We currently have a VSWITCH with redundant controllers and OSAs for our Linux guests. I believe I can add a VM TCP/IP stack to this VSWITCH to give me TN3270. However I presume any of those Linux guests can sniff the unencrypted telnet packets on the VSWITCH destined for VM. If so, I would have to create an isolated VSWITCH just for the VM TCP/IP stack. I will check that presentation as well. Thanks.
________________________________ From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Hans Rempel Sent: Monday, September 24, 2007 9:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM SSL Appliance with TCP/IP Having two separate stacks leads me to think you will have two different IP addresses. I guess using DNS you can get this resolved quick enough to the TN3270 clients. Not sure if this will work but with z/VM 5.2 you can use the VSWITCH to support 2 OSA cards for instant failure over. z/VM 5.3 will actually give you some load balancing. In this way you only have one TCPIP stack and IP address and pretty fast fail over. I would think no manually intervention at all. Alan has made a number of presentations on this subject. Check out High Availability and Automatic Network Failover of the z/VM VSWITCH Presented by Tracy Adams, IBM Endicott on z/VM topics http://www.vm.ibm.com/events/sysz0610.html Hans ________________________________ From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mrohs, Ray Sent: September 24, 2007 3:32 PM To: IBMVM@LISTSERV.UARK.EDU Subject: VM SSL Appliance with TCP/IP Hi, We are in the process of hooking up 2 SSL front ends for our VM TN3270 traffic. One box wil be primary, the other backup. For full redundancy, I plan to use 2 OSA ports (separate cards), and 2 TCP/IP stacks in VM. The SSL boxes will be configured identically and cabled directly to the OSAs to eliminate unencrypted data passing through a router. One box, along with it's associated OSA and TCP/IP stack, will be sitting idle 99.999% of the time. Each box is sized to carry the full workload. Are there any additional/better/simpler ways to enhance availability or reliability? BTW, SSLSERV is not an option for us, since we need to support 1200 concurrent user sessions. Ray Mrohs U.S. Department of Justice 202-307-6896