Clone the existing RSE setup

In this step a new instance of the RSE configuration files is created, so that the secure setup can run parallel with the existing one(s). The following sample commands expect the configuration files to be in /etc/zexpl/, which is the default location used in "Customization setup" in the Host Configuration Guide (SC27-8437). Note that rse.env is the starting point for any configuration setup, and multiple setups implies multiple rse.env files.

$ cd /etc/zexpl
$ mkdir secure
$ ln –s ../rse.env secure/rse.env
$ cp ssl.properties secure
$ ls secure
rse.env    ssl.properties

The z/OS® UNIX commands listed in the preceding example create a subdirectory called secure and populate it with the configuration files that require changes. We can share the other configuration files, the installation directory, and the MVS™ components, because they are not encryption-specific.

By reusing most of the existing configuration files, we can focus on the changes that are actually required for setting up encrypted communication and avoid doing the complete RSE setup again. (For example, we can avoid defining a new location for ISPF.conf.)

The duplication of rse.env is done through a symbolic link, which points to the rse.env of the base, non-encrypted, RSE setup. This because there are no functional changes required to rse.env, it only needs a unique port number for RSE daemon and unique log locations, all of which can be resolved dynamically with proper preparation. This also simplifies future maintenance, as now only one version of rse.env must be maintained.