VM:Secure is also the only security product that was designed from the ground
up for z/VM. All of the others are ports from z/OS. RACF tries to fit z/OS
concepts such as "alter" and "control" onto z/VM link modes (W, M, MR, MW,
etc). VM:Secure allows you to write rules specifying the link modes directly.
I'm not too familiar with ACF2 or Top Secret, but I would guess that they are
similar to RACF.
If you choose a security product other than VM:Secure, you can implement
VM:Director instead of Dirmaint for directory management. VM:Director is
VM:Secure without the Rules component.
Dennis O'Brien
"Houston, we've had a problem." -- Jack Swigert, Command Module pilot of
Apollo 13, 13 Apr 1970
-----Original Message-----
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Marcy
Cortes
Sent: Thursday, May 05, 2016 09:23
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Security for z/VM
I will point out that VM:Secure is one product for your directory management
and security.
If you choose RACF, you also need to implement Dirmaint.
I believe ACF2 is the same way. I know Top Secret on VM is.
-----Original Message-----
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Alan
Altmark
Sent: Thursday, May 05, 2016 9:08 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: [LINUX-390] Security for z/VM
On Wednesday, 05/04/2016 at 05:19 GMT, "Beard, Rick" <rick.be...@atos.net>
wrote:
> I would like to know if anyone has any preferences on using either
CA:VMSECURE or CA:ACF2 for
> securing z/VM systems?
>
> Is one more secure than the other?
CA has not certified either product in the Common Criteria scheme ("claim"
and "proof"), so you can't really answer "How secure is it?" You cannot,
therefore, compare them in that respect. In fact, only RACF on z/VM has
been part of a certification.
That said, most people choose their external security manager (ESM) for
reasons unrelated to its capabilities. The choice is instead based on
1. What's in your IBM or CA software catalog. I.e. if you've already
bought one of them, then spending money to buy the other one may not be
the right choice.
2. In-house knowledge. If you have RACF, ACF2, or TOP SECRET on z/OS,
then adding it to z/VM is straightforward. VMSECURE has no z/OS
equivalent, so you aren't going to get any help from your MVS team.
3. Easiest. All of the examples and discussion from IBM on z/VM security
are RACF-centric.
Alan Altmark
Senior Managing z/VM and Linux Consultant
Lab Services System z Delivery Practice
IBM Systems & Technology Group
ibm.com/systems/services/labservices
office: 607.429.3323
mobile; 607.321.7556
alan_altm...@us.ibm.com
IBM Endicott
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may
contain information that is privileged, confidential and/or proprietary and
subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
recipient, please delete this message.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
