Configuring network access between Data Gate on Cloud and IBM Z
Synchronizing data requires a secure TCP/IP network connection between the Db2® for z/OS® source system and the Data Gate on Cloud instance on Red Hat® OpenShift®. Network bandwidth and speed impacts overall performance.
For optimal performance, at least a 10 Gigabit Ethernet connection is suggested between the Z System and the Red Hat OpenShift system.
Data Gate on Cloud requires a secure port be enabled on
the z/OS LPAR and be accessible through the firewall. Port
448 is the default secure DRDA port for Db2 for z/OS
client connections. Data Gate on Cloud uses the DRDA port
for the following purposes:
- To update information in Db2 configuration tables
- As the listening port for Data Gate on Cloud to read the Data Gate on Cloud log
A remote connection must be permitted on every Db2 member that Data Gate on Cloud connects to on a z/OS LPAR.
Data Gate on Cloud reads Db2 for z/OS log records through a REST interface. The connection used for data transfer must be encrypted using SSL. Db2 for z/OS supports encrypted connections through the SECPORT parameter and AT-TLS to support encryption on the SECPORT.
The following z/OS and TCP/IP components and configuration
are required:
- TCP/IP must specify a TTLS policy
- Policy agent (PAGENT)
- ICSF (IBM® Encryption Facility for z/OS)
- RACF® - to generate a server certificate and install to the key ring store