Configuring the agent

BMC AMI Enterprise Connector for Venafi (EC for Venafi) agents receive transaction requests from the gateway and manage the necessary RACF, TSS, or ACF2 commands according to the environment in which they are installed.

To set up your agents, you must configure the following statements:

Global statement
ECAgent statement
EmailProfile statement
EmailRecipients statement

Global statement

The following global parameters define general functionality:

Parameter	Description
MessageLevel level level	Message level written to SYSPRINT You can define multiple message levels. We recommend that you include message level Info Error.
Activate appName	Name of the application to be loaded The value of this parameter must be Venafi.

Example

MessageLevel Info Error
Activate Venafi

ECAgent statement

The following ECAgent parameters define the REST API server for the agent instance. Only one ECAgent statement is required per instance.

Parameter	Description
ECAgent	Begins the ECAgent statement
HostName hostName \| IPaddress	(Required) Location of the agent instance Enter the host name or IP address for the server on which the agent is located.
Port portNumber	Port number used by the agent instance (Required) Enter the port number to be used by the REST API for the agent.
DatasetHLQ hlq	High-level qualifier for temporary data sets EC for Venafi passes the specified hlq to the REXX procedures that generate the full data set name. The default value is RACFAdminUser.
CheckpointDataset vsamDataSetName	Name of the VSAM KSDS data set for checkpointing This parameter has no default.
CheckpointShared Yes \| No	Specifies whether the checkpoint data set should be shared across multiple agent instances in the same sysplex The default value is No.
TLSAware Yes \| No	Verifies whether incoming transactions have been secured by a valid AT-TLS policy Transactions that are flagged as insecure or not having an AT-TLS policy are rejected. The default value is No.
VerifyGateway Yes \| No	Verifies whether incoming transactions have been sent by a genuine EC for Venafi gateway Transactions that are flagged as not coming from a genuine gateway are rejected. The default value is No.
VipaGroup dvipaName	Specifies the name of the DVIPA target Use this parameter if you are using Dynamic Virtual IP Addressing (DVIPA) from your Venafi Trust Protection Platform (TPP), instead of an LPAR, to process agent requests. System symbolics, such as &SYSNAME, are supported.
ExpirySearchTime hh:mm	Time of day that EC for Venafi searches for expired certificates Enter the hour and minutes to perform the search. The default value is 00:00.
DeleteAfter days	Number of days after which an expired certificate is deleted EC for Venafi does not act on this parameter. Instead, the agent passes the transaction to ExpiryRexx routine for processing. The default value is 5.
EndECAgent	Ends the ECAgent statement

Example

***********************************************
* Define eC Agent                            *
***********************************************
ECAgent
   HostName             SYS1
   Port                 4000
   DatasetHLQ           ECTPP
   TLSAware             Yes
   VerifyGateway        Yes
   ExpirySearchTime     04:00
EndECAgent

EmailProfile statement

The following EmailProfile parameters define the type of email that the agent sends to the JES destination:

Parameter	Description
EmailProfile	Begins the EmailProfile statement
FromEmail emailAddress	(Required) Email address assigned to the agent that sent the email
SysoutClass class	(Required) Output print class for printing email data that the IBM Communications Server Simple Mail Transfer Protocol (CSSMTP) application scans for
SysoutDEST systemName	(Required) JES destination for routing email data, which is the name of the system on which CSSMTP is running
SysoutWriter writerName	(Required) External writer name used by CSSMTP to scan email data The value of this parameter must be the same as the value of the ExtWrtName statement that is defined in the CSSMTP configuration.
EndEmailProfile	Ends the EmailProfile statement

Example

***********************************************
* Email Profile Settings                      *
***********************************************
EmailProfile
   FromEmail            ecagent@bmc.com
   SysoutClass          B
   SysoutDest           PLX1
   SysoutWriter         SMTP
EndEmailProfile

EmailRecipients statement

The following EmailRecipients parameters define the email addresses of individuals and groups who should receive email notifications from the agent:

Parameter	Description
EmailRecipients	Begins the EmailRecipients statement
Expired emailAddress	(Optional) Sends an email to a person or group when EC for Venafi detects an expired certificate You can repeat this parameter for as many recipients as you want.
Failures emailAddress	(Optional) Sends an email to a person or group when EC for Venafi fails to process a TPP request You can repeat this parameter for as many recipients as you want.
Success emailAddress	(Optional) Sends an email to a person or group when EC for Venafi succeeds in processing a TPP request You can repeat this parameter for as many recipients as you want.
EndEmailRecipients	Ends the EmailRecipients statement

Example of a EmailRecipients statement

***********************************************
* Email Recipients.                           *
***********************************************
EmailRecipients
   Expired              cyber1@bmc.com
   Failures             cyber1@bmc.com
   Failures             sysprogs@bmc.com
   Success              ops@bmc.com
EndEmailRecipients

Global statement

ECAgent statement

EmailProfile statement

EmailRecipients statement

On this page