I have some experience with z/OS, but mainly from a security perspective rather than a day to day admin role.
I wouldn't say that there's no overhead, but the structure of z series mainframes is completely different to any midrange architecture. Everything is designed to be virtualised, parallelised and incredibly redundant. Hard disk fails? No problem, carry on as normal. Motherboard failure? No problem, carry on as normal.
z/OS doesn't have a kernel, it has what's called the nucleus. Effectively, the physical system is divided into LPARS[1], which then provide in effect highly scalable virtualised systems. There's then further isolation through about 3 different methods IIRC (for example, each subsystem - analogous to a long running process has it's own addressable memory) to the point where everything can be completely isolated, so it's very different to a jail, slightly like something like Xen (but only slightly).
The security model on z/OS is completely different to Unix/Windows because the entire architecture is completely different (for example, z/OS uses a block-based disk operating system as opposed to a byte stream filesystem, meaning there's no such thing as files in the Unix sense on z/OS - outside of USS which is beyond the scope of this comment)[2].
Under z series LPAR virtualisation each LPAR runs it's own OS with it's own allocated resources. It's about as separate as you can get. You'd never use virtualisation that way on midrange as you cheat to get more VMs into less space, but on z series you need to absolutely guarantee access to a resource when needed, so you partition the systems up accordingly.
Please note, if anyone knows better than this please correct me, as I say I'm more on the security side than operator so I might be wrong in a couple of places.
I wouldn't say that there's no overhead, but the structure of z series mainframes is completely different to any midrange architecture. Everything is designed to be virtualised, parallelised and incredibly redundant. Hard disk fails? No problem, carry on as normal. Motherboard failure? No problem, carry on as normal.
z/OS doesn't have a kernel, it has what's called the nucleus. Effectively, the physical system is divided into LPARS[1], which then provide in effect highly scalable virtualised systems. There's then further isolation through about 3 different methods IIRC (for example, each subsystem - analogous to a long running process has it's own addressable memory) to the point where everything can be completely isolated, so it's very different to a jail, slightly like something like Xen (but only slightly).
The security model on z/OS is completely different to Unix/Windows because the entire architecture is completely different (for example, z/OS uses a block-based disk operating system as opposed to a byte stream filesystem, meaning there's no such thing as files in the Unix sense on z/OS - outside of USS which is beyond the scope of this comment)[2].
Under z series LPAR virtualisation each LPAR runs it's own OS with it's own allocated resources. It's about as separate as you can get. You'd never use virtualisation that way on midrange as you cheat to get more VMs into less space, but on z series you need to absolutely guarantee access to a resource when needed, so you partition the systems up accordingly.
Please note, if anyone knows better than this please correct me, as I say I'm more on the security side than operator so I might be wrong in a couple of places.
[1] - http://en.wikipedia.org/wiki/Logical_partition_(virtual_comp... [2] - http://publib.boulder.ibm.com/infocenter/zos/basics/index.js...