Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
Administration Guide
Connection security overview
Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
Overview
Overview of the Dynamic Workload Console SSL connection

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.2.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
    - Creating a Certificate Authority and generating certificates
      Sample steps to create a CA and generate default certificates.
    - SSL connection by using the default certificates
      The SSL connection between product components is enabled by using the default certificates.
    - Customizing certificates for master domain manager and dynamic agent communication
      Supported scenarios for creating custom certificates for communication between master domain manager and dynamic agent
    - Scenario: Connection between the Dynamic Workload Console and the HCL Workload Automation components
      The Dynamic Workload Console connects in SSL mode with the HCL Workload Automation components by using the default certificates. You might configure the Dynamic Workload Console to connect in SSL mode by using your certificates.
      - Overview
        Overview of the Dynamic Workload Console SSL connection
      - Customizing certificates for master domain manager and Dynamic Workload Console communication
        Supported scenarios for creating custom certificates for communication between master domain manager and Dynamic Workload Console
    - Extending communication scenarios to other server components
      Apply custom certificates to backup master domain manager and dynamic domain manager
    - Scenario: SSL Communication across the fault-tolerant agent network
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Overview

Overview of the Dynamic Workload Console SSL connection

To implement the RMI/IIOP over SSL communication between the Dynamic Workload Console and the internal communication of master domain manager, backup master domain manager, dynamic domain manager, backup dynamic domain manager or agent, you use the server and client security features of WebSphere Application Server Liberty.

The SSL security paradigm implemented in the WebSphere Application Server Liberty requires two stores to be present on the clients and the server: a keystore containing the private key and a truststore containing the certificates of the trusted counterparts.

SSL server and client keys shows the server and client keys, and to where they must be exported for the Dynamic Workload Console:

Graphic showing the components and how their server and client keys are distributed. — Figure 1. SSL server and client keys

The diagram shows the keys Dynamic Workload Console and components must extract and distributed to enable SSL communication.The Dynamic Workload Console interface uses the default certificates that are installed in the default keystores to communicate with the agent. You can configure the Dynamic Workload Console to connect in SSL mode with an agent by using your certificates to meet your required security settings.

In addition creating new keys, you can also customize the name, location, and password of the keystore and truststore. For details about possibilities, see Changes allowed in HCL Workload Automation keystore and truststore.

Table 1. Changes allowed in HCL Workload Automation keystore and truststore
File	Name	Path	Password	New key
TWS server keystore	✓	✓	✓	✓
TWS server truststore	✓	✓	✓	✓
TWS client keystore				✓
TWS client truststore				✓
TDWC client keystore				✓
TDWC client truststore				✓

When you are customizing the Dynamic Workload Console settings, make sure that the keys have the same password as the keystore where they are saved. The Dynamic Workload Console keystore password must be the same as the Dynamic Workload Console client and HCL Workload Automation server password.

Note: When you configure the Dynamic Workload Console to connect to different agents, the Dynamic Workload Console truststore must have a certificate for each component to enable SSL connection.