On Thursday, 01/22/2015 at 02:09 EST, Cameron Seay <[email protected]> wrote: > I am teaching several nainframe classes this term and a question came up: > does FICON proper provide firewall services or is that handled by RACF and > the external firewall of the network where the mainframe lives?
FICON operates as either a point-to-point or SAN-style fabric technology. In a SAN-style configuration, the ability of the mainframe to communicate with a FICON-attached storage controller (for example) is managed by the FICON-specific controls in the FICON switch. The "firewall" functions are very much like the zones of a traditional SAN switch. (FICON is just fibre channel with a different link layer protocol layered on it.) In its point-to-point configuration, there are no external controls unless you are using a FICON "director", which is a device similar to a FICON switch, but one where the mainframe's I/O subsystem (not the LPAR) has control over how data is routed through it. In both cases, an LPAR's ability to access the FICON port at all is controlled by the I/O configuration (IOCP, IOCDS, HCD). There are no "firewall" entities in a SAN fabric, as access to the SAN fabric requires more than just plugging into a random port on the wall. Or perhaps you meant something else? Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Practice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
