We are a CSP and have a customer that wants to run the VPG pre and post scripts to stop services. These scripts run on the ZVM and it has no access to the customers VLAN. We don’t want to start connections to customer VLAN as it could open up conduits for ransomeware or viruses. It is a concern in a multi-tenant environment.
Want ask if any other CSP have run into this scenario and how are they handling it?
Most CSP I’ve worked with doesn’t allow script execution as part of recovery plans. The ones that do allow it are operating as hands-on colo teams versus multi-tenant clouds, where the risk is purely on and isolated to the customer.
I’d recommend local boot scripts on the systems in question to control services.