On Friday, 12/10/2010 at 09:17 EST, Tom Huegel <[email protected]> wrote: > Does anyone run applications in z/VM? Isn't the 'protected data' owned by some > other OS (z/OS, z/VSE, zLINUX). It seems that the high level security effort > belongs in those OS's. z/VM just needs to keep those systems isolated and NOT > be able to circumvent their security procedures.
While that "protected data" is owned by the guest, the data is *potentially* accessible by any virtual machine. It doesn't matter whether you run CMS, VSE, LINUX, MVS, TPF, or anything else. All virtualization platforms create virtual raised floors, and, like a real raised floor, you are obligated to define and enforce access controls on those floors. Some are physical, some are policy only. "All persons must badge in; no tailgating." "You touch THIS system and you die." "You plug THAT cable into THERE, and you die." Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 [email protected] IBM Endicott
