Configuring secure IP tunnels between the mover service partitions on the source and destination servers

With Virtual I/O Server (VIOS) 2.1.2.0, or later, you can configure secure IP tunnels between the mover service partitions on the source and destination servers. However, when both the source and destination servers are using the Virtual I/O Server 2.2.2.0, or later, the tunnels are created automatically depending on the security profile applied on the source VIOS.

1. List the available secure tunnel agents by using the lssvc command. For example:

   $lssvc
   ipsec_tunnel

2. List all the attributes that are associated with the secure tunnel agent by using the cfgsvc command. For example:

   $cfgsvc ipsec_tunnel -ls
   local_ip
   remote_ip
   key

3. Configure a secure tunnel between the mover service partition on the source server and the mover service partition on the destination server by using the cfgsvc command:

   cfgsvc ipsec_tunnel  -attr local_ip=src_msp_ip remote_ip=dest_msp_ip key=key

   where:
   • src_msp_ip is the IP address of the mover service partition on the source server.
   • dest_msp_ip is the IP address of the mover service partition on the destination server.
   • key is the preshared authentication key for the mover service partitions on the source and destination servers. For example, abcderadf31231adsf.
4. Enable the secure tunnel by using the startsvc command. For example:

   startsvc ipsec_tunnel

   Note: When you apply the High, Payment Card Industry (PCI), or Department of Defence (DoD) security profiles, the secure tunnel is created and active partition mobility is performed over this secure channel. The secure channel that was created automatically gets destroyed when the partition mobility operation is complete.