Considerations When Using Connect:Direct Secure Plus

When using Connect:Direct® Secure Plus, be aware of the following :

  • CPU utilization increases dramatically with every increase in the length of the encryption key. Use the lowest level of encryption allowed by your security policy.
  • Whenever possible, use an encryption key that is supported in the z/ hardware (3DES or AES128).
  • Even though extended compression is not recommended for high speed networks, using extended compression with files that compress well (80-90%) can reduce total CPU utilization, especially if the encryption key is not implemented in the hardware.
  • If Connect:Direct Secure Plus is being used between two Connect:Direct for z/OS® nodes (from Version 5.0 to Version 6.1 ), but not all files must be encrypted, consider using one of the following options:
    • Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE=OFF in the PROCESS statement.
    • Specify OVERRIDE=YES on the remote node record in the Connect:Direct Secure Plus parameter file and SECURE = (ENCRYPT.DATA=N) in your PROCESS or COPY statement. ENCRYPT.DATA=N tells IBM® Connect:Direct to not encrypt the actual file data being copied but rather just the control block information, such as userid or password, used to establish a session.
      Note: Both trading partners must support this capability.
  • If Connect:Direct Secure Plus is being used between two Connect: Direct for z/OS nodes (Version 6.2 or later), all files will be encrypted:
    • Encrypt.Data will be ignored as it has been deprecated from release 6.2 and it will always be treated as Encrypt.Data=Y for all nodes (local and Adjacent) so it will always encrypt the data.
    • Process/Step override (Secure = (Encrypt.Data=Y|N)) will not have any impact on process. It will be ignored. No error message will be issued. Informational messages (CSPA051I and CSPA052I) will be issued in JESMSGLG.
    • With cross version nodes, encryption honors the prior release settings. In other words, from version 6.2, with cross version (lower version) it will work as lower node has requested for Encrypt.Data.