sminfo
asked on
AIX LPARs, IVM and network segmentation
Hi,
We have bought a couple of new IBM blades, each blade has two internal ethernet switch and is connected to other switches on the network. Our "friendly communication admins" has segmented the network in multiples VLANs. One of them is the IVM-VIOserver that is in another segment. I meant there's no connection between segments, all ports are closed. I have clear that between the IVM and LPARs there's services like ctrmc but dont know if they, the IVM and LAPRs needs others tcp or udop ports. ALso, I need multiples services between segments like NFS, SSH, portamp, xwindows are other..
Question:
1- Is there any document regarding best practices regarding connectivity between the VIOserver (IVM) and LPARs? Must they be in the same VLAN?
2- Is there any document or best practices regarding the configuration of internal blade's switches VLANS?
My boss is asking me if it's necesary to have TOO MUCH security inside the blade or not. Take in mind there's only one VIOserver by blade and it's not easy to make changes constantly on it because a new vlan is added to the blade.[
is my spanish-english clear for you? :-)
We have bought a couple of new IBM blades, each blade has two internal ethernet switch and is connected to other switches on the network. Our "friendly communication admins" has segmented the network in multiples VLANs. One of them is the IVM-VIOserver that is in another segment. I meant there's no connection between segments, all ports are closed. I have clear that between the IVM and LPARs there's services like ctrmc but dont know if they, the IVM and LAPRs needs others tcp or udop ports. ALso, I need multiples services between segments like NFS, SSH, portamp, xwindows are other..
Question:
1- Is there any document regarding best practices regarding connectivity between the VIOserver (IVM) and LPARs? Must they be in the same VLAN?
2- Is there any document or best practices regarding the configuration of internal blade's switches VLANS?
My boss is asking me if it's necesary to have TOO MUCH security inside the blade or not. Take in mind there's only one VIOserver by blade and it's not easy to make changes constantly on it because a new vlan is added to the blade.[
is my spanish-english clear for you? :-)
Well, Israel,
I think I'll need some time to understand what you're after.
In the meantime you could read this, maybe it has some info.
The IBM Blade Center JS12/22 Implementation Guide:
http://www.redbooks.ibm.com/redbooks/pdfs/sg247655.pdf
I don't have much time at the moment, but I'll be back soon!
Cheers
wmp
I think I'll need some time to understand what you're after.
In the meantime you could read this, maybe it has some info.
The IBM Blade Center JS12/22 Implementation Guide:
http://www.redbooks.ibm.com/redbooks/pdfs/sg247655.pdf
I don't have much time at the moment, but I'll be back soon!
Cheers
wmp
ASKER
ok wmp, teh fact is the communications admins are always making VLANs on their side, but it means I have to create the same VLAns on the VIOserver. The blades we have are JS43, and I read that to add a new vlan I have to make a live migration to all LPARs to another blade and then maek the change. That's what I see nonfunctional (dont know if it's the word). And in the other side, I have to give them all TCP/UDP ports LPARs and/or VIOserver (IVM) needs to work properly.. It's a really pain i.....
I'll go home now... see you later..
Israel.
I'll go home now... see you later..
Israel.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good! wmp..
ASKER
Thanks.