Ryan and Vinci,
This is a bit off topic and I will be happy to take this conversation off
list. I was an MVS systems programmer for over 19 years in a previous life
a number of years ago. Basically Ryan is right, LPAR is a way of logically
separating the physical resource of an MVS mainframe. It happens at the
hardware level not at the OS. You can dedicate or share hardware resources,
CPU, DASD, etc. There may be some security concerns with sharing DASD as
you need to rely on each logical hosts security system to restrict access to
the files on the shared DASD to the same requirements. But I know of no
security holes or exploits with LPAR itself and don't even think that it is
possible. I know other potential exploits for mainframes, that as a
security professional, I would be much more concerned about (nope sorry I
usually don't share). But IMHO LPAR is pretty much bullet proof. It
requires MVS console access, potentially the creation of a system generation
loaded into an IOCDS file, and an IPL to modify the settings (be aware that
some hardware resources can be dynamically switched by the operator if they
are defined as such, without an IPL). Oh, sure a rogue IBM SE might be able
to do something but physical access is still required. E-mail me off list
if you want more depth.
Tom
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
