System prerequisites

RRSF requires the following functions on each node in the network:
  • The RACF® component of the z/OS® Security Server is enabled
and for remote communications:
  • APPC (part of MVS™) and VTAM® or TCP/IP and AT-TLS (provided by the z/OS Communications Server)
Nodes configured in local mode do not require APPC, VTAM, TCP/IP, or AT-TLS.

To configure two nodes to communicate using the TCP/IP protocol, both nodes must be running z/OS V1R13.

When you use the TARGET command to establish communications between two RRSF nodes, RACF expects that both nodes are running RACF, and that both nodes are running either APPC or TCP/IP and AT-TLS.

Before you can define a multisystem node in an RRSF network, each system in the network must have the RACF component of the Security Server enabled.

To have application updates directed to or from a node, the node must have the RACF component of the Security Server enabled.

For TCP/IP connections, you must implement an RRSF trust policy based on digital certificates. If you store the private keys for any of these digital certificates in the ICSF PKA key data set (PKDS), you must ensure that ICSF starts during IPL before the Policy Agent, or RRSF connections will fail. For information about setting up the RRSF trust policy, see z/OS Security Server RACF Security Administrator's Guide.