> Does anyone run applications in z/VM? Speaking just for us, YES! We continue to run and enhance existing CMS applications (which run cheaper on z/VM than anywhere else when ALL the expenses are taken into account). But with Aon's acquisition of Hewitt Associates, everything is being re-evaluated, so who knows?
However, I have complete confidence in my belief that there are hundreds+ of older VM systems (pre-z/VM, and even perhaps pre-VM/ESA) still running CMS applications. Unfortunately, few of them would probably convert to z/VM as they continue to milk their cash cows, so in their cases your point still applies. But there are still paying z/VM customers running CMS applications, they cannot and must not be abandoned, or management will once again come to believe that "VM is dead" - ultimately damaging IBM's apparent Linux on System z goals. (See old SHARE conference "NOTAGAIN MEMO"). Mike Walter Aon Corporation The opinions expressed herein are mine alone, not my employer's. "Tom Huegel" <[email protected]> Sent by: "The IBM z/VM Operating System" <[email protected]> 12/10/2010 08:15 AM Please respond to "The IBM z/VM Operating System" <[email protected]> To [email protected] cc Subject Re: Vswitch Grant as a CMD in User's Directory? Does anyone run applications in z/VM? Isn't the 'protected data' owned by some other OS (z/OS, z/VSE, zLINUX). It seems that the high level security effort belongs in those OS's. z/VM just needs to keep those systems isolated and NOT be able to circumvent their security procedures. On Fri, Dec 10, 2010 at 2:46 AM, Les Koehler <[email protected]> wrote: Back in the old days, I recall a finance type person saying something like: The Gold Standard is that it should take collusion between two or more people to defraud the company. If we apply that to IT, then shouldn't pswds for privileged userids that can access/change financial data be long enough that TWO sysprogs can each be given half a pswd so they both have to be present to make a change? Les Alan Altmark wrote: On Thursday, 12/09/2010 at 12:01 EST, Tom Huegel <[email protected]> wrote: Does it really matter? SOX is just another way congress has come up with to destroy the American economy, and in fact the American way of life. When you read the law, you find that SOX is "simply" a way to hold executives responsible for the financial statements issued by their companies. Assuming no ill intent (no comments, please!), that means trustworthy data. That flows downhill, as all such things must, until we start talking about access controls and audit mechanisms for financial data. That is, knowing who has the means and the opportunity to access the data, and knowing who has actually done so. (I leave it to others to talk about motive.) Who, what, where, when. Unfortunately, IT security industry consultants have mangled this laudable concept into a paranoia-inducing behemoth that has people screaming in terror as it rampages across the country, flogging every sysadmin in its path. Why? Because financial status is inferred from many other data sources and no one wants to spend the time it takes to follow all the data flows. Result: Secure Everything. With HIPAA and PCI running alongside, the "Secure Everything" policy looks even more reasonable to CEOs, CIOs, CFOs, and their lawyers. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 [email protected] IBM Endicott The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
