Implementation
Virtual machines are usually written in “portable” (in the sense that compilers for most architectures already exists) programming languages such as C or C++.
For performance critical components assembly language can be used.
Some VMs (Lisp, Forth, Smalltalk) are largely written in the language itself.
Many VMs are written specifically for gcc, for reasons that will become clear in later slides.
Benefits
Partitioning – Multiple
application and OS
instances in a single
machine
Isolation – Each virtual
machine is isolated from
the host and other virtual
machines
Encapsulation – Each
entire virtual machine state
is contained in software;
standard virtual hardware
guarantees compatibility.
Examples
Examples of Authorizing Virtual Machinesz/VM V5R4.0 ConnectivitySC24-6080-07
The following examples show how to explicitly authorize server virtual machines, the AVS virtual machine, and requester virtual machines.
Example 1: Figure 92 is an example of an explicitly authorized TSAF collection involving two z/VM systems sharing global resources. The entries within each box represent the CP directory entries for each CMS virtual machine.
Figure 92. TSAF Collection with Authorized Global Resource Managers and User Programs
The following examples show how to explicitly authorize server virtual machines, the AVS virtual machine, and requester virtual machines.
Example 1: Figure 92 is an example of an explicitly authorized TSAF collection involving two z/VM systems sharing global resources. The entries within each box represent the CP directory entries for each CMS virtual machine.
Figure 92. TSAF Collection with Authorized Global Resource Managers and User Programs
In Figure 92, users have the following authorization:
USERa on VMSYS1 can connect only to RES2 on VMSYS2.
USERb on VMSYS1 can connect only to RES1 on VMSYS1.
USERc on VMSYS2 can connect to RES1 on VMSYS1 and to RES2 on VMSYS2.
USERd on VMSYS2 can connect only to RES2 on VMSYS2.
Example 2: Figure 93 shows a TSAF collection in which the server and requester virtual machines are explicitly authorized to share local and private resources. The entries within each box represent the CP directory entries of each CMS virtual machine.
Figure 93. TSAF Collection with Authorized Local and Private Resource Managers and User Programs
In this figure, users have the following authorization:
USERa on VMSYS3 can connect only to RMGR4 on VMSYS4 to access a private resource managed by RMGR4.
USERb on VMSYS3 can connect only to RES1 on VMSYS3.
USERc on VMSYS4 can connect only to RMGR4 on VMSYS4 to access a private resource managed by RMGR4.
Example 3: Figure 94 shows an explicitly authorized TSAF collection involving two z/VM systems and one AVS virtual machine. The entries within each box represent the CP directory entries for each CMS virtual machine and the AVS virtual machine.
Figure 94. TSAF Collection with an AVS Virtual Machine
In this figure, users have the following authorization:
USERa on VMSYS5 can only connect out to the SNA network through GAT2 on VMSYS6.
USERb on VMSYS5 can only connect out to the SNA network through GAT1 on VMSYS6.
USERc on VMSYS6 can connect out to the SNA network through any gateway defined on VMSYS6 because it is authorized to connect to any virtual machine, resource, or gateway on the local system.
No comments:
Post a Comment