Prerequisites for networking

The various components within the z/OS system, the IBM® Z APM Connect Distributed Gateway (DG) machine, and the Instana backend use the Transmission Control Protocol/Internet Protocol (TCP/IP) for communication.

You must use the following ports if a Red Hat OpenShift route or proxy is not in use.

• Ports to use from z/OS host components to IBM Z APM Connect DG machine:

  • Z APM Connect Base proc uses port 30455

  • CICS® TG server and z/OS Connect EE server use port 30090

• Ports to use from IBM Z APM Connect DG machine to the Instana backend machine:

  • DG enables the serverless endpoint for communication with the Instana backend.

  • DG automatically assigns a port number while retrieving the serverless endpoint URL from the Instana User Interface.

Transport Layer Security

If you are using Transport Layer Security (TLS) you must consider the following:

• Kafka and Connection Manager both use a Java style .jks keystore and truststore (including their password) to load certificates for TLS.

  • Each keystore must contain a private key and a matching certificate that the DG uses for connections.

  • Each truststore must contain the full trust chain of certificates that the DG uses to validate the contents of the keystore.

  Note:

  You can use the Java keytool to convert a pkcs12 keystore to .jks keystore format. For more information, see keytool and How to convert a p12 keystore to jks keystore.

• You must use TLS v1.2 to connect the Z APM Connect Base to DG.