VM:Secure is also the only security product that was designed from the ground up for z/VM. All of the others are ports from z/OS. RACF tries to fit z/OS concepts such as "alter" and "control" onto z/VM link modes (W, M, MR, MW, etc). VM:Secure allows you to write rules specifying the link modes directly. I'm not too familiar with ACF2 or Top Secret, but I would guess that they are similar to RACF.
If you choose a security product other than VM:Secure, you can implement VM:Director instead of Dirmaint for directory management. VM:Director is VM:Secure without the Rules component. Dennis O'Brien "Houston, we've had a problem." -- Jack Swigert, Command Module pilot of Apollo 13, 13 Apr 1970 -----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Marcy Cortes Sent: Thursday, May 05, 2016 09:23 To: LINUX-390@VM.MARIST.EDU Subject: Re: Security for z/VM I will point out that VM:Secure is one product for your directory management and security. If you choose RACF, you also need to implement Dirmaint. I believe ACF2 is the same way. I know Top Secret on VM is. -----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Alan Altmark Sent: Thursday, May 05, 2016 9:08 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Security for z/VM On Wednesday, 05/04/2016 at 05:19 GMT, "Beard, Rick" <rick.be...@atos.net> wrote: > I would like to know if anyone has any preferences on using either CA:VMSECURE or CA:ACF2 for > securing z/VM systems? > > Is one more secure than the other? CA has not certified either product in the Common Criteria scheme ("claim" and "proof"), so you can't really answer "How secure is it?" You cannot, therefore, compare them in that respect. In fact, only RACF on z/VM has been part of a certification. That said, most people choose their external security manager (ESM) for reasons unrelated to its capabilities. The choice is instead based on 1. What's in your IBM or CA software catalog. I.e. if you've already bought one of them, then spending money to buy the other one may not be the right choice. 2. In-house knowledge. If you have RACF, ACF2, or TOP SECRET on z/OS, then adding it to z/VM is straightforward. VMSECURE has no z/OS equivalent, so you aren't going to get any help from your MVS team. 3. Easiest. All of the examples and discussion from IBM on z/VM security are RACF-centric. Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Practice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/