The following scenario illustrates how useful z/VM virtual networking can be:
Figure 10-4 shows a typical multi-tier application infrastructure that many companies have deployed using discrete, real server hardware and networking equipment. StoreCompany deploys this configuration on its mainframe for its online catalog business. The significant difference in this configuration is that the server images shown are actually running on a single IBM zSeries machine. Two logical partitions (LPARs) are configured on the zSeries machine. One is running z/OS and hosts StoreCompany's regular business applications unchanged, including the DB2 database server, the CICS transaction server, and the Websphere Application Server (WAS). The other LPAR runs fifteen Linux images as guests under z/VM, hosting a mix of application and networking software.
Figure 10-4. StoreCompany virtual network (z/OS network not shown)
A real HiperSockets connection (HLAN1) passes network traffic between the Linux images on z/VM and the z/OS database server. Linux firewall servers control access to the real HiperSockets LAN that connects to the z/OS LPAR. Two z/VM Guest LANs (GLAN1 and GLAN2) are high-speed, easy-to-use virtual LANs that isolate and control network traffic among the various applications that are running in the Linux images. Two of the Linux images running on z/VM function as network routers. They are connected to real network adapters (OSA cards) and route traffic between the "outside world" (XLAN1) and the virtual server environment being hosted on z/VM.
Let us follow the flow of traffic into this virtual server environment from an end-user perspective. This scenario could be deployed as an intranet or Internet solution. In either case, users access the StoreCompany environment by specifying a Web address (URL) on their browsers. The switch passes connection requests to one of the z/VM Linux routers attached to the external LAN (XLAN1). Several physical Internet connections come in through the switch, providing redundant external access possibilities. Having two Linux routers configured for this environment provides a level of availability for the services offered. If one of the routers fails (or, more likely, requires service or a software upgrade), the other Linux router then distributes the requests over the HTTP servers. A second Linux server running on z/VM does not require the duplication of hardware expense normally incurred when deploying this environment on real servers.
The Linux routers are connected to z/VM Guest LAN number 1 (GLAN1). Also attached to GLAN1 are the HTTP servers that process Web requests and perform load balancing of the requests. The Linux router that receives an HTTP call passes the request to one of the Web servers connected to GLAN1. Assuming this is a user's first access to the services offered by this environment, the Web server probably sends back a home page to be displayed on the browser, reversing the flow of network traffic that connected the user to the Web server. When a user clicks on a link that requests a service, the HTTP call is returned to one of the HTTP servers. If the request requires access to one of the Linux WebSphere Application Servers (WAS) running in the virtual environment, the HTTP server calls the WAS server, which processes the request.
The Linux WAS servers in our scenario are connected to a second z/VM Guest LAN (GLAN2). Communication between the HTTP servers and the WAS servers is controlled by the two Linux firewall servers that are connected to both Guest LANs. Once again, system availability is ensured with a redundant set of Linux images providing firewall services between the LANs.
Once the request has reached the WAS server, it accesses additional server images as needed, depending on the function it is going to perform.
If a WAS server needs to access data found in the z/OS DB2 database, it connects to one of the Linux firewall servers for GLAN2, then accesses the real HiperSockets LAN in order to pass the data request to the DB2 server on z/OS, which is also connected to the real HiperSockets LAN. This connection is also used when an CICS request comes in through WAS that requires processing by the z/OS CICS server. Firewall redundancy has been configured for the HiperSockets LAN as well.
This environment provides a number of benefits: