Setting up AT-TLS for encryption and security

Advanced Archive for DFSMShsm uses Application Transparent Transport Layer Security (AT-TLS) to secure transmissions between the mainframe and cloud providers. Configuring and running AT-TLS enables SSL encryption to be performed on the TCP traffic coming from, and going to, Advanced Archive for DFSMShsm.

Preparing to use AT-TLS

Note: Other SSL/TLS automatic configuration solutions exist. If you are not using RACF®, consult the documentation for your security management software.
The steps for setting up AT-TLS for use with Advanced Archive for DFSMShsm are listed here, along with a reference to each step's corresponding procedure.
  1. Configure AT-TLS to ensure that a valid certificate is installed for each cloud provider: Step 1: Configuring AT-TLS.
  2. Verify that policy-based networking (PAGENT) is enabled: Step 2: Enabling PAGENT.
  3. Establish rules for determining which traffic is to be encrypted: Step 3: Defining encryption rules.
  4. Refresh the PAGENT started task to ensure that all changes are included: Step 4: Refreshing the PAGENT started task.