Preparing for Z Data Tools Remote Services
Z Data Tools supports a number of services using resources accessed on a remote system via the ZCC server connection. When the remote ZCC server is configured for SSL/TLS, the local Z Data Tools system validates the remote host's server certificate during the SSL/TLS handshake by verifying the Certificate Authority (CA) of the server's certificate is registered as trusted.
By default, Z Data Tools searches local SITE certificates for the CA certificate of the remote system and verifies that it is trusted. Consequently, when importing a CA certificate for remote services, you should import it as a SITE certificate. For example, using RACF®:
RACDCERT ADD(‘hlq.ZCC.CA.EXPORT’) SITE TRUST WITHLABEL(‘your label’)
Alternatively, you can use the CERTRUST keyword of the HFM4POPT module to specify a trust store other than SITE. Note that all users of remote services need authority to access the nominated key store. See Customizing miscellaneous options in HFM4POPT for more information about the CERTRUST keyword and the HFM4POPT module.
HFMAUTH DD usage and security
When using Z Data Tools to create a remote connection through the
menu option 11, the entered details are stored (in an internal format) in a file allocated to the
HFMAUTH DD. If such an allocation does not pre-exist, as is
normally the case, a data set is created as Userid.HFMAUTH and allocated to the HFMAUTH DD.
When running batch functions and specifying remote resources, the HFMAUTH DD needs to be included in JCL to provide the stored connection details.
Similarly, if there is a requirement to share remote connection details amongst users, you may pre-allocate the HFMAUTH DD in TSO/ISPF and Z Data Tools reads the currently allocated HFMAUTH.
Define profiles for data sets allocated to the HFMAUTH DD with UACC(NONE). Set up storage management routines so that these data sets are encrypted. For information on setting up data set encryption, see the z/OS documentation on "Using DFSMS functions", section "Data set encryption".