On 3/30/11 8:56 AM, "Ron Foster at Baldor-IS" <[email protected]> wrote: >We have a couple of zLinux web servers that are running in a couple of >z/VM guests that are connected to our DMZ. The new folks say this is a >show stopper as far as hooking up the two networks.
This is a political decision, not a technical one, and one based on a flawed assumption that System z = one image of z/OS. They're used to the concept that machines run one OS and are not safely partitionable. If they expose a typical machine to the Internet, then they're exposing the whole thing. In the scenario you just described, there is no risk (or no more risk than they are already taking by exposing ANY Linux machine to the internet) and each system is separated and isolate IF they do the networking right. >Is this a common restriction? That is, you have to have your DMZ based >web servers running on some other platform so that your mainframe is not >exposed to the internet. Yes, if you're used to the one-system, one-OS, one-image rule. It does NOT apply to virtualized Linux and virtual machines. This is policy, not technical merit. They run the same (if not an inflated) risk by exposing Intel machines to the Internet. If the networking is properly engineered and ANY system that is exposed to the Internet is correctly separated with DMZs and firewalls, then "exposing the mainframe" is no more risk than exposing any other platform. It's the network segment that has to be separate, not the machine. >I know that we will end up conforming to the rules that the new folks >have, but I was just wondering if the new folks really know what they >are talking about. They're going to hit exactly the same issues with ANY virtualized platform. Probably worth exploring how much they trust their switch VLANs; same issue. -- db ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
