87 lines
5.7 KiB
HTML
87 lines
5.7 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Guest partition scenario: Linux firewall" />
|
||
|
<meta name="abstract" content="This scenario demonstrates how you can implement a firewall using a guest partition running Linux." />
|
||
|
<meta name="description" content="This scenario demonstrates how you can implement a firewall using a guest partition running Linux." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaitscenarios.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaitscenario3.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaitscenario3.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzaitscenario4" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Guest partition scenario: Linux firewall</title>
|
||
|
</head>
|
||
|
<body id="rzaitscenario4"><a name="rzaitscenario4"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Guest partition scenario: Linux firewall</h1>
|
||
|
<div><p>This scenario demonstrates how you can implement a firewall using
|
||
|
a guest partition running Linux<sup>®</sup>.</p>
|
||
|
<div class="section"><h4 class="sectiontitle">Situation</h4><p>You are the system administrator of a
|
||
|
company that has just consolidated your company's workload to a new iSeries™ server.
|
||
|
Your new iSeries configuration
|
||
|
has four partitions. You are running in a supported mixed environment with <span class="keyword">i5/OS™</span> partitions and guest partitions
|
||
|
running Linux.
|
||
|
You have a separate system with a firewall installed to protect the corporate
|
||
|
network from untrusted data. However, that system is outdated and very expensive
|
||
|
to maintain. You still want to protect your network what should you do?</p>
|
||
|
<p> <br /><img src="rzait510.gif" alt="A partitioned iSeries with a separate
firewall system." /><br /> </p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Solution using directly attached LAN adapters</h4><div class="attention"><span class="attentiontitle">Attention:</span> Directly attached I/O resources are under the control of
|
||
|
the Linux operating
|
||
|
system.</div>
|
||
|
<p> <br /><img src="rzait511.gif" alt="A partitioned
iSeries utilizing a guest partition as a firewall." /><br /> </p>
|
||
|
<p>You
|
||
|
had the hardware resources on your server to create another guest partition
|
||
|
using iSeries Navigator.
|
||
|
You installed Linux in partition P4. The firewall is built into the
|
||
|
kernel that you are using. Your Linux firewall partition owns a directly
|
||
|
attached LAN adapter that protects the entire system from untrusted data.</p>
|
||
|
<p>While
|
||
|
your employees are able to use their laptop computers and workstations to
|
||
|
connect to the trusted corporate network, you have the added assurance that
|
||
|
your entire Corporate LAN is protected with your iSeries Linux firewall partition.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Solution using virtual Ethernet adapters</h4><div class="attention"><span class="attentiontitle">Attention:</span> Virtual
|
||
|
I/O resources are devices owned by the hosting <span class="keyword">i5/OS</span> partition
|
||
|
that provide I/O function to the guest partition.</div>
|
||
|
<p> <br /><img src="rzait512.gif" alt="A partitioned iSeries utilizing a guest partition as
a firewall." /><br /> </p>
|
||
|
<p>You created and installed Linux in a guest
|
||
|
partition on your iSeries. However, you don't want to use a separate
|
||
|
physical ethernet adapter for each partition, so you decide to use virtual
|
||
|
ethernet to connect your partitions to the network. Your new Linux partition
|
||
|
has a directly attached LAN adapter that connects your firewall to the untrusted
|
||
|
network. Your primary partition owns a directly attached LAN adapter so your iSeries server
|
||
|
can be connected to the trusted network. All of your partitions are able to
|
||
|
communicate with each other and the Corporate Lan because they use virtual
|
||
|
Ethernet.</p>
|
||
|
<p>Although you reduced the number of directly attached LAN adapters
|
||
|
in this configuration, your entire network is still protected by the Linux firewall
|
||
|
partition.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaitscenarios.htm" title="Read logical and guest partition scenarios to understand how a partitioned server can be configured and used.">Logical and guest partition scenarios</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzaitscenario3.htm" title="This scenario demonstrates how you can use the reliability of the iSeries to run Linux application.">Guest partition scenario: Linux applications on the iSeries</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|