The Mainframe vs. Distributed Platforms: 10 Key Security Questions to Help Determine the Most Secure Platform

by Stu Henderson
June 19, 2008

9. How does it use virtualization & isolation to provide security?

“Virtualization” means letting a computer pretend to be two or more computers, sometimes even different types. This makes it possible to have one computer pretend to be a test computer and simultaneously a production computer. With one set of hardware, you separate production data and programs from test data and programs.

Isolation is a powerful security tool, and a simple one. By separating production programs and data from test, you prevent accidental access to production data by programmers.

You may be familiar with VMware—software that provides virtualization on PCs. Microsoft is starting to provide its own brand of virtualization for Windows computers, called “Hyper-V.” However, mainframes have provided virtualization in two different ways, for over a decade, long before VMware was born.

The first way is by means of software. On the mainframe, this is accomplished with the VM operating system. The VM software creates “virtual machines,” each of which appears to be its own computer, completely isolated from its brothers. Some data centers run the Linux operating system in one, or several virtual machines. This is an easy way to have several powerful copies of Unix running on one computer, yet completely isolated from each other. Instead of Linux, you also can run the MVS operating system in one or more virtual machines, or even another copy of VM in a virtual machine.

The second method for providing virtual computers is in the hardware. On the mainframe, each such “virtual computer” created by means of the hardware is called a Logical Partition (LPAR). Just as with the VM software, you can have several computer systems running on one set of hardware, with complete isolation.

Mainframes provided virtualization decades before other computer platforms. Virtualization supports security only when it provides the basis for isolation. Mainframes have the size and power to simultaneously support several virtual machines with heavy workloads. Virtualization on a computer such as a Windows or Unix server usually doesn’t have the scale to provide such isolation.

When evaluating various computer platforms, evaluate the possible benefits of virtualization, particularly how it provides “security through isolation.”

10. How does it protect against viruses?

Viruses are almost unheard of on the mainframe. The only one that comes to mind was the “Christmas Tree email virus,” which wasn’t really a virus at all. This email circulated within IBM several years ago. It was caused not by a weakness in the computer security, though. It relied on tricking users into executing a program they thought would just display a pretty Christmas tree. The program actually sent copies of itself to other computer users while it was printing the Christmas tree.