Configuring a secure connection to the DB2 for z/OS database server

You can configure a secure connection to encrypt transactions between the IBM® Sterling Control Center Monitor engine and DB2 for z/OS database instances. This configuration can be completed in either a high availability or non-high availability environment.

  • Before you configure IBM Sterling Control Center Monitor to enable secure connections to the databases, install DB2 for z/OS SSL. Consult the IBM DB2 10 for z/OS: Configuring SSL for Secure Client-Server Communications Redbook for information on installing DB2 for z/OS SSL.
  • Create and configure the keystore and truststore files in IBM Sterling Control Center Monitor.

In a high availability environment, every event processor's keystore certificate must be trusted by your other event processors in the cluster. In every event processor's truststore, you must include the certificate. You can use the same keystore and truststore files for every event processor in your high availability environment. You might receive a browser security warning when you access the web console on an event processor where the common name does not match the host name that you are connecting to.

Use this procedure to enable encryption and SSL authentication between the IBM Sterling Control Center Monitor engine and DB2 for z/OS databases.
Important: When you are installing IBM Sterling Control Center Monitor on Microsoft Windows, the installation does not support configuration of secure database parameters. If you supply secure database parameters during the Microsoft Windows installation, the installation reports a failure. The reported error is corrected when you run the configCC utility.
To configure a secure connection between the IBM Sterling Control Center Monitor engine and DB2 for z/OS database instances in a high availability or non-high availability environment:
  1. Install IBM Sterling Control Center Monitor.
  2. During the Microsoft Windows installation, select DB2zOS as the database type and provide information about the DB2 z/OS databases (production and reporting).
  3. Import the trusted database server certificate into the IBM Sterling Control Center Monitor engine truststore.
  4. Use one of the following methods to run the configCC utility:
    Microsoft Windows UNIX
    Double-click configCC.bat in installation directory/bin. Run the configCC.sh utility from installation directory/bin.
  5. When you are prompted to secure the connection the IBM Sterling Control Center Monitor database (production), type Y.
  6. Type Y to confirm your configuration changes.