Setting up TCP/IP for IIOP

To configure a CICS® region as a TCP/IP Listener to accept and send IIOP requests, you need to make the following definitions in CICS:
  1. In the CICS startup jobstream for every CICS region where the Listener is required, set the following system initialization parameters:
    • IIOPLISTENER to YES
    • TCPIP to YES
  2. Define and install TCPIPSERVICE resource definitions in the Listener region for every port that the Listener will monitor, specifying:
    • PROTOCOL(IIOP)
    • The port or IP address on which CICS will listen for incoming IIOP requests
      Note: If the SSL connection fails, some clients will attempt to retry on an associated non-SSL port. CICS TS defines this port to be SSL port–1. You should ensure that this port (SSL port–1) is not defined for any other purpose. The well-known IIOP ports are 683(non-SSL) and 684(SSL).
    • The CICS transaction to start when a request arrives. For an IIOP service, this should be set to the CICS IIOP Request Receiver, CIRR.
    • The level of Secure Sockets Layer (SSL) authentication to be used.
    • The DNSGROUP name if DNS connection optimization is to be used. See Resource definition for DNS connection optimization
    • The name of the user-replaceable program to be called to associate this request with a CICS USERID for security or workload management purposes. If omitted, no user-replaceable program is called. A sample user-replaceable program, DFHXOPUS, is supplied—see Using the IIOP user-replaceable security program.
    For example:
    DEFINE TCPIPSERVICE(IIOPNSSL) GROUP(DFH$IIOP)                      
         DESCRIPTION(IIOP TCPIPSERVICE with no SSL support)            
         URM(DFHXOPUS)          BACKLOG(5)             PORTNUMBER(683) 
         TRANSACTION(CIRR)      SSL(NO)                                
         STATUS(CLOSED)         PROTOCOL(IIOP)                         
    Important: In a multi-region server, the TCPIPSERVICE definitions must be installed in all the regions (both listeners and AORs) of the logical server. In the listener regions, the IIOPLISTENER system initialization parameter must be set to 'YES'. In the AORs, it must be set to 'NO'. In a combined listener/AOR, it must be set to 'YES'.

    See the CICS Resource Definition Guide for the full syntax of the TCPIPSERVICE resource definition.