Part of the problem might be that you spoiled us with the Guest LAN
(perhaps the door should have been closed then). Anyone could use an
unrestricted Guest LAN, why would VSWITCH be any different.
Granted, security in some shops may be an issue there if multiple people
(and multiple groups of people) are deploying virtual machines. But in
a one or two sysprog shop the additional step is just that, an
additional step (and most definitely a pita).
All we're saying is (give peace a chance... oops) give us the option and
let corporate security policy decide.
Alan Altmark wrote:
On Friday, 02/10/2006 at 09:45 CST, Rich Smrcina <[EMAIL PROTECTED]>
wrote:
Third...
Michael MacIsaac wrote:
How about an "all or nothing" solution, for example:
CP DEFINE/SET VSWITCH switchname .... UNRESTRICTED
I will second that motion ...
Youse guyz are killing me. You mean, just ANYONE can couple to it? They
can access the external network without your permission?!? That is the
same as giving a class G user the ability to ATTACH an OSA subchannel to
themselves. Eeeeewwwww!
I'd be happier if Linux would issue better messages like "You're not
COUPLEd to the Guest LAN or VSWITCH, or dedicated OSA cable is unplugged."
rather than making you guess what's wrong, or better virtual NIC
diagnostic messages:
HCP1234E Guest activation of <vaddr> failed: NIC not coupled to
Guest LAN or VSWITCH
followed by one of:
HCP1235E Last COUPLE <vaddr> TO SYSTEM <switchname> failed: Not
authorized
or HCP1236E COUPLE has not been issued for <vaddr>
or HCP1237E COUPLE has not been issued for <vaddr>; NICDEF does not
specify a Guest LAN or VSWITCH name
We already issue a "not authorized" message when a COUPLE or NICDEF
authorization fails, but I guess no one is seeing those messages? Surely
leaving the barn door open is not the right way to ensure the horse gets
fed? ("And stop calling me Shirley..." ta-dum)
Alan Altmark
z/VM Development
IBM Endicott
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
Rich Smrcina
VM Assist, Inc.
Main: (262)392-2026
Cell: (414)491-6001
Ans Service: (360)715-2467
rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org
WAVV 2006 - Chattanooga, TN - April 7-11, 2006
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
