Any time you have shared hardware there is a theoretical risk of vulnerabilities, but I would be far more concerned with the brocade (what's the generic term these days?) than with the FICON adapter itself. There should be a STIG from DISA that addresses the issue. I'd also check the hardware configurations on which z/OS was last evaluated.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Laurence Chiu [[email protected]] Sent: Tuesday, June 14, 2022 10:06 PM To: [email protected] Subject: RIsks of sharing FICON adapters between LPARs on the same host We had an interesting question raised recently in my work place by our security team. They said, if you have multiple LPARs on a Z box and you share FICON adapters going to the same DS8K is there any data leak issue that could occur? That is, could LPAR1 inadvertently see traffic to the SAN that is defined for LPAR2 but sharing the same FICON adapter. Maybe somebody mixed up the IODF or something like that? I thought not and said, isn't that how VMware and Hiper-V work. The hypervisors share out FC cards etc. to the various VM's and it doesn't seem to be an issue and z/OS (or is PR/SM) is likely to be a much hardier OS security wise. Anyway I would get the view of the experts on the forum. Thanks ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
