Implementing a Secured transfer from XCOM for Windows to z/OS with Top Secret

book

Article ID: 209043

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - z/OS CA XCOM Data Transport - Windows

Issue/Introduction

We would like to implement a secured transfer from a XCOM for Windows server to an XCOM for z/OS server with Top Secret.

 

 

Environment

Release : 11.6

Component : XCOM Data Transport for Windows

Top Secret

Resolution

Please be aware that SSL is a job for you site's Security Administrator.

XCOM uses SSL certificates to allow for secured transfers. It does not matter if you have Top Secret, RACF, or ACF2, this is usually configured by the Security Admin since each site has their own procedures on how and where the SSL certificates are kept. You can keep the certificates in Top Secret/RACF/ACF2 or if using IBM's System SSL, it can be kept in their database. 

Your Security Admin for z/OS and Windows will provide the SSL certificates and all you do with XCOM is tell it where to find those certificates on that platform. 

XCOM provides  scripts that will generate SSL certificates. These are Sample certificates and should not be used in your production environment because your Security Admin should be involved in setting this up.

In support we will only provide you with instructions on creating the sample SSL certificates and setting up XCOM in a simple scenario. 

If you are looking to perform secured transfers between your Windows and z/OS you would need to:

  1.   get a copy of the pem certificates you already have on your z/OS system
  2.   place them on your Windows server or a safe location
  3.   go to the %XCOM_HOME%\config directory and modify the configssl.cnf file with the necessary information about your certificate(s). 
  4.   perform a secured loopback on the Windows system to make sure it works before you venture to transfer to z/OS. Here is a simple sample loopback .cnf file you can use for your SSL loopback transfer:
REMOTE_SYSTEM=127.0.0.1
LOCAL_FILE=c:\tmp\test.txt  -- obviously this file has to exist
REMOTE_FILE=c:\tmp\new.txt
FILE_OPTION=REPLACE
PORT=8045  --- that is the default SSL port for XCOM Windows
PROTOCOL=TCPIP
SECURE_SOCKET=YES
USERID=userid  --- valid userid on Windows
PASSWORD=pwd --- valid password on Windows

Save the above parameters in a file called loop.cnf

NOTE: You can find all of the details about the parameters in our XCOM for Windows manual.

5. once you have created and saved the loop.cnf, you can issue command:

     xcomtcp -c1 -f c:\your path for\loop.cnf

6. if the transfer fails, then you need to figure out what happened. 

Setup the sample SSL certificates as we show you in the video/documents, so you can get familiar with the setup for XCOM on Windows. Once you do that you can then venture on using the real SSL certificates you intend to use. With this setup you can only do loopback transfers, but at least you can see the secured transfers working. 

Broadcom support will show you that it works with sample certificates on any of our platforms. Support cannot tell you how to configure your production certificates or where to keep them. This is something that the Security Admin should be familiar with and be involved in, since your site will have guidelines.  Involve them when dealing with the real certificates.