An additional though of zVM vs LPAR - Assuming the use of IEEE 802.1q VLANIDs (tagging), then for LPAR mode each LPAR has *full* access to the shared OSA and associated LAN. But for zVM (via a VSWITCH) you can control which Guest has access to a list of VLANIDs (or ALL).
> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of > Smith, Ann (ISD, IT) > Sent: 07 September 2004 15:54 > To: [EMAIL PROTECTED] > Subject: Re: virtual machine vs lpar > > Ralph Noll asked about ethernet adapters and the dmz. > It did take a long time to convince security to allow the same OSA adapter > to be used on both sides of the dmz. Fortunately for us the zOS folks who > support HOD and Websphere had already discussed the issues with the > network > and security folks. We happen to have the alternate side of our OSA > adapter > configured for failover. We plan to get a second OSA as well. The zOS > folks > have already done this. > > > -----Original Message----- > From: Smith, Ann (ISD, IT) > Sent: Tuesday, August 31, 2004 1:31 PM > To: 'Linux on 390 Port' > Subject: RE: virtual machine vs lpar > > > A virtual machine only has access to the data to which you give it > access(dedicated or shared, read only or read write, nfs or local). > zVM 5 has good native security and SuSE SLES8 also has EAP 3+ > certification > (I think Redhat as well but I'm not certain there) but if your boss is > that > concerned it would be far better to purchase additional security packages > than to throw away the flexibility and performance options available only > if > you run under zVM. > > > -----Original Message----- > From: Greg Smith [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 31, 2004 12:12 PM > To: [EMAIL PROTECTED] > Subject: virtual machine vs lpar > > > It looks like we are almost to the point of implementing > a production linux image which will be an oracle back-end > for a public-access webserver. Naturally the concept of > multiple virtual machines on a single physical machine is > a new concept for the network/security/sysadmin types. > They are used to a physical tangible box that you can put > in a close and lock the door. > > There is some concern expressed by these people about > information `leakage' between virtual machines. My boss > has proposed separate lpars instead to `harden the walls'. > I desperately want to talk him out of this course of action. > > What I need is some published verbiage discussing the > `boundaries' between virtual machines and citations (if > any) where multiple lpars running z/vm) are preferable > over a a single lpar running z/vm (disregarding any > performance aspects). > > Thanks, > Greg Smith > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > This communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential or privileged > information. If you are not the intended recipient, any use, copying, > disclosure, dissemination or distribution is strictly prohibited. If > you are not the intended recipient, please notify the sender > immediately by return email and delete this communication and destroy all > copies. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
