Table of Contents
Advertisement
Functional Characteristics
Logical partitions are defined, and the I/O resources of the overall physical
computing system are pre-allocated by the security administrator. I/O allocation is
an integral part of the process of defining a total system configuration, and must be
completely performed before that system configuration can be initialized. This
pre-allocation is done by executing the Input/Output Configuration Program (IOCP)
or Hardware Configuration Definition (HCD) to create a hardware-specific data set,
called an Input/Output Configuration Data Set (IOCDS), of the I/O resources and
their allocation to specific logical partitions. LPAR allocates an entire resource, such
as an I/O channel path or a contiguous region of storage. At no time is any real
resource allocated to more than one logical partition. Each complete I/O resource
allocation is called a configuration. During the period between processor
initializations, several IOCDS configurations can be stored, but only one is in effect
at any time. The configuration becomes effective as part of the power-on reset
sequence. In order to change the active configuration it is necessary to perform an
activation of the hardware.
The preceding paragraph deliberately omits any discussion of Dynamic I/O
Configuration, Dynamic CHPID management, Reconfigurable channel paths
(CHPIDs), I/O resource sharing using Multiple Image Facility (MIF) or Intelligent
Resource Director (IRD), because each of them has characteristics that, if
inappropriately used, can compromise the secure consolidation capability of PR/SM.
Cautions and requirements relating to their use are included throughout this
appendix.
The reminder of the logical partition's resources are defined by the security
administrator prior to the activation of the logical partition. These resources include
storage size, number of logical processors, scheduling parameters, and security
controls, which can be specified by the security administrator using the appropriate
interfaces on the HMC/SE. Many of the control and security parameters can be
changed at any time and will take effect dynamically with few exceptions (e.g.,
specifying dedicated processors for a partition will only take effect if the partition is
not yet activated.) Logical partition definitions take effect at logical partition
activation, and generally are static while the partition they pertain to is active.
When a resource is allocated to a logical partition, it is set to its
architecturally-defined reset state. Channel paths are reset, main and expanded
storage is zeroed.
Trusted Configuration
This section describes the actions the Security Administrator must take to help
ensure that the computer system is configured for a secure mode of operation. The
contents of this section specify the configuration of the evaluated product. Any
deviation from the specified configuration will not be consistent with that of the
evaluated product and may result in partitions that do not provide strict separation.
Subsequent sections in this document detail the security related characteristics of
the evaluated product as well as security configurations that were not included in
the evaluation. These details are provided to explain and highlight the differences
between the various security settings. Nevertheless, to insure strict separation of
partitions, only the configuration specified in this section should be used.
Note: All configuration requirements listed in subsequent sections are mandatory
B-2
PR/SM Planning Guide
regardless of whether the term must or should is used.
Advertisement
Chapters
Table of Contents
