Considerations When Using Connect:Direct Secure Plus
When using Connect:Direct® Secure Plus, be aware of the following :
- CPU utilization increases dramatically with every increase in the length of the encryption key. Use the lowest level of encryption allowed by your security policy.
- Whenever possible, use an encryption key that is supported in the z/ hardware (3DES or AES128).
- Even though extended compression is not recommended for high speed networks, using extended compression with files that compress well (80-90%) can reduce total CPU utilization, especially if the encryption key is not implemented in the hardware.
- If Connect:Direct Secure Plus is
being used between two Connect:Direct
for z/OS® nodes
(Version 5.0 or later), but not all files must be encrypted, consider
using one of the following options:
- Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE=OFF in the PROCESS statement.
- Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE = (ENCRYPT.DATA=N) in your PROCESS or COPY statement. ENCRYPT.DATA=N tells IBM® Connect:Direct to not encrypt the actual file data being copied but rather just the control block information, such as userid or password, used to establish a session.
Note: Both trading partners must support this capability.