Thank you for a really quick answer Alan. So I did get it right more or less. I didn't know that I can do vlans which will make things cleaner to some extent.
But I was hopping for a different answer when it comes to security. We will have at least non-prod and prod environments on separate chpids then. Thank you Gregory 2015-11-19 15:05 GMT-05:00 Alan Altmark <alan_altm...@us.ibm.com>: > On Thursday, 11/19/2015 at 07:38 GMT, Grzegorz Powiedziuk > <gpowiedz...@gmail.com> wrote: > > From what I've learned so far, In order to achieve this, we need to have > a > > shared chpid between LPARS. Hipersockets on the same chpid can > communicate > > with each other. > > Hosts using the same VLAN on the same HiperSocket chpid can talk to each > other. There are no controls on the VLAN ID that a host is permitted to > use, so from a security perspective, don't rely on HiperSocket VLAN > controls. > > > Ok, we've done that. We have defined a set of hipersockets on one chipd > for > > every LPAR and it works. Linux in one LPAR can talk to another linux in > > different lpar. > : > > Do I need to have a separate chpid for every cluster? Doesn't really > make > > sense, does it? > > Am I missing something? > > It depends entirely on your security posture. If you need enforced > isolation of each pair, then you need one chpid per pair. > > Alan Altmark > > Senior Managing z/VM and Linux Consultant > Lab Services System z Delivery Practice > IBM Systems & Technology Group > ibm.com/systems/services/labservices > office: 607.429.3323 > mobile; 607.321.7556 > alan_altm...@us.ibm.com > IBM Endicott > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
