8.7 Summary

When considering security for Linux on the mainframe, remember that:

• The hardware itself enjoys a higher level of physical security than the average server farm through virtualization and reduced physical resources.

• z/VM can help by using:

  - Defined roles that scope authority

  - Guest definitions to diversify types of guests and their authorizations

  - Virtual communications that eliminate the risk of wire-tapping

The use of a mainframe and z/VM can lower the total cost of ownership:

• Because fewer people need access to the physical machine, the cost of repairing damages caused by intentional or unintentional tampering with the system console, cables, and other hardware is lowered.

• z/VM ensures consistency and speed when defining the secure environment and making copies of a known secure environment. Thus, z/VM can reduce the time spent by administrators identifying, applying, and supporting security patches.

• z/VM ensures the isolation of images you require, in most cases without the need to buy and set up individual machines. Individual machines bring with them costs and interconnection complexity, resulting in additional risks in the configuration that would not be present in a z/VM environment. Corporate rules sometimes state that a specific piece of work must run on a physically separate piece of real hardware. Recall, however, that LPAR, having a certified level of isolation, should be considered as separate, isolated hardware and can make Linux on the mainframe a real option.