The CICSRequest node support in IBM® Integration Bus provides direct communication with CICS® Transaction Server for z/OS® (two-tier connection) by sending Distributed Program Link (DPL) requests over TCP/IP-based IP InterCommunications (IPIC) protocol.
The CICSRequest node also supports communication with CICS through CICS Transaction Gateway for Multiplatforms (three-tier connection). For more information about three-tier connections, see CICS Transaction Server for z/OS three-tier connectivity.
A direct two-tier connection from IBM Integration Bus to CICS can be made by using the CICSConnection configurable service or by setting the properties directly on the CICSRequest node.
CICSConnection configurable service connections:
A CICS connection from IBM Integration Bus is made to a listening TCPIPSERVICE resource in CICS. When that connection is established, the active connection between IBM Integration Bus and CICS is represented by an IPCONN resource.
Each CICSConnection configurable service results in a separate connection to CICS, so for every configurable service that is being used, there is an IPCONN resource in CICS. The properties of the IPCONN resource determine the properties of the link between IBM Integration Bus and CICS.
The IPCONN resource that represents an IBM Integration Bus to CICS connection can be created in two different ways; autoinstall or pre-defined.
The following diagram shows how IBM Integration Bus can directly connect to CICS by using a CICSConnection configurable service.
When defining an IPCONN resource in CICS, consider the following properties:
The CICS APPLID and Network ID properties must match the CICSConnection configurable service clientApplid and clientQualifier properties.
The CICS host name and port properties must be used for connections between CICS regions only, they must not be set for IBM Integration Bus connections.
IPCONNs are owned by a parent TCPIPSERVICE resource in CICS.
The CICS Receivecount property controls the number of simultaneous requests that can be performed over the connection. The number of simultaneous requests defaults to 100 for autoinstalled connections.
The Sendcount property must be set to 0 because the Sendcount property is used for CICS connections only, and must not be used for IBM Integration Bus connections.
The CICS LINKAUTH property controls how the link security is managed. To use a resource in CICS, two security checks are performed; the "flowed" user, which checks the security credentials that are sent from IBM Integration Bus, and the "link" user, which must also have permission for the resource. Both user IDs must have permission to use the resource before the request is granted. The link user ID is given low privileges, which means that even if the flowed user has many permissions, the link user ID can be used to cap the privilege of the connection. If LINKAUTH is set to SECUSER, the SECURITYNAME field is used to specify the link user ID. If set to CERTUSER, the link user is determined from an SSL client certificate that is mapped by RACF®. If USERAUTH(IDENTIFY) or USERAUTH(VERIFY) is specified, the link user ID is not used. Only the user ID received from the TOR is used to determine security.
The CICS USERAUTH property determines how the flowed user security is configured. If USERAUTH is set to "LOCAL" or "DEFAULTUSER", no user ID or password is to be sent to CICS on a request. This means that all requests use the CICS region ID. If USERAUTH is set to "IDENTIFY", user IDs are flowed without a password. If USERAUTH is set to "VERIFY", user IDs and passwords are required. If USERAUTH(IDENTIFY) or USERAUTH(VERIFY) is specified, the link user ID is not used. Only the user ID received from the TOR is used to determine security.
Each CICSRequest node in a message flow acts as a request on one of the connections to CICS. Which connection is used is determined by the configurable service that is used.
For more information about configuring the CICSRequest node to get connection details from a CICSConnection configurable service, see Changing connection information for the CICSRequest node.
You can configure the CICSRequest node or a CICSConnection configurable service to use SSL protocol. For more information, see Securing the connection to CICS Transaction Server for z/OS by using SSL.
CICSRequest node connections:
If a CICSConnection configurable service is not specified on the CICSRequest node, and a host name is used directly in the CICS server property, the request shares a connection with other resources that have specified the same CICS server URL. The first CICSRequest node to be used opens the connection to CICS, regardless of whether a URL or a configurable service is specified in the CICS server property.