IBM s/390 manual Operating Systems Messages console, Security, Server memory

Page 49

5.2 Operating Systems Messages console

Larger S/390 machines have an Operating Systems Messages console function that is provided through the Support Element (SE) or a Hardware Management Console (HMC). This console function is sometimes known as the “system console” or the “hardware system console.” OS/390 attempts to use it if all other MVS consoles fail.

FLEX-ES emulates this console through the CLI window--the window with the flexes prompt. Messages written from the S/390 to the Operating Systems Messages console appear after the flexes prompt. You need to press Enter (with the desktop focus in this window) to restore the flexes prompt. You can reply or enter commands through the Operating System Messages console by using the CLI command hwc:

flexes> SPECIFY SYSTEM PARAMETERS

(message from OS/390)

flexes>

hwc R 00,CLPA

(press Enter to get flexes prompt)

 

flexes>

 

 

5.3 Security

As we explained earlier, FLEX-ES is a layer of software that resides and operates between an OS/390 system and an underlying Linux system. All the security features and functions that come with an OS/390 system work as on any other S/390 platform. However, it is possible for a Linux user with sufficient privilege to gain access to the contents of an emulated DASD or central storage associated with an emulated CPU, and so forth.

A ThinkPad/EFS owner must plan and manage traditional Linux security functions for the underlying Linux system, as well as traditional S/390 security management. If the ThinkPad/EFS platform is used only for S/390 operation, this can be fairly simple.

A unique concern involves the OS/390 master console(s). These can be implemented through the Terminal Solicitor. This is convenient, but offers an opportunity for an unwanted person to connect as a master console. We suggest that you have a master console on the ThinkPad display and direct any other master consoles1 to specific IP addresses and not through the Terminal Solicitor. This is done by specifying an IP address in the FLEX-ES resources file, instead of a terminal name. This means, of course, that the client systems connecting to the emulated 3270 interfaces must have static IP addresses.

The FLEX-ES resource manager uses TCP/IP port 555 to talk with other instances of FLEX-ES resource managers. There may be a potential for problems if someone hacks this port. We are not aware of any instances of this, but it is a potential concern if you use an open network to link multiple FLEX-ES systems at this level. (Would you use an open network for shared DASD data flow on a “real” S/390? You need to look at this potential exposure from this viewpoint and not from a PC networking viewpoint.)

5.4 Server memory

The memsize + essize + cachesize*11 + DASD cache (described in “System definitions” on page 73 ) total values (when translated to bytes of storage) approximate the amount of Linux virtual storage needed to run an instance of S/390 emulation. If you emulate two S/390 systems (at the same time), you will need to add the values for each of the two emulated systems.2 You can emulate more S/390 instances, but each one will require more memory.

1We are using the term “master console” loosely here to mean any OS/390 operator console.

2Some of the DASD cache memory may be shared among multiple emulated S/390s.

Chapter 5. Additional Topics

39

Page 48 Page 50
Image 49
Page 48 Page 50
Contents Bill Ogden ThinkPad Enabled for S/390Page International Technical Support Organization First Edition October Contents Shutting down Index Vi S/390 PID ThinkPad Enabled for S/390 Author Special noticeComments welcome IBM trademarksIntroduction ThinkPad/EFS systems Purpose of this redbookFLEX-ES Positioning with other small S/390s LinuxThinkPad/EFS hardware used Terminology Disk planning System and Linux installationDifferences ThinkPad Linux installationPartition Manually Partition Mount Point Device Requested Actual Type Purpose12.17.210 Device Partition Type Default Boot255.255.255.0 12.17.150Gnome Monitor Setup IBM 9513 T55A TFT No clock chip 24 bit Installation notesSelect Start X automatically # df -h# ps -ef grep xinetd Etc/xinetd.d # vi telnet# kill -s USR1 pidnumber PID number for xinetd 14 S/390 PID ThinkPad Enabled for S/390 FLEX-ES and OS/390 installation Brief introduction FLEX-ESPC Processor in ThinkPad Page Installation Installing the FLEX-ES license key Next steps OS/390 AD systemsAD systems # mkdir /s391Basic CD-ROM formats 2 OS/390 on CD-ROMFLEX-ES formats 3 OS/390 device configurationUnzipping and installing Awsckd CD-ROM files Installation tasksAn unzip program Mount /dev/cdrom /mnt/cdromFile ownership Minor problemsFiles unzip in wrong order Volume in two separate zip filesFLEX-ES Operation Comments FLEX-ES system and resource definitions$ cd /usr/flexes/rundir Building a shell script# resadm -s R10A.rescf $ resadm -r$ sh shos Flexes ipl a80 0a82cs Terminal Solicitor IPL OS/390=stor User terminal connection Operation and use11.42.47 A80,8Iodf requirements Linux TN3270System performance monitors Rmf5 TCP/IP for OS/390 # resadm -T Shutting down# resadm -k # exit36 S/390 PID ThinkPad Enabled for S/390 Additional Topics Basic debugging Security Operating Systems Messages consoleServer memory Vmstat command CPU Importance of Linux swappingUltrabay Using a second Linux hard disk# cat /proc/partitions Second disk planning Partition Mount Size Use Disk layout AD systemDevice Volser Addr Use Alternative method FLEX-ES FakeTape on OS/390222222 560Multi-system setup $ x3270 -model 3 -keymap pc -port tn3270 localhost X3270 client$ x3270 -model 3 -keymap pc -port tn3270 localhostt91f Function Keys UsedRemote resources # cd /usr/lib/X11/app-defaults # cp X3270 X3270old# vi System B Disk cachesWrites Cache Hits FSI Channel Adapters Tuning cachesizeScsi adapter for the ThinkPad Backup and restore considerationsDisk fragmentation $ tar -cvzf /holding/OS39RA.tarz /s390/OS39RA Using tar to back up S/390 volumes$ cd /usr/flexes/rundir $ sh buOS39RAc Using tar and ftpCD-RW drive 16 S/390 identificationRAS discussion Display PSW and registersLinux windows Verify ckd diskThinkPad power control Installing FLEX-ES upgradesCommon commands Useful Linux commandsText editors Multiple consoles, sessions, screens62 S/390 PID ThinkPad Enabled for S/390 Frequently asked questions 64 S/390 PID ThinkPad Enabled for S/390 Frequently asked questions 66 S/390 PID ThinkPad Enabled for S/390 Frequently asked questions 68 S/390 PID ThinkPad Enabled for S/390 Basic definitions for a single HDD Appendix A. FLEX-ES definition listingsShell script for a single HDD Definitions for two HDDs Shell script for two HDDs System definitions Appendix B. FLEX-ES parametersCpu0 Cpu1 Cpu2 Emulated control unit types Resource definitionsTypical resource definitions Emulated device typesCKD disk resources Terminal resources LAN resources Tape resourcesCloned devices Common rules Resadm commandCLI commands 710 Altcons Flexes mount A90 S390/WORK01560 Home/tape3 84 S/390 PID ThinkPad Enabled for S/390 Special notices 86 S/390 PID ThinkPad Enabled for S/390 IBM Redbooks How to get IBM RedbooksReferenced Web sites Other resourcesIBM Redbooks collections Index Pipe Port Power control Terminal logo Terminal Solicitor 16, 18, 31, 39, 65 92 S/390 PID ThinkPad Enabled for S/390 Partners in Development ThinkPad Enabled for S/390 Page Page System setup AD CD-ROM use System operation ThinkPad Enabled for S/390
Top Page Image Contents