Preparing for Z Data Tools Remote Services
Z Data Tools supports a number of services using resources accessed on a remote system via the ZCC server connection. When the remote ZCC server is configured for SSL/TLS, the local Z Data Tools system validates the remote host's server certificate during the SSL/TLS handshake by verifying the Certificate Authority (CA) of the server's certificate is registered as trusted.
By default, Z Data Tools searches local SITE certificates for the CA certificate of the remote system and verifies that it is trusted. Consequently, when importing a CA certificate for remote services, you should import it as a SITE certificate. For example, using RACF®:
RACDCERT ADD(‘hlq.ZCC.CA.EXPORT’) SITE TRUST WITHLABEL(‘your label’)
Alternatively, you can use the CERTRUST keyword of the HFM4POPT module to specify a trust store other than SITE. Note that all users of remote services need authority to access the nominated key store. See Customizing miscellaneous options in HFM4POPT for more information about the CERTRUST keyword and the HFM4POPT module.
HFMAUTH DD usage
When using Z Data Tools to create a remote connection through the
menu option 11, the entered details are stored (in an internal format) in a file allocated to the
HFMAUTH DD. If such an allocation does not pre-exist, as is
normally the case, a data set is created as Userid.HFMAUTH and allocated to the HFMAUTH DD.
When running batch functions and specifying remote resources, the HFMAUTH DD needs to be included in JCL to provide the stored connection details.
Similarly, if there is a requirement to share remote connection details amongst users, you may pre-allocate the HFMAUTH DD in TSO/ISPF and Z Data Tools reads the currently allocated HFMAUTH. Security access should be set appropriately for such scenario to allow READ access for trusted users to the data set referred to by HFMAUTH. Otherwise, for a user on a local system, who has connection details stored in their own HFMAUTH data set, we recommend setting the UACC for that resource to NONE if that is not already the default.