TCPVENDR

TCP/IP software vendor.

Determines whether communication is effected over either the IBM TCP/IP software or the CA SNS/TCPaccess software.

You can only enter a value for this parameter if you are using TCP/IP.

Valid values are:

• IBM (default)
• CA

Note: All TCP channels used by a specific IOAGATE must have the same vendor.

LOGINMSG

This parameter controls the destinations where ECAG62I messages will be sent. The ECAG62I message indicates that a user successfully logged on to IOAGATE over a multiple connection (MC) TCP channel. Valid values are:

• YES – The ECAG62I message is issued to LOG (DAIGLOG) and WTO
• NO – The ECAG62I message is issued to LOG (DAIGLOG) only
• OFF – The ECAG621 message is not issued
• WTO – The ECAG62I message is issued to WTO only
• LOG – The ECAG62I message is issued to LOG (DAIGLOG) only
• LOG+WTO – The ECAG62I message is issued to both LOG (DAIGLOG) and WTO
• WTO+LOG – The ECAG62I message is issued to both LOG (DAIGLOG) and WTO

Default: LOG (DAIGLOG)

Note: You can display and modify LOGINMSG parameter values as follows:

• To show the current values of the LOGINMSG parameter in all MC channels, enter the following command:

  F ioagate,LOGINMSG=SHOW

• To dynamically override the value of the LOGINMSG parameter in all MC channels to one of the values listed above by entering the following modify command:

  F ioagate,LOGINMSG=value

• To dynamically override the value of the LOGINMSG parameter in a specific MC channel by entering the following modify command:

  F ioagate,LOGINMSG=value,CHAN=channel-id

SUBSYSTM

Subsystem name for SNS/TCPaccess.

Determines whether the channel should use a non-default subsystem name for the CA SNS/TCPaccess software. Can be used only if the protocol used is TCP/IP, the software vendor used is CA and a non-default subsystem name for SNS/TCP access is required. Valid values are: 4 alphanumeric characters of the subsystem name.

Note: There is no need to specify the default subsystem name (ACSS) for SNS/TCPaccess.

COMTASK

Number of TCP/IP communication tasks to be attached to establish the multiple connection model channel.

Can be used only if the protocol used is TCP and a multiple connection model is used.

Valid values are: 1 through 100.

Default: 4.

Note: For application C, COMTASK is always set to 1.

Also see below, the note for COMTASK and UPERTASK.

UPERTASK

Maximum number of users per communication task.

Can be used only if the TCP/IP protocol and a multiple connection model is used.

Valid values are: 1 through 500.

Default: 200.

Note: For application C, UPERTASK is always set to 1.

Note for both COMTASK and UPERTASK: The maximum values of 100, for COMTASK, and 500, for UPERTASK, are theoretical maximums.

It is possible to define thousands of connections for supporting Control-D/WebAccess.

The practical maximum of connections per IOAGATE is determined by tuning, which is dependent upon the capacity of the application servers (IOAAS address spaces). This capacity depends on the usage profile, which is defined by the activities of the users and transactions, and the frequency of the transactions.

By rule of thumb the following limits exist for supporting Control-D/WebAccess users:

• One IOAGATE can support 8 IOAAS address spaces
• Each IOAAS can support 40 transactions concurrently (NUMSRV=40).
• Each IOAAS can support 800 logged on users.

The above yields 8 x 800 = 6400 connections per IOAGATE.

The 6400 connections can be supported by 16 communication tasks, each with 400 connections (COMTASK=16, UPERTASK=400). If more than 16 processors exist on the LPAR, then the number of communication tasks can be increased to the number of processors (and the number of connections per communication task can be reduced accordingly).

For a large number of concurrent connections (100 or more), it is recommended that UPERTASK be at least 200.

SOCKIMP

If integrated sockets are in use.

Valid values are:

• OE – Integrated sockets are in use.
• COM – Non-integrated sockets are in use.
• '  ' (Blank) – If you do not set a value for SOCKIMP, the program sets the default according to the system in use, as follows:
• For IBM TCP/IP, the default setting is OE.
• For TCPAccess, the default setting is COM.

Note: If TCPAccess is in use, and you have set it up to run with OMVS(OE), you must set SOCKIMP to OE. For more information, see Step 20.6 – Set up IOAGATE to support TCPAccess (optional).

CHANNEL

Enable or disable channel indicator.

Determines whether the entire current CHANNEL declaration should be used or ignored in this current IOAGATE run. Valid values are:

• E (Enable) – Use the entire current CHANNEL declaration. Default
• D (Disable) – Do not use the entire current CHANNEL declaration.

The following channel parameters are relevant only for channels used by Control-O or Control-M/JCL Verify:

NODE

Node ID.

Determines the NODE ID that identifies this IOAGATE. Must correspond to a NODE parameter defined in the network map specified by the NETWMAP parameter.

• Mandatory if you are using Control-O or Control-M/JCL Verify.

NETWMAP

Network map to be used in the node.

Determines the name of the member in the IOA.PARM library that describes an IOAGATE communication network map that allows one IOAGATE to communicate with another. Any IOAGATE that belongs to this Network must use the same network map.

• Mandatory if you are using Control-O or Control-M/JCL Verify.

ALLOCINT

Interval between allocation attempts, in seconds.

Sets a time interval between persistent allocation attempts that IOAGATE performs against its other IOAGATE partners specified in the network map.

Valid only for SNA and Control-O.

• Valid values are: 1 through 3600 (seconds).
• Default: 60.

LOGMODE

Default Logmode to be used in allocations.

Determines the default Logmode to be used when establishing communication with a partner specified in the network map.

Valid only for SNA and Control-O.

• Default: MODE4D62.

BIND

IP address that IOAGATE must use to listen for incoming connections. If you want IOAGATE to listen on a specific IP address, such as a DVIPA assigned for IOAGATE, use this parameter to identify that IP address.

Use the following syntax:

BIND=INADDR_ANY | IP_address | hostname

where

• INADDR_ANY instructs IOAGATE to listen for incoming connections from any IP address (adapter) on the system.
• IP_address or hostname indicates that IOAGATE BINDs to either the given IP_address or the IP_address after hostname resolution.
• Default: INADDR_ANY

Notes:

• This parameter is relevant for configurations with a DVIPA address assigned to IOAGATE. For more information, see IOAGATE installation and configuration considerations.
• If you specify an IPv4 address or the hostname is resolved to an IPv4 address then the channel will not accept connections from IPv6 addresses. For examples of IPv6 addresses, refer to message ECAP9UE.

ESOCKAPI

TCP/IP socket API type.

Valid values:

• IBM (default)
• SAS

When SAS is specified, IOAGATE uses SAS/C written modules and TCP/IP support is the same as for INCONTROL version 8.0.00 (IPv6 not supported) for this channel. The ESTACK parameter is ignored. When IBM is specified or implied, IOAGATE uses IBM C-written modules and support IPv6 and dual TCP/IP stacks for this channel. SOCKIMP, SUBSYSTM, and TCPVENDOR parameters are ignored.

ESTACK

TCP/IP stack name. This is the started task name of a TCP/IP stack that is active on the z/OS system. If specified, IOAGATE will establish stack affinity to this stack.

Default: The z/OS system's default TCP/IP stack is used.

Note: If the z/OS system is not configured for dual stack mode, then the parameter is ignored. But if it is and the stack is not running, then the IOAGATE channel will be disabled.

Warning: Specifying a stack may affect connectivity and hostname resolution. Consult your network administrator.

IPVMODE

TCP/IP protocol implementation level.

Valid values:

• DUAL (default)
• IPV4

When IPV4 is specified, IPv6 is not supported.

The following parameters are relevant for SSL support:

SSL

Determines whether SSL support is required. SSL can be specified when the value of PROTOCOL is TCP for both MODEL=DC and MODEL=MC channels.

Valid values are:

• Yes
• No. Default
• AT-TLS — use Application Transparent Transport Layer Security for secure sessions. AT-TLS provides encryption and decryption of data based on policy statements that are coded in the Policy Agent.

Notes:

• SSL is not supported for APPL=O and APPL=J channels, and only a value of SSL=NO can be specified for such channels. IOAGATE-transparent secure connections can be achieved by specifying SSL=NO and having AT-TLS active on both ends of the connection.
• You must enter the same SSL support value when communicating with both Control-M/EM and Control-M/CM, even when not in the same IOAGATE.
• When SSL is used, the hlq.SIEALNKE library must be added to the LINKLIST or STEPLIB of IOAGATE (where hlq is the high level qualifier).
• If SSL=AT-TLS, the additional parameters below (KEYRING, KEYRLAB, CLIAUTH, and SSLPROT) are not relevant and are ignored. The corresponding configuration (that is, setting keyring parameters, client authentication, and SSL protocol) is performed in the AT-TLS policy, through the Policy Agent.

KEYRING

SAF name (RACF or compatible) of a KEYRING associated with IOAGATE.

• Mandatory when the value of the SSL parameter is Yes.

Valid values are in a string not longer than 47 characters, in the following formats:

• <userid>/<keyring value>
• <keyring value>

Notes:

• The slash character ( /) is allowed only between <userid> and <keyring value>
• <userid> must be uppercase and have a maximum of 8 characters
• <keyring value> cannot contain blanks
• The current IOAGATE userid is used if the userid value is omitted.
• The user must have IRR.DIGTCERT.LISTRING resource READ access in the FACILITY class when using a SAF key ring owned by the user.
• The IOAGATE user ID must have Control access to IRR.DIGTCERT.GENCERT in order to access the certificate private key.
• Certificate private keys are not available when using a SAF keyring owned by another user; therefore, if a user ID is specified, it must be the IOAGATE user ID.

KEYRLAB

KEYRING label. The LABEL (ID) of the IOAGATE certificate.

Optional parameter, relevant only when SSL=YES. Specifies the label of the key used to authenticate IOAGATE. The default key will be used if a key label is not specified.

Valid values are in a string not longer than 32 characters. Blanks are allowed inside the string, but if blanks are used the string should be closed with apostrophes.

CLIAUTH

CLIENT AUTHENTICATION. Determines whether client authentication is required. Optional parameter, relevant only when SSL=YES.

SSL client authentication enables a server application (IOAGATE) to confirm the identity of the client application (such as Control‑M/EM). The server application verifies that the client certificate and public key are valid and has been signed by a trusted certificate authority (CA) that is known to the server application.

Note: In order to be able to perform this verification, the certificate of the CA that has signed the certificate of the client must be added to the KEYRING.

Valid values are:

• Yes
• No. Default.

When CLIAUTH=No, only server authentication is performed by the client.

SSLPROT

Optional advanced choice of SSL protocol(s), for when SSL=YES.

The parameter is based on two parameters:

SSLPROT=(SSLPRLVL,SSLPRMOD)

where

• SSLPRLVL — SSL protocol, one of the following:
  SSLV3 | TLSV1 | TLSV1_2
• SSLPRMOD — scope, one of the following:

  - O (ONLY) - enable only the specified protocol

  - M (MINIMUM) - enable the specified protocol and all later protocol levels