Ralph Noll asked about ethernet adapters and the dmz. It did take a long time to convince security to allow the same OSA adapter to be used on both sides of the dmz. Fortunately for us the zOS folks who support HOD and Websphere had already discussed the issues with the network and security folks. We happen to have the alternate side of our OSA adapter configured for failover. We plan to get a second OSA as well. The zOS folks have already done this.
-----Original Message----- From: Smith, Ann (ISD, IT) Sent: Tuesday, August 31, 2004 1:31 PM To: 'Linux on 390 Port' Subject: RE: virtual machine vs lpar A virtual machine only has access to the data to which you give it access(dedicated or shared, read only or read write, nfs or local). zVM 5 has good native security and SuSE SLES8 also has EAP 3+ certification (I think Redhat as well but I'm not certain there) but if your boss is that concerned it would be far better to purchase additional security packages than to throw away the flexibility and performance options available only if you run under zVM. -----Original Message----- From: Greg Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 31, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: virtual machine vs lpar It looks like we are almost to the point of implementing a production linux image which will be an oracle back-end for a public-access webserver. Naturally the concept of multiple virtual machines on a single physical machine is a new concept for the network/security/sysadmin types. They are used to a physical tangible box that you can put in a close and lock the door. There is some concern expressed by these people about information `leakage' between virtual machines. My boss has proposed separate lpars instead to `harden the walls'. I desperately want to talk him out of this course of action. What I need is some published verbiage discussing the `boundaries' between virtual machines and citations (if any) where multiple lpars running z/vm) are preferable over a a single lpar running z/vm (disregarding any performance aspects). Thanks, Greg Smith ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
