> We are planning to make z/VM Linux production with RACF on VM, > I would like to know what is best practices for handling > security under Linux/VM and how other shops handing security > for Linux.
Since the two environments are fairly cleanly separated, treating them as two entities; one affiliated with z/OS and one affiliated with the discrete systems is often the least controversial method. Treat the VM and Linux components as separate elements. The most common solution is to treat the Linux guest systems identically to the traditional Unix or discrete Intel Linux systems on your network, as that's exactly what they are. Use of NIS, Kerberos, etc are identical to the discrete systems for AAA. Use of native Kerberos v5 authentication is becoming very popular, and (if you have SP2 applied to your Windows AD systems), security monitors and practices integrated with Windows are also common. We typically set up an internal guest LAN for operational support services like logging and security access, and ensure that all the guests use it for logging and maintenance access, or you can do the same things you do with your distributed systems. The VM component can be handled with RACF; the existing version can share a database with z/OS RACF, and is often handled/audited as an extension of the z/OS RACF environment.
