Filter
Top Products
Chapter 5. Additional Topics 39
5.2 Operating Systems Messages console
Larger S/390 machines have an Operating Systems Messages console function that is
provided through the Support Element (SE) or a Hardware Management Console (HMC).
This console function is sometimes known as the “system console” or the “hardware system
console.” OS/390 attempts to use it if all other MVS consoles fail.
FLEX-ES emulates this console through the CLI window--the window with the flexes prompt.
Messages written from the S/390 to the Operating Systems Messages console appear after
the flexes prompt. You need to press Enter (with the desktop focus in this window) to restore
the flexes prompt. You can reply or enter commands through the Operating System
Messages console by using the CLI command hwc:
flexes> SPECIFY SYSTEM PARAMETERS (message from OS/390)
(press Enter to get flexes prompt)
flexes> hwc R 00,CLPA
flexes>
5.3 Security
As we explained earlier, FLEX-ES is a layer of software that resides and operates between an
OS/390 system and an underlying Linux system. All the security features and functions that
come with an OS/390 system work as on any other S/390 platform. However, it is possible for
a Linux user with sufficient privilege to gain access to the contents of an emulated DASD or
central storage associated with an emulated CPU, and so forth.
A ThinkPad/EFS owner must plan and manage traditional Linux security functions for the
underlying Linux system, as well as traditional S/390 security management. If the
ThinkPad/EFS platform is used only for S/390 operation, this can be fairly simple.
A unique concern involves the OS/390 master console(s). These can be implemented
through the Terminal Solicitor. This is convenient, but offers an opportunity for an unwanted
person to connect as a master console. We suggest that you have a master console on the
ThinkPad display and direct any other master consoles
1
to specific IP addresses and not
through the Terminal Solicitor. This is done by specifying an IP address in the FLEX-ES
resources file, instead of a terminal name. This means, of course, that the client systems
connecting to the emulated 3270 interfaces must have static IP addresses.
The FLEX-ES resource manager uses TCP/IP port 555 to talk with other instances of
FLEX-ES resource managers. There may be a potential for problems if someone hacks this
port. We are not aware of any instances of this, but it is a potential concern if you use an
open network to link multiple FLEX-ES systems at this level. (Would you use an open
network for shared DASD data flow on a “real” S/390? You need to look at this potential
exposure from this viewpoint and not from a PC networking viewpoint.)
5.4 Server memory
The memsize + essize + cachesize*11 + DASD cache (described in “System definitions” on
page 73 ) total values (when translated to bytes of storage) approximate the amount of Linux
virtual storage needed to run an instance of S/390 emulation. If you emulate two S/390
systems (at the same time), you will need to add the values for each of the two emulated
systems.
2
You can emulate more S/390 instances, but each one will require more memory.
1
We are using the term “master console” loosely here to mean any OS/390 operator console.
2
Some of the DASD cache memory may be shared among multiple emulated S/390s.