Logical Partition Security in the IBM eServer pSeries 690

The introduction of logical partitioning technology to IBM eServer™ pSeries™ systems has greatly expanded the options for deploying applications and workloads onto server hardware. Logical partitioning (LPAR) is a server design feature that provides more end-user flexibility by making it possible to run multiple, independent operating system images concurrently on a single server. While such flexibility offers a number of desirable business advantages, it can also raise some concerns about the security implications of running operating system images in such close proximity. Of course, security has been a fundamental focus of pSeries LPAR design, as it has in the LPAR designs of other IBM eServer products. The purpose of this white paper is to address these security concerns by providing an overview of the pertinent design aspects of LPAR technology on pSeries.

As this paper will illustrate, very strong isolation of operating systems running in the logical partitions comes quite naturally, due to the basic mechanisms on which logical partitioning is founded. The programs and data present in one logical partition are designed to be safe from copying or modification, whether intentional or accidental, by programs in other logical partitions. Even programming exceptions have no effect outside of the partition in which they occur. To explain this further, what follows is a brief description of the theory of operation—the "magic"—of the pSeries logical partitioning feature.