On Wednesday, 05/25/2011 at 11:07 EDT, Philip Tully <tull...@optonline.net> wrote: > With all do respect: Contacting our IBM rep under NDA does not fit > "publc road map".
I'm not trying to be contrary or anything, Phil, just practical. If your or anyone else feels they need more information about IBM's plans for the future than is publicly available (on pretty much any subject), there's a way to deal with that. > I think the customers are letting IBM know, that they are not ready to > relinquish control of this asset. It may not be the story IBM mgmt wants > to hear but it is the one that is being told. I may no longer go onsite to> > customers on a regular basis, but when I was, I often needed access to the > HMC and it was pretty consistent that there was significant access control > for the HMC. No one disputes that there should be significant access control for the HMC. Hence my statements about improvements to HMC security management and the recommendation to put a firewall in front of it. You may even require some form of authentication at the firewall. And you certainly do NOT allow remote access into the HMC-SE LAN itself except when you have a remote HMC. And for those I would seriously consider a VPN-style connection into the HMC-SE LAN, even though: - All communication between an HMC and an SE is encrypted. This is managed via "Domain Security". - All communication between a browser and the HMC is via HTTPS Over time, expect to see the HMC continue to expand its role as a management endpoint in your System z world. Naturally, this is an evolving story, so keep your 3270 emulator handy. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
