Welcome
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Scheduling End-to-end with Fault Tolerance Capabilities
Customizing
Setting the security features
Setting strong authentication and encryption
SSL connection for communication across the network
IBM Workload Scheduler provides a secure, authenticated, and encrypted connection mechanism for communication across the network topology. This mechanism is based on the Secure Sockets Layer (SSL) protocol and uses the OpenSSL Toolkit, which is automatically installed with IBM Workload Scheduler.
Configuring the SSL connection protocol for the network

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Fix Pack readmes
For the latest information about a Fix Pack, see the appropriate Readme File.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
- Memo to Users
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Scheduling End-to-end with Fault Tolerance Capabilities
  - About this publication
  - Overview
    An overview of end-to-end scheduling with fault tolerance capabilities.
  - Installing
  - Customizing
    - Defining centralized and non-centralized scripts
      A job can use two kinds of scripts, centralized or non-centralized. A centralized script is a script that resides in IBM Z Workload Scheduler and that is downloaded to the fault-tolerant workstation every time the job is submitted.
    - Setting the security features
      - Setting strong authentication and encryption
        Key SSL concepts
        To authenticate a peer identity, the SSL protocol uses X.509 certificates called digital certificates. Digital certificates are electronic ID cards that are issued by trusted parties and enable a user to verify both the sender and the recipient of the certificate through the use of public-key cryptography.
        SSL connection for communication across the network
        IBM Workload Scheduler provides a secure, authenticated, and encrypted connection mechanism for communication across the network topology. This mechanism is based on the Secure Sockets Layer (SSL) protocol and uses the OpenSSL Toolkit, which is automatically installed with IBM Workload Scheduler.
        Setting up private keys and certificates
        Creating private keys and certificates
        Configuring SSL attributes
        Configuring the SSL connection protocol for the network
        Enabling SSL authentication on IBM Z Workload Scheduler server
        Enabling FIPS compliance over IBM Z Workload Scheduler server SSL secured connection
      - Setting for work across firewalls
        Prior to IBM Z Workload Scheduler version 8.2, running the commands to start or stop a workstation or to get the standard list, required opening a direct TCP/IP connection between the originator and the destination nodes. In a firewall environment, this forces users to break the firewall to open a direct communication path between the master and each fault-tolerant agent in the network.
    - Tuning global and local options in distributed network
    - Tuning network timeouts
      Network issues that make the connection to specific agents too slow can impact the performance of overall scheduling. IBM Workload Scheduler provides network timeout settings that you can tune to avoid problems with specific agents that affect the entire system.
    - Selecting end-to-end server messages
  - Managing end-to-end scheduling
  - Changing the topology of the network
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving IBM Z Workload Scheduler
Messages and Codes
Glossary
Installing IBM® Workload Scheduler
How to monitor your IBM® Workload Scheduler using the Dynamic Workload Console
How to create your scheduling environment using the Dynamic Workload Console
Notices

Configuring the SSL connection protocol for the network

About this task

To configure SSL for your network, perform the following steps:

Create an SSL directory under the TWA_home directory. By default, the path TWA_home\TWS\ssl is registered in the localopts file. If you create a directory with a name different from ssl in the TWA_home directory, then update the localopts file accordingly.
Copy openssl.cnf and openssl.exe to the SSL directory
Create as many private keys, certificates, and Trusted CA lists as you plan to use in your network.
For each workstation that will use SSL authentication:
- Update its definition in the IBM Workload Scheduler database with the SSL attributes.
- Add the SSL local options in the localopts file.

Although you are not required to follow a particular sequence, these tasks must all be completed to activate SSL support.

In IBM Workload Scheduler, SSL support is available for the fault-tolerant agents only (including the master and the domain managers), but not for the extended agents. If you want to use SSL authentication for a workstation that runs an extended agent, you must specify this parameter in the definition of the host workstation of the extended agent.