Configuring a CA Workload Automation AE Instance › Set Encryption for z/OS Communication

Set Encryption for z/OS Communication

CA Workload Automation AE uses no encryption or AES 128-bit encryption to exchange data with CA Workload Automation EE and CA WA Agent for z/OS. If you are using AES encryption, you must generate an instance-wide communication alias encryption file (cryptkey_alias.txt) in the $AUTOUSER.instance_name (on UNIX) or %AUTOUSER%.instance_name (on Windows) directory. The cryptkey_alias.txt file stores the communication alias encryption key.

Note: For more information about generating the instance-wide communication alias encryption file, see the Windows Implementation Guide.

Important! You must set AES encryption for z/OS communication only if AES encryption is also configured on CA Workload Automation EE or the agent on z/OS. For more information about the encryption types that CA Workload Automation EE and the agent on z/OS support, see the CA Workload Automation EE and CA WA Agent for z/OS documentation.

Notes:

• The current release of CA WA Agent for z/OS is r2.0. This release of the agent does not support AES 128-bit encryption. To run z/OS jobs using this agent, you must disable AES 128-bit encryption and use no encryption for z/OS communication. To disable AES encryption, you must clear the Use AES 128-bit encryption when communicating with zOS managers check box.
• If CA Workload Automation AE works with other CA Workload Automation EE external instances or the agents on z/OS, the administrator must update all AGENTDEF data sets with the encryption setting. For more information, see the Windows Implementation Guide.

Follow these steps:

1. Click Start, Programs, CA, Workload Automation AE, Administrator.

   The Instance - CA Workload Automation AE Administrator window opens.

2. Select the instance you want to set encryption for from the Instance drop-down list in the Settings pane.
3. Click the Services icon on the toolbar.

   The Services - CA Workload Automation AE Administrator window appears, displaying a list of services installed on the selected instance.

4. Right-click the scheduler and select Stop. Repeat this action for the application server.

   The scheduler and application server stop.

5. Click the Instance icon on the toolbar.

   The Instance - CA Workload Automation AE Administrator window appears.

6. Click the zOS Encryption tab, and select the Use AES 128-bit encryption when communicating with zOS managers check box.

   The Hexadecimal Key and Verify Hexadecimal Key fields are enabled.

   Note: If you clear the Use AES 128-bit encryption when communicating with zOS managers check box, CA Workload Automation AE uses no encryption for z/OS communication.

7. Enter the encryption key, confirm the encryption key in the Verify Hexadecimal Key field, and click Apply.

   Note: The encryption key must be a hexadecimal string of 32 characters.

8. Click the Services icon on the toolbar.

   The Services - CA Workload Automation AE Administrator window appears, displaying a list of services installed on the selected instance.

9. Right-click the scheduler and select Start. Repeat this action for the application server.

   The scheduler and application server start. The encryption for z/OS communication is set.

Note: The zOS Encryption Status field in the Instance Encryption Status pane displays the current encryption set for the selected CA Workload Automation AE instance.