CA Gen

Expand all | Collapse all

Encrypted secure connection for V8.6 upgrade

  • 1.  Encrypted secure connection for V8.6 upgrade

    Posted 03-19-2020 03:00 PM
    Upgrading soon from V8.5 to V8.6 and there is a requirement that communications between clients and servers should be encrypted.

    I've read the sections in the release document about encryption and secure connections.

    For a secure connection using Client Manager (Windows) to CICS using the encryption available with the latest release of V8.6, do you need to regen the windows clients and/or the CICS server managers? Or, is it just changes in Client Manager setup and SSL on the CICS side?


  • 2.  RE: Encrypted secure connection for V8.6 upgrade

    Posted 03-19-2020 05:32 PM
    Hello Don,
    The SSL enhancement needed for Client Manager (CM) to z/OS CICS Socket or Multi-Socket Listener are Client Manager related only and you do not need to regenerate any parts of the application.
    The CM SSL enhancement was first released in PTF CCN86103 and is is now in Gen 8.6 Complete PTF WKS86200.
    I don't believe any PTF was required for the CICS side and you just need to setup SSL there.
    I will add some links below that you may have already read:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga.html ("Establishing Secure Connection between Client Manager and CICS Server")
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/security-in-client-manager.html
    http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/middleware/working-with-the-client-manager/configuring-client-manager-server-connections/tcp-ip-socket-connections.html

    Hope that helps

    Regards,

    Lynn

    ------------------------------
    Lynn Williams
    Senior Principal Support Engineer
    Broadcom
    Australia
    ------------------------------



  • 3.  RE: Encrypted secure connection for V8.6 upgrade

    Posted 03-19-2020 05:55 PM
    .... Gen Engineering just confirmed to me that on z/OS side you just need to define SSL secure Port(s) in TCP/IP and provide the Certificate(s). No PTFs or any configuration changes are needed for the Gen Sockets listener or application servers.

    ------------------------------
    Lynn Williams
    Senior Principal Support Engineer
    Broadcom
    Australia
    ------------------------------



  • 4.  RE: Encrypted secure connection for V8.6 upgrade

    Posted 03-19-2020 09:21 PM
    Just a point on the 8.5 -> 8.6 upgrade itself.
    To put your applications on a fully supported release (Gen generated code and runtimes) beyond the recently announced Gen 8.5 End Of Support date of June 30, 2021 you would need to regenerate them for Gen 8.6 by that date. In the meantime to use 8.5 generated code with 8.6 runtimes:

    a. For Windows clients you need to regenerate to be able to use 8.6 runtimes because the 8.5 runtime dlls contain versioning in the names. The versioning has actually been removed in the 8.6 Windows runtimes (https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/ca-gen-8_6-ga/ca-gen-release-8-6.html#concept.dita_871a4313b78cbc9cc3642911b1858fca9be2da17_RemovedFeatures)

    b. For z/OS CICS servers you can run 8.5 generated load modules with 8.6 runtimes:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/release-notes/general-considerations.html
    http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/devops/ca-gen/8-6/encyclopedia/host-encyclopedia/host-encyclopedia-construction/dlls-compatibility-and-application-migration-in-he.html

    Hope that helps

    ------------------------------
    Lynn Williams
    Senior Principal Support Engineer
    Broadcom
    Australia
    ------------------------------