Re: VM SSL Appliance with TCP/IP

Tue, 25 Sep 2007 06:24:14 -0700 

We currently have a VSWITCH with redundant controllers and OSAs for our
Linux guests. I believe I can add a VM TCP/IP stack to this VSWITCH to
give me TN3270. However I presume any of those Linux guests can sniff
the unencrypted telnet packets on the VSWITCH destined for VM. If so, I
would have to create an isolated VSWITCH just for the VM TCP/IP stack.  
 
I will check that presentation as well. Thanks.



________________________________

        From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Hans Rempel
        Sent: Monday, September 24, 2007 9:33 PM
        To: IBMVM@LISTSERV.UARK.EDU
        Subject: Re: VM SSL Appliance with TCP/IP
        
        

        Having two separate stacks leads me to think you will have two
different IP addresses. I guess using DNS you can get this resolved
quick enough to the TN3270 clients. Not sure if this will work but with
z/VM 5.2 you can use the VSWITCH to support 2 OSA cards for instant
failure over. z/VM 5.3 will actually give you some load balancing. In
this way you only have one TCPIP stack and IP address and pretty fast
fail over. I would think no manually intervention at all. Alan has made
a number of presentations on this subject. Check out  High Availability
and Automatic Network Failover
        of the z/VM VSWITCH Presented by Tracy Adams, IBM Endicott on
z/VM topics 

         

        http://www.vm.ibm.com/events/sysz0610.html

         

         

        Hans 

         

         

         

        
________________________________


        From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Mrohs, Ray
        Sent: September 24, 2007 3:32 PM
        To: IBMVM@LISTSERV.UARK.EDU
        Subject: VM SSL Appliance with TCP/IP

         

        Hi,

        We are in the process of hooking up 2 SSL front ends for our VM
TN3270 traffic. One box wil be primary, the other backup. For full
redundancy, I plan to use 2 OSA ports (separate cards), and 2 TCP/IP
stacks in VM. The SSL boxes will be configured identically and cabled
directly to the OSAs to eliminate unencrypted data passing through a
router. One box, along with it's associated OSA and TCP/IP stack, will
be sitting idle 99.999% of the time. Each box is sized to carry the full
workload.  

         

        Are there any additional/better/simpler ways to enhance
availability or reliability? BTW, SSLSERV is not an option for us, since
we need to support 1200 concurrent user sessions.

        Ray Mrohs 
        U.S. Department of Justice 
        202-307-6896

Reply via email to