Preparing for Z Data Tools Remote Services

Z Data Tools supports a number of services using resources accessed on a remote system via a ZCC server connection. When the connection to a remote system is established, and the remote system communication is protected by TLS, the certificate that the remote common server is using must first be exported from that system and imported to the local system.

For example, using RACF®, the certificate could be exported from the remote system by the command

RACDCERT SITE -                                            
    EXPORT(LABEL('ZCC server Certificate'))  -      
    DSN('hlq.ZCC.CERT.EXPORT')                       -
    FORMAT(CERTDER)  

Then the file 'hlq.ZCC.CERT.EXPORT' needs to be transported in some way to the local system, using for example, FTP or TSO TRANSMIT.

Once present in the local system, we then import that certificate to the local system security server.

Again using RACF for the example, this could be:

RACDCERT ADD('hlq.ZCC.CERT.EXPORT’)  TRUST WITHLABEL('AuthFMRemoteSystem1')

HFMAUTH DD usage

When using Z Data Tools to create a remote connection through the menu option 11, the entered details are stored (in an internal format) in a file allocated to the HFMAUTH DD. If such an allocation does not pre-exist, as is normally the case, a data set is created as Userid.HFMAUTH and allocated to the HFMAUTH DD.

When running batch functions and specifying remote resources, the HFMAUTH DD needs to be included in JCL to provide the stored connection details.

Similarly, if there is a requirement to share remote connection details amongst users, you may pre-allocate the HFMAUTH DD in TSO/ISPF and Z Data Tools reads the currently allocated HFMAUTH. Security access should be set appropriately for such scenario to allow READ access for trusted users to the data set referred to by HFMAUTH. Otherwise, for a user on a local system, who has connection details stored in their own HFMAUTH data set, we recommend setting the UACC for that resource to NONE if that is not already the default.