Chapter 3. Configuring RRSF for TCP/IP 39
Configuring the RRSF Client
The connectivity rules panel shows the IBM-supplied rules for various applications. Scroll
down the list to see RRSF client. It shows status disabled.
Enabling the IBM supplied RRSF Client
Select RRSF client rules and click OK. Then click Action Enable to display the Verify
Rule window as shown in Figure 3-10.
Figure 3-10 Enabling the RRSF_Client Rule
Verify the port settings and the key ring name by clicking OK. The port settings are OK, but
you need to modify the Key Ring name.
40 RACF Remote Sharing Facility over TCP/IP
Modifying RRSF client to specify the Keyring
With the RRSF client selected, click Action Modify to get the next window as in
Figure 3-11.
Figure 3-11 AT-TLS Modify Rule window
Chapter 3. Configuring RRSF for TCP/IP 41
RRSF port 18136 is already filled in. Accept all the defaults except the name of the keyring
that is going to hold the digital certificates for the RRSF client and server. This keyring does
not have to exist already. To create a keyring named IRR.RRSF.KEYRING, click the Key Ring
tab and go to the window shown in Figure 3-12.
Figure 3-12 Specifying the Key ring database name.gif
Select Use a Simple name (as in an SAF product or in PKCS #11 Token format), specify
the keyring name IRR.RRSF.KEYRING, and click OK.
Configuring RRSF Server
Create the policy for the RRSF-Server the same way as you did for the RRSF-Client. Select
RRSF-Server and click Action Enable; Action Modify. Click the Key Ring tab, then
specify the keyring IRR.RRSF.KEYRING and click OK.
Tip: The digital certificates for the RRSF client and the RRSF server are created in a new
keyring in coming steps. You will create a keyring named IRR.RRSF.KEYRING.
42 RACF Remote Sharing Facility over TCP/IP
The window shown in Figure 3-13 is displayed.
Figure 3-13 Install the policy
Applying the changes to the TCP/IP stack and to the z/OS image
Click Apply Changes to update the TCP/IP stack and the z/OS image.
Installing the policy
Click the Install Configuration files tab to get to the window shown in Figure 3-14.
Figure 3-14 List of Configuration Files for Image SC75
Chapter 3. Configuring RRSF for TCP/IP 43
Select the radio button and click Select Action Show Configuration File to examine the
policy generated.
FTP the policy to your z/OS system. On the z/OS image, click Select Action Install to
display the Install File window. Specify /etc/tlsPol_rrsf as the file name to install the policy.
Select the FTP option, and specify the host IP address of the SC75 image, the user
ID, and password for the FTP. Then click Go as shown in Figure 3-15.
Figure 3-15 Install File
The message The FTP file transfer was successful is displayed on a successful FTP
You can now click Close and then OK to return to the Main window.
Example 3-7 shows the policy that was created.
Example 3-7 Policy created
## AT-TLS Policy Agent Configuration file for:
## Image: SC75
## Stack: TCP/IP
## Created by the IBM Configuration Assistant for z/OS Communications Server
## Version 1 Release 13
## Backing Store = AT_TLS_POLICY
## FTP History:
## 2012-05-15 15:53:17 : Rama Ayyar to
## TLS default rules: Default_RRSF-Client| Default_RRSF-Server |
## End TLS default rules

Get RACF Remote Sharing Facility over TCP/IP now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.