In distributed environments, the interaction between a user and an application follows a familiar series of steps: a user enters the network through a web server, signs into the application server, and then the applications reach into the database for what they need. Between each server there is a firewall to monitor network traffic and keep things secure.
Firewalls become a challenge in mainframe environments, which host the web, application, and database servers in a single system. Because the firewall is an outboard appliance, connections must move data off back onto the mainframe to benefit from firewall protection.
But that’s okay, says Alan Altmark, Senior Managing z/VM and Linux IT consultant with IBM Lab Services, because z/VM provides a virtual solution that allow still meets most service level agreements (SLAs).
It’s called a virtual switch, and it offers a bridge between physical and virtual networks.
Like physical switches, virtual switches allow administrators to control network traffic. As Altmark explained in a recent interview, virtual switches also provide a number of business benefits, from cost and scalability to network security and disaster recovery.
The most common benefit of any large-scale virtualization effort is to save money, and the same follows for virtual networking. Enterprise network switches can cost tens of thousands of dollars, so it’s no small investment if you have to scale up.
Virtual switches, on the other hand, allow you to add hundreds of new virtual machines to the network without dedicating more expensive hardware resources. Naturally, you don’t have to worry about physical damage with a virtual switch, whereas a physical switch might eventually have to be replaced because of wear and tear, like a faulty capacitor. More importantly, you can’t accidentally trip over and unplug a virtual cable.
Similarly, virtualization allows network administrators to support security enforcement in a way that would be much more difficult – and costly – to do in a physical network.
Altmark provided the example of a group of Linux servers. “In the real world,” he said, “I can’t easily take those Linux servers and segment the traffic. But with virtualization, I can assign each server to a separate virtual LAN (VLAN) and enforce it with the z/VM hypervisor. So even though servers assigned to different VLANs are connected to the same virtual switch, they can’t talk directly to each other.”
Instead, the traffic is routed through the VSWITCH, off of the mainframe, through the firewall, and – unless blocked by the firewall – back onto the mainframe on another VLAN. All transparently and using standard networking, yet requiring no additional hardware.
This type of segmentation is a valuable capability in network security because it keeps traffic separate. And while it is possible to set up with physical switches, it would simply cost a lot of money and require a lot of dedicated hardware resources, Altmark explained. With z/VM and virtual switches, even though the data may go back and forth to and from the mainframe repeatedly as it traverses the VLANs and firewalls, it doesn’t cost anything and is fast enough to meet almost any SLA.
Business continuity and disaster recovery
Virtualization’s inherent scalability also enables better redundancy. A single virtual switch can support up to eight physical network interface cards (NICs), or Open System Adapters (OSAs) as they’re called by IBM, Altmark said. That means you could share the bandwidth of eight real NICs among hundreds of virtual machines, which opens up possibilities for high availability.
“When we talk about IBM Z, we like to talk about zero downtime and having no outages,” he said. “With the virtual switch, I could connect four of those real NICs to physical Switch A and four of them to physical switch B. If I were to lose a cable, a switch port, a physical NIC (OSA), or even an entire physical switch, the virtual switch would remain operational, with no error indication given to the virtual machine using it.”
Scalability, security and availability – these benefits drive the use of virtualization in corporate networks, but they’re not the only reasons why businesses choose to work with z/VM. In an upcoming blog, we’ll discuss how virtual switches also allow businesses to experiment while maintaining network efficiency and cost effectiveness.
Alan Altmark recently hosted a presentation on the subject of z/VM and virtual switches. To learn more, watch the full video of his session, z/VM Virtual Switch: The Basics on the SHARE YouTube channel.