Considerations When Using Connect:Direct Secure Plus

When using Connect:Direct® Secure Plus, be aware of the following :

  • CPU utilization increases dramatically with every increase in the length of the encryption key. Use the lowest level of encryption allowed by your security policy.
  • Whenever possible, use an encryption key that is supported in the z/ hardware (3DES or AES128).
  • Even though extended compression is not recommended for high speed networks, using extended compression with files that compress well (80-90%) can reduce total CPU utilization, especially if the encryption key is not implemented in the hardware.
  • If Connect:Direct Secure Plus is being used between two Connect:Direct for z/OS® nodes (Version 5.0 or later), but not all files must be encrypted, consider using one of the following options:
    • Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE=OFF in the PROCESS statement.
    • Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE = (ENCRYPT.DATA=N) in your PROCESS or COPY statement. ENCRYPT.DATA=N tells IBM® Connect:Direct to not encrypt the actual file data being copied but rather just the control block information, such as userid or password, used to establish a session.
    Note: Both trading partners must support this capability.