IBM Systems Magazine, Mainframe Edition - November/December 2010 - 38

Administrator
nodes can be included in what’s now called an ensemble. This provides a very diverse and flexible platform for hosting many end-to-end solutions in a physically secure environment. This new hardware platform also introduces the zEnterprise Unified Resource Manger, which is responsible for managing the resources that are now part of this complex environment, including internal networking. The zEnterprise System introduces two internal networks: the intraensemble data network (IEDN) and the intra-node management network (INMN). They support the heterogeneous set of operating environments available with the ensemble. The INMN is a 1 Gb Ethernet network, which the Unified Resource Manager uses to communicate with the various servers and hypervisors within the node. The IEDN is a 10 Gb Ethernet that spans the entire ensemble, including all of the physical and virtual servers in every node. Customer applications contained within the ensemble use the IEDN to communicate. The Network Virtualization Manager (NVM), which is part of Unified Resource Manager, is responsible for configuring and managing multiple distinct virtual networks within the IEDN. This provides a simplified, single, secure place for configuration and management of the different logical networks within the ensemble environment. It provides isolation of security zones and ensures the various guest OSs can communicate only when the Unified Resource Manager permits them. Utilizing the IEDN and Unified Resource Manager, groups of related virtual servers can be isolated and restricted to private networks within the ensemble. As the workloads or security zones are isolated, they can safely reside on the IEDN—secure from all other traffic that’s also flowing over the IEDN on other isolated networks. Multiple virtual networks, each encapsulating and representing separate security zones, can exist side by side on the IEDN. The Unified Resource Manger controls all of them to provide a physically secure, isolated environment. See Figure 1 (below) for an example of two networks on the IEDN that are separate security zones. That said: It’s important to stop and reevaluate why so many firewalls are deployed in distributed environments. When moving workloads to the zEnterprise System or building new solutions, it’s critical to think about security zones and the need for firewalls—keeping in mind the physical security and isolation capabilities now available. It’s not just business as usual. physical switches within each node of the ensemble, as seen in Figure 2 (page 39). These virtual and physical switches within the ensemble serve as the access-control points for the IEDN. With these controls in place, all of the ensemble network traffic must pass through one or more of these network access-control points. OSs and their workloads or applications, which are loaded into virtual servers, must coordinate their network virtual LAN (VLAN) configurations with the Unified Resource Manager (VLAN configuration). If the OS attempts to use a virtual network that it doesn’t have access to, it’ll fail to connect. The virtual machine component of Unified Resource Manger also supports the following network security features for the IEDN:

zEnterprise Network Control
Unified Resource Manger is at the core as virtual networks are defined and provisioned. It’ll push all of the relevant network-configuration information to the virtual switch, in the case of hypervisors, and

hÁAccess controls are provided for the enablement of each external port on the zBX top-of-rack (TOR) switch. Using Unified Resource Manager, an administrator must define the specific VLANs that have access to the TOR

Figure 1
Multiple Virtual Networks

38

NOVEMBER/DECEMBER 2010

ibmsystemsmag.com/mainframe


http://www.ibmsystemsmag.com/mainframe

IBM Systems Magazine, Mainframe Edition - November/December 2010

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe Edition - November/December 2010

IBM Systems Magazine, Mainframe Edition - November/December 2010
Contents
On the Web
Editor's Desk: Tradition Takes Planning
Dashboard: Walk While You Work
Data Display: All About Spam
Think Smarter: IBM Offers Smarter Systems for Performance and Scalability
Trends: Rosamilia Oversees Both System z and Power Systems Lines as New GM
Break Through Economics: Dr. Howard Rubin Discusses Mainframe Efficiencies and the zEnterprise System
Streamlining Development: IBM Rational on zEnterprise System Utilizes Multiplatform Development Capabilities
Administrator: The zEnterprise System Changes Firewall Requirements
Technical Corner: z/OS Predictive Failure Analysis Make It Easy to Spot and Fix Soft System Failures
Developer: Native XML Support Strengthens DB2 and COBOL Development
Solutions
Advertisers' Index
Stop Run: Former IBMer Jim Bell Finds Inspiration in Music
IBM Systems Magazine, Mainframe Edition - November/December 2010 - IBM Systems Magazine, Mainframe Edition - November/December 2010
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Cover2
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 1
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Contents
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 3
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 4
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 5
IBM Systems Magazine, Mainframe Edition - November/December 2010 - On the Web
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 7
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 8
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 9
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Editor's Desk: Tradition Takes Planning
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 11
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Dashboard: Walk While You Work
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 13
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Data Display: All About Spam
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 15
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Think Smarter: IBM Offers Smarter Systems for Performance and Scalability
IBM Systems Magazine, Mainframe Edition - November/December 2010 - BMC1
IBM Systems Magazine, Mainframe Edition - November/December 2010 - BMC2
IBM Systems Magazine, Mainframe Edition - November/December 2010 - BMC3
IBM Systems Magazine, Mainframe Edition - November/December 2010 - BMC4
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 17
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 18
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Trends: Rosamilia Oversees Both System z and Power Systems Lines as New GM
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 20
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 21
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 22
IBM Systems Magazine, Mainframe Edition - November/December 2010 - zE1
IBM Systems Magazine, Mainframe Edition - November/December 2010 - zE2
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 23
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 24
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 25
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Break Through Economics: Dr. Howard Rubin Discusses Mainframe Efficiencies and the zEnterprise System
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 27
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 28
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 29
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 30
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 31
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Streamlining Development: IBM Rational on zEnterprise System Utilizes Multiplatform Development Capabilities
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 33
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 34
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 35
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 36
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Administrator: The zEnterprise System Changes Firewall Requirements
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 38
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 39
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Technical Corner: z/OS Predictive Failure Analysis Make It Easy to Spot and Fix Soft System Failures
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 41
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 42
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 43
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Developer: Native XML Support Strengthens DB2 and COBOL Development
IBM Systems Magazine, Mainframe Edition - November/December 2010 - 45
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Solutions
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Advertisers' Index
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Stop Run: Former IBMer Jim Bell Finds Inspiration in Music
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Cover3
IBM Systems Magazine, Mainframe Edition - November/December 2010 - Cover4
IBM Systems Magazine, Mainframe Edition - November/December 2010 - RF1
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20201112
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com