Home
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.1 Fix Pack 3.
Administration Guide
Customizing and configuring HCL Workload Automation
Automatic encryption for key product files
Key product files, such as the Symphony file, are automatically encrypted for all fresh installations using AES-256 or AES-128 cryptography starting from version 10.1.
Encryption key rotation
Procedure to perform a key rotation.

HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.1 Fix Pack 3.
- Fix pack readmes
- Planning and Installation
- User's Guide and Reference
- Administration Guide
  - Customizing and configuring HCL Workload Automation
    - Personalizing UI labels
      HCL Workload Automation provides the capability to customize user interface labels.
    - Setting global options
    - Setting local options
    - Setting user options
    - Configuring the agent
    - Configuring the dynamic workload broker server on the master domain manager and dynamic domain manager
    - Configuring command-line client access authentication
    - An active-active high availability scenario
      Implement active-active high availability between the Dynamic Workload Console and the master domain manager so that a switch to a backup is transparent to Dynamic Workload Console users.
    - HCL Workload Automation console messages and prompts
    - Automatic encryption for key product files
      Key product files, such as the Symphony file, are automatically encrypted for all fresh installations using AES-256 or AES-128 cryptography starting from version 10.1.
      - Encryption key rotation
        Procedure to perform a key rotation.
    - Modifying jobmon service rights for Windows™
  - Configuring the Dynamic Workload Console
  - Configuring user authorization (Security file)
  - Configuring authentication
  - Network administration
  - Connection security overview
  - Data maintenance
  - Administrative tasks
  - Administering IBM i dynamic environment
    On overview on how to administer the HCL Workload Automation IBM i dynamic environment.
  - Performance
  - Availability
  - License computation model
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation

Encryption key rotation

Procedure to perform a key rotation.

About this task

You can optionally modify the existing encryption keys by performing a key rotation, for example if the existing keys expire or are no longer secure. Perform the following steps on the master domain manager and on each agent in the environment

Procedure

Generate a new key by running the following keytool command:

./keytool -genseckey -alias new_alias_name -keyalg AES -keysize 256 
-storepass encrypt_keystore_pwd_in_clear -storetype PKCS12 -keystore encrypt_keystore_file

For high-level information about keytool parameters, see Command Reference.

Change the localopts file as follows:
1. Add the previous value of the encrypt label parameter to the decrypt label list parameter.
2. Change the value of the encrypt label parameter to new_alias_name.
For more information about the localopts file, see Setting local options.
If the keystore does not exist, it is created. If it exists, the new key is added to the keystore.

Results

The current Symphony plan keeps using the previous key. To apply the new setting to the Symphony plan, run a JnextPlan command. The message boxes are encrypted immediately and the useropts file is encrypted as soon as you save the localopts file and launch a CLI command. Key product files are now encrypted with the new key.