The risk is not with the ficon channels as the way CCW’s are sequenced it would be virtually impossible for info to bleed across lpar’s. Since Dasd is now virtual in all systems (IBM, EMC, Visara ,Hitachi) there is a greater chance of the shared file system causing data to be “misplaced”. Even so, it’s highly unlikely.
Kenneth A. Bloom CEO Avenir Technologies Inc /d/b/a Visara International 203-984-2235<tel:203-984-2235> [email protected]<mailto:[email protected]> www.visara.com<http://www.visara.com/> On Jun 14, 2022, at 10:38 PM, Mike Schwab <[email protected]> wrote: z/VM can share PCHPIDs. But we always had 4 FICON for every LPAR for DASD. On Tue, Jun 14, 2022 at 9:07 PM Laurence Chiu <[email protected]> wrote: We had an interesting question raised recently in my work place by our security team. They said, if you have multiple LPARs on a Z box and you share FICON adapters going to the same DS8K is there any data leak issue that could occur? That is, could LPAR1 inadvertently see traffic to the SAN that is defined for LPAR2 but sharing the same FICON adapter. Maybe somebody mixed up the IODF or something like that? I thought not and said, isn't that how VMware and Hiper-V work. The hypervisors share out FC cards etc. to the various VM's and it doesn't seem to be an issue and z/OS (or is PR/SM) is likely to be a much hardier OS security wise. Anyway I would get the view of the experts on the forum. Thanks ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
