Introduction to Mainframe Basics for Security Professionals
The mainframe is the backbone of many industries that are the lifeblood of the global economy. More mainframe processing power is being shipped now than has ever been shipped. Businesses that require unparalleled security, availability, and reliability for their "bet your business" applications depend on the IBM zSeries® mainframe, which runs the z/OS operating system and is protected by the IBM Resource Access Control Facility (RACF).
In this book, we explain the basics of z/OS, focusing on z/OS security and RACF. This chapter describes the evolution of the mainframe and the reasons it is the leading platform for reliable computing. It also explains how to use the key elements of z/OS.
1.1 Why Use a Mainframe?
This book introduces security administrators to the world of z/OS. We expect that you already have experience with Linux, UNIX, or Windows. Using this prerequisite knowledge, we teach you how to use the mainframe and how to configure RACF, the security subsystem. At the end of each chapter, we list sources for additional information.
If you are the kind of person who wants to go right to typing commands and seeing results, skip on over to Section 1.2, "Getting Started," to learn about the z/OS Time Sharing Option (TSO) environment. However, we recommend that you read the rest of this section to understand the mainframe design philosophy. Many of the differences between the mainframe and other operating systems only make sense if you understand the history and philosophy behind mainframes.
1.1.1 A Little History
Few industries have had the rapid, almost explosive growth that we have seen in the information technology industry. The term computer originally referred to people who did manual calculations. The earliest nonhuman computers were mechanical devices that performed mathematical computations. Mechanical devices evolved into vacuum tube devices, which, in turn, were replaced by transistorized computers, which were replaced by integrated circuit devices.
Where do mainframes fit in? The mainframes we use today date back to April 7, 1964, with the announcement of the IBM System/360™. System/360 was a revolutionary step in the development of the computer for many reasons, including these:
- System/360 could do both numerically intensive scientific computing and input/output intensive commercial computing.
- System/360 was a line of upwardly compatible computers that allowed installations to move to more powerful computers without having to rewrite their programs.
- System/360 utilized dedicated computers that managed the input/output operations, which allowed the central processing unit to focus its resources on the application.
These systems were short on memory and did not run nearly as fast as modern computers. For example, some models of the System/360 were run with 32K (yes, K, as in 1,024 bytes) of RAM, which had to accommodate both the application and the operating system. Hardware and software had to be optimized to make the best use of limited resources.
IBM invested $5 billion in the development of the System/360 product line. This was a truly "bet your company" investment. Five billion dollars represented more than one and a half times IBM's total 1964 gross revenue of $3.2 billion. To put it into perspective, given IBM's 2005 gross revenue of $91 billion, an equivalent project would be more than a $140 billion project!
The z/OS operating system that we are discussing here traces itself back to System/360. One of the operating systems that ran on System/360 was OS/360. One variant of OS/360 was MVT (multitasking with a variable number of tasks). When IBM introduced virtual memory with System/370™, the operating system was renamed to SVS (single virtual storage), recognizing that a single virtual address space existed for the operating system and all users. This was quickly replaced with a version of the operating system that provided a separate virtual address space for each user. This version of the operating system was called MVS™ (multiple virtual storage). Later, IBM packaged MVS and many of its key subsystems together (don't worry about what a subsystem is just now we'll get to that later) and called the result OS/390®, which is the immediate predecessor to z/OS.
1.1.2 Why Are Mainframes Different?
Mainframes were designed initially for high-volume business transactions and, for more than 40 years, have been continually enhanced to meet the challenges of business data processing. No computing platform can handle a diversity of workloads better than a mainframe.
But aren't "insert-your-favorite-alternative-platform" computers cheaper/faster/easier to operate? The answer is: It all depends. A student who is composing his term paper does not have the same information needs as a bank that needs to handle millions of transactions each day, especially because the bank also needs to be able to pass security and accounting audits to verify that each account has the correct balance.
Mainframes aren't for every computing task. Businesses opt for mainframes and mainframe operating systems when they have large volumes of data, large transaction volumes, large data transfer requirements, a need for an extremely reliable system, or many differing types of workloads that would operate best if they were located on the same computer. Mainframes excel in these types of environments.
1.1.3 Mainframe vs. Client/Server
In a client/server architecture, multiple computers typically cooperate to do the same task. For example, in Figure 1.1 the application uses a Web server, a database server, and an LDAP server.
Figure 1.1 Client/server architecture
On a mainframe, the same computer does everything. One security package (RACF, in most cases) protects one operating system kernel. Mainframe subsystems do everything else, as you can see in Figure 1.2.
Figure 1.2 Mainframe architecture
That's a little of the "why" of mainframes. Now let's get started with the "how."