Setup TCP/IP Communications Between a Hub and a Node

Owned by Kathy Kurth
Last updated: Sept 14, 2022 by Aaron Fistler
3 min read

Perform the following steps to configure TCP/IP communication between a Hub and a Node in an Enterprise Network.

Step 1: Check TCP/IP

Use the following command to verify TCP/IP is running on the Node:

PING RMTSYS(NodeTcpIpName)

If TCP/IP is not running, then you will need to configure and/or start TCP/IP on the Node.

Step 2: SET TCP/IP DDM Connection Security

Determine whether you intend to use secured or non-secured DDM connections to the Nodes in the Enterprise Network. In order to use a non-secured DDM connection, the user profile must exist on the Node, although the user's password will not be validated. To use a secured DDM connection the user profile and password must be the same on both the Hub and the Node. You may want to review this setup with your site security administrator before taking specific actions.

For Secured DDM connection

Use one of the following commands to change the TCP/IP DDM attributes for secured operations:

  • CHGDDMTCPA PWDRQD(*YES)

  • CHGDDMTCPA PWDRQD(*USRIDPWD)

Automated secure TCP/IP DDM operations are not possible if authentication passwords cannot be stored. Use the following command to change the QRETSVRSEC system value so that passwords used for authentication can be stored on the Hub:

CHGSYSVAL QRETSVRSEC VALUE('1')

Preferred Server Authentication support

A special value QDDMDRDASERVER is allowed for DDM and DRDA connections. You may specify QDDMDRDASERVER in the SERVER parameter of Add Server Authentication Entry (ADDSVRAUTE) command. This special value allows a user to make DDM or DRDA connections to any system in the TCP/IP network via a common user profile and password. This prevents having to add individual server authentication entries for every DRDA application server in every user profile on the system. For DRDA or RDB DDM files, this resolves the problem of having to add new server authentication entries for every user profile each time a new system has been added to the TCP/IP network.

Use the following command to add server authentication entries for each user who will be authorized to perform secured TCP/IP operations to the Nodes:

ADDSVRAUTE USRPRF(user-profile) SERVER(QDDMDRDASERVER) USRID(NodeUserProfile) PASSWORD(NodeUserProfilePassword)

NOTE: "QDDMDRDASERVER" must be uppercase.

Use the following command to add a server authentication entry for the QBRMS user profile. (This user profile is used for network syncronization. )

ADDSVRAUTE USRPRF(QBRMS) SERVER(QDDMDRDASERVER) USRID(NodeUserProfile) PASSWORD(NodeUserProfilePassword)

NOTE: "QDDMDRDASERVER" must be uppercase.

Use the following command to remove server authentication entries for QDDMSERVER for each user who was authorized to perform secured TCP/IP operations to the Nodes:

RMVSVRAUTE USRPRF(user-profile) SERVER(QDDMSERVER)

NOTE: "QDDMSERVER" must be uppercase.

Use the following command to remove the QDDMSERVER server authentication entry for the QBRMS user profile.

RMVSVRAUTE USRPRF(QBRMS) SERVER(QDDMDRDASERVER)

NOTE: "QDDMSERVER" must be uppercase.

If the user profile on the Node does not have *ALLOBJ special authority then the user should have QBRMS as a group profile and special authority must be *NONE. Use the following command on the Node to change user's profile.

CHGUSRPRF USRPRF(NodeUserProfile) GRPPRF(QBRMS) 

In addition, the user profile on the Node should have *USE authority to the CRTDDMF command on the Hub.

A server authorization entry can be removed using the RMVSVRAUTE command or changed using the CHGSVRAUTE command. See the CL Reference manual for a complete description of these commands and command parameters.

NOTES:

  1. There can only be one server authorization entry for a user no matter what remote system is specified. This means that for a user to access multiple Nodes in the Enterprise Network, that user profiles and passwords must be the same on all Enterprise Networked Nodes.

  2. Do not use user profile QBRMS for the Node user profile. Create a new user profile and specify user profile QBRMS for the Group profile (GRPPRF) parameter of the user profile on the Node. Use this new user profile on the Node for the User ID (USRID) parameter of the Add Server Authentication Entry (ADDSVRAUTE) command.

Go to step 3.

For Non-secured DDM connections

Use the one of the following commands to change the TCP/IP DDM attributes for non-secured operations:

  • CHGDDMTCPA PWDRQD(*NO)

  • CHGDDMTCPA PWDRQD(*USRID)

If you are going from a secured DDM connection to a non-secured DDM connection make sure to remove the server authentication entries. Use the following commands to remove server authentication entries for each user profile:

  • RMVSVRAUTE USRPRF(user-profile) SERVER(QDDMSERVER)

  • RMVSVRAUTE USRPRF(user-profile) SERVER(QDDMDRDASERVER)

NOTE: "QDDMSERVER" and "QDDMDRDASERVER" must be uppercase.

Step 3: Configure the TCP/IP DDM Server Automatic Restart

Use the following command to change the TCP/IP DDM server attributes if you want the server automatically started when TCP/IP is started:

CHGDDMTCPA AUTOSTART(*YES)

Step 4: Starting and Ending the DDM Server

Use the following command to end the TCP/IP DDM server if you changed any of the attributes:

ENDTCPSVR SERVER(*DDM)

Use the following command to start the TCP/IP DDM server:

STRTCPSVR SERVER(*DDM)

Privacy Policy | Cookie Policy | Impressum
From time to time, this website may contain technical inaccuracies and we do not warrant the accuracy of any posted information.
Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.