Security for Linux on System z


Book Description

No IT server platform is 100% secure and useful at the same time. If your server is installed in a secure vault, three floors underground in a double-locked room, not connected to any network and switched off, one would say it was reasonably secure, but it would be a stretch to call it useful. This IBM® Redbooks® publication is about switching on the power to your Linux® on System z® server, connecting it to the data and to the network, and letting users have access to this formidable resource space in a secure, controlled, and auditable fashion to make sure the System z server and Linux are useful to your business. As the quotation illustrates, the book is also about ensuring that, before you start designing a security solution, you understand what the solution has to achieve. The base for a secure system is tightly related to the way the architecture and virtualization has been implemented on IBM System z. Since its inception 45 years ago, the architecture has been continuously developed to meet the increasing demands for a more secure and stable platform. This book is intended for system engineers and security administrators who want to customize a Linux on System z environment to meet strict security, audit, and control regulations. For additional information, there is a tech note that describes the best practices for securing your network. It can be found at: http://www.redbooks.ibm.com/abstracts/tips0981.html?Open




Security on z/VM


Book Description

Discussions about server sprawl, rising software costs, going green, or moving data centers to reduce the cost of business are held in many meetings or conference calls in many organizations throughout the world. And many organizations are starting to turn toward System zTM and z/VM® after such discussions. The virtual machine operating system has over 40 years of experience as a hosting platform for servers, from the days of VM/SP, VM/XA, VM/ESA® and especially now with z/VM. With the consolidation of servers and conservative estimates that approximately seventy percent of all critical corporate data reside on System z, we find ourselves needing a highly secure environment for the support of this infrastructure. This document was written to assist z/VM support and security personnel in providing the enterprise with a safe, secure and manageable environment. This IBM® Redbooks® publication provides an overview of security and integrity provided by z/VM and the processes for the implementation and configuration of z/VM Security Server, z/VM LDAP Server, IBM Tivoli® Directory Server for z/OS®, and Linux® on System z with PAM for LDAP authentication. Sample scenarios with RACF® database sharing between z/VM and z/OS, or through Tivoli Directory Integrator to synchronize LDAP databases, are also discussed in this book. This book provides information about configuration and usage of Linux on System z with the System z Cryptographic features documenting their hardware and software configuration. The Consul zSecure Pro Suite is also part of this document: this product helps to control and audit security not only on one system, but can be used as a single point of enterprise wide security control. This document covers the installation and configuration of this product and detailed information is presented on how z/Consul can be used to collect and analyze z/VM security data and how it can be helpful in the administration of your audit data.




Linux on the Mainframe


Book Description

This is the comprehensive guide to Linux on the mainframe straight from the IBM Linux experts. The book covers virtualization, security, systems management, and more.




Mainframe Basics for Security Professionals


Book Description

Leverage Your Security Expertise in IBM® System zTM Mainframe Environments For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX®, Linux®, or Windows®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments. Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos. The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments. Coverage includes Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation Creating, modifying, and deleting users and groups Protecting data sets, UNIX file system files, databases, transactions, and other resources Manipulating profiles and managing permissions Configuring the mainframe to log security events, filter them appropriately, and create usable reports Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them Creating limited-authority administrators: how, when, and why




End to End Security with z Systems


Book Description

This IBM® RedpaperTM provides a broad understanding of the components necessary to secure your IBM z Systems environment. It provides an end-to-end architectural reference document for a use case that employs both mobile and analytics. It also provides an end to end explanation of security on z Systems from the systems of record through the systems of engagement. Security is described in terms of transactions, covering what happens after a transaction hits the system of engagement and what needs to be in place from that moment forward. The audience for this paper is IT architects and those planning to use z Systems for their mobile and analytics environments.




Set up Linux on IBM System z for Production


Book Description

This IBM® Redbooks® publication shows the power of IBM System z® virtualization and flexibility in sharing resources in a flexible production environment. In this book, we outline the planning and setup of Linux on System z to move from a development or test environment into production. As an example, we use one logical partition (LPAR) with shared CPUs with memory for a production environment and another LPAR that shares some CPUs, but also has a dedicated one for production. Running in IBM z/VM® mode allows for virtualization of servers and based on z/VM shares, can prioritize and control their resources. The size of the LPAR or z/VM resources depends on the workload and the applications that run that workload. We examine a typical web server environment, Java applications, and describe it by using a database management system, such as IBM DB2®. Network decisions are examined with regards to VSWITCH, shared Open Systems Adapter (OSA), IBM HiperSocketsTM and the HiperPAV, or FCP/SCSI attachment used with a storage area network (SAN) Volume Controller along with performance and throughput expectations. The intended audience for this IBM Redbooks publication is IT architects who are responsible for planning production environments and IT specialists who are responsible for implementation of production environments.




Practical Migration from x86 to LinuxONE


Book Description

LinuxONE is a portfolio of hardware, software, and solutions for an enterprise-grade Linux environment. It has been designed to run more transactions faster and with more security and reliability specifically for the open community. It fully embraces open source-based technology. Two servers are available for LinuxONE: The IBM® LinuxONE III LT1 and IBM LinuxONE III LT2. We describe these servers in "IBM LinuxONE servers" on page 5. Aside from still running SUSE Linux Enterprise Server and Red Hat Enterprise Linux Servers, LinuxONE runs Ubuntu, which is popular on x86 hardware. Ubuntu, which runs the cloud, smartphones, a computer that can remote control a planetary rover for NASA, many market-leading companies, and the Internet of Things, is now available on IBM LinuxONE servers. Together, these two technology communities deliver the perfect environment for cloud and DevOps. Ubuntu 16.04 on LinuxONE offers developers, enterprises, and Cloud Service Providers a scalable and secure platform for next generation applications that include OpenStack, KVM, Docker, and JuJu. The following are reasons why you would want to optimize your servers through virtualization using LinuxONE: Too many distributed physical servers with low utilization A lengthy provisioning process that delays the implementation of new applications Limitations in data center power and floor space High total cost of ownership (TCO) Difficulty allocating processing power for a dynamic environment This IBM Redbooks® publication provides a technical planning reference for IT organizations that are considering a migration from their x86 distributed servers to LinuxONE. This book walks you through some of the important considerations and planning issues that you might encounter during a migration project. Within the context of a pre-existing UNIX based or x86 environment, it presents an end-to-end view of the technical challenges and methods necessary to complete a successful migration to LinuxONE.




Introduction to the New Mainframe: Security


Book Description

This book provides students of information systems with the background knowledge and skills necessary to begin using the basic security facilities of IBM System z. It enables a broad understanding of both the security principles and the hardware and software components needed to insure that the mainframe resources and environment are secure. It also explains how System z components interface with some non-System z components. A multi-user, multi-application, multi-task environment such as System z requires a different level of security than that typically encountered on a single-user platform. In addition, when a mainframe is connected in a network to other processors, a multi-layered approach to security is recommended. Students are assumed to have successfully completed introductory courses in computer system concepts. Although this course looks into all the operating systems on System z, the main focus is on IBM z/OS. Thus, it is strongly recommended that students have also completed an introductory course on z/OS. Others who will benefit from this course include experienced data processing professionals who have worked with non-mainframe-based platforms, as well as those who are familiar with some aspects of the mainframe environment or applications but want to learn more about the security and integrity facilities and advantages offered by the mainframe environment.




Securing Your Cloud: IBM z/VM Security for IBM z Systems and LinuxONE


Book Description

As workloads are being offloaded to IBM® z SystemsTM based cloud environments, it is important to ensure that these workloads and environments are secure. This IBM Redbooks® publication describes the necessary steps to secure your environment for all of the components that are involved in a z Systems cloud infrastructure that uses IBM z/VM® and Linux on z Systems. The audience for this book is IT architects and those planning to use z Systems for their cloud environments.




Linux on IBM System Z


Book Description




Recent Books