Implement NaCL encryption - connect_cdc_sqdata - Latest

Connect CDC (SQData) Change Data Capture

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (SQData)
Version
Latest
Language
English
Product name
Connect CDC (SQData)
Title
Connect CDC (SQData) Change Data Capture
Copyright
2024
First publish date
2000
Last edition
2024-09-13
Last publish date
2024-09-13T19:10:49.846957

Connect CDC (SQData) provides for encryption by the Publisher using the same NaCl Public / Private Key used for authentication and authorization. While Captures and Publishers are typically initiated by the same USER_ID as the Capture Controller Daemon, those jobs explicitly identify the public / private key pair files in JCL DD statements. Precisely recommends that a second NACL Key pair is generated for the Capture / Publisher. A second authorized Key List will also be required by the Capture / Publisher containing the public keys for only those Engines subscribing to that Capture / Publisher and whose payload will be encrypted. Once the Controller Daemon passes the connection request to the Capture / Publisher a second handshake will be performed with the Engine and the CDC payload will be encrypted before being published and decrypted by the receiving Engine.

Syntax
$ sqdconf modify <cab_file_name>
[--encryption | --no-encryption]
[--auth-keys-list="<name>"]
Keyword and Parameter Descriptions
Keyword Descripition
<cab_file_name> This is where the Capture Agent configuration file, including its path is first created. There is only one CAB file per Capture Agent. In our example /home/sqdata/imspub.cab
[--encryption | --no-encryption] Enables or disables NaCL encryption of the published CDC record payload. Precisely recommends zIIP processors be used to enhance CPU cycle efficiency and reduce CPU cost associated with NaCL software encryption.
[--auth-keys-list="<name>"] Required for NaCL encrypted CDC record payload. File name must be enclosed in quotes and must contain public key(s) of only the subscribing Engines requiring encryption of the CDC record payload. See --encryption option.

Example 1

Turn on encryption
//*-----------------------------------------------
//* Turn on Encryption for zLog Publisher
//*-----------------------------------------------
//MODCONF EXEC PGM=sqdCONF
//SYSPRINT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//SQDPARMS DD *
modify /home/sqd/kfilepub1/KFILEPUB1.cab
  --encryption
  --auth-keys-list="NACL.AUTH.KEYS"
//*

Next, stop and restart the CDCzLog Publisher.

Example 2

Turn off encryption
//*-----------------------------------------------
//* Turn off Encryption for zLog Publisher
//*-----------------------------------------------
//MODCONF EXEC PGM=SQDCONF
//SYSPRINT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//SQDPARMS DD *
modify /home/sqdata/kfilepub1/KFILEPUB1.cab
  --no-encryption
//*

Finally, stop and restart the CDCzLog Publisher.

Note: Precisely recommends zIIP processors be used to enhance CPU cycle efficiency and reduce CPU cost associated with NaCL software encryption and LogStream I/O. Enabling zIIP processing requires one additional option when starting the Capture / Publisher:
  1. Stop the CDCzLog Publisher.
  2. Restart the agent and include the following --ziip option, as follows:
    --apply --start --ziip
    /home/sqdata/kfilepub1/KFILEPUB1.cab