[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: : independent RACF instances & SYSPLEX
From: Doug Behrends <racfdoug () GMAIL ! COM>
Date: 2009-11-30 22:55:39
Message-ID: ed06b5600911301455w43e71533qab7fae06be241f35 () mail ! gmail ! com
[Download RAW message or body]
One of the major items you must consider in this scenarioof shared DASD, is
Dataset access controls. Unless you are very diligent in keeping the 2
RACF's in sync in regards to this, you may inadvertently allow access from
one LPAR and not the other.
I have encountered this is a shop where ths ere was shared DASD between a
RACF Lpar and a TOP SECRET Lpar....now there's a real bag of worms for ya !!
On Wed, Nov 25, 2009 at 2:27 PM, Subramanian, Shiva (Norcross) <
Shiva.Subramanian@fiserv.com> wrote:
> Hello fellow listers,
>
> Assuming a SYSPLEX contains 2 LPARs that share underlying DASD etc.,, are
> there any serious disadvantages to having two independent RACF instances
> protecting these 2 LPARs.
>
> I know RACF can be shared across the SYSPLEX, but due to some unique
> requirements we are considering deploying independent RACF across the LPARs
> and perhaps use RRSF etc., to sync up the databases to a certain degree, but
> keep the rule base independent.
>
> Thoughts?
>
> Thanks & happy thanks giving,
>
> - Shiva
>
--
Doug Behrends
Professional Services Consultant
VANGUARD Integrity Professionals
Enterprise Security Software
6625 S. Eastern Avenue, Suite 100
Las Vegas, Nevada 89119
Phone: (303)980.4991 | Cell: (702)234.8571
--
Doug Behrends
Professional Services Consultant
VANGUARD Integrity Professionals
Enterprise Security Software
6625 S. Eastern Avenue, Suite 100
Las Vegas, Nevada 89119
Phone: (303)980.4991 | Cell: (702)234.8571
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic