Universal Broker

Universal Broker manages Universal Agent components.

This document provides operating system-specific detailed technical information for Universal Broker:

Started task (z/OS)
Configuration Options
Component Definition options
Universal Access Control List entries

Universal Broker Utilization

For information how Universal Broker is utilized, see the Universal Agent 7.3.x User Guide.

Detailed Information

The following pages provide detailed information for Universal Broker:

Universal Broker Examples

See Starting and Stopping Agent Components - Examples for examples of how to start and stop Universal Broker.

See Maintaining Universal Broker Definitions in UEC Database for examples of how to maintain Universal Broker definitions in the UEC Database.

Universal Broker Key Store

The Universal Broker Key Store feature lets you generate a random 32-byte encryption key, for use with AES encryption, and a Universal Broker key store in which to locate the key.

Every Universal Broker in your enterprise can have a key store; each key store has a single encryption key.

During installation, you can generate the encryption key and place it in a key store of the local Universal Broker. All command files encrypted by Universal Encrypt (UENCRYPT) will use this encryption key.

The Universal Broker KEYSTORE_PATH configuration option lets you select a remote Universal Broker key store. UENCRYPT then will use the encryption key in that key store for encrypting files.

If you do not generate an encryption key and key store during installation, UENCRYPT lets you do so.

Only Universal Broker has access to its key store. Any component that wants to encrypt/decrypt a file requests the encryption key from Universal Broker. If access to the encryption key is granted, and the encryption key exists, Universal Broker sends the encryption key to the component. Otherwise, the default hard-coded encryption key is used by the component.

All Universal Agent components that are not local Broker-aware - Universal Automation Center Agent (UAG), OMS Admin, Universal Certificate (UCERT), and Universal Products Install Merge (UPIMERGE) - have their own KEYSTORE_PATH configuration option for specifying the path to a local or remote Universal Broker service interface from which the encryption key can be obtained.

If an encryption key is not generated or specified, UENCRYPT uses a default, 8-byte key for encryption.

Key Store Configuration Options for Universal Encrypt

Universal Encrypt (UENCRYPT) contains the following configuration options for encryption keys and the Universal Broker Key Store:

ENCRYPTION_KEY	User-defined encryption key used to encrypt a command file. If you specify an encryption key with this option, and the Universal Broker Key Store contains an encryption key, UENCRYPT uses the encryption key specified with this option.
GENERATE_KEY	Specification for whether or not to generate an encryption key. GENERATE_KEY either writes a generated encryption key to the local Universal Broker key store specified by the KEYSTORE_PATH Universal Encrypt configuration option or, if the STORE_KEY Universal Encrypt configuration option is yes, to a remote key store location specified by the KEYSTORE_PATH Universal Broker configuration option.
KEYSTORE_PATH	Path to the local Universal Broker key store.
STORE_KEY	Specification for whether or not to store the encryption key (generated or specified explicitly) in a remote Universal Broker key store specified by the Universal Broker KEYSTORE_PATH configuration option.

Key Store Location

The local Universal Broker key store is placed at the following locations by default:

UNIX	/var/opt/universal/keystore
Windows	..\keystore
z/OS	dd:UNVKSTR

Browser not supported