Preparing for File Manager Remote Services

File Manager supports a number of services using resources accessed on a remote system via the ADFzCC server connection. When the remote ADFzCC server is configured for SSL/TLS, the local File Manager system validates the remote host's server certificate during the SSL/TLS handshake by verifying the Certificate Authority (CA) of the server's certificate is registered as trusted.

By default, File Manager searches local SITE certificates for the CA certificate of the remote system and verifies that it is trusted. Consequently, when importing a CA certificate for remote services, you should import it as a SITE certificate. For example, using RACF®: 


RACDCERT ADD(‘hlq.ADFZCC.CA.EXPORT’) SITE TRUST WITHLABEL(‘your label’)

Alternatively, you can use the CERTRUST keyword of the FMN4POPT module to specify a trust store other than SITE. Note that all users of remote services need authority to access the nominated key store. See Customizing miscellaneous options in FMN4POPT for more information about the CERTRUST keyword and the FMN4POPT module.

FMNAUTH DD usage and security

When using File Manager to create a remote connection through the menu option 11, the entered details are stored (in an internal format) in a file allocated to the FMNAUTH DD. If such an allocation does not pre-exist, as is normally the case, a data set is created as Userid.FMNAUTH and allocated to the FMNAUTH DD.

When running batch functions and specifying remote resources, the FMNAUTH DD needs to be included in JCL to provide the stored connection details.

Similarly, if there is a requirement to share remote connection details amongst users, you may pre-allocate the FMNAUTH DD in TSO/ISPF and File Manager reads the currently allocated FMNAUTH.

Define profiles for data sets allocated to the FMNAUTH DD with UACC(NONE). Set up storage management routines so that these data sets are encrypted. For information on setting up data set encryption, see the z/OS documentation on "Using DFSMS functions", section "Data set encryption".