IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Submitted
Workspace GDPS
Created by Guest
Created on Oct 23, 2024

RELATED IDEAS

Dual control function for DASD Config

Within the DS8K there is protection in place that a (malicious) person is not able to delete/alter devices that are part of safeguarded copies.

We have a cybervault LCP setup to ensure we have immutable backups of our systems, and activated Dual Control function for additional protection within GDPS LCP itself.

So changes to the LCP profiles and/or safeguarded devices within these profiles are protected to be altered by 1 single person.

This way 1 single person is not able to get you in a situation where you end up with less immutable backups then there are supposed to be (by decreasing retention time), or that you have incomplete captures because devices have been excluded from new captures.

In our shop we have a Metro Mirror 2 Site, expanded with a GM physical airgap solution for LCP. By default this is a cascaded setup, so MM from RS1-RS2 and GM from RS2-RS3.

We need the next step in protecting the immutable backups by bringing the DASD config under a dual control function as well. Because a single person can now still remove a device from MM dasd config causing GDPS MM to not care about this device anymore.
After that the person can execute DELPAIR command, causing LCP to take captures of a device that is not being updated anymore.

As long as devices are under GDPS supervision, then GDPS can warn about any undesired status of those devices for us to act upon. Therefor changes to dasd config should be under dual control function as well.

Changes to the DASD Config for GM/LCP (in our setup) are being checked to see that no devices are removed that do not have Save2Delete status. But dual control on this could might be desired for other sites to protect GM config.

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.