Setting up external security manager (ESM)

An external security manager (ESM) is a service virtual machine used to maintain z/VM security and integrity. An IBM® application you can use for this purpose is RACF®/VM, see RACF for further information. For each z/VM® managed by IBM® Cloud Infrastructure Center, If RACF® is enabled on the z/VM®, following RACF® changes must be made on z/VM®:

  • Ensure the SMAPI has been configured to support RACF environment through Using SMAPI with RACF

  • Enable user ID of the host which will be managed as a compute node to link to minidisks for image deployments.

        RAC ALU *comp_userid* OPERATIONS

    Note: comp_userid is the z/VM user ID of the host to be managed.

  • Enable reader access to VSMWORK1 for the user ID of the host which will be managed as compute node:

        RAC PERMIT *comp_userid* CLASS(VMRDR) ID(VSMWORK1) ACCESS(UPDATE)

    Note: comp_userid is the z/VM user ID of the host to be managed.

After all RACF® permissions are established, restart z/VM® Systems Management (SMAPI) by restarting VSMGUARD. With an authorized z/VM® user ID, issue the following commands:

        FORCE VSMGUARD
        XAUTOLOG VSMGUARD