Security on z/VM
An IBM Redbooks publication
Published 19 November 2007, updated 05 December 2007
IBM Form #: SG24-7471-00
Authors: Paola Bari, Helio Almeida, Gary Detro, David Druker, Marian Gasparovic, Manfred Gnirss, Jean Francois Jiguet
Discussions about server sprawl, rising software costs, going green, or moving data centers to reduce the cost of business are held in many meetings or conference calls in many organizations throughout the world. And many organizations are starting to turn toward System z™ and z/VM® after such discussions. The virtual machine operating system has over 40 years of experience as a hosting platform for servers, from the days of VM/SP, VM/XA, VM/ESA® and especially now with z/VM. With the consolidation of servers and conservative estimates that approximately seventy percent of all critical corporate data reside on System z, we find ourselves needing a highly secure environment for the support of this infrastructure. This document was written to assist z/VM support and security personnel in providing the enterprise with a safe, secure and manageable environment.
This IBM® Redbooks® publication provides an overview of security and integrity provided by z/VM and the processes for the implementation and configuration of z/VM Security Server, z/VM LDAP Server, IBM Tivoli® Directory Server for z/OS®, and Linux® on System z with PAM for LDAP authentication.
Sample scenarios with RACF® database sharing between z/VM and z/OS, or through Tivoli Directory Integrator to synchronize LDAP databases, are also discussed in this book.
This book provides information about configuration and usage of Linux on System z with the System z Cryptographic features documenting their hardware and software configuration.
The Consul zSecure Pro Suite is also part of this document: this product helps to control and audit security not only on one system, but can be used as a single point of enterprise wide security control. This document covers the installation and configuration of this product and detailed information is presented on how z/Consul can be used to collect and analyze z/VM security data and how it can be helpful in the administration of your audit data.
Table of contents
Chapter 1. z/VM and security
Chapter 2. RACF feature of z/VM
Chapter 3. z/VM LDAP server
Chapter 4. Implementing Pluggable Authentication Modules LDAP for Linux servers
Chapter 5. Enterprise integration
Chapter 6. Cryptography on z/VM
Chapter 7. IBM Tivoli zSecure for zVM RACF
Appendix A. DirMaint implementation
Appendix B. RACF procedural checklist
Appendix C. Additional material
Others who read this publication also read
Follow IBM Redbooks
Follow IBM Redbooks