PR/SM characteristics

  • There is a Hardware Management Console (HMC) and Support Element (SE) from which the system can be operated. Therefore the system administrators of the system must be cleared for the highest security classification of work being performed on the system.
  • Hardware-related operations for each logical partition will be conducted from the HMC or SE. Operations are invoked by selecting the desired CPC image (representing a logical partition) and invoking the desired task.
  • For enhanced integrity of execution, locking of partitions is recommended. The partition must then be unlocked before other disruptive operations can be performed on that partition. Lock a logical partition by selecting the CPC image representing the logical partition and invoking the Image Details task. Select Lockout disruptive tasks to Yes and click Apply . You can use this same procedure to unlock a logical partition by setting the Lockout disruptive tasks radio button to No and saving the setting. Locking a logical partition can prevent accidentally performing disruptive tasks on it.
  • When entering values on an Hardware Management Console or Support Element window, values are not recognized by the system until you save the data and confirm the changes appearing on the screen.
  • The Security Log records system operator actions and responses for operations that are security relevant. The entries are in chronological order and provide an audit log. Entries also include a user (system administrator) identifier when appropriate.
  • The Security Log, when full, will be pruned to 67% of its capacity. The oldest entries are deleted. Care should be taken to periodically off load the security log to insure that no records are lost.
  • When the security log is successfully off loaded to removable media, the active log is pruned so that it does not exceed 20% of its capacity. If the active security log is below 20%, then no entries are removed. If it is above 20%, then enough active security log entries are removed (from oldest to newest) to reduce the size of the active security log to 20%. The oldest entries are still in the offloaded log.
  • The security log on both the Hardware Management and Support Element is 30 megabytes. Entries range from 40 bytes to 400 bytes.
  • Open the View Security Logs tasks from the Hardware Management Console and Support Element to view the security log.