On Wednesday, 05/25/2011 at 09:46 EDT, PHILIP TULLY <tull...@optonline.net> wrote: > IBM needs to step up to a more definitive public road map for the z/VM > operating system, with a multiple year outlook.
As always, feel free to contact your IBM rep or business partner to request a conference call with z/VM Development to discuss the outlook for solutions to your particular concerns. If needed, it can be done under an NDA. > One area where I see no value is the use of Unified Resource Manager as > long as it requires opening up access to the HMC. Folks need to get over the HMC access issue. Really. It's not your father's HMC. Put a firewall at the entry to the LAN it sits on, as you would for other sensitive LANs (protection and access control), then cry "Havoc!" and let slip the dogs of war.... The Unified Resource Manager introduces new ensemble management and operations roles to the HMC. People with (only) those roles can't play with LPARs, the I/O configuration, go into OSA Advanced Facilities, or otherwise perform traditional HMC functions. Few people are even *aware* of the z10 and z196 ability to create new roles in the HMC that can be used to limit what a person can do, and what HMC-managed resources they can affect. (I created a user who can only perform the LOAD function for one LPAR. They can't even deactivate it from the HMC.) There are significant new security management functions in HMC 2.11 that help even more. - Creation of security log monitors with automatic e-mail (to multiple people) of matching events - Automatic and manual generation and offload of audit reports. Can be written to local HMC media or to your workstation via Save As... in your browser - New "Customize User Controls" on the SE to provide similar capabilities as on the HMC - New read-only access to hw & OS messages, activation profiles, Advanced Facilities, and channel paths And we're always interested in hearing what additional security functions are needed. > Tools to provide cross system managment. (I know about SSI but that is > so limited by 4 systems to be almost useless. and btw it is still > unannounced) A *product* that contains SSI/LGR is not announced. The Statement of Direction to provide the function IS announced. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
