On Thursday, 07/01/2010 at 03:20 EDT, Rob van der Heij <rvdh...@gmail.com> wrote: > On Thu, Jul 1, 2010 at 5:48 PM, Alan Altmark <alan_altm...@us.ibm.com> wrote: > > Protecting the system itself from guests with fp minis or dedicated > > > 2. Use DEVNO minidisks or dedicated volumes > > I would not look forward to D/R where have to change all DEVNO > statements and get it right...
It's a choice. You don't have to FEAR fullpack minis, but you do have to PLAN for them. After all, dedicated volumes and DEVNO mdisks have the same issue in that respect. The freedom to avoid dependency on RDEVs comes only by placing trust in all the people who manage them. If the managers of those RDEVs defer management of any part of that infrastructure to an untrusted system or person, then the chain is broken and assumptions are no longer valid. As a security guy, I prefer to use non-fullpack minis. But if I have to have them, then it would be irresponsible for me to ASSUME that the guest will not alter the volser. All virtual machines used by people other than trusted z/VM admins are, by definition, untrusted and Evil Incarnate. Alan Altmark z/VM Development IBM Endicott
