewall as it sits in the network ensuring isolation among separate security zones and their network traffic as well as blocking unauthorized communications while letting authorized traffic pass through. One of the more common examples of a network firewall is the Demilitarized Zone (DMZ), which uses two separate and distinct firewalls to encapsulate a perimeter network. It isolates the more secure, private or protected network from the less secure external network. Each of these networks— external, perimeter and private—is considered a separate security zone, with the firewall providing the only gateway for network traffic between security zones. zEnterprise Networking The zEnterprise System is no longer the only host to the traditional System z* OSs such as z /OS*, z/VM*, Linux* for System z, z/VSE or zTPF. It can also include an optional zEnterprise BladeCenter* Extension (zBX), which consists of up to four racks comprised of special-purpose blades along with System x* or AIX* OS-based blades. The traditional System z environment or central processor complex (CPC) along with a zBX is called a node. Up to eight NOVEMBER/DECEMBER 2010 37

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe Edition - November/December 2010

IBM Systems Magazine, Mainframe Edition - November/December 2010
On the Web
Editor's Desk: Tradition Takes Planning
Dashboard: Walk While You Work
Data Display: All About Spam
Think Smarter: IBM Offers Smarter Systems for Performance and Scalability
Trends: Rosamilia Oversees Both System z and Power Systems Lines as New GM
Break Through Economics: Dr. Howard Rubin Discusses Mainframe Efficiencies and the zEnterprise System
Streamlining Development: IBM Rational on zEnterprise System Utilizes Multiplatform Development Capabilities
Administrator: The zEnterprise System Changes Firewall Requirements
Technical Corner: z/OS Predictive Failure Analysis Make It Easy to Spot and Fix Soft System Failures
Developer: Native XML Support Strengthens DB2 and COBOL Development
Advertisers' Index
Stop Run: Former IBMer Jim Bell Finds Inspiration in Music

IBM Systems Magazine, Mainframe Edition - November/December 2010