Configuring AT-TLS for SQL Tuning Services

SQL Tuning Services supports the use of AT-TLS to provide secure communication. Complete this step only if your environment uses AT-TLS.

Before you begin

The following instructions assume that the z/OS® Communications Server policy agent (PAGENT) and AT-TLS are already configured on your system. For more information, see the following sections in IBM z/OS V2R2 Communications Server TCP/IP Implementation: Volume 4 Security and Policy-Based Networking (IBM Redbooks):
  • Policy agent
  • Application Transparent Transport Layer Security

Procedure

  1. Define the SQL Tuning Services port in the AT-TLS policy.
  2. Modify the WebSphere® Liberty server to use the http protocol. By default, SQL Tuning Services uses the https protocol.
    Edit the wlp_user_dir/servers/server_name/server.xml file and swap the httpPort and httpsPort values; for example:
    Before
    <httpEndpoint id="defaultHttpEndpoint"
 host="abc.com"
 httpPort="-1"
 httpsPort="9444"/>
    After
    <httpEndpoint id="defaultHttpEndpoint"
 host="abc.com"
 httpPort="9444"
 httpsPort="-1"/>
  3. Edit the wlp_user_dir/servers/server_name/config/tmsserver_override.properties file and add the following entry: 
    host4url=https://service_ip 
    where service_ip is the IP address or hostname that SQL Tuning Services starts with. This variable is defined in the tmsservice.config file.
  4. Restart the SQL Tuning Services server.