AT-TLS configuration for use with Data Gate on Cloud

Data Gate on Cloud uses the z/OS® distributed data facility (DDF). Network connections to the DDF must be encrypted using the secure socket layer (SSL) encryption standard. These encrypted connections are not processed by Data Gate on Cloud, but by a TCP/IP component of the z/OS operating system, which is called AT-TLS.

To use AT-TLS, the following prerequisites must be met:

• The IBM® Encryption Facility for z/OS (ISCF) must be installed.
• Transparent Transport Layer Security (TTLS) must be set as the standard to be used in the configuration statement of your TCPCONFIG data set (at the highest level).
• The policy agent (PAGENT) must be started.
• A server certificate is required. This certificate must be added to a dedicated RACF® key ring.

The instructions in the following sections presuppose that ISCF, TCP/IP, and the policy agent are already set up and running.