Node Configuration

After you create and populate the parameter file, you decide how to configure the local node record. The method that you use to configure the local node record then determines how you configure remote node records.

Use the following table to help you decide how to configure the local node:

Scenario	How to Configure Node Records	Result
Most trading partners use the same protocol.	Enable the most commonly used protocol in the local node record. Depending on the protocol, see the relevant procedure in Local Node Record Imported from Network Map Configuration .	Enables the same protocol in all remote node records. You have to modify only the records for remote nodes that do not use the settings for the local node.
Most trading partners do not use Connect:Direct® Secure Plus.	Disable the Connect:Direct Secure Plus protocols in the local node record and enable the Override parameter. Depending on the protocol, see one of the following procedures: Adding the Local Node Record to the Parameter File Manually for the SSL or TLS Protocol Configure remote node records only for those trading partners who use Connect:Direct Secure Plus.	You define default protocol settings in the local node record so remote nodes can use default values. You configure only those remote node records that use Connect:Direct Secure Plus.
Trading partners need to disable or enable security for a session.	Set OVERRIDE=Y in both the local and remote node records in the parameter files of both trading partners.	Either trading partner can disable or enable security for a particular session by setting the SECURE keyword in a Process or Copy statement. See Override Settings in IBM® Connect:Direct Processes for more information.
Some trading partners use Connect:Direct Secure Plus and the External Authentication Server application.	Disable external authentication in the local node record and enable the Override parameter. Create a .EASERVER remote record. See Adding a Remote Node Record for the External Authentication Server.	You can enable external authentication only for those remote nodes that use it with Connect:Direct Secure Plus. You can verify certificates exchanged during an SSL or TLS session using the External Authentication Server application.
Nonsecure TCP API connections are not allowed to connect to a Connect:Direct for z/OS® server.	Create a .CLIENT remote node record and disable override. See Establishing Secure TCP API Connections to a Connect:Direct Secure Plus-Enabled Server.	Communications from nonsecure connections is not allowed.

To see a scenario for setting up a secure connection between a Connect:Direct Secure Plus for OpenVMS node and a Connect:Direct for z/OS node, see Configuration for a Secure Connection between z/OS and OpenVMS Nodes. That topic provides a concrete example for defining a remote node record in both a Connect:Direct Secure Plus parameter file and a Connect:Direct Secure Plus for OpenMVS parameter file.