IBM ^ iseries Logical Partition Isolation and Integrity

Similar documents
iseries Tech Talk Linux on iseries Technical Update 2004

Solutions for iseries

IBM i5 iseries Technical Solutions Designer V5R3. Download Full Version :

IBM iseries Models 800 and 810 for small to medium enterprises

IBM iseries Domino Solution Sales v5r3. Download Full Version :

IBM SecureWay On-Demand Server Version 2.0

WebSphere Application Server Base Performance

Infor Lawson on IBM i 7.1 and IBM POWER7+

Lawson M3 7.1 Large User Scaling on System i

IBM Power Systems Performance Report. POWER9, POWER8 and POWER7 Results

IBM System p5 185 Express Server

IBM System p5 550 and 550Q Express servers

IBM System i Model 515 offers new levels of price performance

p5 520 server Robust entry system designed for the on demand world Highlights

z/vm 6.3 Installation or Migration or Upgrade Hands-on Lab Sessions

IBM i Version 7.2. Systems management Logical partitions IBM

IBM Client Center z/vm 6.2 Single System Image (SSI) & Life Guest Relocation (LGR) DEMO

IBM iseries Linux Solution Sales v5r3.

The Power of PowerVM Power Systems Virtualization. Eyal Rubinstein

Getting Started What?? Plan of Action Features and Function Short demo

IBM System Storage DS8870 Release R7.3 Performance Update

IBM System i5 models now feature advanced POWER5 processors

Infor M3 on IBM POWER7+ and using Solid State Drives

The next generation iseries... simplicity in an on demand world

IBM System p5 510 and 510Q Express Servers

A GPFS Primer October 2005

An Energy, Memory, and Performance Analysis Case Study on the IBM System z10 BC

Tivoli Access Manager for Enterprise Single Sign-On

Veritas NetBackup 6.5 Clients and Agents

IBM QMF for Windows for IBM iseries, V7.2 Business Intelligence Starts Here!

IBM Communication Controller for Linux on zseries V1.1 enables NCP for operation in the Linux environment

The IBM Systems Storage SAN768B announces native Fibre Channel routing

VIOS NextGen: Server & Storage Integration

Simplify IP Telephony with System i. IBM System i IP Telephony

IBM System i5 520 Express Configurations Improved scalability, flexibility, and performance

IBM i5 520, 550, and 570 servers now even more functional, flexible, and affordable

IBM Cluster Systems Management V1.7 extends hardware and operating system support

IBM WebSphere Application Server V3.5, Advanced Edition for Linux Extends Support to Red Hat, Caldera, SuSE, and TurboLinux

The Art of the Possible Linux Workload Consolidation on System z Increasing Operational Efficiencies and Driving Cost Savings

WebSphere Application Server, Version 5. What s New?

Tivoli Access Manager for Enterprise Single Sign-On

Open Source on IBM I Announce Materials

IBM TotalStorage 3592 Tape Drive Model J1A

Virtual Security Zones on z/vm

IBM _` p5 570 servers

Optimize Your Heterogeneous SOA Infrastructure

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

Virtual Security Zones

IBM SYSTEM POWER7. PowerVM. Jan Kristian Nielsen Erik Rex IBM Corporation

V6R1 System i Navigator: What s New

Dynamic Routing: Exploiting HiperSockets and Real Network Devices

IBM Tivoli OMEGAMON XE for R/3

IBM PowerVM. Virtualization without limits. Highlights. IBM Systems and Technology Data Sheet

Tivoli Access Manager for Enterprise Single Sign-On

IBM System Storage SAN24B-4 Express

Session zse4187 Virtual Security Zones on z/vm

IBM i Edition Express for BladeCenter S

IBM FileNet Content Manager and IBM GPFS

IBM Power Systems Sales for the IBM I Operating System. Download Full Version :

IBM Tivoli Directory Server

IBM System I Technical Solutions Design (including i5/os V5R4) Download Full Version :

System i and System p. Creating a virtual computing environment

How to configure Ethernet Network Interface Backup on ~ BladeCenter JS20 with AIX 5L

How Smarter Systems Deliver Smarter Economics and Optimized Business Continuity

WELCOME TO TIVOLI NOW!

Enterprise Workload Manager Overview and Implementation

... WebSphere 6.1 and WebSphere 6.0 performance with Oracle s JD Edwards EnterpriseOne 8.12 on IBM Power Systems with IBM i

IBM System Storage DS4800

HMC and System Firmware

IBM System Storage SAN80B-4

z/vm Security and Integrity

Sentences Installation Guide. Sentences Version 4.0

Hitachi Data Ingestor Hyper-V Installation Guide 6.0.0

Copyright International Business Machines Corporation 2008, 2009, 2010, 2011, 2012, 2013 All rights reserved.

Storwize V7000 real-time compressed volumes with Symantec Veritas Storage Foundation

Managing LDAP Workloads via Tivoli Directory Services and z/os WLM IBM. Kathy Walsh IBM. Version Date: July 18, 2012

System z: Checklist for Establishing Group Capacity Profiles

Tivoli Storage Manager for Virtual Environments

Sub-capacity licensing for select IBM Passport Advantage eligible programs running on x86 servers helps improve flexibility and price/performance

Symantec Network Access Control Starter Edition

FICON Extended Distance Solution (FEDS)

IBM POWER7 Systems Express Blades Quick Reference Guide November 2011

IBM and Lawson M3 (an Infor affiliate) ERP software workload optimization on the new IBM PureFlex System

IBM System Storage TS1120 Tape Drive

Computing as a Service

Symantec Network Access Control Starter Edition

IBM System Storage TS1130 Tape Drive Models E06 and other features enhance performance and capacity

Cisco MDS 9000 Port Analyzer Adapter, Enhanced: New version improves performance monitoring

LANDesk for ThinkVantage Technologies ecosystem now expanded to include enhanced offerings

IBM System Storage IBM :

IBM To Resell Cisco Systems MDS 9000 Multilayer Switch and Director Family of Intelligent Storage Networking Products

Application and Database Protection in a VMware vsphere Environment

Introduction to. z/vm and Linux on System z. Malcolm Beattie Linux Technical Consultant, IBM UK. From a presentation by Ralf Schiefelbein, IBM Germany

IBM and Sirius help food service distributor Nicholas and Company deliver a world-class data center

IBM System Storage SAN40B-4

IBM System Storage. Tape Library. A highly scalable, tape solution for System z, IBM Virtualization Engine TS7700 and Open Systems.

IBM. System i IT Simplification - Windows Linux and AIX 5L Solution Sales Version 1

Name : Mark Gambino Venue : Communications Subcommittee

IBM General Parallel File System for Linux helps simplify file system management across clusters

KVM for IBM z Systems

Transcription:

June 2002 IBM ^ iseries Logical Partition Isolation and Integrity Dave Boutcher IBM Corporation boutcher@us.ibm.com Version 1.0

Page 1 Introduction The purpose of this document is to provide information about the ability of the IBM ~ iseries to run multiple operating systems in separate logical partitions, and isolate those logical partitions to ensure their security and integrity. iseries systems have the scalability and reliability to consolidate multiple servers into a single box. That consolidation, however, is only a feasible solution for customers if they can be assured that the integrity of their solutions is not compromised by moving the function from multiple physical systems to a single physical system. The technology in the iseries system ensures that the operating systems and applications in separate logical partitions are kept separate. Server Consolidation By consolidating critical data and applications on the iseries, customers can do more than cut costs; they can create a total business solution that s greater than the sum of its parts. Using the iseries dynamic logical partitioning (LPAR) technology and support for multiple application environments, e-business technologies and operating systems, customers have the flexibility to choose the best applications for their needs. In a single server, customers can run their core business and e-business applications, Linux, Lotus Domino, UNIX, Microsoft Windows and Java all managed centrally and running completely independently of one another. One iseries can be divided into as many as 32 separate logical partitions with server resources divided at will among them. The new dynamic logical partitioning and incremental processor allocation support built into Operating System/400 (OS/400 ) V5R1 lets customers assign each application exactly the

Page 2 server resources it needs as it needs them, without shutting down the partition. It s true enterprise-level functionality in a midrange business computer. IBM has made a statement of direction that the AIX operating system will be supported on the iseries system. When AIX is runs in a logical partition, the partition isolation characteristics described in this document will extend to it as well. Support for native Linux One of the most important developments in business computing in recent years is the arrival of Linux. Linux, an open-source implementation of UNIX, is rapidly becoming the de facto standard for fundamental e-business applications like Web servers, firewalls and e-mail. With V5R1, the iseries supports Linux. Linux for PowerPC runs within an iseries logical partition, allowing customers to extend and enhance their OS/400 applications with Linux applications. Up to 31 separate Linux server partitions can run on a single iseries system. The great advantage of consolidating Linux servers onto iseries is that it makes them far easier to manage and more cost-effective. The individual Linux servers, each running in its own partition, are able to share processors, disk, tape, CD-ROM and LAN resources with the other applications running on the iseries. Networking performance is improved over discrete servers. The separate Linux partitions can be connected together in a virtual LAN; from their point of view, they re sitting in separate boxes and communicating with one another using standard networking protocols. But the network traffic never leaves the iseries to pass through the network infrastructure: the partitions communicate directly with one another at high speed, and don t add any load to the physical LAN. Running the native Linux operating system, however, may cause concern for customers accustomed to the security provided by OS/400. All of the source code for the Linux operating system is available, and customers are able to modify and recompile the Linux operating system that runs in a logical partition. The logical partition function of the iseries system ensures that no matter how the Linux operating system is modified, it cannot maliciously or accidentally affect the behavior of other logical partitions within the same

Page 3 physical system. This same assurance is made for OS/400 and AIX, when it becomes available. The iseries Hypervisor A new component of the OS/400 operating system, named the Hypervisor provides all the partition control and partition mediation in the system. The hypervisor is loaded by the primary partition. The hypervisor is the system component responsible for isolating one partition from another. OS/400 Primary Partition OS/400 Partition Linux Partition Linux Partition The PowerPC processors used in the iseries system have specific support for the hypervisor model. Some low level processor instructions can only be executed by the Hypervisor hypervisor. This prevents any program running outside the hypervisor from accidentally or maliciously executing an instruction that could affect another partition.

Page 4 Partition Isolation The iseries hypervisor provides isolation between partitions at the processor, memory, and I/O device level. Specifically: A program or operating system running in one partition will not affect another partition. Included in this statement is the fact that a software failure, either of an application or of the operating system, in one partition will not affect another partition. The utilization of the processor in one partition will not affect the performance of another partition The memory spaces of different partitions are isolated. It is not possible for one partition to access or modify data stored in the memory allocated to another partition. Physical I/O devices assigned to one partition cannot be accessed or modified by another partition. For example, the data stored on a disk unit assigned to one logical partition cannot be accessed by another logical partition. This isolation exists regardless of the operating system running in the partition. Processing Resources Processor resources are allocated to partitions either in units of whole processors, or fractions of processors. In order to ensure consistent behavior and performance results within a partition, regardless of the work being performed in other partitions on the system, a partition will receive the processing power it is assigned. For example, a 2 processor i820 model 0151 system has a CPW rating of 2,350. A partition assigned one whole processor will execute as a system with roughly 1,175 CPW, regardless of whether other partitions are powered off, idle, or running at 100% utilization. Memory Isolation The physical memory within the iseries system can be divided up between the partitions in units of 1MB. Support exists in the PowerPC processors used in the iseries system to ensure that only the hypervisor can update the address translation tables used to map the virtual addresses seen by the different partitions to the real addresses used to access the physical memory. Using the address translation hardware built into the processor, the hypervisor ensures that each partition is only able to access the memory pages allocated to its partition. Virtual LAN The iseries system provides Virtual Ethernet LAN support to allow high speed connections among partitions. Virtual Ethernet provides sixteen 1 Gb Ethernet communication paths among partitions (OS/400 to Linux and Linux to Linux) without requiring additional hardware resources. Virtual Ethernet segments can be created and destroyed dynamically. Further, access to a virtual LAN segment can be restricted for security or traffic segregation

Page 5 requirements. This allows a communication path to be established among partitions where required, and communication paths between partitions to be prevented where appropriate. An additional advantage of virtual LAN segments is that they provide a highly secure communication path which is not detectable or in any way "sniffable by other partitions. That is, no other partition may eavesdrop on the data moving between other partitions. Other Virtual Devices OS/400 has support for providing virtual devices to Linux partitions. Virtual disk, virtual CD, virtual tape, and virtual console can be provided by an OS/400 partition to a Linux partition. When a virtual device, such as a disk, is provided by OS/400, the partition using that device is strictly limited to the data on that virtual device. There are no other paths that the using partition can use to access other data that it has not been assigned. Similarly, the virtual devices (CD, Tape) that a Linux partition can use can be limited by the hosting OS/400 partition system administrator. Isolation Considerations iseries logical partitioning is designed to provide a robust and flexible platform for consolidating servers. It is not intended to contain hardware failures to a single partition or provide hardware fault recovery. While the hypervisor will attempt to contain hardware failures to a single partition, some hardware failures may cause multiple partitions to fail. Hardware failures will not cause a reduction of the isolation statements made above. The statements above also do not apply to the primary OS/400 partition. The hypervisor associated with the primary partition provides logical partition function to the other partitions. An operating system failure in the primary partition can cause secondary partitions to fail. Device Sharing Specific function has been added to OS/400 to optionally allow multiple partitions to share a device such as a CD or tape (virtual I/O.) If multiple partitions are sharing a device, the actions of one partition can affect another partition. Similarly, a physical bus can be shared between partitions. Traffic on a shared bus caused by one partition can affect the performance of that shared bus as seen by another partition. Even though the bus is shared, however,

Page 6 adapters on the bus are owned by a specific partition, and the iseries logical partition function ensures that a partition cannot access a device it does not own. Device sharing should be a configuration choice consciously made by the system administrator. If complete isolation is desired, devices and system busses should not be shared. Isolation Scenario The following scenario outlines the strengths of the isolation provided by the iseries system. This scenario describes a typical e-business configuration a business makes information available to the Internet through a web-server. In this, and many similar environments, the web server is separated from the production systems with a firewall, and is additionally protected from the Internet using a second firewall. OS/400 Partition: Linux Partition: OS/400 Partition: Linux Partition: Business Application Firewall Web Server Firewall 1 2 3 Ethernet In this scenario, isolation and integrity are very important. It is normally recommended that a firewall be run on a physically isolated system. The partition isolation provided by the iseries hypervisor, however, ensures that attacks on the firewall partition, be they denial of service attacks that consume all the processing resources of the firewall, or integrity attacks such as buffer overflow attacks, cannot affect other systems. In the scenario diagrammed above, three separate virtual LAN segments (1) are used to interconnect the partitions. Because these virtual LAN segments are distinct and isolated, traffic between the first firewall and the web server partition is completely isolated from traffic between the web server and the second firewall. Devices, such as disk drives (2) and physical ethernet cards (3) are owned by specific partitions, and can be accessed only from those partitions. There is no possibility for data coming from the ethernet card owned by the first firewall from accidentally being delivered to another partition. No partition can read or write data stored on the disk drives owned by

Page 7 another partition. Note that this would be true whether the disk drives are physical disk drives owned by the partition, or whether the disk drives used by Linux are virtual disk drives provided by an OS/400 partition. The design of the iseries system is such that the configuration described above is as secure as four physically separate servers. It is very important to note that the security and integrity of the applications and operating systems running within the logical partitions of the iseries system remain the responsibility of the customer. A poorly configured firewall that erroneously allows access to data stored on a server is a problem whether the firewall is on a separate system or running as a partition within a single system. Unauthorized individuals gaining access over a TCP/IP connection are a concern whether the TCP/IP traffic is traveling over a real LAN or a virtual LAN. Summary Using a combination of hardware and software technology, the IBM ~ iseries provides an industry leading platform for consolidating multiple servers, running different operating systems, into a single physical system. Customers can be secure in the knowledge that when servers are brought together on an iseries system the integrity of their solutions will not be compromised

Page 8 Produced in the United States of America 08/02 All Rights Reserved IBM, IBM logo, IBM eserver, DB2, iseries and OS/400 are trademarks or registered trademarks of International Business Machines Corporation of the United States, other countries or both. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Intel is a trademark of Intel Corporation in the United States, other countries or both. Linux is a registered trademark of Linus Torvalds. Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. Information concerning non-ibm products was obtained from the suppliers of their products or their published announcements. Questions on the capabilities of the non-ibm products should be addressed with the suppliers. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult customers local IBM business contact for information on the product or services available in customers area. All statements regarding IBM s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback