Home
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing HCL Workload Automation for Z
Implementing security
This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
Customizing TLS to connect components with HCL Workload Automation for Z

HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing HCL Workload Automation for Z
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
      - Customizing TLS to connect components with HCL Workload Automation for Z
        Scenario: configuring TLS with custom self-signed certificates
      - Controlling access to HCL Workload Automation for Z
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data.
      - Access requirements to fixed resources for dialog users
        To use an HCL Workload Automation for Z dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - HCL Workload Automation for Z exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by HCL Workload Automation for Z. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - HCL Workload Automation for Z macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving HCL Workload Automation for Z

Customizing TLS to connect components with HCL Workload Automation for Z

Before you begin

To use secure ciphers, which are required in TLS connection, ensure that you have z/OS ICSF up and running. For information about how to install z/OS ICSF, see z/OS Cryptographic Services ICFS Administrator's Guide.

About this task

To customize TLS v1.2 and v1.3 to connect with HCL Workload Automation for Z, perform the following steps:

Specify the following statement in the started task, job, or TSO logon procedure of each component that you want to connect:

//STDENV DD card

Add this DD card to point to a PDS member (for example, a member of the PARMLIB) where you specify the values for the environment variable that you need. For example, //STDENV DD DISP=SHR,DSN=TWS.SUBSYSN.PARM(ENVVAR)

In the PDS member (ENVVAR in the previous example), define the following values. For a complete list of the environment variables that you can set to configure TLS, see the z/OS Cryptographic Services System SSL Programming manual.
```
GSK_PROTOCOL_TLSV1_2=ON
GSK_PROTOCOL_TLSV1_3=ON
GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E
```
Note:
1. If you set both GSK_PROTOCOL_TLSV1_2 and GSK_PROTOCOL_TLSV1_3 to OFF or you do not set any of them, TLS v1.2 is automatically enabled (this is the default).
  If you set only GSK_PROTOCOL_TLSV1_3 to ON, TLS v1.2 is not enabled.
2. To enable the TLS communication between a component that has been migrated to version 10.1 and a component that is still at an earlier version, ensure that you set the following environment variable to specify at least one cipher in common with the component to which you are going to connect. (For a list of cipher codes, see the section about the cipher suite definitions in the z/OS Cryptographic Services System SSL Programming manual.)
```
GSK_V3_CIPHER_SPECS_EXPANDED=130313021301C030009FC02F009E0035
```
According to the component that you are configuring, set the required SSL parameters. For a summary of the statements related to the SSL communication, see SSL connection.

For a scenario about how to set up a TLS communication with custom self-signed certificates, see Scenario: configuring TLS with custom self-signed certificates.