The Hardware Management Console (HMC) is a fantastic facility that allows an installation to configure and dynamically reconfigure the LPARs in one or more zEnterprise Systems. But, the HMC can also issue any operator command you want, with no control by the External Security Manager. So, can you vary a storage volume online? – sure! Can you add an APF authorized library? – sure! How many people have authorized access to the HMC? 25, 50, 150? Can they access it remotely? Do they need a Digital Certificate to do that?
It used to be that this kind of physical access was severely restricted because you had to be in the “Computer Room” to get to the console. But, now, this old kind of access plus the ability to change configuration and even do it remotely, is available to many.
In this session, our speaker will go through the vulnerabilities of the HMC and what steps you should take to limit them at your site.