On Thursday, 08/21/2008 at 01:18 EDT, Fred Schmidt <[EMAIL PROTECTED]> wrote:
> Our z/VM environment currently sits behind a firewall. We would like to allow > one Linux guest to act as an Internet server. We do not however want to expose > the other Linux guests or the z/VM environment itself to the outside world. We > are using VSWITCH. > > Is this possible? What options are there? > > Do we require a separate OSA for the Linux guest in the DMZ? Tell your comms guy that you don't need either a separate OSA (for a 2nd VSWITCH) or another VLAN on your existing VSWITCH (making it VLAN-aware on a trunk port). There are other security measures you may be required to take, but they aren't related to comms, so make sure your network security folks agree with your plan to put an Internet and intranet servers in the same z/VM LPAR. If they have issues then you can take security to the next level using mandatory access controls (RACF with SECLABELs). Alan Altmark z/VM Development IBM Endicott
