-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Deaver Sent: Monday, February 05, 2007 5:17 PM To: [email protected] Subject: LPAR Org & Security
<SNIP> We systems engineers are, of course, arguing that we need that access as a matter of productivity. It really opens a can of worms, since if they were to dictate that, we would soon be arguing that all the development and test servers should also only be on the NEQAL network. And then we get into the arguments about where the production instances of DB2 verses the 3 test instances should be running. Separate LPARS? Ug. <SNIP> What is the cost of fully splitting the two networks and workloads? Part of that cost will be the building of a limited interface for production control to promote test source to production (I assume that this is done now in your shop). This limited interface may be a set number of DASD volumes that only production control can write to (from the test side), but which the production system reads for application software load libraries and storage of the production copy of source. Or, the copying of load members (and such) to tape and then loading from tape (would this require a different bank of tape drives in a different room -- don't laugh a certain USGov't installation where I've worked did exactly this). Next will be the cost of maintaining the two systems. Since you can't log in to the other LPAR, you probably can't access the other LPAR's DASD (other than for the exception above). This means that you will have to either have two PCs on your desk, or you will have to have two offices. Or you will have to have some other means to access each system in such a way that you won't accidentally make some change that should have been to/with the other system. This will also necessitate dual security data bases... So how far should one go in doing the splitting? And is management willing to give up the ability to fix the other system when it crashes and can't be IPLed? After all, a second LPAR that can touch the first LPAR is the first line of defense in disaster recovery (that assumes the computer room is otherwise functional, the CEC is otherwise functional, etc.). Regards, Steve Thompson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
