Configuring the network on the Secure Service Container partition
You can configure the network devices for the hosting appliance by using the Secure Service Container user interface. The containers on the Secure Service Container partitions communicate through the Ethernet-type or VLAN-type connections over the network devices bound to Open Systems Adapter-Express (OSA-Express) devices, or Hipersockets.
If you want the Hyper Protect Virtual Server container on the Secure Service Container partition to be accessed by external services, you must configure two network devices with one for internal communication, and another for external access. You can configure one network device to each of the OSA-Express devices on the Secure Service Container partitions, or multiple network devices on one OSA-Express device. You can also achieve internal network communication between Hyper Protect Virtual Servers within the same IBM Z system by configurating a Hipersocket device. This procedure is intended for users with the role appliance administrator.
Before you begin
- Refer to the checklist that you prepared on this topic Planning for the environment.
- Check that you have the connection information to each Secure Service Container partition. For more information, see Creating Secure Service Container partitions.
- Check that you install the hosting appliance by following the instructions on Installing the Hyper Protect hosting appliance.
Procedure
Complete the following steps to configure the network devices.
-
Connect to the Secure Service Container partition through the browser of your choice. For example,
https://<secure_service_container_partition_ip_address>. -
On the Login page, enter the master use ID and password values that you supplied in the image profile (standard mode system) or the partition definition (DPM-enabled system), and click Login.
-
In the navigation pane, click the Network icon to display the network connections page.
-
Select one of the network devices to get the channel path identifier (CHPID) of the OSA-Express device. For example,
encf900_networkis the network device name, andAAis the CHPID. The network device can only be used for the external communication for the Hyper Protect Virtual Server container. You can choose the Hipersockets option if it is displayed as available, for internal network connection. -
Configure another network device on the Secure Service Container partition.
- For an ethernet-type connection:
- Click the plus (+) icon to add a new connection, and then select Ethernet as the connection type.
- Select a new network device from the drop-down list. Ensure that the CHPID in the Device Details section is different from the one in step 4. For example, the network device name is
encf900_internal_network, and the CHPID isAB. This network device can only be used for the internal communication for the Hyper Protect Virtual Server container. - Use the default value for the Port field, and set the connection state to Active.
- If you chose the Hipersockets option (in sub-step 2 of step 5), for the Layer2 field, you must select a value of 1 from the list.
- Use Disabled for both IPV4 and IPV6 addresses fields.
- For a VLAN-type connection, ensure that your OSA or Hipersocket device is tagged with an VLAN ID (for example,
1121) and the OSA or Hipersocket device is connected with the trunk port of the switch.
- Click the plus (+) icon to add a new connection, and then select VLAN as the connection type.
- Select a parent device (also known as a tagged OSA or Hipersocket device) from the drop-down list. If the parent device is not available, click the plus (+) icon to create a parent device. For example, the parent device name is
encf300. - Enter the VLAN ID by which the OSA or Hipersocket device is tagged. For example,
1121. - Use the auto-generated connection name. For example,
vxlan0f300.1121. - If the DHCP is not configured in your network, select the Manual checkbox on the IPv4 tab and assign an appropriate IP address according to your network.
- Set the connection state on the General tab to Active.
- Click the ADD button to save the changes.
Note: The Secure Service Container partition requires configuration of the necessary DNS entries if you plan to explore the following features in IBM Hyper Protect Virtual Servers.
- Configure appropriate DNS entry or entries for Secure Build containers on the IBM Hyper Protect Virtual Servers partition, so that the Secure Build containers can access the github source code URLs. This DNS configuration is performed on the Hardware Management Console (HMC) as part of the Secure Service Container LPAR profile's network configuration.
- Configure a DNS entry for the GREP11 container, so that the client application code can access the GREP11 container on the IBM Hyper Protect Virtual Servers partition.
For more information on how to configure DNS entries on the Secure Service Container partition, see the following topic after you download Secure Service Container User's Guide, SC28-6978-02a.
- Chapter 14, "Using the Secure Service Container user interface", section "Viewing and managing network connections"
- Chapter 3 or 7, "Configuring a Secure Service Container partition"
Next
- You can deploy your workloads by following the instructions on Building your application with the Secure Build virtual server.