On Wed, 18 Jun 2003, McKown, John wrote: > Has anybody heard of any kind of compromise that exists when an OSA in Linux > instead of routing via z/VM's TCPIP stack?
Nothing specific. I'm not sure what kind of compromise you might be referring to though... One security thing I can think of: from a security perspective, key to running a router is minimisation of 'extraneous' services (plenty of other reasons, particularly for Linux on z/VM, but security is a good one ;-). Arguably there would be less work involved in doing this on a z/VM TCP/IP stack, since it is possible to run nothing else but the stack itself (providing you have enough local tubes or 2074 console sessions to do all your system work). Having said that, there is enough documentation around on how to secure Linux systems for this purpose, and enough router mini-distros to use as a model for doing the same on zSeries (my LEAF Redpaper started to investigate this). Cheers, Vic
