Preparing for File Manager Remote Services

File Manager supports a number of services using resources accessed on a remote system via the ADFzCC server connection. When the remote ADFzCC server is configured for SSL/TLS, the local File Manager system validates the remote host's server certificate during the SSL/TLS handshake by verifying the Certificate Authority (CA) of the server's certificate is registered as trusted.

By default, File Manager searches local SITE certificates for the CA certificate of the remote system and verifies that it is trusted. Consequently, when importing a CA certificate for remote services, you should import it as a SITE certificate. For example, using RACF®:


RACDCERT ADD(‘hlq.ADFZCC.CA.EXPORT’) SITE TRUST WITHLABEL(‘your label’)

Alternatively, you can use the CERTRUST keyword of the FMN4POPT module to specify a trust store other than SITE. Note that all users of remote services need authority to access the nominated key store. See Customizing miscellaneous options in FMN4POPT for more information about the CERTRUST keyword and the FMN4POPT module.

FMNAUTH DD usage

When using File Manager to create a remote connection through the menu option 11, the entered details are stored (in an internal format) in a file allocated to the FMNAUTH DD. If such an allocation does not pre-exist, as is normally the case, a data set is created as Userid.FMNAUTH and allocated to the FMNAUTH DD.

When running batch functions and specifying remote resources, the FMNAUTH DD needs to be included in JCL to provide the stored connection details.

Similarly, if there is a requirement to share remote connection details amongst users, you may pre-allocate the FMNAUTH DD in TSO/ISPF and File Manager reads the currently allocated FMNAUTH. Security access should be set appropriately for such scenario to allow READ access for trusted users to the data set referred to by FMNAUTH. Otherwise, for a user on a local system, who has connection details stored in their own FMNAUTH data set, we recommend setting the UACC for that resource to NONE if that is not already the default.