Embed Size (px)
Citation preview
1
VM/Advanced Network ServicesA New Reference Architecture for VM TCP
Services
David BoyesSine Nomine Associates
Session V29
Copyright 2004 SNA 2
Problem Overview
Services dated in terms of function and capability
Unable to quickly assimilate and deploy new services and functions
VM TCP perceived to be complex to set up
Linux hosting strategy complicated by host-orientation vs network-orientation
Copyright 2004 SNA 3
Impact
Perceived as additional barrier to Linux on zSeries adoptionPerceived as insecure/antiquated
Most VM systems attached to the public Internet are in popular RBLs as risk to public infrastructure
Complicates L2 adoption strategyComplicates HW assist implementationUnclear migration strategy for IPv4 and IPv6 services for CMS environment
Copyright 2004 SNA 4
Proposal Overview
Use Linux-based services to replace existing CMS services Use existing code to support legacy
services where public interfaces are not available
Add new multi-platform functionalityShip a fully-configured system requiring only minimal setup
5
Design Overview
Copyright 2004 SNA 6
Physical Connectivity
OSA
OSA
OSA
OSA
OSA
OSA
Copyright 2004 SNA 7
VSWITCH Controllers
OSA
OSA
OSA
OSA
OSA
OSA
VSWITCH
VSWITCH
VM
TCP
VM
TCP
Copyright 2004 SNA 8
Linux Guest Networking
OSA
OSA
OSA
OSA
OSA
OSA Linux
Linux
VSWITCH
VSWITCH
VM
TCP
VM
TCP
Copyright 2004 SNA 9
VM TCP Connectivity
OSA
OSA
OSA
OSA
OSA
OSA Linux
Linux
VSWITCH
VSWITCH
VM
TCP
VM
TCP
Linux
NAT
Linux
NAT
GLAN/VSWITCH
GLAN/VSWITCHTCP
TCP
Copyright 2004 SNA 10
Existing CMS TCP Applications
OSA
OSA
OSA
OSA
OSA
OSA Linux
Linux
VSWITCH
VSWITCH
VM
TCP
Linux
NAT
Linux
NAT
GLAN
GLAN
VM/NFS
VM
TCP
IUCV
PORTMAP
MPROUTE
Existing CMS Clients
VM TCP Apps
IUCV
TCP
TCP
Copyright 2004 SNA 11
Modern Applications
OSA
OSA
OSA
OSA
OSA
OSA Linux
Linux
VSWITCH
VSWITCH
VM
TCP
VM
TCP
Linux
NAT
Linux
NAT
GLAN
GLAN
IUCV
IUCV
VM
NFSPORTMA
PMPROUT
E
Existing CMS
Legacy TCP Apps
FILE+
SMTP+
WWW
FTP+
TCP
TCP
Copyright 2004 SNA 12
New Function
Packet FilteringTraffic ShapingTraffic AuthenticationSMB/NFSv4 SupportFTP CheckpointGrid Services SupportFull redundancy in default implementationRobust Cisco-style routing implementationWWW Server
“Couple and Go” Support for GuestsSpam/virus scanningRBL supportFull DNS implementation w/o DB2Easy implementation of new protocolsKerberos support in toolsLDAP Server
Copyright 2004 SNA 13
Backward Compatibility
Completely backward compatible CMS clients continue to communicate with
VM TCP as interim step Support for migration to complete Linux
stack when AF_IUCV support completed and tested in Linux NAT appliance
Conversion tools to migrate existing configuration partially done SMTP (100%) FTP (85%)
Copyright 2004 SNA 14
New Services/APIs
IPP support (via CUPS/lpr and RSCS)Kerberos 5LDAPHTTPWWW based configurator
TCP services VM management
(later)
User SNMP proxy/ integrationTCPwrappersOutbound SSL (predefined ports)Crypto Engine exploitation (if present) in SSL
Copyright 2004 SNA 15
Documentation
Current weak point Design: completed Application manuals: 90% complete Messages & Codes: pending Built to Unix standard
Copyright 2004 SNA 16
Maintenance
Total replacement serviceKernel in NSS, /usr in DCSSUser configuration data on individual disk attached to service machine Editable from Linux or CMS Working on WWW configurator
Copyright 2004 SNA 17
Performance
No additional impact to Linux guests attached to VSWITCHCMS users average 3-5% throughput impact due to NAT processing (prototype on MP3K)Approx 10% increase in disk footprint over existing TCP stack (in prototype)
Copyright 2004 SNA 18
CompletenessGW+ 90%
SMTP+ 100%
FTP+ 80%
FILE+ 80%
LDAP+ 60%
WWW+ 90%
IPP+ 80%
Configurator 50%
Documentation 70%
Copyright 2004 SNA 19
Benefits
Simplifies VM TCP configuration to supplying a minimum of 1 IP address, netmask, default gw and DNS serverAllows shipping completely configured, fully redundant services behind GW servers
Promotes “building blocks” support services for Linux farmsProvides modern secure services for CMS users w/o significant development
Copyright 2004 SNA 20
Processes
Possible to ship with z/VM 5.2 as included feature code (still part of product)Support through usual channels
Copyright 2004 SNA 21
Next Steps
Tell Reed you want it!
Copyright 2004 SNA 22
Q&A
