ESP Workstation encryption

Document ID : KB000121390
Last Modified Date : 20/11/2018
Show Technical Document Details
Introduction:
CA Workload Automation ESP encryption with ESP Workstation. We're looking at encrypting mainframe traffic, question is for Workstation session logon and traffic. we're running ESP r11.4 with ACF2 r16 on z/OS 2.2.
Question:
Is Workstation authentication logonid/password encrypted between client and manager? Is any other workstation<>manager traffic encrypted? What is required to implement encryption? 
Answer:
Workstation (WKS) communicates with workstation server (WSS) using TCPIP. WKS and WSS makes handshake on the begining of comunication and establish password for their session. After the handshake WSS and WKS communicates encrypted only. Workstation uses DES-56 encryption. Which is not very strong encryption nowadays. If you would like additional security for their communication, I would recommend to use VPN, because VPN will create encrypted tunnel with encryption you will setup.