z/OS® Communications Server provides the TCP/IP networking protocol on z/OS. It also provides Application Transparent Transport Layer Security (AT-TLS), which allows client and server applications to communicate safely using TCP/IP. RACF® uses AT-TLS to provide authentication between RRSF nodes and to provide encryption of RRSF traffic. RACF does not allow RRSF nodes to connect unless the connection is protected by an AT-TLS rule enforcing client authentication.

A sample AT-TLS policy for RRSF is included in the Configuration Assistant for z/OS Communications Server, which is available as an optional plug-in for IBM® z/OS Management Facility (z/OSMF). (For information about z/OSMF, visit the z/OSMF home page at http://www.ibm.com/systems/z/os/zos/zosmf/.) Also, RACF ships sample policy statements in the IRRSRRSF member of SYS1.SAMPLIB. (Note that this policy specifies a different key ring name than the default specified in the Configuration Assistant). You can edit these statements into your existing policy.

A default port number of 18136 has been reserved with the Internet Assigned Numbers Authority (IANA) for the TCP/IP listener socket. The TARGET command defaults to this value for the port number, and this is the port number specified in the sample AT-TLS policy for RRSF provided by z/OS Communications Server.

For information about setting up your system to use TCP/IP in an RRSF network, see Setting up your system to use TCP/IP.