SSL channels for WebSphere MQ provide an excellent way to protect messages as they move from one queue manager to another. However, how can you protect messages when they are at rest on a queue? Also, how can you tell if the message has been altered since it reached the queue and how do you know who really sent the message?
WebSphere MQ Extended Security Edition can be used to solve these problems and more. It employs a certificate based security infrastructure which provides authentication, authorisation and auditing for a WMQ network. This means messages can be digitally signed and/or encrypted for their entire lifetime inside WMQ. WMQ ESE also provides authentication of users and their authorisation to queues and messages. WMQ ESE is administered centrally for easy to manage end to end security.
For more information on WMQ ESE, checkout the product page here.
If there is a good amount of interest in this topic then I’ll follow up with some more articles on how to implement and make best use of WMQ ESE
6 comments
Comments feed for this article
May 9, 2007 at 3:04 pm
Sam
Hi Mark
I’m liking the blog, its very interesting and has kept me going through some of those boring rainy lunchtimes when walking to the club house is not possible ;o)
I’m currently looking at WMQ ESE at the moment, there doesn’t seem to be much documentation about how MQ can work with TAM so I was wondering if you had managed to write those articles on how to implement and make best use of WMQ ESE?
September 9, 2007 at 10:21 pm
Shaun
Hi Mark,
I too am looking at ESE at the moment. Any pearls of wisdom on setup/performance would be gratefully received.
October 18, 2007 at 10:57 am
geraldmarsh
I’m only attempting to harden the base MQ (V5.3 and upwards) and I cannot find the definitive file permissions in any doc.
Would ESE detail these?
November 27, 2007 at 6:58 pm
Anonymous
Looking for detais of a basic configuratin setup for MQ Client authentication … how quick and easy can this be done with ESE or is it strickly for bigger fish/problem configurations.
December 5, 2007 at 6:02 pm
Ron
Mark,
Thanks for your discussion of this topic. We are currently looking at the WMQ ESE 6.0 product as a means to centrally manage the securing of channel access to our distributed and mainframe queue managers from WMQ clients and queue managers. We have found documentation to be somewhat lacking with this product. We would greatly appreciate any documentation and articles you would care to post regarding installing, implementing and managing the WMQ ESE product.
December 10, 2007 at 10:50 am
markhiscock
Hi Ron,
I’m not sure if you’ve found the following documents in the WMQ ESE information center. These provide more in depth information on setting up and configuring ESE. They are for version V5.1 but still apply to V6.
ESE Administration Guide
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itamfbi.doc_5.1/ADM51mst.pdf
ESE Broker’s Administration Guide
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itamfbi.doc_5.1/BRKR5mst.pdf
ESE Problem Determination Guide
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itamfbi.doc_5.1/PD51mst.pdf
If you would like to chat about WMQ ESE further then feel free to contact me on my work email address which is mark.hiscock@uk.ibm.com.
Mark