Thanks. That sounds like a really good explanation to me. From way distant memory as each LPAR initiates an I/O eventually a CCW must be created though these days I can't imagine any application program worrying about that. Something you might do in Assembler even though you would probably invoke a MACRO.
It was an academic debate and I doubt if I would raise it with the security team :-( On Wed, Jun 15, 2022 at 3:02 PM Ken Bloom <[email protected]> wrote: > The risk is not with the ficon channels as the way CCW’s are sequenced it > would be virtually impossible for info to bleed across lpar’s. Since Dasd > is now virtual in all systems (IBM, EMC, Visara ,Hitachi) there is a > greater chance of the shared file system causing data to be “misplaced”. > Even so, it’s highly unlikely. > > Kenneth A. Bloom > CEO > Avenir Technologies Inc > /d/b/a Visara International > 203-984-2235<tel:203-984-2235> > [email protected]<mailto:[email protected]> > www.visara.com<http://www.visara.com/> > > > On Jun 14, 2022, at 10:38 PM, Mike Schwab <[email protected]> wrote: > > z/VM can share PCHPIDs. But we always had 4 FICON for every LPAR for > DASD. > > On Tue, Jun 14, 2022 at 9:07 PM Laurence Chiu <[email protected]> wrote: > > We had an interesting question raised recently in my work place by our > security team. > > They said, if you have multiple LPARs on a Z box and you share FICON > adapters going to the same DS8K is there any data leak issue that could > occur? That is, could LPAR1 inadvertently see traffic to the SAN that is > defined for LPAR2 but sharing the same FICON adapter. Maybe somebody mixed > up the IODF or something like that? > > I thought not and said, isn't that how VMware and Hiper-V work. The > hypervisors share out FC cards etc. to the various VM's and it doesn't seem > to be an issue and z/OS (or is PR/SM) is likely to be a much hardier OS > security wise. > > Anyway I would get the view of the experts on the forum. > > Thanks > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
