Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., 2006. All rights reserved. Chapter 4: Integrity and security.

Slides:



Advertisements
Similar presentations
Chapter 6 Security Kernels.
Advertisements

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
File Management Chapter 12. File Management A file is a named entity used to save results from a program or provide data to a program. Access control.
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 2: z/OS Overview.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Click to add text Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 7: Systems.
Systems Analysis and Design in a Changing World, 6th Edition
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 7: Systems Management.
Chapter 18 Three Operating Systems
File Management Systems
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
DBMS Functions Data, Storage, Retrieval, and Update
Chapter 11 Operating Systems
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 1: The new mainframe.
Chapter 12 File Management Systems
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 8: Autonomic computing.
Chapter 18: Security on z/OS
CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.
Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 6: Accessing large amount.
Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Understanding Active Directory
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 7: Designing and developing applications for z/OS.
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 5: Batch processing and the Job Entry Subsystem (JES) Batch.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
Chapter 15 Database Administration and Security
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
Click to add text Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 4: Integrity.
Click to add text Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 2: Capacity.
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 12 Understanding database managers on z/OS.
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 4: Working with data sets.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  
Ihr Logo Operating Systems Internals & Design Principles Fifth Edition William Stallings Chapter 2 (Part II) Operating System Overview.
© 2004 IBM Corporation IBM ^ z/VM Design considerations > Security > Performance (SIE)
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Data Sharing. Data Sharing in a Sysplex Connecting a large number of systems together brings with it special considerations, such as how the large number.
INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.
ADVANTAGES OF DATA BASE MANAGEMENT SYSTEM. TO BE DICUSSED... Advantages of Database Management System  Controlling Data RedundancyControlling Data Redundancy.
Click to add text Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 6: Accessing.
Coupling Facility. The S/390 Coupling Facility (CF), the key component of the Parallel Sysplex cluster, enables multisystem coordination and datasharing.
Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 1 Main Frame Computing Objectives Explain why data resides on mainframe.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
© 2009 IBM Corporation Statements of IBM future plans and directions are provided for information purposes only. Plans and direction are subject to change.
Chapter 5 Managing Multi-user Databases 1. Multi-User Issues Database Administration Concurrency Control Database Security Database Recovery Page 307.
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
Review of IT General Controls
INFORMATION SYSTEMS SECURITY AND CONTROL.
Direct Attached Storage and Introduction to SCSI
Functions of a Database Management System
Chapter 2: System Structures
Managing Multi-user Databases
Direct Attached Storage and Introduction to SCSI
Introduction of Week 13 Return assignment 11-1 and 3-1-5
Chapter 2: Operating-System Structures
Operating Systems: A Modern Perspective, Chapter 3
Chapter 2: Operating-System Structures
IBM Tivoli Storage Manager
Presentation transcript:

Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 4: Integrity and security

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 2 Chapter objectives After completing this chapter, you will be able to: Describe the security and integrity needs of a large-scale operating environment Describe the methods for serialization in a multi-user environment Describe the built-in features that enable integrity and security Describe the two-phase commit process and why it is needed Describe the features needed from an add-on security package

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 3

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 4 Integrity 1.Data Integrity – Primarily concerned with the accidental damage and recovery of data. 2.System Integrity – Ensures there is no way for any unauthorized program to:  Bypass store or fetch protection  Bypass security checking  Obtain control in an authorized state

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 5 Serialization Serialization means make a resource to be used on a one-at-a- time basis Methods to prevent concurrent updates:  Enqueing  Reserves  Locks  Global Resource Serialization (GRS)

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 6 Serialization - GRS

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 7 DFSMS is the component of the operating system that controls all data set allocation and provides automatic backup of the data The DFSMS constructs:  Data class  Storage class  Management class  Storage group  ACS routines Aggregate group Copy Pools DFSMS

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 8 SMS Constructs

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 9 Auditing is the process of ensuring that the information processing system complies with the installation security policy. Auditing may be:  A one time project (e.g; a snap inspection) or  An ongoing process System Management Facilities: writes audit records o DASD System Logger: log changes to data Auditing

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 10 RRS is the coordinating resource manager that assures that all the updates of the different data storage places are correctly coordinated and that the data integrity is maintained. Resource Recovery Services (RRS)

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 11 RRS – Two-phase commit Resource Manager 3 Application Resource Recovery Services (RRS) Resource Manager 1 Resource Manager 2

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 12 Depending on the needs of the company Some tools:  FlashCopy (on 1 subsystem)  Remote Copy  Metro Mirror  Global Copy  Global Mirror  Global Mirror for IBM System z  Other backup and recovery solutions: Data backup and recovery

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 13 Data backup and recovery : FlashCopy

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 14 Data backup and recovery : Remote Copy

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 15 Data backup and recovery : Metro Mirror When the application performs a write update operation to a primary volume, this is what happens: 1.Write to primary volume (DS6000 cache and NVS). 2.Write to secondary (DS6000 cache and NVS). 3.Signal write complete on the secondary DS Post I/O complete to host server.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 16 Data backup and recovery: Global Copy 4. The secondary DS6000 returns write complete to the primary DS6000 when the updates are secured in the secondary DS6000 cache and NVS. The primary DS6000 then resets its change recording information. The primary and secondary copies can be separated by any distance. The process is as follows: 1. The host server requests a write I/O to the primary DS6000. The write is staged through cache and non-volatile storage (NVS). 2. The write returns to the host server’s application. 3. At a later time, that is, in a non- synchronous manner, the primary DS6000 sends the necessary data so that the updates are reflected on the secondary volumes. The updates are grouped in batches for efficient transmission.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 17  Global Mirror  Global Mirror for IBM System z  Other backup and recovery solutions: Data set level Volume level Application level Data backup and recovery:

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 18

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 19 Security System Z servers achieve Common Criteria Security Certification - Evaluation Assurance Level 5. U. S. Government had rated the mainframe EAL4+ PR/SM configures separate logical systems on the same hardware. It prevents the flow of information among logical partitions, providing a highly secure isolated environment. ATTENTION: Only the IBM mainframe partitions have attained an EAL5 rating. IBM System Z partitioning achieves highest certification

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 20 z/OS Architecture : Enforced Isolation Address Spaces - Unique area for executing and storing data for each user or program. Frames – 4096-byte chunks of storage protected keys. Address Spaces Virtual Storage (memory) Physical Storage Real Storage (frames)

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 21 z/OS System Security Mechanisms Supervisor Call Routine (SVC) Code to perform system level functions. Problem StateMost modules run in this state. Supervisor StateOnly operating system modules run in this state. Authorized Program Facility (AFP) 1.Limits the use of sensitive SVCs to authorized programs. 2.Ensures that all modules fetched by authorized programs only come from authorized libraries. Storage Protection Keys Keys 0-7 are system keys and can only be obtained by programs in supervisor state. Keys 8-15 are user keys. Authorized Program Any program that runs, in supervisor state, with APF authorization, with a storage key in 0-7.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 22 z/OS System Security An attribute of z/OS such that there is no way for an unauthorized program:  To bypass store or fetch protection.  To bypass Password, RACF, or System Authorization Facility (SAF) mediated security checking, or,  To obtain control in an authorized state

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 23 z/OS Security Accessor Environment Element (ACEE) Operating system control block which is assigned when a user logs on the system and is used for authentication and auditing. Security Access Facility (SAF) Operating system function which provides security for resources. It is called for every access attempt and access is either granted or denied. External security products such as Top Secret and RACF are used to define, users, resources and access levels. z/OS Security Server (RACF) Optional z/OS feature to provide additional security enhancements.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 24 z/OS Certification On March 11,2005, BSI awarded IBM EAL3+ certification for its flagship operating system z/OS 1.6 with the RACF optional feature. The certification encompasses Controlled Access Protection Profile (CAPP) EAL3+ and Labeled Security Protection Profile (LSPP) EAL 3+. z/OS 1.5 and later with the RACF optional feature and DB2 Version 8, provides a multilevel security (MLS) solution.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 25 Functions provided by z/OS Security Server Traditional Functions 1.Identify and authenticate users. 2.Authorize users to protected resources. 3.Control users’ level of authorization to resources. 4.Log and report attempts to unauthorized. 5.Providing auditing functions. Newer Functions 1.Generation/Management of digital certificates. 2.Multilevel security

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 26 Summary The New Mainframe: Has several possibilities for to guaranty the integrity of the data Data can be recovered when needed Has several possibilities to make sure that the data is save and secure

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. 27 Key terms in this chapter ACEE APF Audit Backup DFSMS EAL ENQ Remote Copy FlashCopy Global Mirror GRS Integrity Lock Program states RACF Remote copy RRS SAF Security Serialization SMF SMS Storage protect key SVC System logger Two-phase commit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.