Search390.com
Expert Question of the Week
July 23, 2001
=====================================
SPONSORED BY: Postmaster Direct
=====================================
GET THE INFO YOU WANT TODAY!
What do YOU want in your e-mailbox? How about FREE info and offers
about computers, networking, wireless devices, finance and lots more?
Visit http://search390.techtarget.com/postmasterDirect/, choose the
topics that interest you, and you'll get the e-mail you want.
=====================================
=====================================
FEATURED TOPIC: WebSphere
=====================================
You've heard all the talk about WebSphere, yet still have questions.
Here are some resources to help get you Web-enabled. Don't forget to
check out our coverage of WebSphere and other mainframe topics from
SHARE in MN this week!
http://search390.techtarget.com/featuredTopic/0,290042,sid10_gci756356,00.html
--------------------------------------------------------------------
Welcome to Search390's Expert Question of the Week newsletter.
Remember, no question is too simple for Ask the Experts! If you have
a 390-related question, send it to [EMAIL PROTECTED] Selected
questions will be answered by our experts.
This week's question was answered by Jim Keohane, search390's Web
Integration Expert.
THIS WEEK'S QUESTION:
Q: How is security enabled between different partitions in an IBM
mainframe? If a Web application server is placed in one of the
partitions, then how is security enabled between this partition and
the other partition?
Any other general information that you can provide regarding security
between partitions in an IBM mainframe environment?
A: To begin with, security between two different LPARs starts off
with the same security as between any two different MVS, OS/390,
z/OS, VSE or Linux images in the same or different mainframe or
sysplexes, whether running natively or VM/VIF-hosted.
If these images run in different LPARs of same box, they don't need
to know about each other's existence. The same is true for VM/VIF
hosting. In short, your web server on an LPAR can be completely
isolated from the rest of your data center. In an extreme case you
can have online DASD/DISK and network adapter dedicated to the web
LPAR only. Do not allow shared I/O nor dynamic I/O configuration.
If you need some kind of secure communication between this LPAR and
other LPARs, you can do so via an internal firewall or through
something like a virtualized CTC that only the web LPAR and another
LPAR access.
Interesting examples of Linux & Apache Web Server in an LPAR can be
found at
http://www-1.ibm.com/servers/eserver/zseries/os/linux/css/eam.html
and at http://www-3.ibm.com/security/news/pr_itsec.shtml.
If you want to provide specifics as to the OS or OSes involved and
the specific security concerns, I'll try to be more targeted in my
response. For example, are you thinking of a web app server under
Linux in an LPAR where other LPARs host OS/390 that have TCP/IP
connectivity but do not share online disk/dasd storage with Linux
LPAR either directly or via NFS or equivalent?
----------------------------
If you have a question for Jim, submit it here:
http://search390.techtarget.com/ateQuestion/0,289624,sid10_tax285032,00.html
What are your thoughts on security between partitions in an IBM
mainframe environment? Agree with Jim Keohane, or have a completely
different outlook on the above question? Share your thoughts on this
week's expert Q&A with the rest of us in the Sound Off Discussion
Forum. Speak your mind--we love hearing from you! To post your
feedback now, go to:
http://search390.discussions.techtarget.com/WebX?50@@.ee83ff9.
================================
CALLING ALL DINOS!
================================
Our July tips contest is underway, and it's time to show us what
you've got. Send us a Developer, Web-Enabling or Systems Management
tip to
http://search390.techtarget.com/tipsPrize/0,289492,sid10_prz750651_cts750650,00.html.
If your tip is chosen the winner, you'll take home a really cool
prize--a fun, radio control King T-Rex dinosaur. So, send us your
tip today!
========================================================
If you would like to sponsor this or any TechTarget newsletter,
please contact Gabrielle DeRussy at [EMAIL PROTECTED]
========================================================
If you no longer wish to receive this newsletter simply reply to
this message with "REMOVE" in the subject line. Or, visit
http://search390.techtarget.com/register
and adjust your subscriptions accordingly.
If you choose to unsubscribe using our automated processing, you
must send the "REMOVE" request from the email account to which
this newsletter was delivered. Please allow 24 hours for your
"REMOVE" request to be processed.
