Operating System Hardware Management Console Considerations

Many customers have strict controls with z/OS® in controlling which users have access to which z/OS commands. Enabling Operating System Messages on the HMC enables it for all HMCs that manage that system or LPAR. Thus, how you manage Operating System Messages enablement is an HMC security consideration. Consider the following items:
  • Limit what HMCs can manage the system
  • Limit which HMC users can access the LPAR
  • Limit which HMC users can run the Operating System Messages task
    • Limit to read-only if read/write is not required
  • For z/OS, use RACF® profiles to limit which commands can be entered by the system console. Operating System Messages commands are entered as if from the system console.
  • For z/OS 2.1 or newer
    • Use the new HMC Integrated 3270 Console support
    • Use unique user logon/RACF controls for commands
  • For z/VM® and Linux® on Support Elements accessed from the HMC, Operating System Messages requires logging on with an OS user ID