Configuring network access between Data Gate on Cloud and IBM Z

Synchronizing data requires a secure TCP/IP network connection between the Db2® for z/OS® source system and the Data Gate on Cloud instance on Red Hat® OpenShift®. Network bandwidth and speed impacts overall performance.

For optimal performance, at least a 10 Gigabit Ethernet connection is suggested between the Z System and the Red Hat OpenShift system.

Data Gate on Cloud requires a secure port be enabled on the z/OS LPAR and be accessible through the firewall. Port 448 is the default secure DRDA port for Db2 for z/OS client connections. Data Gate on Cloud uses the DRDA port for the following purposes:
  • To update information in Db2 configuration tables
  • As the listening port for Data Gate on Cloud to read the Data Gate on Cloud log

A remote connection must be permitted on every Db2 member that Data Gate on Cloud connects to on a z/OS LPAR.

Data Gate on Cloud reads Db2 for z/OS log records through a REST interface. The connection used for data transfer must be encrypted using SSL. Db2 for z/OS supports encrypted connections through the SECPORT parameter and AT-TLS to support encryption on the SECPORT.

The following z/OS and TCP/IP components and configuration are required:
  • TCP/IP must specify a TTLS policy
  • Policy agent (PAGENT)
  • ICSF (IBM® Encryption Facility for z/OS)
  • RACF® - to generate a server certificate and install to the key ring store