[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: : independent RACF instances & SYSPLEX
From:       Doug Behrends <racfdoug () GMAIL ! COM>
Date:       2009-11-30 22:55:39
Message-ID: ed06b5600911301455w43e71533qab7fae06be241f35 () mail ! gmail ! com
[Download RAW message or body]

One of the major items you must consider in this scenarioof shared DASD, is
Dataset access controls.  Unless you are very diligent in keeping the 2
RACF's in sync in regards to this, you may inadvertently allow access from
one LPAR and not the other.

I have encountered this is a shop where ths ere was shared DASD between a
RACF Lpar and a TOP SECRET Lpar....now there's a real bag of worms for ya !!


On Wed, Nov 25, 2009 at 2:27 PM, Subramanian, Shiva (Norcross) <
Shiva.Subramanian@fiserv.com> wrote:

> Hello fellow listers,
>
>   Assuming a SYSPLEX contains 2 LPARs that share underlying DASD etc.,, are
> there any serious disadvantages to having two independent RACF instances
> protecting these 2 LPARs.
>
>   I know RACF can be shared across the SYSPLEX, but due to some unique
> requirements we are considering deploying independent RACF across the LPARs
> and perhaps use RRSF etc., to sync up the databases to a certain degree, but
> keep the rule base independent.
>
>   Thoughts?
>
> Thanks & happy thanks giving,
>
> - Shiva
>



--
Doug Behrends
Professional Services Consultant

VANGUARD Integrity Professionals
Enterprise Security Software
6625 S. Eastern Avenue, Suite 100
Las Vegas, Nevada 89119
Phone: (303)980.4991 | Cell: (702)234.8571



--
Doug Behrends
Professional Services Consultant

VANGUARD Integrity Professionals
Enterprise Security Software
6625 S. Eastern Avenue, Suite 100
Las Vegas, Nevada 89119
Phone: (303)980.4991 | Cell: (702)234.8571
[prev in list] [next in list] [prev in thread] [next in thread]