Configuring network access between Db2 Data Gate and IBM Z
Synchronizing data requires a secure TCP/IP network connection between the Db2 for z/OS® source system and the Db2 Data Gate instance on IBM Cloud Pak® for Data. Network bandwidth and speed impacts overall performance.
For optimal performance, at least a 10 Gigabit Ethernet connection is suggested between the Z System and the IBM Cloud Pak for Data system.
Db2 Data
Gate requires a secure port be enabled
on the z/OS LPAR and be accessible through the firewall. Port
448 is the default secure DRDA port for Db2 for z/OS
client connections. Db2 Data
Gate uses this port:
- To update information in Db2 configuration tables
- As the listening port for Db2 Data Gate to read the Db2 Data Gate log
A remote connection must be permitted on every Db2 member that Db2 Data Gate connects to on a z/OS LPAR.
Db2 Data Gate reads Db2 for z/OS log records through a REST interface. The connection used for data transfer must be encrypted using SSL. Db2 for z/OS supports encrypted connections through the SECPORT parameter and AT-TLS to support encryption on the SECPORT.
The following z/OS and TCP/IP components and configuration
are required:
- TCP/IP must specify a TTLS policy
- Policy agent (PAGENT)
- ICSF (IBM® Encryption Facility for z/OS)
- RACF® - to generate a server certificate and install to the key ring store