{"id":24756,"date":"2024-12-04T16:23:54","date_gmt":"2024-12-04T15:23:54","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=24756"},"modified":"2024-12-05T08:18:26","modified_gmt":"2024-12-05T07:18:26","slug":"segmentation-in-mainframe-z-os-and-lpm","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/","title":{"rendered":"Segmentation in mainframe z\/OS and LPM"},"content":{"rendered":"\n<h2><span data-contrast=\"none\">Brief introduction to mainframe<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Mainframe computers play a central role in the daily operations of the world\u2019s largest corporations. It dominates the landscape of large-scale business computing in banking, finance, health care, insurance, public utilities, government, and a multitude of other public and private enterprises. <\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<strong>The subject of this article will be how to improve its level of cyber security in order to best meet the requirements of the LPM.<\/strong><\/span><\/p>\n<h3><span data-contrast=\"none\">Factors contributing to mainframe use<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The reasons for mainframe use are many but most of them lay beyond one of the following categories.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">RAS<\/span><\/b><span data-contrast=\"auto\"> (Reliability, availability, and <\/span><span data-contrast=\"none\">serviceability): Mainframe design places a high priority on the system always remaining in service. The system has<\/span><span data-contrast=\"auto\"> error prevention and detection features, it can recover from a failed component without impacting the rest of the running system and determine why a failure occurred.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Security<\/span><\/b><span data-contrast=\"auto\">: The mainframe provides secure system for processing large numbers of heterogenous applications that can access critical data and offers an unmatched protection for workload isolation, storage protection, and secured communications.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Scalability: <\/span><\/b><span data-contrast=\"auto\">Mainframe can run multiple copies of the operating system software as a single entity.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Continuing compatibility: <\/span><\/b><span data-contrast=\"auto\">Mainframe hosts old applications that evolved or not over the years and more recent applications development. The mainframe provides absolute compatibility across decades of changes and enhancement. When an incompatibility is unavoidable, the designers typically warn users at least a year in advance that software changes might be needed.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Evolving architecture:<\/span><\/b><span data-contrast=\"auto\"> Mainframe has been the leading technology in data and transaction serving for over four decades. Strong combination of past mainframe characteristics and next functionalities designed around the RAS are provided by each new generation.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Extensibility: <\/span><\/b><span data-contrast=\"auto\">Mainframe component and infrastructure reuse is characteristic of its design (a share-everything architecture).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Lower total cost of ownership (TCO).<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Environmental friendliness: <\/span><\/b><span data-contrast=\"auto\">Fewer physical servers running at a near constant energy level can host multiple virtual software servers. This setup allows a company to optimize the utilization of hardware and consolidate physical server infrastructure by hosting servers on a small number of powerful servers.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<h3><span data-contrast=\"none\">Hardware Systems and high availability<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><span class=\"TextRun SCXW224693710 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW224693710 BCX0\">To introduce mainframe <\/span><span class=\"NormalTextRun SCXW224693710 BCX0\">hardware,<\/span><span class=\"NormalTextRun SCXW224693710 BCX0\"> we will take<\/span> <span class=\"NormalTextRun SCXW224693710 BCX0\">as example the<\/span> <a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg248950.pdf\"><span class=\"NormalTextRun SCXW224693710 BCX0\">Z1<\/span><span class=\"NormalTextRun SCXW224693710 BCX0\">6<\/span> <\/a><span class=\"NormalTextRun SCXW224693710 BCX0\">generation mainframe <\/span><span class=\"NormalTextRun SCXW224693710 BCX0\">systems <\/span><span class=\"NormalTextRun SCXW224693710 BCX0\">offer<\/span><span class=\"NormalTextRun SCXW224693710 BCX0\">:<\/span><\/span><span class=\"EOP SCXW224693710 BCX0\" data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">A high computing capacity (up to 200 processors<\/span><span data-contrast=\"auto\">)<\/span><span data-contrast=\"auto\">\u00a0ensuring swift processing of tasks and handling of complex computations.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">A big capacity memory (up to 40 TB<\/span><span data-contrast=\"auto\">) enabling storage and retrieval of vast amounts of data rapidly.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">A memory cache optimizing performance.<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Data compression capability facilitating efficient storage and transmission of data by reducing its size.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Encryption functionalities to secure transactions providing robust security measures to safeguard sensitive information during transactions.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24729 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/1exemple-mainframe.jpg\" alt=\"\" width=\"645\" height=\"437\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/1exemple-mainframe.jpg 645w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/1exemple-mainframe-282x191.jpg 282w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/1exemple-mainframe-58x39.jpg 58w\" sizes=\"auto, (max-width: 645px) 100vw, 645px\" \/><\/p>\n<p style=\"text-align: justify;\"><span class=\"TextRun SCXW176476193 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW176476193 BCX0\">Despite the continual changes, mainframe computers <\/span><span class=\"NormalTextRun SCXW176476193 BCX0\">remain<\/span><span class=\"NormalTextRun SCXW176476193 BCX0\"> the most stable, secure, and compatible of all computing platforms. From the client-server model of computing in the early 90s to the significant increase <\/span><span class=\"NormalTextRun SCXW176476193 BCX0\">o<\/span><span class=\"NormalTextRun SCXW176476193 BCX0\">f <\/span><span class=\"NormalTextRun SCXW176476193 BCX0\">scalability and performance<\/span><span class=\"NormalTextRun SCXW176476193 BCX0\"> and capacity today the mainframe computers evolved to meet new challenges.<\/span><\/span><span class=\"EOP SCXW176476193 BCX0\" data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24731 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/2Evolution-du-mainframe-et-de-ses-composants.jpg\" alt=\"\" width=\"657\" height=\"420\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/2Evolution-du-mainframe-et-de-ses-composants.jpg 657w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/2Evolution-du-mainframe-et-de-ses-composants-299x191.jpg 299w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/2Evolution-du-mainframe-et-de-ses-composants-61x39.jpg 61w\" sizes=\"auto, (max-width: 657px) 100vw, 657px\" \/><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><em><span class=\"TextRun SCXW122406273 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW122406273 BCX0\">Growth of the mainframe and its components<\/span><\/span><\/em><\/a><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Z\/16 generation mainframe are multiprocessor servers. Each processor has a small private area of memory that is unique to that processor called Prefix Storage Area (PSA) the processor can access other processor\u2019s PSA through special programming, although this is normally done only for error recovery purposes.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The mainframe disk drives are accessible through an associated Control Unit that has up to four fiber channel connections to one or more processors (through switch).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p>\u00a0<\/p>\n<h3><span data-contrast=\"none\">System control and partitioning<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">There are many ways to illustrate a mainframe internal structure. The figure bellow illustrates several internal functions of the mainframes. The internal controllers are microprocessors they are usually known as controllers to avoid confusion with mainframe processors.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24733 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/3Controle-du-systeme-et-partitionnement.jpg\" alt=\"\" width=\"735\" height=\"470\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/3Controle-du-systeme-et-partitionnement.jpg 735w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/3Controle-du-systeme-et-partitionnement-299x191.jpg 299w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/3Controle-du-systeme-et-partitionnement-61x39.jpg 61w\" sizes=\"auto, (max-width: 735px) 100vw, 735px\" \/><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><em><span class=\"TextRun SCXW106491300 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW106491300 BCX0\">System control and partitioning<\/span><\/span><\/em><\/a><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The mainframe can be partitioned into separated <\/span><b><span data-contrast=\"auto\">L<\/span><\/b><span data-contrast=\"auto\">ogical <\/span><b><span data-contrast=\"auto\">PAR<\/span><\/b><span data-contrast=\"auto\">titions <\/span><b><span data-contrast=\"auto\">(LPARs)<\/span><\/b><span data-contrast=\"auto\"> where system resources (memory, processors, and I\/O devices) can be divided or shared among them under the control of <\/span><b><span data-contrast=\"auto\">LPAR hypervisor <\/span><\/b><span data-contrast=\"auto\">(type 1 hypervisor \/ native) which comes with the standard Processor Resource\/ Systems Manager <\/span><b><span data-contrast=\"auto\">(PR\/SM) <\/span><\/b><span data-contrast=\"auto\">feature on all mainframes. <\/span><b><span data-contrast=\"auto\">Each LPAR support independent operating system (OS)<\/span><\/b><span data-contrast=\"auto\"> loaded by a separate initial program load (IPL) operation and has its own copy (most of the z\/OS system libraries can be shared).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Today\u2019s machines can be configured with <\/span><b><span data-contrast=\"auto\">up to 60 LPAR<\/span><\/b><b><span data-contrast=\"none\">,<\/span><\/b> <span data-contrast=\"auto\">each one is considered as a distinct server with different OS environments. The system administrator can assign one or more system processors to the exclusive use of an LPAR through system control functions (firmware).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:0}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24735 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/4Partition-logique.jpg\" alt=\"\" width=\"633\" height=\"367\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/4Partition-logique.jpg 633w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/4Partition-logique-329x191.jpg 329w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/4Partition-logique-67x39.jpg 67w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/4Partition-logique-120x70.jpg 120w\" sizes=\"auto, (max-width: 633px) 100vw, 633px\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><i><span data-contrast=\"auto\">Logical partition<\/span><\/i><\/a><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Clustering<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Most z\/OS installations nowadays use one or more of the following clustering technics:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Basic Shared DASD (Direct Access Storage Devices):<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">A basic shared DASD system is typically used where the operations staff controls which jobs go to which system and ensures that there is no conflict, such as both systems trying to update the same data at the same time. Despite this limitation, a basic shared DASD environment is useful for testing, recovery, and careful load balancing.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24737 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/5Basic-shared-DASD.jpg\" alt=\"\" width=\"580\" height=\"260\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/5Basic-shared-DASD.jpg 580w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/5Basic-shared-DASD-426x191.jpg 426w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/5Basic-shared-DASD-71x32.jpg 71w\" sizes=\"auto, (max-width: 580px) 100vw, 580px\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><i><span data-contrast=\"auto\">Basic shared DASD<\/span><\/i><\/a><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:720,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">CTC rings:<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">CTC rings (Chanel To Chanel) function simulate an input\/output device that can be used by one System Control Program (SCP) to communicate with another SCP. It provides the data path and synchronization for data transfer.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">z\/OS can use the CTC ring to pass control information among all systems in the ring. This information can include usage and locking information for data sets on disks, job queue information, security controls and disk metadata controls.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24739 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/6Basic-sysplex.jpg\" alt=\"\" width=\"563\" height=\"250\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/6Basic-sysplex.jpg 563w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/6Basic-sysplex-430x191.jpg 430w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/6Basic-sysplex-71x32.jpg 71w\" sizes=\"auto, (max-width: 563px) 100vw, 563px\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><i><span data-contrast=\"auto\">Basic sysplex<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:720,&quot;335559739&quot;:0}\">\u00a0<\/span><\/a><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The ring aspect is more obvious when more than two systems are involved.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Parallel Sysplex:<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">A sysplex system is one or more (up to 32 LPARS) z\/OS images joined into a cooperative single unit using specialized hardware and software. It uses unique messaging services and can share special file structures contained within couple facility (CF) data sets.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The Coupling facility (CF) is a logical partition that provides high speed caching, list processing and locking functions for sysplex. It contains one or more mainframe processors and a built-in operating system.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">A Parallel Sysplex is a symmetric sysplex using multisystem data-sharing technology. This is the mainframe\u2019s clustering technology. It allows direct, concurrent read\/write access to shared data from all processing servers in the configuration without impacting performance or data integrity. Each LPAR can concurrently cache shared data in the CF processor memory through hardware-assisted, cluster-wide serialization and coherency controls.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">This technic allows requests that are associated with a single workload to:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Dynamically be balanced across systems with high performance.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Improve availability.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Provide a rolling maintenance for systems and applications.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Offer a scalable workload.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">View multiple-system environments as a single logical route.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Synchronizing the TOD clocks (Time Of Day clock service) on multiple servers which allows events occurring on different servers to be properly sequenced in time.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24741 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/7Parallel-Sysplex.jpg\" alt=\"\" width=\"562\" height=\"356\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/7Parallel-Sysplex.jpg 562w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/7Parallel-Sysplex-302x191.jpg 302w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/7Parallel-Sysplex-62x39.jpg 62w\" sizes=\"auto, (max-width: 562px) 100vw, 562px\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.redbooks.ibm.com\/redbooks\/pdfs\/sg246366.pdf\"><i><span data-contrast=\"auto\">Parallel Sysplex<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:720,&quot;335559739&quot;:0}\">\u00a0<\/span><\/a><\/p>\n<p>\u00a0<\/p>\n<h3><span data-contrast=\"none\">Mainframe security<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:720,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Mainframe Z system security systems (access control, authentication, access control lists\u2026) are centralized inside one unique service called <\/span><b><span data-contrast=\"auto\">SAF<\/span><\/b><span data-contrast=\"auto\"> (System authorization Facility).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">SAF doesn\u2019t require any other security product, but it is generally completed with other security product called ESM (External Security Manager) like TSS and RACF.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">RACF:<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">RACF (Resource Access Facility) is part of a global <\/span><b><span data-contrast=\"auto\">IBM offer<\/span><\/b><span data-contrast=\"auto\"> named z\/Os Security Server that includes an LDAP server, a z\/Os Firewall technology, an Enterprise Identity Mapping component, RACF, \u2026<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">RACF provides Discretionary Access Control (DAC) and Role Based Access Control (RBAC) functionality.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559731&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">TSS:<\/span><\/b><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The mainframe z\/OS SAF (System Authorization Facility) can be used to delegate all security tasks to <\/span><b><span data-contrast=\"auto\">Broadcom TSS<\/span><\/b><span data-contrast=\"auto\"> (Top Secret Services).\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">TSS is an External Security Manager (ESM) developed by Broadcom and it is responsible of managing identification, authentication, and access control for z\/OS resources like datasets, TCP\/IP stacks, and programs. Each process has an owner (UserID) who starts with no permissions by default, and a TSS security officer must grant access to resources. Application isolation is achieved by carefully managing the permissions given to different resources. Additionally, firewall filtering can be applied to both incoming and outgoing traffic of the mainframe.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:360,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p>\u00a0<\/p>\n<h2><span data-contrast=\"none\">Mainframe compliance with the LPM<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<h3><span data-contrast=\"none\">What is the LPM?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The LPM is a strategic French defence plan whose objective is to ensure the security of operators of vital importance, companies, or organizations, for whom the interruption of one or their vital mission(s) would have an impact on the security of the nation.<\/span><span data-contrast=\"auto\">\u200b<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">It concerns the protection of Information Systems of Vital Importance (SIIV), on which these vitally important missions are based, and Points of Vital Importance (PIV), places hosting sensitive IS.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">It is relatively close to the NIS (Network and Information Security) directive about the security requirements to be applied to its SIIV but integrates new notions and obligations which make it more restrictive.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Why is the mainframe subject to the LPM?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Mainframe z\/OS (MFRz) is in the heart of the banking activity due to several reasons:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Its capability of managing big transaction and compute volumes.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">It offers a modularity inside a centralized system.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Scalability and openness of the system.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Interesting costs.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335559685&quot;:720}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24743 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/8SIIV-et-MFRz.jpg\" alt=\"\" width=\"1163\" height=\"172\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/8SIIV-et-MFRz.jpg 1163w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/8SIIV-et-MFRz-437x65.jpg 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/8SIIV-et-MFRz-71x11.jpg 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/8SIIV-et-MFRz-768x114.jpg 768w\" sizes=\"auto, (max-width: 1163px) 100vw, 1163px\" \/><\/span><\/p>\n<h2><span data-contrast=\"none\">How can we perform segmentation in the mainframe?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">To ensure isolation of assets inside the mainframe we can identify three possible scenarios (complete isolation, dedicated LPAR and network isolation).\u00a0<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The following scenarios however does not provide microsegmentation between assets in the same VLAN or sharing the same TCP\/IP stack.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Complete isolation<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">A dedicated mainframe instance is dedicated for the SIIV assets. All communications with external asset are filtered through the mainframe firewall. However, this solution has a high material cost with a big operational risk. SIIV asset should be all migrated to this new mainframe instance and the building of this new environment require human resources.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24745 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/9Exemple-disolation-complete-.jpg\" alt=\"\" width=\"731\" height=\"392\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/9Exemple-disolation-complete-.jpg 731w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/9Exemple-disolation-complete--356x191.jpg 356w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/9Exemple-disolation-complete--71x39.jpg 71w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><\/p>\n<p style=\"text-align: center;\"><i><span data-contrast=\"auto\">Complete isolation example<\/span><\/i><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Dedicated LPAR<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">In this isolation scenario an LPAR is dedicated for the SIIV assets. As discussed in the \u201cSystem control and partitioning\u201d chapter mainframe can be partitioned into separated logical partitions <\/span><b><span data-contrast=\"auto\">(LPARs)<\/span><\/b><span data-contrast=\"auto\"> where system resources and each LPAR support independent operating system (OS).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Isolating all the SIIVs in one LPAR is not feasible because each asset runs on a different OS (Linux, z\/OS\u2026).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0,&quot;335559739&quot;:0}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24747 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/10Exemples-disolation-LPAR-.jpg\" alt=\"\" width=\"902\" height=\"513\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/10Exemples-disolation-LPAR-.jpg 902w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/10Exemples-disolation-LPAR--336x191.jpg 336w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/10Exemples-disolation-LPAR--69x39.jpg 69w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/10Exemples-disolation-LPAR--768x437.jpg 768w\" sizes=\"auto, (max-width: 902px) 100vw, 902px\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><em> <span class=\"TextRun SCXW179288589 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW179288589 BCX0\">LPAR isolation examples<\/span><\/span><span class=\"EOP SCXW179288589 BCX0\" data-ccp-props=\"{&quot;335559685&quot;:3544,&quot;335559739&quot;:0}\">\u00a0<\/span><\/em><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">A dedicated LPAR per SIIV OS can be set to remediate to that. This solution has however some weakness:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">The SIIV assets share the same physical server with non SIIV assets.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Adding resources allocated to these new LPARs will induce an increase of the cost.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Network isolation<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Assets can be logically partitioned through PR\/SM (IBM processor resource \/ system manager). Using this feature mainframe urbanization can be designed to optimize the use of resources, by dedicating partitions by environment or by type of service. Each partition has its own TCP\/IP stack and one or more OSA cards (network cards that can be shared between partitions).\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Mainframes can be connected to different networks, that are accessible through these various TCP\/IP stacks. Multiple stacks can run on one mainframe instance allowing one z\/OS partition to communicate to multiple networks at the same time and each stack is not necessarily active on each z\/OS partition.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24749 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/11Exemple-disolation-reseau-.jpg\" alt=\"\" width=\"474\" height=\"589\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/11Exemple-disolation-reseau-.jpg 474w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/11Exemple-disolation-reseau--154x191.jpg 154w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/11Exemple-disolation-reseau--31x39.jpg 31w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/p>\n<p style=\"text-align: center;\"><span class=\"TextRun SCXW84561537 BCX0\" lang=\"EN-GB\" xml:lang=\"EN-GB\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW84561537 BCX0\"><em>Network isolation example<\/em><\/span><\/span><span class=\"EOP SCXW84561537 BCX0\" data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Two assets sharing the same TCP\/IP stack can directly communicate with each other without the mainframe firewall filtering (example: communication between \u201cSIIV asset 1\u201d and \u201cSIIV asset 2\u201d).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Two assets hosted in different LPAR but sharing the same VLAN can directly communicate with each other without the mainframe firewall filtering (example: communication between \u201cSIIV asset 1\u201d and \u201cSIIV asset 3\u201d).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Two assets hosted in different LPAR and different VLAN have their communication filtered by the mainframe firewall (example: communication between \u201cSIIV asset 1\u201d and \u201cOther asset 4\u201d).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Any communication with assets outside of the mainframe is filtered by the mainframe firewall.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">This network isolation scenario allows isolation of SIIV from non-SIIV resources inside the mainframe, the optimization of the mainframe is preserved and there is a low operational risk as we don\u2019t move the SIIV resources outside the mainframe.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Summary of solutions<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24751 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/12Synthese-des-solutions-.jpg\" alt=\"\" width=\"1140\" height=\"381\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/12Synthese-des-solutions-.jpg 1140w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/12Synthese-des-solutions--437x146.jpg 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/12Synthese-des-solutions--71x24.jpg 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/12Synthese-des-solutions--768x257.jpg 768w\" sizes=\"auto, (max-width: 1140px) 100vw, 1140px\" \/><\/p>\n<p>\u00a0<\/p>\n<h2><span data-contrast=\"none\">Do the segmentation scenarios respond to the architecture security filtering criteria of the LPM?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The Complete isolation scenario responds fully to the LPM Partitioning and filtering requirement as the mainframe will be dedicated to the SIIVs and the incoming and outcoming flows will be filtered by the mainframe firewall. However as stated above this solution has several disadvantages mostly related to the cost and operational risk of moving all the SIIVs to another physical machines.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The Dedicated LPAR provides a logical isolation layer. The SIIVs are hosted in dedicated LPARs each one with its dedicated resources inside the mainframe. However this solution can lead to performance issues and high material cost.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;469777462&quot;:[1589],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The network isolation scenario provides an extra layer of network isolation relying on TCP\/IP stacks however non-SIIV application hosted in the same network as SIIV applications can still directly access it without filtering to remediate that the following conditions must be met:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;469777462&quot;:[1589],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Dedicated SIIV zones must be set in the IS where group application will be hosted.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;469777462&quot;:[426],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Dedicated TCP\/IP stacks must be set in the mainframe to which the SIIVs will be <\/span><span data-contrast=\"none\">connected<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;469777462&quot;:[426],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">In this scenario non-group critical resources communications with SIIVs will be forced to go through the firewall filtering.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;469777462&quot;:[426],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;469777462&quot;:[426],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-24753 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/13LPM-requirements-respect.jpg\" alt=\"\" width=\"722\" height=\"689\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/13LPM-requirements-respect.jpg 722w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/13LPM-requirements-respect-200x191.jpg 200w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/13LPM-requirements-respect-41x39.jpg 41w\" sizes=\"auto, (max-width: 722px) 100vw, 722px\" \/><\/span><\/p>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;469777462&quot;:[426],&quot;469777927&quot;:[0],&quot;469777928&quot;:[1]}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Administration of the mainframe<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<h3 style=\"text-align: justify;\"><span data-ccp-props=\"{}\">\u00a0<\/span><span data-contrast=\"none\">HMC<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">IBM z systems hardware monitoring and control services are performed through a dedicated console (HMC: Hardware Management Console) located in operator area and a Support Element console (SE) located inside a CEC (central electronic complex \u2013 mainframe \u201cbox\u201d) that can only be used by operators. The HMC is a physical computer located in an operator area and is dedicated to the management of the hardware and software of the mainframe. The HMC can\u2019t be used for another purpose. IBM can perform support actions through distant connections RSF (Remote Support Facility) for reporting and patching hardware issues.<\/span> <span data-contrast=\"auto\">Access to the OS and application layers can\u2019t be performed through these consoles.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">\u00a0To ensure compliance with the LPM, the HMC access must be protected by a firewall and restricted to a Bastion.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:1440}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Administration applications<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:40,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">IBM z systems embed several applications use to administrate the mainframe, such as<\/span><b><span data-contrast=\"auto\"> TSO <\/span><\/b><span data-contrast=\"auto\">(Time Sharing Option)<\/span><b><span data-contrast=\"auto\">, ISPF <\/span><\/b><span data-contrast=\"auto\">(Interface System Productivity Facility). These command-line interfaces allow users to run commands, submit batch jobs, manage rights and perform various administrative tasks. Access to those applications is managed through <\/span><b><span data-contrast=\"auto\">RACF <\/span><\/b><span data-contrast=\"auto\">(Resource Access Control Facility) which authenticate users and control the permissions based on assigned roles and access rights.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">To restrict the access to these administrative applications, the following measures must be deployed:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Two network interfaces must be configured: one dedicated to mainframe administration, and one dedicated to business.\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0d8\" data-font=\"Wingdings\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0d8&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">RACF protection must be enabled on those interfaces to restrict the access based on the accounts. To do so, RACF should be configured to check the Terminal class<\/span><span data-contrast=\"auto\">4<\/span><span data-contrast=\"auto\"> and grant access based on its content:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0a7\" data-font=\"Wingdings\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:1080,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[9642],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0a7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"2\"><span data-contrast=\"auto\">Administrators accounts can only access the administration interface<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul style=\"text-align: justify;\">\n<li data-leveltext=\"\uf0a7\" data-font=\"Wingdings\" data-listid=\"15\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:1080,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Wingdings&quot;,&quot;469769242&quot;:[9642],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0a7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"2\"><span data-contrast=\"auto\">Business users accounts can only access the business interface<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">To ensure compliance with the LPM, the administration interface access must be protected by a firewall and restricted to a Bastion.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Mainframe segmentation remains a critical component for organizations managing SIIVs. As we have explored, mainframe architecture provides a robust foundation for implementing effective segmentation strategies.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">The isolation solutions we have discussed each offers unique advantages and challenges. Complete isolation using dedicated mainframes is fully compliant with the LPM but at a higher cost, higher operational risk with reduced flexibility. LPAR isolation have a high operational cost and breaks the optimization of the MFRz. Network isolation using TSS or RACF to dedicate TCP\/IP stacks offer a more cost-effective, flexible solution with less operational risks but this solution is partially compliant with the LPM as the mainframe is not physically dedicated to the SIIVs. In addition to that the mainframe provides the necessary tools to secure its administration interfaces and to segregate it from the production.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span data-contrast=\"auto\">Choosing between these solutions requires careful consideration of an organization specific needs, security requirements and resource constraint. It is crucial to remember that there is no one-size-fits-all solution. The optimal approach will vary depending on the nature of the SIIV and the organization overall IT infrastructure<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Brief introduction to mainframe\u00a0 Mainframe computers play a central role in the daily operations of the world\u2019s largest corporations. It dominates the landscape of large-scale business computing in banking, finance, health care, insurance, public utilities, government, and a multitude of&#8230;<\/p>\n","protected":false},"author":1526,"featured_media":24758,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3977],"tags":[4576,1750,4577],"coauthors":[4571,4572],"class_list":["post-24756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-focus","tag-mainframe-2","tag-security-en","tag-zos-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Segmentation in mainframe z\/OS and LPM - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Segmentation in mainframe z\/OS and LPM - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Brief introduction to mainframe\u00a0 Mainframe computers play a central role in the daily operations of the world\u2019s largest corporations. It dominates the landscape of large-scale business computing in banking, finance, health care, insurance, public utilities, government, and a multitude of...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-04T15:23:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-05T07:18:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1709\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Quentin Perceval, Ayoub El Moutaouakkil\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Quentin Perceval, Ayoub El Moutaouakkil\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\"},\"author\":{\"name\":\"Quentin Perceval\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8bd008d594e90657ec43f5f404220542\"},\"headline\":\"Segmentation in mainframe z\/OS and LPM\",\"datePublished\":\"2024-12-04T15:23:54+00:00\",\"dateModified\":\"2024-12-05T07:18:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\"},\"wordCount\":2644,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg\",\"keywords\":[\"mainframe\",\"security\",\"zOS\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Focus\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\",\"name\":\"Segmentation in mainframe z\/OS and LPM - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg\",\"datePublished\":\"2024-12-04T15:23:54+00:00\",\"dateModified\":\"2024-12-05T07:18:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg\",\"width\":2560,\"height\":1709},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Segmentation in mainframe z\/OS and LPM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8bd008d594e90657ec43f5f404220542\",\"name\":\"Quentin Perceval\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/quentinperceval\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Segmentation in mainframe z\/OS and LPM - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/","og_locale":"en_US","og_type":"article","og_title":"Segmentation in mainframe z\/OS and LPM - RiskInsight","og_description":"Brief introduction to mainframe\u00a0 Mainframe computers play a central role in the daily operations of the world\u2019s largest corporations. It dominates the landscape of large-scale business computing in banking, finance, health care, insurance, public utilities, government, and a multitude of...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/","og_site_name":"RiskInsight","article_published_time":"2024-12-04T15:23:54+00:00","article_modified_time":"2024-12-05T07:18:26+00:00","og_image":[{"width":2560,"height":1709,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg","type":"image\/jpeg"}],"author":"Quentin Perceval, Ayoub El Moutaouakkil","twitter_misc":{"Written by":"Quentin Perceval, Ayoub El Moutaouakkil","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/"},"author":{"name":"Quentin Perceval","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8bd008d594e90657ec43f5f404220542"},"headline":"Segmentation in mainframe z\/OS and LPM","datePublished":"2024-12-04T15:23:54+00:00","dateModified":"2024-12-05T07:18:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/"},"wordCount":2644,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg","keywords":["mainframe","security","zOS"],"articleSection":["Cybersecurity &amp; Digital Trust","Focus"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/","name":"Segmentation in mainframe z\/OS and LPM - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg","datePublished":"2024-12-04T15:23:54+00:00","dateModified":"2024-12-05T07:18:26+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2024\/12\/pexels-cookiecutter-17323801-scaled.jpg","width":2560,"height":1709},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2024\/12\/segmentation-in-mainframe-z-os-and-lpm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Segmentation in mainframe z\/OS and LPM"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8bd008d594e90657ec43f5f404220542","name":"Quentin Perceval","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/quentinperceval\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/24756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1526"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=24756"}],"version-history":[{"count":9,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/24756\/revisions"}],"predecessor-version":[{"id":24785,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/24756\/revisions\/24785"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/24758"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=24756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=24756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=24756"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=24756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}