z/vm built on IBM Virtualization Technology

z/VM

built

on

IBM

Virtualization

Technology

General

Information

version

5

release

3

GC24-6095-07

z/VM

built

on

IBM

Virtualization

Technology

General

Information

version

5

release

3

GC24-6095-07

Note:

Beforeusingthisinformationandtheproductitsupports,readtheinformationin“Notices”onpage113.

Thiseditionappliestoversion5,release3,modification0ofIBMz/VM(productnumber5741-A05)andtoall subsequentreleasesandmodificationsuntilotherwiseindicatedinneweditions.

ThiseditionreplacesGC24-6095-06.

©CopyrightInternationalBusinessMachinesCorporation1990,2008.Allrightsreserved.

Contents

Figures . . . vii

Tables . . . ix

About ThisDocument . . . xi

IntendedAudience . . . xi

Whereto FindMoreInformation . . . xi

Howto SendYour CommentstoIBM . . . xi

Summary ofChanges . . . xiii

GC24-6095-07, z/VMVersion5Release3(AdditionalUpdatedEdition) . . . . xiii

CMMASupport Correction. . . xiii

GC24-6095-06, z/VMVersion5Release3(UpdatedEdition) . . . xiii

GC24-6095-05, z/VMVersion5Release3. . . xiii

Chapter1. Introducingz/VM . . . 1

z/VM VirtualizationTechnologyProvides GuestSupport . . . 1

z/VM ProvidesProvenSystemIntegrity,Security,andReliability . . . 2

z/VM SupportsApplicationDevelopmentandDeployment . . . 3

z/VM IsAccessiblebyPeoplewithDisabilities . . . 4

Chapter2. Howz/VMV5.3CanHelpYou . . . 5

Chapter3. WhatIs NeworChangedin z/VMV5.3 . . . 7

Enhanced ScalabilityandConstraintRelief . . . 7

Support forUpto 256GBof RealMemory . . . 7

Upto 32RealProcessorsinaSinglez/VMImage . . . 8

Enhanced MemoryManagementfor LinuxGuests . . . 8

Enhanced MemoryUtilizationUsingVMRMbetweenz/VMandLinuxGuests 8 HyperPAVSupportfor IBMSystemStorage DS8000 . . . 9

Enhanced FlashCopySupport. . . 9

Support fortheIBMSystemStorageSANVolumeController . . . 9

DS8000Dynamic VolumeExpansionSupport . . . 11

Improved MemoryManagementAlgorithms . . . 11

Virtualization TechnologyandLinuxEnablement . . . 12

Support forIBMSystemzSpecialtyProcessors. . . 12

Enhanced VirtualSwitchandGuestLANUsability . . . 12

MIDAWs forGuests . . . 13

GuestASCII ConsoleSupport . . . 13

Enhanced SCSISupport . . . 13

NetworkVirtualization . . . 14

Improved VirtualNetworkManagement . . . 14

Enhanced FailoverSupportfor IPv4andIPv6Devices . . . 14

VIPASupportforIPv6 . . . 14

Support forIEEE802.3adLinkAggregation . . . 15

Virtual SwitchPortIsolationSupport . . . 16

Security . . . 16

Deliveryof LDAPServerandClient . . . 16

Enhanced SystemSecuritywithLongerPasswords . . . 16

ConformancewithIndustryStandards . . . 17

SSLServerEnhancements . . . 17

Tape DataProtection withSupport forEncryption . . . 18

Tape DataEncryptionRekey Support . . . 18

©CopyrightIBMCorp.1990,2008

iii

|| ||

||

TechnologyExploitation. . . 18

Support forIBMSystemz10EnterpriseClass . . . 19

Support forOSA-Express310GigabitEthernet . . . 19

Support forInfiniBandBasedCouplingCHPID . . . 19

Systems Management . . . 19

Enhanced ManagementFunctionsforLinuxandOther VirtualImages . . . 19

NewFunction Levelfor DirMaint . . . 20

Enhancementsto thePerformanceToolkit . . . 20

Enhanced GuestConfiguration . . . 20

z/VM IntegratedSystemsManagement . . . 21

Installation,Service,andPackagingChanges . . . 21

AdditionalDVDInstallationOptions . . . 21

Availability of3592Tape Mediafor Ordering . . . 21

Enhanced StatusInformation. . . 22

RSCSRepackagedasanOptionalFeature . . . 22

NewRACFSecurityServerfor z/VM . . . 22

U.S. DaylightSavingTimeEffectonz/VM . . . 23

z/Architecture CMSShippedasaSampleProgram . . . 23

Withdrawalof theROUTEDandBOOTPServers . . . 24

AdditionalChanges . . . 24

Support forSearchesacross PDFFilesinthez/VM Library . . . 24

Statementsof Direction. . . 24

Chapter4. TechnicalInformation . . . 25

HardwareandStorage Requirements . . . 25

ServerRequirements . . . 25

InstallationRequirements . . . 25

Storage Requirements . . . 26

CSEHardwareRequirements . . . 26

OSA/SFHardwareRequirements . . . 27

TCP/IPHardwareRequirements . . . 27

VM GuestRSA-AssistSupport forLinuxHardwareRequirements . . . 28

DeviceSupport. . . 28

SupportedDevices . . . 28

UnsupportedDevices . . . 28

Software (Program)Requirements. . . 29

PrerequisiteLicensedPrograms . . . 29

HighLevelAssembler . . . 30

RequiredLevelsof z/VMBaseFacilitiesandOptionalFeatures . . . 30

Additionalz/VMBaseProgram Requirements . . . 31

Shared-DASDComplexandCSEClusterProgram Requirements . . . 31

DFSMS/VMProgram Requirements . . . 31

DirMaintProgramRequirements . . . 32

HCD andHCMProgramRequirements . . . 33

LanguageEnvironmentProgramRequirements . . . 33

OpenExtensionsProgram Requirements . . . 33

OSA/SFProgram Requirements . . . 33

PerformanceToolkitProgram Requirements . . . 34

RACFProgram Requirements . . . 34

RSCSProgramRequirements . . . 34

TCP/IPProgram Requirements . . . 34

Online BooksProgram Requirements . . . 35

POSIXProgram Requirements . . . 35

LinuxProgram Requirements . . . 35

Program RequirementsforOther IBMProducts . . . 36

LimitationsandRestrictions . . . 36

|| || || || || ||

General Restrictionsforz/VMVirtualMachines . . . 36

DirMaintRestrictions. . . 36

PerformanceConsiderations . . . 37

OperatingSystemsSupported asGuests . . . 37

Other ProgramsSupportedonz/VM . . . 37

NationalLanguageSupport . . . 37

PackagingandOrderingInformation . . . 38

Object CodeOnlyandLimitedSourceAvailability . . . 39

Integrity andSecurity . . . 39

DataIntegrityfor Guests . . . 39

SystemIntegrityStatement forz/VM . . . 39

Security,Auditability,andControl . . . 41

Chapter5. z/VMBaseProduct . . . 45

CP . . . 45

Virtual MachineModes . . . 45

ArchitectureCompatibility . . . 46

z/Architecture Support . . . 46

ESA/XCSupport . . . 46

CrossSystemExtensions . . . 46

GuestLANsandVirtualSwitches . . . 46

Inter-SystemFacilityforCommunications . . . 47

VM DumpTool . . . 47

Support forHardwareFacilities,Features, andArchitectures . . . 47

CMS. . . 53

Shared FileSystem . . . 54

CMSApplicationProgramming . . . 54

Systems ManagementAPI . . . 55

CMS Pipelines . . . 55

CMSApplicationMultitasking. . . 55

OpenExtensions . . . 55

Program ManagementBinderfor CMS . . . 56

Reusable ServerKernel . . . 56

Virtual MachineResourceManager . . . 57

XEDIT . . . 57 HELPFacility . . . 57 TCP/IPfor z/VM . . . 57 Link Protocols . . . 58 NetworkProtocols. . . 59 Transport Protocols . . . 59

ApplicationsandProtocols . . . 59

AVS . . . 60

DumpViewingFacility . . . 61

GCS. . . 61 HCD andHCMforz/VM . . . 61 LanguageEnvironment . . . 62 OSA/SF . . . 62 REXX/VM. . . 62 TSAF . . . 63 VMSES/E. . . 63

Chapter6. z/VMOptionalFeatures . . . 65

DFSMS/VM . . . 65

DirMaint . . . 65

PerformanceToolkitfor VM . . . 66

RACFSecurityServerfor z/VM. . . 67

RSCSNetworkingforz/VM . . . 68

Chapter7. z/VMLibraryGuide . . . 71

Where toGetz/VMPublications . . . 71

IBMPublicationsCenter . . . 71

z/VM InternetLibrary. . . 71

z/VM LibraryonDisk. . . 71

Basicz/VMDocumentation . . . 72

Publicationsinthez/VMBaseLibrary . . . 72

SystemOverview . . . 72

Installation,Migration,andService. . . 73

Planning andAdministration . . . 74

CustomizationandTailoring . . . 77

OperationandUse . . . 77

Application Programming . . . 79

Diagnosis . . . 83

Publicationsfor z/VMOptionalFeatures. . . 84

DFSMS/VM . . . 85

DirectoryMaintenanceFacilityfor z/VM. . . 85

PerformanceToolkitfor VM . . . 86

RACFSecurityServerfor z/VM. . . 86

RSCSNetworkingforz/VM . . . 87

Publication EditionsandMedia . . . 88

z/VM BaseLibrary . . . 89

Publicationsfor z/VMOptionalFeatures. . . 91

AppendixA.IBMServersSupportedbyz/VM. . . 93

AppendixB.IBMOperatingSystemsSupportedasGuestsofz/VM . . . . 97

AppendixC.IBMDevicesSupportedbyz/VM . . . 99

DirectAccessStorageDevices (DASD) . . . 100

DASDControlUnitsandStorage Controls . . . 105

Tape UnitsandTapeLibraries . . . 105

Tape ControlUnits . . . 106

Printers . . . 106

Card ReadersandCard Punches . . . 107

Terminals/Displays/Consoles . . . 107

Display Printers . . . 108

Display ControlUnits . . . 108

Communications Controllers . . . 108

Switches. . . 108

ServerAdaptersandMiscellaneousDevices . . . 109

Notices . . . 113

Trademarks. . . 115

Figures

1. TCP/IPforz/VMasPartof aMulti-VendorNetwork . . . 58

Tables

1. IBM-TranslatedPartsof z/VM . . . 38

2. CurrentEditionandAvailable MediaforPublicationsinthez/VMBaseLibrary . . . 89

3. CurrentEditionandAvailable MediaforPublicationsforz/VMOptionalFeatures . . . 91

4. z/VMServerSupportMatrix. . . 94

5. z/VMGuestSupportMatrix . . . 97

6. DeviceSupport List—DASD . . . 100

7. DeviceSupport List—DASDControlUnitsandStorageControls . . . 105

8. DeviceSupport List—TapeUnitsandTape Libraries . . . 105

9. DeviceSupport List—TapeControlUnits . . . 106

10. DeviceSupport List—Printers. . . 106

11. DeviceSupport List—CardReadersandCardPunches . . . 107

12. DeviceSupport List—DisplayControlUnits. . . 108

13. DeviceSupport List—CommunicationsControllers . . . 108

14. DeviceSupport List—Switches . . . 108

15. DeviceSupport List—ServerAdaptersandMiscellaneousDevices . . . 109

About

This

Document

This documentprovidesthefollowinginformationaboutIBM®_z/VM®_:

v

Introductionto thez/VMcomponents,facilities,andoptional features

v Informationabouthow z/VMcanhelpyou

v Overviewof whatisnew orchangedinthecurrentz/VMrelease

v z/VMhardwareandsoftwarerequirements

v Guidetothez/VMproductdocumentation

v ListsoftheIBMservers, guestoperating systems,anddevicessupportedby

currentz/VM releases

Intended

Audience

This informationisintended foranyonewho wantsageneraloverviewof z/VM.It

willalso beusefulfor thosewho needtoevaluatethecapabilitiesofz/VMand

determinetheresourcesnecessary toinstallandrunit.

Where

to

Find

More

Information

You canobtainmoreinformationaboutz/VMfromthedocumentslistedinthe

Chapter7,“z/VMLibraryGuide,”onpage71.Thelibraryguideincludesanabstract

of eachdocument.

LinkstoOtherOnlineDocuments

If youareviewingtheAdobe®_{PortableDocument Format(PDF)versionof this}

document,it maycontainlinksto otherdocuments.Alink toanotherdocument

isbasedonthename oftherequestedPDFfile.Thename ofthePDFfilefor

anIBMdocumentisuniqueandidentifiestheedition.Thelinksprovided in

this documentarefortheeditions(PDFnames)thatwerecurrentwhenthe

PDFfilefor thisdocumentwasgenerated.However,newereditionsofsome

documents (withdifferentPDFnames)mayexist.Alink fromthisdocumentto

anotherdocumentworksonlywhenbothdocumentsresideinthesame

directory.

How

to

Send

Your

Comments

to

IBM

IBMwelcomesyourcomments.Youcanuseanyof thefollowing methods:

v CompleteandmailtheReaders’Commentsform(if oneisprovided attheback

ofthis document)or sendyourcommentsto thefollowing address:

IBM Corporation

MHVRCFS, Mail Station P181

2455 South Road

Poughkeepsie, New York 12601-5400

U.S.A. v

SendyourcommentsbyFAX:

– UnitedStatesandCanada:1-845-432-9405

– OtherCountries:+1845 4329405

v Sendyourcommentsbyelectronicmailto oneofthefollowingaddresses:

– Internet:[email protected]

– IBMLink

™

(UScustomersonly):IBMUSM10(MHVRCFS)

Be suretoinclude thefollowinginyourcommentornote:

v Titleandcompletepublicationnumberofthedocument

v Pagenumber,sectiontitle, ortopicyouarecommentingon

If youwouldlikea reply,besuretoalso includeyourname,postalore-mail

address, telephonenumber,orFAXnumber.

When yousendinformationto IBM,yougrant IBManonexclusiverighttouse or

distributetheinformationinanywayit believesappropriatewithout incurringany

Summary

of

Changes

This documentcontainsterminology, maintenance,andeditorial changes.Technical

changesoradditionsto thetext andillustrationsareindicatedbyaverticalline to

theleftof thechange.

GC24-6095-07,

z/VM

Version

5

Release

3

(Additional

Updated

Edition)

This editionincludesinformationaboutprogrammingenhancements, additional

support,or otherchangesprovided orannouncedafterthegeneralavailabilityof

z/VM V5.3.For moreinformation,seeChapter3,“WhatIsNeworChangedinz/VM

V5.3,”onpage7.

CMMA

Support

Correction

Previous editionsof thisdocumentincorrectlyindicatedthatCollaborativeMemory

ManagementAssist(CMMA)supportwasavailableonz/VMV5.2throughAPAR

VM63856.ThatAPARdoes notexist.CMMAsupportisnot availableonz/VM

V5.2.CMMAsupportisincludedinz/VMV5.3.

GC24-6095-06,

z/VM

Version

5

Release

3

(Updated

Edition)

This editionincludesinformationaboutprogrammingenhancements, additional

support,or otherchangesprovided orannouncedaftertheannouncementofz/VM

V5.3.For moreinformation,seeChapter3,“WhatIsNewor Changedinz/VM

V5.3,”onpage7.

GC24-6095-05,

z/VM

Version

5

Release

3

This editionsupportstheannouncementofz/VMV5.3.For moreinformation,see

Chapter3,“WhatIsNeworChangedinz/VMV5.3,”onpage7.

Chapter

1.

Introducing

z/VM

Thez/VMhypervisorprovidesahighlyflexibletestandproductionenvironmenton

theIBMSystemz™_{platform.Thez/VMimplementationof IBMvirtualization}

technology providesthecapabilityto runfull-functionoperatingsystemssuchas

Linux®_{onSystemz,z/OS}®_,z/VSE™_{, andz/TPFas“guests”of z/VM.z/VMsupports}

64-bit IBMz/Architecture®_{guestsand31-bit IBMEnterpriseSystems}

Architecture/390® _guests.

Thez/VMbase productincludesthefollowingcomponentsandfacilities:

v ControlProgram(CP)

v ConversationalMonitorSystem(CMS)

v TCP/IPforz/VM

v AdvancedProgram-to-Program Communication/VirtualMachine(APPC/VM)

VirtualTelecommunicationsAccess Method(VTAM®)Support (AVS)

v DumpViewingFacility

v

GroupControl System(GCS)

v HardwareConfigurationDefinition(HCD)andHardwareConfigurationManager

(HCM)forz/VM

v LanguageEnvironment

®

v OpenSystemsAdapterSupport Facility(OSA/SF)

v RestructuredExtendedExecutor/VirtualMachine(REXX/VM)

v TransparentServicesAccessFacility(TSAF)

v VirtualMachineServiceabilityEnhancementsStaged/Extended(VMSES/E)

For moreinformation,seeChapter5,“z/VMBaseProduct,”onpage45.

z/VM alsooffersthefollowingoptionalfeatures:

v DataFacilityStorageManagement SubsystemforVM (DFSMS/VM

™

)

Note: DFSMS/VMisanoptionalfeatureofthez/VMSystemDeliveryOffering

(SDO).

v DirectoryMaintenanceFacilityforz/VM(DirMaint

™

)

v PerformanceToolkit forVM

™

v RACF

®

SecurityServerforz/VM

v RemoteSpoolingCommunications Subsystem(RSCS)Networkingfor z/VM

For moreinformation,seeChapter6,“z/VMOptionalFeatures,”onpage65.

z/VM

Virtualization

Technology

Provides

Guest

Support

z/VM provideseachuser withanindividualworkingenvironmentknownasavirtual

machine.Thevirtualmachinesimulatestheexistenceof adedicatedrealmachine,

includingprocessorfunctions,memory,networking,andinput/output(I/O)resources.

Operatingsystemsandapplicationprograms canruninvirtualmachinesasguests.

For example,youcanrunmultipleLinuxandz/OSimagesonthesamez/VM

system thatisalsosupportingvariousapplicationsandendusers.Asa result,

development,testing,andproductionenvironmentscanshare asinglephysical

computer.

Thevirtualmachinecapabilityof z/VMallowsyouto:

v Testprogramsthatcancauseabnormal terminationofrealmachine

operationsand,atthe sametime,processproduction work.Theisolation

thatisprovidedfora virtualmachineenables system-orientedprogramsand

teleprocessingapplications, forexample,tobetestedonthevirtualmachine

whileproductionworkisinprogress,becausethistestingcannotcauseabnormal

terminationoftherealmachine.

v

Testanewoperatingsystemrelease.Anewreleaseof anoperating system

canbegeneratedandtestedatthesametimethattheexistingreleaseis

performingproductionwork.Thisenablesthenew releasetobeinstalledandput

intoproductionmorequickly.Theabilityto operatemultipleoperating systems

concurrentlyunder z/VMmayenableaninstallationto continuerunningprograms

thatoperateonlyundera back-levelrelease(programsthatarerelease-sensitive

anduneconomicalto convert,forexample)concurrentlywiththemostcurrent

release.

v Testanewoperatingsystem.Theexistingoperatingsystem canbeusedto

processproductionworkconcurrentlywiththegenerationandtestingof anew

operatingsystem.Experiencewiththenew systemcanbeobtainedbeforeit is

usedonaproductionbasis,without dedicatingtherealmachineto thisfunction.

v Performoperatingsystemmaintenanceconcurrentlywithproductionwork.

Theinstallationandtestingof programtemporaryfixes(PTFs)for anoperating

systemcanbedoneat thesametimenormalproductionoperationsarein

progress.

v Providebackupfacilitiesfortheprimaryoperatingsystem.Ageneratedz/VM

systemisnotmodel-dependentandcanoperateonvariousservermodelsas

longastheminimumhardware requirementsarepresent.Thisenablesasmaller

servermodelthathaslessrealstorage,fewerchannels,fewerdirectaccess

devices,andfewerunitrecord devicesthanalargerservermodeltoprovide

backupfor thelarger model(normallyata reducedlevelof performance).

v Performoperatortrainingconcurrentlywithproduction workprocessing.

Therealmachinedoes nothave tobededicatedtotrainingadditionalor new

operatorsorto providinginitialtrainingwhena newoperating systemisinstalled.

Operatorerrorscannotcauseterminationofrealmachineoperations.

v Simulatenewsystemconfigurationsbeforetheinstallationofadditional

channelsandI/Odevices.TherelativeloadonchannelsandI/Odevicescan

bedeterminedusingthesimulatedI/OconfigurationratherthantherealI/O

configuration.ExperiencewithgeneratingandoperatinganI/Oconfigurationfor

multipleguests canbeobtained usingonerealmachine.

v Testcustomer-writtensystemexits.Customer-writtensystemexitscanbe

testedwithoutdisruptingproductionwork.

z/VM

Provides

Proven

System

Integrity,

Security,

and

Reliability

z/VM isbuilt ona foundationofsystemintegrity andsecurity,andincorporates

manydesignfeaturesfor reliabilityandavailability.

v Integrityandsecurity:

– z/VMsupportsguestuseofthecryptographicfacilitiesprovided bysupported

IBMservers.

– IBMwillcorrectanyintegrityexposuresintroducedbyunauthorizedprograms

intothesystem.

– Kerberosauthentication andSecureSocketsLayer (SSL)supportare

– Integratedaccesscontrolandauthentication servicesmay beaugmentedwith

theaddition ofanexternalsecuritymanager(ESM),suchastheRACF

SecurityServerforz/VM.

v Availabilityandreliability:

– Applicationrecovery:z/VMprovidesserviceswhichpermitrecoveryof

incompleteinteractionswithresourcemanagers.

– Automatedoperations:z/VMoffersseveral levelsofautomatedsystem

managementsupport.OneexampleistheProgrammable Operator.Fora

higherdegreeofautomation,IBMSystemView®_{HostManagement}

Facilities/VMcan beadded.BoththeProgrammableOperatorandHost

ManagementFacilities/VMcaninteractwithNetView®_{onz/VM,whichinturn}

caninteractwithNetView onz/OS.

– z/VMprovidesduplexeddatawithtransparentongoing synchronization

betweentheprimaryandbackupcopy,andautomatictransparentswitchingto

thebackup copyincaseofanerrorintheprimarycopy.

– Onlineconfigurationchangeseliminatemanypreviously-requiredoutages.

– z/VMsystemscanbeconnectedfor improvedserveranduseravailability.

– Fastrestartreducestheenduserimpactof anyoutage.

z/VM

Supports

Application

Development

and

Deployment

z/VM supportsanumberofprogramming languagesandenvironments,including:

v APL2 ® v Assembler v C v C++ v COBOL v FORTRAN v LanguageEnvironment v MQSeries ® Client(WebSphere®MQ) v PASCAL v PL/I v REXX

v SystemsApplicationArchitecture

®

(SAA®)commonprogramminginterface (CPI)

v VisualAge

®

Generator

z/VM alsoprovidesa richsetofapplicationdevelopmentservices,including:

v Integratededitorsandsupportforcode versionmanagement

v Traceanddebugfacilities

z/VM supportsprogramdevelopmentnotonlyfor z/VMapplications,butalsofor

operating systemssupportedasguestsof z/VM.

z/VM applicationprogramminginterfaces(APIs)include:

v CPDIAGNOSEinstructions

v Certainz/VMcontrolblocks

v Datarecord formats,suchasaccounting records,intendedto beprocessedby

applicationprograms

v CPsystem services(suchas*MSG)

Introduction

v CPassemblermacros(suchasIUCVandAPPCVM)

v TCP/IPAPIs(suchasCsockets,IUCVsockets,andRemote ProcedureCalls

(RPCs))

v GCSassemblermacros

Special facilitiesareavailableto CMSapplications,suchas:

v SystemsmanagementAPI

v

EnterpriseSystemsArchitecture/ExtendedConfiguration(ESA/XC)support

v CMSPipelines

v Callableserviceslibrary(CSL)

v CMSmultitaskingservices

v OpenExtensions

™

(POSIXinterfacesandshell)

v ProgramManagement Binder

v ReusableServerKernel

v Assemblermacrosandfunctions

v OS/MVSsimulation

v

DOS/VSEsupport

Note: Although IBMVSE/VSAM,V6.1(5686-081),waswithdrawnfrom

marketingonSeptember30,2005,CMSDOS/BAMwillcontinueto

provide itscurrentleveloffunction insupportof DOSsimulationand

VSE/VSAM.

In general,z/VMprogramminginterfacesaredesignedto beusedexclusivelyfrom

programs (oftenusingbinaryor othermachine-levelformatsasparametervalues)

andareusuallysupportedinacompatiblemannerfromreleaseto release.

z/VM mayalsoship otherprogrammaterials(primarilymacros),buttheseare

internal facilitiesdesignedonly forusebetweenz/VMcomponentsandmodulesand

arenotintendedto beused asprogramminginterfaces.

z/VM

Is

Accessible

by

People

with

Disabilities

Thefollowingfeatures supportuse bypeoplewithdisabilities:

v Operationbykeyboardalone

v Optionalfontenlargementandhigh-contrastdisplaysettings

v Screenreadersandscreenmagnifierstestedforusebypeoplewithvisual

Chapter

2.

How

z/VM

V5.3

Can

Help

You

Withz/VMV5.3,enhancements toscalability,security,andvirtualization technology

can helpsupportincreasedworkloadsonIBMSystemz serversandenhance its

securitycharacteristics.

z/VM V5.3providessupportforlargerlogical partitions(LPARs)toimprove

scalabilityandto facilitategrowth.Asinglez/VMpartitioncanbeconfiguredwith

more than128GBof realstorageandupto 32ProcessorUnits (PUs),a33%

increaseoverthepreviousrelease.ThePUsmay be:

v CentralProcessor(CP)

v IBMSystemzApplicationAssistProcessor (zAAP)

v IBMSystemz9

®_{Integrated InformationProcessorandIBMSystemz10}™

IntegratedInformationProcessor(zIIP)

v

IBMIntegrated Facilityfor Linux(IFL)

z/VM V5.3andLinuxonSystemz collaborateto makemoreinformedchoices

about howmemoryismanaged.This levelof cooperationcanallowz/VMto run

more virtualserversinthesameamountof memory.

This newreleaseprovidesanincreasedfocusonsecuritycapabilitieswiththe

introduction ofa LightweightDirectoryAccessProtocol(LDAP)serverandclient

servicesfor amorecomprehensive securitysolutiononz/VM. Securityisalso

enhancedto supporttheuseof passwordphrasesinz/VMthroughanewRACF

feature,moresecurity-richTCP/IPsessions,andenhanceddataprotectionby

exploiting drive-baseddataencryptionoftheIBMSystemStorage™_TS1120Tape

Drive.

z/VM V5.3extends itsworld-classvirtualization technologybyprovidingguest

supportfor zAAPsandzIIPs,theModifiedIndirectDataAddressWord (MIDAW)

facility,andASCIIconsoles.Manageability, reliability,andusabilityof virtual

networkshave alsobeenimproved.

Thez/VMhypervisorisdesignedtohelp clientsextendthebusinessvalueof

mainframetechnologyacross theenterprisebyintegratingapplicationsanddata

while providingexceptionallevelsof availability,security,andoperationalease.

z/VM virtualizationtechnologyisdesignedtoallowthecapabilityfor clientsto run

hundreds tothousandsof Linuxserversona singlemainframerunningwithother

Systemz operatingsystems,suchasz/OS,orasalarge-scale Linux-only

enterpriseserversolution.z/VMV5.3canalso helptoimprove productivityby

hosting non-Linuxworkloads suchasz/OS, z/VSE,andz/TPF.

z/VM version5isintendedto addressthefollowingsituations:

v RunningmoreLinuxserverimagesonasinglephysicalserver.

Considerablymoreimagesthan arecurrently supportedbytheLPARmodeof

operationcanbeachievedwithz/VM guestsupport.TheseLinuxonSystemz

serverimages canbedeployedonstandardprocessors(CPs)or IFLprocessors

withz/VM version5.RunningmultipleLinuximagesonanIFL-configuredz/VM

systemmay notincreasetheIBMsoftwarechargesofyour existingSystemz

environment.Youcanaddz/VMversion 5runningonIFLprocessorstoyour

existingz/OS,z/OS.e,z/VM,z/TPF, z/VSE,or LinuxonSystemzenvironment

withoutincreasingIBMsoftwarecostsonthestandardprocessors(CPs).

©CopyrightIBMCorp.1990,2008

5

| |

v MovingselectedLinux,Windows

®_,andUNIX® _{workloadstoasingle}

physicalserverwhilemaintainingdistinctserverimagesandcurrentLAN topology.Thisabilitycanhelp reducesystemsmanagement complexity.

BecausethenumberofrealhardwareserversandassociatedphysicalLANsis

reduced,cost savingsmay berealized bymanaginglargeserverfarmsdeployed

onvirtualserversinstead ofusingmultiplehardware servers.DeployingLinux

workloadsonz/VMversion5isparticularly attractiveif theyinteractwith

applicationsordatalocated onthesameSystemz server.

v Enhancingvirtualnetworking.z/VMvirtualswitchsupportprovidesexternal

connectivityfor guestLANsthroughanOSA-Expressadapterwithout requiringa

z/VMorLinuxroutervirtualmachine.

v ConsolidatingoperatingsystemsontheSystem zplatform.z/VMV5.3can

providemoreconstraintreliefthanwhatwasofferedwithz/VMV5.2.This

constraintreliefisprovidedfor bothESA/390andz/Architectureguestoperating

systemssuchasLinuxonSystemz,z/OS,z/OS.e,z/VSE,andz/TPF.z/VM V5.3

offersenhancedscalabilitysupportforCPUs,memory,I/O,andnetworking,

makingit easierto consolidateworkloads ontoasinglez/VMimage.

v MigratingfromVM/ESA

®

toz/VMversion5. Thishelpsenable:

– MorememorytocacheCMSminidisksbyexploitingmemoryabove2GBfor

minidiskcache

– Connectivity(TCP/IP)enhancements andadditional devicesupport

– AddedsecuritycapabilitieswithSSL-protectedTCP/IPnetwork traffic,suchas

TelnetsessionsandWebtransactions

v Migratingtothe newversionorreleaseofaguestoperatingsystemusing

z/VMversion5.This canprovideaddedflexibilityformigration,production,and

testing.For example,z/VMcanhelp youmigratefromOS/390® toz/OSor

z/OS.e.

v EnhancingguestParallel Sysplex

®

supportinz/VMwiththe exploitationof z/Architecture.Thiscanenableaddressabilityof largeramountsof realand

virtualmemory,allowingthedevelopmentandtestingof 64-bitParallelSysplex

applicationsinaguestenvironment.

For themostcurrentinformationonz/VM, seethez/VM Websiteat

Chapter

3.

What

Is

New

or

Changed

in

z/VM

V5.3

This sectionprovidesanoverviewof thenewfunctions,enhancements,andother

changesincludedinz/VMV5.3.

Note: Thissection includesinformationaboutprogrammingenhancements,

additionalsupport,orotherchangesprovidedor announcedafterthegeneral

availabilityofz/VM V5.3.Programmingenhancementsmightbeprovided

throughz/VMservicebyprogramtemporaryfixes(PTFs)for authorized

programanalysisreports(APARs), whichalsomightbeavailablefor some

priorz/VMreleases.

Theproductchangesaredescribedunderthefollowingtopics:

v “EnhancedScalability andConstraintRelief”

v

“VirtualizationTechnologyandLinuxEnablement”onpage12

v “NetworkVirtualization”onpage14

v

“Security”onpage16

v “TechnologyExploitation”onpage18

v “SystemsManagement” onpage19

v “Installation,Service,andPackagingChanges”onpage21

v “AdditionalChanges”onpage24

Also see“Statementsof Direction”onpage 24.

Seez/VM:MigrationGuideforinformationabout theexternal interfacesthathave

been addedor changedtosupporttheproductenhancements.It alsoincludes

informationabout theenhancementsprovidedinpreviousz/VMreleases.

Enhanced

Scalability

and

Constraint

Relief

This sectiondescribesenhancementsthatcanhelp supportincreasedworkloads on

z/VM.

Support

for

Up

to

256

GB

of

Real

Memory

Changesto pagetableallocation inz/VMV5.3allowz/VMimages tosupport

significantly morerealmemory(storage)thanthepriorlimitof 128GB,aswellas

more virtualmemory,upto 256GBof realmemoryandmorethan1TBoftotal

virtualmemoryinusebyguests.Theactualamountof usablerealandvirtual

memoryisdependentontheamountof realmemoryinthez/VMlogical partition,

thehardware servermodel,firmwarelevel,andconfiguration,andthenumberof

guests andtheir workloadcharacteristics.Thiscanbenefitcustomerswithlarge

amounts ofrealstorage,andmayhelp reduceor eliminatetheneed tospreadlarge

workloads acrossmultiplez/VMimages. Enhancementstothemanagementof

contiguous framesmayalsoreducestoragemanagementoverhead andimprove

performance. Betterz/VM managementofrealstoragecanbenefitmost customers

who experiencestorageconstraints,regardlessof theamountof centralstorage

configuredfor z/VMuse.

For specificinformationontheeffectof thesechangesandonthenew upperbound

of realmemorysupported,seez/VMPerformanceReport,which isplanned tobe

availableonJune 29,2007 atwww.ibm.com/eserver/zseries/zvm/perf/reports/zvm/

html/.

©CopyrightIBMCorp.1990,2008

7

| | | | | | |

Up

to

32

Real

Processors

in

a

Single

z/VM

Image

z/VM V5.3cansupportcustomergrowthbyallowingupto 32realprocessorsina

single z/VMimageonanIBMSystemz server,anincreaseof33%fromtheprior

maximumof 24.Theparticularworkloadwillinfluencetheefficiencywithwhicha

z/VM systemcanuselargenumbers ofprocessors.Generally,z/VM overheadis

expectedto belowerwithfewer,moreCPU-intensivegueststhanwithmanylightly

loadedguests.

For furtherconsiderations onperformanceinalarge-scalemultiprocessing

environment,seez/VM:MigrationGuideandz/VMPerformanceReport, bothof

which areplanned tobeavailableonJune 29,2007.

Enhanced

Memory

Management

for

Linux

Guests

z/VM V5.3adds supportfortheCollaborativeMemoryManagementAssist(CMMA)

onIBMSystemz10andSystemz9servers.This z/VMsupport,inconjunctionwith

CMMAexploitationinguestoperating systemssuchasLinuxonSystemz,allows

thez/VMV5.3ControlProgram (CP)host anditsgueststocommunicateattributes

for specific4KBblocksof guestmemory.This exchangeof informationcanallow

both thez/VMhost anditsgueststooptimizetheiruseandmanagementof

memory, inthefollowingways:

v

CPknows whenaLinuxapplicationreleasesstorageandcanselectthosepages

forremoval atahigherpriorityorreclaimthepageframeswithouttheoverhead

ofpaging-outtheirdatacontentto expandedstorageor disk.

v CPrecognizes cleandiskcachepages,thecontentsof whichLinuxisableto

reconstruct,allowingCPtobypasspaging-outthedatacontentswhenreclaiming

thebackingframesforthesepages.IfLinuxoritsapplicationsubsequentlytries

toreferto thediscardedpage, Linuxisnotifiedthatthepagehas beendiscarded

andcanrereadthecontentsfromdiskorotherwisereconstructthem.

v Theguestfurther benefitsfromtheHostPage-ManagementAssist(HPMA)

announcedintheHardwareAnnouncementdatedJuly27,2005.In conjunction

withCMMA,HPMAallowsthemachinetosupplyfresh backingpageframesfor

guestmemory whentheguestreusesapreviouslydiscardedpage, eliminating

theneedforthez/VMhypervisorto interceptandresolvethesehostpagefaults.

z/VM 5.3isthedeliveryvehicleforprovidingenhancedmemorymanagement

supportonz/VM.ThissatisfiesthestatementofdirectionmadeintheSoftware

Announcementdated July27,2005.

SeethePreventiveServicePlanning (PSP)bucketforyourSystemz10orSystem

z9serverforrequiredupdates.Toavoidsystemoutages, requiredminimumMCL

levels mustbeappliedpriortoIPLing z/VMV5.3andexploitingnewfunctions.

IBMisworkingwithitsLinuxdistributionpartnerstoprovideCMMAexploitationin

future LinuxonSystemzdistributionsor serviceupdates.

Enhanced

Memory

Utilization

Using

VMRM

between

z/VM

and

Linux

Guests

Virtual MachineResourceManager(VMRM)assistsinmanagingmemory

contention inthez/VMsystem.BasedonCPmonitordata,thez/VMV5.3VMRM

detects whenmemoryisconstrained andnotifiestheLinuxguests.Theseguests

can thentakeactiontoadjusttheirmemoryconsumptionto helprelievethe

memoryconstraint, suchasbyreleasingpagescontainingtheleastrecently

referencedfilecachedata.Theinstallationcontrols whichguestsarenotified.

|

| |

For additionalinformationonVMRMmemorymanagement,seez/VM:Performance.

HyperPAV

Support

for

IBM

System

Storage

DS8000

z/VM V5.3supports theHyperParallelAccess Volume(HyperPAV)function

optionally providedbytheIBMSystemStorageDS8000™diskstoragesystems.

HyperPAVsupportcomplementstheexistingbasicPAVsupportinz/VMV5.2,for

applicable supportingdiskstoragesystems.TheHyperPAVfunction potentially

reduces thenumberof alias-deviceaddressesneededforparallelI/Ooperations,

becauseHyperPAVsaredynamicallyboundto abase deviceforeach I/Ooperation

instead ofbeingboundstatically likebasicPAVs.z/VMprovidessupportof

HyperPAVvolumesaslinkableminidisksforguestoperatingsystems,suchas

z/OS, thatexploittheHyperPAVarchitecture. Thissupportisalso designedto

transparentlyprovidethepotentialbenefits ofHyperPAVvolumesforminidisks

owned orsharedbygueststhatdonotspecificallyexploitHyperPAVvolumes,such

asLinuxandCMS.

Enhanced

FlashCopy

Support

z/VM V5.3supportfor theFlashCopy®_{V2featureofIBMSystemStoragedisk}

storagedeviceshasbeenenhancedto simplifythetasksrequiredto automate

backups.Thisincludesthecapabilitiesto:

v

Specifymultipletarget minidisks

TheCPFLASHCOPYcommandcannow acceptupto 12targetminidisksto be

copied.

v DeterminethestatusofFlashCopyrequests

ThenewCPQUERYVirtualFLASHCOPYcommandallowstheusertoquery the

numberofFlashcopyrelationshipsactivefor oneormoreof theirvirtualDASD.

v Exploithardwareasynchronouscachedestageanddiscard

Thisisdesignedtoeliminatedelayedhardware responsemessagesandprovides

quickerresponsesto theCPFLASHCOPYcommand.ThismakestheFlashCopy

appearsynchronousto thevirtualmachineandmaysimplifyautomating

processesthatexploitthis technology.

In addition,z/VM hasreducedthenumberof FlashCopyhardware-relatederror

conditions thatcanbereflected totheguestforthez/VMFLASHCOPYcommand.

z/VM willattemptto re-drivetheI/Oonsomeerrorconditionsbefore reflectingthe

commandresponsebackto theguest.

Support

for

the

IBM

System

Storage

SAN

Volume

Controller

TheIBMSystemStorageSANVolumeControllercantransformthetraditional

relationshipbetweena hostanditsvolumemanager.TheSANVolumeController

can beattached tothestoragenetworkto provideavirtualizedpool ofstorage

sharedbyallhosts.Thephysicaldisksarediscoveredandorganizedintovirtual

disks thatareconstructedfromanyportionorcombinationof physicaldiskschosen

bythestorageadministrator.Thesevirtualdisksarethestoragemediapresentedto

thehostsystems.

TheSANVolumeControllerisdesignedto:

v Combinestoragecapacityfrommultiplevendorsintoa singlereservoirof

capacitythatcanbemanaged fromacentralpoint

v Helpincreasestorageutilizationbyprovidinghostapplicationswithmoreflexible

accessto capacity

New

or

Changed

v Helpimproveproductivityofstorageadministratorsbyenablingmanagement of

combinedstoragevolumesfroma singleinterface

v Supportimprovedapplicationavailabilitybyinsulatinghost applicationsfrom

changesto thephysicalstorageinfrastructure

v Enablea tieredstorageenvironmentinwhichthecost ofstoragecanbebetter

matchedto thevalueof thedata

v Supportadvancedcopyservicesfromhigher-costtolower-costdevicesand

acrosssubsystemsfrommultiplevendors

WiththeSANVolumeController,datacanbemovedfromonephysicaldiskto

another—oreven fromonevendor’sdisktoanother—withoutaffecting thevirtual

disks seenbythehostsystems.ITmanagerscan planforphysicalchangesinthe

storageinfrastructure moreeffectively,typicallywithout interruptiontobusiness

applications.

IBM

System

Storage

SAN

Volume

Controller

Storage

Engine

2145

TheIBMSystemStorageSANVolumeControllerstorageengineisthehardware

componentof theIBMSystemStorage SANVolumeControllersolution.The

componentsoftheSANVolumeControllerincludehighlyspecializedsoftware,

storageengines installedinpairs,amasterconsole,anduninterruptiblepower

supplies(UPSs).

TheSANVolumeControllerhardwareisdesignedtocombineserversintoacluster

designedto supporthighavailability.Eachoftheserversintheclusterispopulated

with8GBofhigh-speedmemory thatserves astheclustercache.Eachalso

includesa 4-Gbpshostbusadapter(HBA),designedto allowtheSANVolume

Controllerto connectandoperateatthe4-GbpsSANspeed.TheSANVolume

Controllerstorageengines arealwaysinstalledinpairs forredundancy. Currently

installedModel8F2enginescanbeupgradedbya4-GbpsHBAadapterfeature.

Theuninterruptiblepowersupply(UPS)isdesignedto helpprotectagainstdata

lossresultingfromalossof electricalpower.

Aseparateserveristhemasterconsolefor SANVolumeControllerstorageengine

management.Themasterconsolesoftwareispreloadedonthemasterconsoleand

providestheuserinterfaceto theSANVolumeController.Asoftware-onlyversionof

themasterconsole,whichcanbeloadedontoaserverthatmeetscertainminimum

configurationrequirements, isavailableasanoption.Themasterconsolecan,

usinga virtualprivatenetwork (VPN),providearemotesupportinterface.Thiscan

help reducetherequirementfor on-sitesupport.

IBM

System

Storage

SAN

Volume

Controller

Software

V4.1

IBMSystemStorageSANVolumeControllerV4.1introducestheoptional advanced

copyservicescapabilityof GlobalMirrorto supportdistancereplicationsolutions.

Building ontheoriginalMetro MirrorcapabilitiesofSANVolumeControllersoftware,

Global Mirror’sasynchronouspeer-to-peerremote-copyfunction canhelpprovide

thecriticallyimportant abilityto maintainaminimally delayedcopyofdataat a

distancesufficienttosurvive metropolitanorregional disasters.

This softwarerunsonthenewIBM2145-8F4storageengines,with4-GbpsFibre

ChannelHBAattachmentcapability totheSANfabric,aswellasonpreviously

SANVolumeControllerV4.1continuestobedesignedtoimprovethecustomer’s

total storagemanagementenvironmentwithkeysupportenhancements,which

include:

v Theabilitytoupgradeindividual SANVolumeControllerstorageengines

non-disruptivelywithinexistingI/Ogroups

v Newreportingfacilitiesfortracking virtualdiskperformance, cacheusage,port

utilization,andCPUutilization

v Newauditlogfacilitythatrecordswhichuserperformedeach configurationaction

v

Accesscontrolforhostsonaper-port basis

z/VM

Support

for

the

2145

SAN

Volume

Controller

z/VM anditsguestoperatingsystemsaredesignedtoaccessSCSIFCPstorage

capacityfrommultiplevendorsasasinglereservoirof capacitythatcanbe

managed fromacentralpoint.z/VMsupportstheSANVolumeControllerthrough

thegenericSCSIdevicedriver ofz/VM.TheSANVolumeControllerhandlesthe

device-specific requirementsforwhatevercollectionof differentstoragedevicesa

customerhasattachedto theSANVolumeController.

z/VM supportfor theSANVolumeControllerallowsthez/VMcontrolprogram(CP)

andguestoperatingsystemsthatuseSCSIdevices(suchasLinuxonSystemz

andz/VSE,aswellasz/VM itself)to accessIBMSystemStoragedisksubsystems,

includingtheDS4000™series,aswellasdisksubsystemsfromothermanufacturers

supportedbytheSANVolumeController.

This supportadds2145asanoperandontheEDEVICEconfigurationstatement,as

wellasontheSETEDEVICEandQUERYEDEVICEcommands.

TheSANVolumeControllercanbeused toprovideSCSIdevicesasemulatedFBA

devicesfor usebyCPandguestoperatingsystems.Thissupportisplannedtobe

availableinz/VMV5.3and,withthePTF forAPARVM64128,inz/VMV5.2.

UseofSCSIdevicesaccessedthroughtheSANVolumeControllerbydedicated

FCPsubchannelsisavailabletoguestoperatingsystemsinanyreleaseofz/VM V5

without theapplicationof anyPTFs.

For LinuxonSystemz guests,SANVolumeControllerV4.1issupportedfor SLES

8, SLES9, andRHEL4.

For additionalinformationontheSANVolumeControllerStorageEngine2145,see

theHardwareAnnouncementdatedMay 23,2006. Foradditionalinformationon

SANVolumeControllerV4.1,seetheSoftwareAnnouncementdatedMay23,2006.

DS8000

Dynamic

Volume

Expansion

Support

WiththePTFsforAPARsVM64305andVM64354,z/VMV5.3supportsdynamic

volume expansionontheIBMSystemStorageDS8000.Thisfunction allowsyouto

increasethesizeof alogical volumewhileitisonlinetoa hostsystem.z/VM

tolerates thissupportbutrequiresthedevicetoberecycledoffline/onlineinorderto

utilize thenewly createdspace.

Improved

Memory

Management

Algorithms

WiththePTFfor APARVM64349,z/VMV5.3providesimprovedmemory

management algorithmstohelp benefitpagingworkloads withlarge memory

environments.Thisenhancementmaybemorebeneficialwiththefasterprocessor

speeds oftheIBMSystemz10.

New

or

Changed

Chapter3.WhatIsNeworChangedinz/VMV5.3

11

| | | | | | | | | | |

Virtualization

Technology

and

Linux

Enablement

This sectiondescribesextensionstoz/VMvirtualizationtechnology insupportof

LinuxonSystemz,z/OS, andotherguests.

Support

for

IBM

System

z

Specialty

Processors

IBMIntegratedFacilityforLinux(IFL)processorsarededicatedto Linuxworkloads.

IFLs enableyou topurchaseadditionalprocessingcapacityexclusivelyfor Linux

workloads,withoutaffecting theMSU ratingortheIBMSystemzmodel

designation.ThismeansthatacquiringanIFLwillnotnecessarilyincreasecharges

for IBMSystemz softwarerunningongeneral-purpose(standard)processorsinthe

server.IFLswere firstintroducedintheSoftwareAnnouncementdated May29,

2001.

IBMSystemzApplicationAssistProcessors(zAAPs)arespecializedprocessors

thatprovideaneconomicalJava™executionenvironmentunder z/OSandz/OS.e

ontheSystemzplatform.zAAPswere announcedintheHardwareAnnouncement

datedApril7,2004.

TheIBMSystemz9IntegratedInformationProcessorandIBMSystemz10

Integrated InformationProcessor(zIIP)isthelatestspecialtyprocessor,designedto

help improveresourceoptimizationandlowerthecost foreligibleworkloads.z/OS

andz/OS.eexploitzIIPs tooffloadsoftwaresystem overheadfromstandardcentral

processors (CPs).ThisincludescertainDB2®processing,enhancingtheroleof the

mainframeasthedatahuboftheenterprise.zIIPswereannouncedinthe

HardwareAnnouncements datedApril27,2006.

z/VM V5.3isdesignedtoprovidenew guestsupportfor zAAPsandzIIPsand

includes:

v Simulationsupport

z/VMguestvirtualmachines cancreatevirtualspecialtyprocessorsonprocessor

modelsthatsupportthesametypesof specialtyprocessorbutdonotnecessarily

havethem installed.VirtualspecialtyprocessorsaredispatchedonrealCPs.

Simulatingspecialtyprocessorsprovidesatestplatformfor z/VMgueststo

exploitmixed-processorconfigurations.Thisallowsusersto assessthe

operationalandCPUutilization implicationsofconfiguring az/OSsystem with

zIIPor zAAPprocessorswithoutrequiring therealspecialty processorhardware.

zIIPscanbesimulatedonlyonSystemz10andSystemz9servers.zAAPscan

besimulatedonlyonSystemz10,Systemz9,andzSeries990and890servers.

v Virtualizationsupport

z/VMcancreatevirtualspecialtyprocessorsforvirtualmachinesbydispatching

thevirtualprocessorsoncorrespondingspecialtyprocessors ofthesametype in

therealconfiguration.Guestsupportfor zAAPsandzIIPsmayhelpimprove your

totalcost ofownershipbyallowingavailablezAAPandzIIPcapacitynotbeing

usedbyz/OSLPARs tobeallocatedtoa z/VMLPARhostingz/OSguests

runningJavaandDB2.

Enhanced

Virtual

Switch

and

Guest

LAN

Usability

z/VM V5.3providesusabilityenhancementsfor thevirtualswitchandguestLAN

environmentsincluding:

v Enhancedease-of-usefor VirtualLAN(VLAN)andpromiscuousmode

configurationchanges | | | | | | | | | | | | | | | | |

ChangestotheauthorizedVLANID(VID)setandtopromiscuousmode

authorizationarenow effectiveimmediatelyinsteadof requiringarevoke,agrant,

andanuncouple/coupleinorderforthechangestotake effect.

v Newcapabilityto configureanativeVLANID

Thissupportprovidestheability tospecifyanativeVLANidentifierfor untagged

trafficandadefaultVLANidentifierforguestports.TheDEFINEVSWITCH

commandnowsupportsthespecificationof anativeVLANidentifier.

v NewvirtualNICmonitordomain

Existingcountsmaintained forthevirtualNIC,suchasinboundpackets,

outboundbytes,andframecountsperMAC/VLAN,arenow includedinrecords

ina newVirtualNetworkmonitordomain.Thesenewmonitorrecordsprovide

datafora virtualNICthatiscoupled toanyguestLANorVSWITCH.

MIDAWs

for

Guests

z/VM V5.3supports guestuseof ModifiedIndirectDataAddressWords(MIDAWs),

which isa hardwarefeatureavailableonIBMSystemz10andSystemz9servers.

MIDAWs canallowmoreflexibilityandperformanceincertainchannel programsas

analternativeto data-chainedchannel-commandwords(CCWs).MIDAWs

accommodatenoncontiguous dataareasthatcannotbehandledbythe

predecessor indirect-data-addresswords(IDAWs).z/VMsupportfor guestuseof

MIDAWs canallowoperatingsystemssuchasz/OStouse thisnewaspectof

z/Architecture withoutregard towhethertheoperatingsystemsarerunningina

logical partitionora virtualmachine.Thisallowsguestoperating systemsto

exercisetheircode-pathsjust asthey wouldontherealmachineduring,for

example,preproductiontestingofz/OSsystems.Likewise,theprovisionofthe

function ina virtualmachineallowsguestoperating systemstobenefitfromthereal

machine’s added-valuefunction justasthoughtheguestswere runningdirectlyon

themachine.

Guest

ASCII

Console

Support

ThesystemASCIIconsoleisafacilitythatcomeswithallSystemzmodelsandis

presentedbytheHardwareManagement Console(HMC).z/VMV5.3provides

guestaccesstothesystemASCIIconsole.By dedicatingthesystemASCIIconsole

to aLinuxguest,customerscanfacilitaterecoveryof theguestduringan

emergencysituation,usinganenvironmentthatprovidestools(suchasviand

emacs)thatarefamiliarto Linuxsupportstaff.This canbeparticularly usefulwhen

normalnetwork accessto aguestoperating systemisnotavailable.Thesystem

ASCII console(andhencetheguestASCIIconsole)supportsa VT220datastream.

This functioncanhelplowersystem costsbyhelping toreducetheneedtoprovide

alternativefacilities, suchasduplicatenetworkresources,to achievedesired

guest-recoverabilitycharacteristics.Becausethisfunction providesguestaccessto

theonesystemASCIIconsolebyoneguestatatime, useoftheconsolecanbe

transferred fromguestto guestasrequired.

Enhanced

SCSI

Support

z/VM V5.3providesadditionalenhancementsforSmall ComputerSystemInterface

(SCSI)disksupportforLinuxusers,including:

v Point-to-PointFibreChannellinks,which mayprovidealower-costinstallation

thanthecurrentrequirementfor aFibreChannelswitchedfabric

New

or

Changed

Chapter3.WhatIsNeworChangedinz/VMV5.3

13

v DynamicallydeterminedpreferredpathsforemulatedFBAdevices(EDEVICEs)

onSCSIdisks inanIBMSystemStorage DS6000™, insteadofthecurrentneed

tospecifywhichpathsarepreferredinaSETEDEVICEcommandor an

EDEVICEconfigurationfilestatement

v FasterformattingofEDEVICEsonSCSIdisksinanIBMEnterpriseStorage

Server®_{(ESS)orIBMSystemStorageDS8000}

v

DisplayofadditionalSCSIdevice characteristicswhenusingtheQUERY

EDEVICEDETAILScommand

v Checkingfor erroneousmappingof multipleEDEVICEdefinitions ontothesame

SCSIdiskwhenbringingemulateddisksonline

Network

Virtualization

This sectiondescribesenhancementsto z/VMnetworkvirtualization.

Improved

Virtual

Network

Management

z/VM V5.3helpsnetworkadministratorsmanagevirtualnetwork performance,find

andsolvevirtualnetwork problems,andplan virtualnetwork growth.z/VMV5.3

establishesa methodforprovidingSimpleNetworkManagement Protocol(SNMP)

data forvirtualnetworkingdevices.Specifically,it providesanSNMPsubagentthat

runs inaseparate virtualmachinefromtheSNMPagentandextends the

functionalityof theagentbysupportingaspecificsetofManagement Information

Base (MIB)variables.Apreconfiguredsubagentandexit routineareprovidedin

z/VM V5.3to supplybridgeManagementInformationBase(BRIDGE-MIB)data,as

documented inRFC1493, forthez/VMvirtualswitch.This subagent,throughthe

use ofaNetworkManagement Systemclient, canacquireBRIDGE-MIBdataforthe

z/VM virtualswitch.In addition,thissupportprovidesaprogramminginterface to

obtaininformationabout virtualnetworks.

Enhanced

Failover

Support

for

IPv4

and

IPv6

Devices

Failover supportforInternetProtocolversion4(IPv4)andInternetProtocolversion

6 (IPv6)deviceshas beenimprovedinz/VMV5.3.Whenthez/VMTCP/IPstack

has two(ormore)QueuedDirectInput/Output (QDIO)orLANChannelStation

(LCS) Ethernetdevicesonthesamenetworkandonedeviceisstoppedor fails,

anotherdevicetakesoverresponsibility fortraffic destinedfor thefailingdevice (or

any devicesthefailingdevicehadpreviously takenover).This failoversupport

includesOSA-Expressdevices(inQDIO EthernetorLCS Ethernetmode),VirtualIP

Addresses(VIPAs),andaddressesforwhichPROXYARPservicesarebeing

provided throughatakeover-eligibledevice.In additionto thebasicfailoversupport,

onetakeover-eligibledevice onthatnetwork willberesponsiblefor informingother

nodesonthatnetworkwhichhardware (MAC)addressshouldbeusedto reach

VIPAaddressesontheTCP/IPstack,bothwhenthestackinitializesandwhenan

IPtakeover eventoccurs.

VIPA

Support

for

IPv6

Virtual IPAddresssupportintheTCP/IPstackhas beenextendedinz/VMV5.3to

supportIPv6addresses.It isnowpossibletoenableandconfigureavirtualdevice

for IPv6,aswellasto associaterealIPv6-capablenetwork adapterswitha specific

IPv6virtuallink fordeterminingthesourceaddressused inoutgoing packets.

Support forVIPAisdesignedtoimprove thecapability oftheTCP/IPstackto

Support

for

IEEE

802.3ad

Link

Aggregation

Link aggregationhelpsenableincreasedscalabilityfor virtualnetworkI/Oand

providessupporttorecoverfromafailedexternalswitch.

Link

Aggregation

Support

for

the

z/VM

Environment

Link aggregationsupportforthez/VMenvironmentisdesignedtoprovide:

v

Uptoeight OSA-Express2andOSA-Express3portsinoneaggregatedlink

v Aggregatedlink viewedasonelogicaltrunk containingalloftheVirtualLANs

(VLANs)requiredbytheLANsegment

v Loadbalance communicationsacrossseverallinksina trunkto preventa single

linkfrombeingoverrun

v Linkaggregationbetweenavirtualswitchandthephysicalnetwork switch

v Point-to-pointconnections

v Abilitytodynamicallyaddor removeOSAports for“ondemand”bandwidth

v Full-duplexmode(send andreceive)

Targetlinksforaggregationmust beof thesametype (forexample,allGbEorall

10GbE)

Link aggregationisexclusiveto theIBMSystemz10andSystemz9serversandis

applicable totheOSA-Express2andOSA-Express3featureswhenconfiguredas

CHPIDtypeOSD (QDIO).

z/VM

Support

for

IEEE

802.3ad

Link

Aggregation

z/VM virtualswitchcontrolled(VSWITCH-controlled)linkaggregation(IEEE

802.3ad)isdesignedtoallow youtodedicateanOSAporttoz/VMwhentheportis

participatinginanaggregatedgroup.Link aggregation(trunking)isdesignedto

allow youtocombinemultiplephysicalOSA-Express2andOSA-Express3portsinto

a singlelogicallink forincreasedthroughputandfor nondisruptivefailoverinthe

eventthataportbecomesunavailable.

TheOSA-Express2andOSA-Express3adaptersthatcomprisethelinkaggregation

group mustbeconnectedtothesamephysicalswitchandLANsegment.Ifthereis

a connectivityproblemwithanyofthedeviceswithinthegroup,thevirtualswitch

willdetectthefailureandpackettransmissionwillcontinueovertheotherdevicesin

thegroup.Thus, thissupportprovidesthecapability foraquicker failoverfor

deviceswithinthegroup. Intheeventof afailureinwhichtheentirelink

aggregationgroup isunavailable,theabilityto specifya failoverOSA-Express2or

OSA-Express3adapterwillbesupported.Similartotheexistingfailoversupportin

z/VM V5.2,failover devicescanbespecifiedwiththevirtualswitchdefinition.Onlya

single failoverdevicewillbedeployedat atime,although multipledevicescanbe

specifiedfor thefailovercapability.For optimumconnectivity,thefailoverdevices

should beconnectedto aseparatephysicalswitch.

z/VM linkaggregationsupportwillbeprovided asfollows:

v OnlyforLayer2 virtualswitches(thatis,definedwiththeETHERNEToptionand

usingguesthoststhatsupportLayer2)

v Onlyona Systemz10 orSystemz9withtherequiredOSA-Express2or

OSA-Express3linkaggregationfunction.

v Allowupto 8OSA-Express2andOSA-Express3adaptersto beaggregatedper

virtualswitch

v Allowfailovertoa singleOSA-Express2orOSA-Express3adapterintheeventof

failureofthelinkaggregationgroup

New

or

Changed

Chapter3.WhatIsNeworChangedinz/VMV5.3

15

| | | | | | | | | |

For additionalinformationontheOSA-Express2link aggregationsupport,seethe

HardwareAnnouncementdatedApril18,2007.

Virtual

Switch

Port

Isolation

Support

WiththePTFfor APARVM64281,z/VMV5.3supports anewportisolationsecurity

mechanismthatprovidestheabilityto restrictguest-to-guestcommunications within

a virtualswitch.In supportofsecurityzones,thevirtualswitchsendsallguestport

traffic overtheOSAportfor filteringthroughanexternalfirewallorswitch

mechanism.

Security

This sectiondescribesenhancementsto thesecuritycharacteristicsofz/VM.

Delivery

of

LDAP

Server

and

Client

z/VM V5.3introducesnew userauthentication,authorization,andauditing

capabilitieswiththeinclusionof aLightweightDirectoryAccessProtocol(LDAP)

serverandassociatedclientutilities.Thez/VMLDAPserverhasbeen adaptedfrom

theIBMTivoli®DirectoryServerforz/OS, deliveredinz/OSV1.8.Executingina

CMS virtualmachine,LDAPisintegratedinthebaseof z/VMV5.3asa

subcomponent ofTCP/IP.Thez/VMLDAPserverprovides:

v Multipleconcurrentdatabaseinstances(referredto asbackends)

v InteroperabilitywithLDAPVersion2 orVersion3protocol-capableclients

v LDAPV2andV3protocolsupport

v NativeauthenticationusingChallenge-ResponseAuthenticationMethod

(CRAM-MD5),DIGEST-MD5authentication,andsimple (non-encrypted)

authentication

v RootDSEinformationmaster/slaveandpeer-to-peerreplication

v Theabilitytoreferclients toadditionaldirectoryservers

v

Thecapabilityto createanaliasentry inthedirectory topointto anotherentryin

thedirectory

v Accesscontrols ondirectory information

v Changelogging

v Schemapublicationandupdate

v SSLcommunication(SSLV3andTLSV1)

v ClientandserverauthenticationusingSSL/TLS

TheLDAPclientutilitiesprovideawaytoadd,modify,search,anddeleteentriesin

any serverthatacceptsLDAPprotocol requests.

For moredetailsonwhatfunctionshave beenimplementedintheinitialversionof

thez/VMLDAPserver,seez/VM:TCP/IPLDAPAdministrationGuide.

Thenew RACFSecurityServer forz/VMfeature,availablewithz/VMV5.3,has also

been updatedtointer-operatewiththenew z/VMLDAPserver.

Enhanced

System

Security

with

Longer

Passwords

Workingtogether,z/VMV5.3andtheRACFSecurityServerforz/VMFL530 feature

supporttheuseof passwordsthatarelongerthaneight characters,calledpassword

phrases (alsoknownaspassphrases).Apasswordphrasemaycontain mixed-case

| | | | | |

letters,numbers, blanks,andspecialcharacters,allowingforanexponentially

greater numberofpossiblecombinationsof charactersthantraditionalpasswords.

Toutilizepasswordphrases, anexternal securitymanager(ESM) thatsupports

passwordphrases, suchasRACF,isrequired.Toeasemigrationfrompasswordsto

passwordphrases, theRACFSecurityServerfor z/VMcontinuestosupport

traditional8-characterpasswords.

Anewcallableserviceslibrary(CSL)routine,DMSPASS, allowsauthorizedCMS

applicationsto authenticatepasswordsorpasswordphrases.Thez/VMLOGON

command,thez/VMTCP/IPFileTransferProtocol(FTP),SystemsManagement

API, RemoteExecutionProtocol(REXEC),andInternetMessageAccessProtocol

(IMAP)servers,andthePerformanceToolkit forVM havebeenupdatedto support

passwordphrases.

For environmentsinwhich passwordphrasescannotbeused,butwhereadditional

passwordcomplexityisrequired,theRACFSecurity Serverforz/VMalso provides

supportfor mixed-case8-characterpasswords.

Support forpasswordphrases andmixed-casepasswordsenables az/VMsystem

to meettheenterprisepasswordrequirements imposedbymanycompanies,

governments,andinstitutions.

Conformance

with

Industry

Standards

z/VM V5.3adds SecureSocketsLayer/TransportLayer Security(SSL/TLS)support

for industry-standardsecureFTP(RFC4217),Telnet(draftspecification#6),and

SMTP(RFC3207) sessions.ThissupportincludesnewsocketAPIsto permita

PascalorAssemblerclientor serverapplicationtocontroltheacceptanceand

establishment ofTCPsessionsthatareencryptedwithSSL/TLS.Datatransmission

onaconnection cannowbegininclear textandatsomelaterpoint bemade

availableinsecuretext,thus helpingtoreducetheneedto dedicateaseparate port

for secureconnections.

In ordertoenableenforcementof enterpriserequirements forstrongencryptionon

network connections(128bitsorhigher),thez/VMSSLserverhasbeenenhanced

to moreeasilyallowweakciphersuitestobeexcluded.

SSL

Server

Enhancements

Previous releasesof z/VMprovidedRed HatPackageManager(RPM)packages

for variousLinuxdistributions.z/VMV5.3supports:

v NovellSUSELinuxEnterpriseServer(SLES)9 ServicePack3(64-bit)

v NovellSUSELinuxEnterpriseServer(SLES)9 ServicePack3(31-bit)

v RedHat EnterpriseLinux(RHEL)AS4Update4(64-bit)

v RedHat EnterpriseLinux(RHEL)AS4Update4(31-bit)

Thez/VMSSLserverhasbeenenhancedtoallowthehostLinuxguestsystemto

remainactiveafteracritical errorisencounteredduringserveroperations.

Also, theSSLADMINcommandhasbeenenhancedto:

v Allowthespecification ofthenumberofdaysthataself-signedcertificateisvalid

v Improvethemanagementof theSSLserverLOGfiles,byprovidingtheabilityto:

– MaintainloginformationinafilenamedotherthanSSLADMINLOG

– Specifyamaximumsizeto beestablishedfor theSSLserverlog

New

or

Changed

– PurgeloginformationaccumulatedbytheSSLserver

Tape

Data

Protection

with

Support

for

Encryption

z/VM nowsupportsdrive-based dataencryptionwiththeIBMSystemStorage

TS1120Tape Drive(machinetype 3592,modelE05).TheTS1120’sencryption

capability anditssubsystem-integrationsupportprovideaflexible

tape-data-encryption solutionthatprovidesdataencryptionandkeymanagement

across avarietyofenvironmentswithasinglepoint ofcontrolforallencryption

keys.Most importantly,thissolutioncanhelpprotectdataontapeina cost-effective

way.

Encryptionof tapesbyz/VMitselfrequiresthattheIBMEncryptionKeyManagerbe

runningonanotheroperatingsystem,usinganout-of-band(suchasTCP/IP)

connection tothetapecontrolunit.z/VMnativesupportincludesencryptionfor DDR

andSPXTAPE,aswellastransparentsupportfor gueststhatdonotprovidefor

their ownencryption(forexample,LinuxandCMS).

z/VM alsoenablesencryptionof tapesbyguests(suchasz/OS)thathavethe

ability tocontrolthetape-encryptionfacilitiesthemselvesandtooptionally runthe

EncryptionKeyManager.Keymanagementfor suchguests canuseeitheran

out-of-bandoranin-band(suchasanESCON®_orFICON®_{channel) connection}

betweentheEncryptionKeyManagerandthetapecontrolunit.WiththePTFfor

APARVM64063for z/VMV5.1andV5.2,only theEncryptionKeyManager’sdefault

keysaresupportedfor usebyz/VMandbygueststhatdonotprovidefortheir own

encryption. z/VMV5.3expandsthissupportto allowanykeylabeltobeused,with

key labelsbeingaccessiblethroughakey aliasthatisdefinedto z/VM.

WiththePTFforAPARVM64062,DFSMS/VMFL221supports locating

encryption-capable 3592tapedrivesinanEnterpriseAutomatedTapeLibrary.This

DFSMS/VMsupportprovidestape-encryptioncapabilitiesfora z/VSEguestrunning

onz/VM.

For additionalinformationontheIBMSystemStorageTS1120TapeDrive

encryptionsupport, seetheHardwareAnnouncementdatedAugust29,2006.

Tape

Data

Encryption

Rekey

Support

WiththePTFfor APARVM64260,z/VMV5.3providesdrive-basedencryption

rekeysupportfortheIBMSystemStorageTS1120TapeDrive(machinetype3592,

modelE05).Thissupportbuildsonthetapedata encryptionsupportthatwas

previously availablebyprovidingz/VMwithamethodto changethekeylabels

storedonatapecartridge.Onlythekeylabelschangeinthiscase,which

eliminates therequirementto rewritetheentiredataportionofthetapewhen

changingtheaccessrights.Thisallowsforcontinuous protectionof tapecartridge

data evenastheencryptioncertificatesused tocreatethemarechanged or

replaced.

Technology

Exploitation

This sectiondescribesz/VMsupportandexploitationofnew hardware,hardware

facilities, andarchitectures.

Note: Supportandexploitationof hardwarefunctionsdependsonhardwarelevel

andavailability.Fordetailed informationonhardwarecapabilities,

requirements,andavailability, seetheappropriateHardwareAnnouncement

materials. | | | | | | | | | | | | | | | | |