Terry --
You've already gotten great advice. I would add that you do NOT need to split your workload between the tiers or zones. It was not completely clear to me, but it sounded like that was one of your expected LPAR splits. You can achieve isolation of the zones without having to run yet more VM partitions. You DO want to partionally isolate your production and test/dev, but you don't need that added complexity to defend a multi-tier architecture. VM insulates virtual machines nicely along zone boundaries. HOWEVER, selling this to your directors, developers, and security people might be difficult. -- Rick; <><
