Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
On Friday, 04/30/2010 at 12:29 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: Thanks a bunch Rich for the information! I think the Firewall guys think if we use a Hipersocket than you do not need the Firewall rules. But I told them that even if Hipersockets are used you would still need Firewall rules if required. Yes, and that's why I said you can't use HiperSockets to connect LPARs in different zones: No firewall. Any time data transits to a different zone, it goes thru a firewall. It is the firewalls that create the zones. Note that firewall and packet filter are not the same. A host may have a resident IPS/IDS solution, but it isn't a firewall. Firewalls are stand-alone devices. Alan Altmark z/VM Development IBM Endicott
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Hi Alan, Thanks for the information. It is much appreciated! Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Friday, April 30, 2010 2:58 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS On Friday, 04/30/2010 at 12:29 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: Thanks a bunch Rich for the information! I think the Firewall guys think if we use a Hipersocket than you do not need the Firewall rules. But I told them that even if Hipersockets are used you would still need Firewall rules if required. Yes, and that's why I said you can't use HiperSockets to connect LPARs in different zones: No firewall. Any time data transits to a different zone, it goes thru a firewall. It is the firewalls that create the zones. Note that firewall and packet filter are not the same. A host may have a resident IPS/IDS solution, but it isn't a firewall. Firewalls are stand-alone devices. Alan Altmark z/VM Development IBM Endicott
Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Hi Currently we use Hipersockets between on z/OS LPARS and our z/Linux guests. This works great. The question I have is can Hipersockets be used to go from one z/Linux running on one z/VM LPAR to another? Currently we us VSWITCHES with OSA to communicate between z/Linux guests. Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
On 04/29/2010 01:57 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Hi Currently we use Hipersockets between on z/OS LPARS and our z/Linux guests. This works great. The question I have is can Hipersockets be used to go from one z/Linux running on one z/VM LPAR to another? Currently we us VSWITCHES with OSA to communicate between z/Linux guests. /Thank You,/ / / /Terry Martin/ /Lockheed Martin - Citic/ /z/OS and z/VM Performance Tuning and Operating Systems Support/ /Office - 443 348-2102/ /Cell - 443 632-4191/ / / Yes, just attach a hipersocket triplet to each Linux guest in each of the LPARs. Configure the hsi interfaces appropriately and you're off to the races. -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
On Thursday, 04/29/2010 at 03:20 EDT, Rich Smrcina r...@velocitysoftware.com wrote: Yes, just attach a hipersocket triplet to each Linux guest in each of the LPARs. Configure the hsi interfaces appropriately and you're off to the races. But before you do that, you need to check with the network security folks. It is unlikely that they will permit an app server and a db server to be in the same security zone (i.e. connected without a firewall). But, either way, it's their call. Alan Altmark z/VM Development IBM Endicott
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Thanks for the information. For some reason I was under the impression that you could not use Hipersockets to talk between z/Linux guests, this is why we set up Vswitches and talk between guests using OSA. Am I confusing something here? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 3:20 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS On 04/29/2010 01:57 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Hi Currently we use Hipersockets between on z/OS LPARS and our z/Linux guests. This works great. The question I have is can Hipersockets be used to go from one z/Linux running on one z/VM LPAR to another? Currently we us VSWITCHES with OSA to communicate between z/Linux guests. /Thank You,/ / / /Terry Martin/ /Lockheed Martin - Citic/ /z/OS and z/VM Performance Tuning and Operating Systems Support/ /Office - 443 348-2102/ /Cell - 443 632-4191/ / / Yes, just attach a hipersocket triplet to each Linux guest in each of the LPARs. Configure the hsi interfaces appropriately and you're off to the races. -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
You *can* use hipersockets to talk between Linux guests. If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Of course, if the Linux guests are in different LPARs then you have to use hipersockets. I defer the security aspect of the discussion to the gentleman that had his *other* hat on earlier On 04/29/2010 09:26 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Thanks for the information. For some reason I was under the impression that you could not use Hipersockets to talk between z/Linux guests, this is why we set up Vswitches and talk between guests using OSA. Am I confusing something here? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Rich thanks for the information. One last thing you mention that If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Why is this? Is that the benefit of the Hipersockets is lost? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 10:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS You *can* use hipersockets to talk between Linux guests. If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Of course, if the Linux guests are in different LPARs then you have to use hipersockets. I defer the security aspect of the discussion to the gentleman that had his *other* hat on earlier On 04/29/2010 09:26 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Thanks for the information. For some reason I was under the impression that you could not use Hipersockets to talk between z/Linux guests, this is why we set up Vswitches and talk between guests using OSA. Am I confusing something here? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Why go to the hw when vm can do it? And the use of ucb is a problem at some shops. Yes, 65k isn't enough. Marcy - Original Message - From: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To: IBMVM@LISTSERV.UARK.EDU IBMVM@LISTSERV.UARK.EDU Sent: Thu Apr 29 22:06:45 2010 Subject: Re: [IBMVM] Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS Rich thanks for the information. One last thing you mention that If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Why is this? Is that the benefit of the Hipersockets is lost? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 10:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS You *can* use hipersockets to talk between Linux guests. If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Of course, if the Linux guests are in different LPARs then you have to use hipersockets. I defer the security aspect of the discussion to the gentleman that had his *other* hat on earlier On 04/29/2010 09:26 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Thanks for the information. For some reason I was under the impression that you could not use Hipersockets to talk between z/Linux guests, this is why we set up Vswitches and talk between guests using OSA. Am I confusing something here? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Vswitch is internal to CP, hipersockets makes most sense to move data between LPARs. Using hipersockets requires a trip out of the VM system (even if it's between virtual machines), whereas using the VSwitch stays within CP. On 04/29/2010 10:06 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Rich thanks for the information. One last thing you mention that If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Why is this? Is that the benefit of the Hipersockets is lost? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Thanks Rich. So in my case if I want my APP Layer z/Linux guest on the APP Layer LPAR to talk to my Data Layer z/Linux guest on the Data Layer LPAR I would use Hipersockets. Once I am in the Data Layer LPAR and want to talk between other Data Layer guests within the LPAR the use of a Vswitch is the way to go. Am I understanding this now? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 11:14 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS Vswitch is internal to CP, hipersockets makes most sense to move data between LPARs. Using hipersockets requires a trip out of the VM system (even if it's between virtual machines), whereas using the VSwitch stays within CP. On 04/29/2010 10:06 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Rich thanks for the information. One last thing you mention that If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Why is this? Is that the benefit of the Hipersockets is lost? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
And one last thing Would I have both a Ethernet connection and Hipersockets(His) interface set up on all of the guests to handle both methods? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, April 29, 2010 11:26 PM To: IBMVM@LISTSERV.UARK.EDU Subject: RE: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS Thanks Rich. So in my case if I want my APP Layer z/Linux guest on the APP Layer LPAR to talk to my Data Layer z/Linux guest on the Data Layer LPAR I would use Hipersockets. Once I am in the Data Layer LPAR and want to talk between other Data Layer guests within the LPAR the use of a Vswitch is the way to go. Am I understanding this now? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 11:14 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS Vswitch is internal to CP, hipersockets makes most sense to move data between LPARs. Using hipersockets requires a trip out of the VM system (even if it's between virtual machines), whereas using the VSwitch stays within CP. On 04/29/2010 10:06 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Rich thanks for the information. One last thing you mention that If the guests are running in the same z/VM system it makes more sense to use the VSwitch, than to use hipersockets. Why is this? Is that the benefit of the Hipersockets is lost? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Correct. As long as all of those LPARs are in the same CEC, everything is good. That guy with the security hat on it looking pretty squirrely, careful now On 04/29/2010 10:26 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: Thanks Rich. So in my case if I want my APP Layer z/Linux guest on the APP Layer LPAR to talk to my Data Layer z/Linux guest on the Data Layer LPAR I would use Hipersockets. Once I am in the Data Layer LPAR and want to talk between other Data Layer guests within the LPAR the use of a Vswitch is the way to go. Am I understanding this now? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Yes. On 04/29/2010 10:27 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: And one last thing Would I have both a Ethernet connection and Hipersockets(His) interface set up on all of the guests to handle both methods? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS
Thanks a bunch Rich for the information! I think the Firewall guys think if we use a Hipersocket than you do not need the Firewall rules. But I told them that even if Hipersockets are used you would still need Firewall rules if required. Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Rich Smrcina Sent: Thursday, April 29, 2010 11:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Hipersockets between z/VM LPARS and z/Linux guests running on the LPARS Yes. On 04/29/2010 10:27 PM, Martin, Terry R. (CMS/CTR) (CTR) wrote: And one last thing Would I have both a Ethernet connection and Hipersockets(His) interface set up on all of the guests to handle both methods? Thank You, Terry Martin Lockheed Martin - Citic z/OS and z/VM Performance Tuning and Operating Systems Support Office - 443 348-2102 Cell - 443 632-4191 -- Rich Smrcina Phone: 414-491-6001 http://www.linkedin.com/in/richsmrcina Catch the WAVV! http://www.wavv.org WAVV 2011
