IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 38

on the real DASD volume. To do this, CP intercepts all I/O operations, and alters the virtual cylinder or block numbers to their real location. To ensure data integrity, CP will prefix the I/O request with additional device controls to constrain the entire I/O operation to the DASD location of the minidisk. In other cases a virtual server could be given read-only access to a device, in which case CP inserts commands into the I/O request that disables all write-type operations. In this manner, the surrounding control units and devices themselves help z/VM maintain user-data integrity and privacy. For four decades, IBM’s z/VM has provided a secure, reliable, stable operating environment. Virtual Networks In the late 1990s, IBM understood largescale hosting of Linux on System z was a st r eng t h of z / V M a nd t he v i r t ua lnetworking capabilities Linux needed were added. Among these is an IEEE 802.1q virtual LAN (VLAN)-aware Ethernet bridge called the Vir tual Switch (VSW I TCH) . When used with a trunk connection to an Et her net sw itch, t he z/ V M system administrator controls the assignment of a virtual server to a specific VLAN. CP also controls the capability of a virtual server to “sniff” the virtual network and to talk to other servers on the virtual network. System Security A well-defined authentication and authorization scheme maintains t he secur it y of a z/ V M system. T he system administrator pre-defines ever y virtual ser ver and gives each one a name known as the VM user ID and an associated password. Unless the system administrator specif ically enables anony mous access, C P and t he I BM-prov ided networking daemons challenge anyone providing a V M user ID as identif ication to also prov ide the matching password. Once the password has been verified and the user has entered the system, all requests to CP to access s ystem resou rces a re based on t he aut hent icated V M user ID. Virtual servers make requests to CP in one of two ways: A person or automation tool may issue CP commands from the virtual server console, or the programs r u n n i n g i n t he v i r t u a l s e r v e r m a y themselves, if authorized by the virtual ser ver OS, communicate with CP using the DIAGNOSE instruction. The parameters passed with the DIAGNOSE instruction provide all of the details CP requires to obtain input and return a response. T he CP command set and the var ious f unctions t he DI AGNOSE inst r uct ion provides are divided into functional groups called privilege classes. The set of general user commands and functions intended for all vir tual ser ver use—such as the capabilit y to IPL (boot) an OS, link to minidisks, and to create and delete virtual I/O devices, among others—is confined to the single privilege class G. By design, none of the class G commands can affect CP or other virtual servers. If a vir tual ser ver attempts to use a CP command or DI AGNOSE instruction that’s outside its privilege class, the system rejects the command and an error condition is returned to the virtual server. The elemental nature of z/VM’s system integrity implementation prevents a virtual machine from obtaining more privilege classes than the z/VM system administrator assigned. T h e s y s t e m ad m i n i s t r ator m a y a s s i g n ad d i t ion a l privilege classes, depending on the virtual server’s need and function, but additional privileges should be given only to t r u sted a nd sec u re v i r t ua l ser ver s–as some of t he >QRQ^QZOQ_ Start Interpretive Execution (SIE): www.research.ibm.com/journal/sj/301/ibmsj3001E.pdf z/VM Security: www.VM.ibm.com/security M AY/J U N E 2 0 0 8 ibms ystemsmag .com/mai nframe 38

IBM Systems Magazine, Mainframe digital edition - May/June 2009

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe digital edition - May/June 2009

IBM Systems Magazine, Mainframe digital edition - May/June 2009
Table of Contents
Editor's Desk:  High-Flying Security
Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
Administrator:  DB2 9 Features Help Ensure Compliance
Product News
Advertiser Index
Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IBM Systems Magazine, Mainframe digital edition - May/June 2009
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover2
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 1
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Table of Contents
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 5
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 6
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 7
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Editor's Desk:  High-Flying Security
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 9
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 11
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 12
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 13
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 15
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 16
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 17
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 18
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 19
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 21
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 22
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 23
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 25
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 26
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 27
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 29
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 30
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 31
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 33
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 34
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 35
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 36
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 37
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 38
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 39
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 41
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 42
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 43
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 44
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 45
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 46
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 47
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Administrator:  DB2 9 Features Help Ensure Compliance
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 49
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 50
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 51
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Product News
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 53
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 54
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Advertiser Index
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - RF2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com