ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzait_5.4.0.1/rzaitscenario4.htm

87 lines
5.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Guest partition scenario: Linux firewall" />
<meta name="abstract" content="This scenario demonstrates how you can implement a firewall using a guest partition running Linux." />
<meta name="description" content="This scenario demonstrates how you can implement a firewall using a guest partition running Linux." />
<meta name="DC.Relation" scheme="URI" content="rzaitscenarios.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitscenario3.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitscenario3.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaitscenario4" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Guest partition scenario: Linux firewall</title>
</head>
<body id="rzaitscenario4"><a name="rzaitscenario4"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Guest partition scenario: Linux firewall</h1>
<div><p>This scenario demonstrates how you can implement a firewall using
a guest partition running Linux<sup>®</sup>.</p>
<div class="section"><h4 class="sectiontitle">Situation</h4><p>You are the system administrator of a
company that has just consolidated your company's workload to a new iSeries™ server.
Your new iSeries configuration
has four partitions. You are running in a supported mixed environment with <span class="keyword">i5/OS™</span> partitions and guest partitions
running Linux.
You have a separate system with a firewall installed to protect the corporate
network from untrusted data. However, that system is outdated and very expensive
to maintain. You still want to protect your network what should you do?</p>
<p> <br /><img src="rzait510.gif" alt="A partitioned iSeries with a separate&#xA;firewall system." /><br /> </p>
</div>
<div class="section"><h4 class="sectiontitle">Solution using directly attached LAN adapters</h4><div class="attention"><span class="attentiontitle">Attention:</span> Directly attached I/O resources are under the control of
the Linux operating
system.</div>
<p> <br /><img src="rzait511.gif" alt="A partitioned&#xA;iSeries utilizing a guest partition as a firewall." /><br /> </p>
<p>You
had the hardware resources on your server to create another guest partition
using iSeries Navigator.
You installed Linux in partition P4. The firewall is built into the
kernel that you are using. Your Linux firewall partition owns a directly
attached LAN adapter that protects the entire system from untrusted data.</p>
<p>While
your employees are able to use their laptop computers and workstations to
connect to the trusted corporate network, you have the added assurance that
your entire Corporate LAN is protected with your iSeries Linux firewall partition.</p>
</div>
<div class="section"><h4 class="sectiontitle">Solution using virtual Ethernet adapters</h4><div class="attention"><span class="attentiontitle">Attention:</span> Virtual
I/O resources are devices owned by the hosting <span class="keyword">i5/OS</span> partition
that provide I/O function to the guest partition.</div>
<p> <br /><img src="rzait512.gif" alt="A partitioned iSeries utilizing a guest partition as&#xA;a firewall." /><br /> </p>
<p>You created and installed Linux in a guest
partition on your iSeries. However, you don't want to use a separate
physical ethernet adapter for each partition, so you decide to use virtual
ethernet to connect your partitions to the network. Your new Linux partition
has a directly attached LAN adapter that connects your firewall to the untrusted
network. Your primary partition owns a directly attached LAN adapter so your iSeries server
can be connected to the trusted network. All of your partitions are able to
communicate with each other and the Corporate Lan because they use virtual
Ethernet.</p>
<p>Although you reduced the number of directly attached LAN adapters
in this configuration, your entire network is still protected by the Linux firewall
partition.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaitscenarios.htm" title="Read logical and guest partition scenarios to understand how a partitioned server can be configured and used.">Logical and guest partition scenarios</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaitscenario3.htm" title="This scenario demonstrates how you can use the reliability of the iSeries to run Linux application.">Guest partition scenario: Linux applications on the iSeries</a></div>
</div>
</div>
</body>
</html>