IBM MQ - better application performanceMarkTaylorIBM
Presented in Feb 2015 at Interconnect
This presentation is aimed at helping application developers understand how to best use MQ features for higher performance.
IBM MQ - better application performanceMarkTaylorIBM
Presented in Feb 2015 at Interconnect
This presentation is aimed at helping application developers understand how to best use MQ features for higher performance.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
IBM MQ: An Introduction to Using and Developing with MQ Publish/SubscribeDavid Ware
IBM MQ allows application programmers to use the publish/subscribe application model with ease. This session takes you through the fundamental publish/subscribe concepts and how they relate to IBM MQ. Covering aspects of system design, configuration and application programming, this session is essential for all users looking to adopt publish/subscribe with IBM MQ.
We start with an introduction to what Apache Camel is, and how you can use Camel to make integration much easier. Allowing you to focus on your business logic, rather than low level messaging protocols, and transports. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We look into web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities. In addition to the web tooling we will also show you other tools in the making.
High availability of a messaging system is essential. This is especially true for IBM MQ systems which are absolutely critical to the smooth running of many enterprises. IBM MQ Advanced made achieving high availability even easier with Replicated Data Queue Managers. Learn how this and other HA capabilities fits into a system that provides both high availability of the messaging system as a whole and every last piece of critical messaging data that you care about.
WebSphere MQ includes a alternative of APIs and supports the Java™ Message Service (JMS) API. WebSphere MQ is that the market-leading messaging integration middleware product. Originally introduced in 1993 (under the IBM MQSeries® name), WebSphere MQ provides associate degree an, reliable, scalable, secure, and superior transport mechanism to handle businesses property necessities.
In this session, we will start with the importance of monitoring of services and infrastructure. We will discuss about Prometheus an opensource monitoring tool. We will discuss the architecture of Prometheus. We will also discuss some visualization tools which can be used over Prometheus. Then we will have a quick demo for Prometheus and Grafana.
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdfJesmar Cannao'
ProxySQL is well-affirmed into thousands of production environments for the features we all know: multiplexing, query routing, and rewriting to name a few.
Let's go through those use cases which maybe are the least common: from keeping malicious eyes away from your production data to rebuilding your non-production environment, from stopping having hanging transactions to monitor your instance, from query firewalling to changing ProxySQL configuration without a single line of SQL!
When the sky is the limit, ProxySQL gives you some boost!
Designing IBM MQ deployments for the cloud generationDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can efficiently provision resources in an automated, self-service fashion, to be deployed as a service. In this session, we look at what that means with IBM MQ, and where previous design and deployment practices may not suit a more agile approach. We'll share what's possible with IBM MQ today, including the current best practices to achieve a low-touch, scalable solution whether deploying to the cloud or to on-premise systems.
Getting started with Apache Camel presentation at BarcelonaJUG, january 2014Claus Ibsen
This session will teach you how to get a good start with Apache Camel. We will introduce you to Apache Camel and how Camel its related to Enterprise Integration Patterns. And how you go about using these patterns in Camel routes, written in Java code or XML files.
We will then discuss how you can get started developing with Camel, and how to setup new projects from scratch using Maven and Eclipse tooling.
This session includes live demos that show how to build Camel applications in Java, Spring, OSGi Blueprint and alternative languages such as Scala and Groovy. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We also take a moment to look at web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities.
Experiments with Randomisation and Boosting for Multi-instance ClassificationLARCA UPC
A fairly recent development in the WEKA software has been the addition of algorithms for multi-instance classification, in particular, methods for ensemble learning. Ensemble classification is a well-known approach for obtaining highly accurate classifiers for single-instance data. This talk will first discuss how randomisation can be applied to multi-instance data by adapting Blockeel et al.'s multi-instance tree inducer to form an ensemble classifier, and then investigate how Maron's diverse density learning method can be used as a weak classifier to form an ensemble using boosting. Experimental results show the benefit of ensemble learning in both cases.
MQTC 2016 - IBM MQ Security: Overview & recapRobert Parker
Security features are important in any modern day application and MQ is no exception. In order to
ensure user data is protected to the user's requirements applications must supply a variety of
configurable security features. In this session we will be providing an introduction to all of IBM MQ's
security features and a high level overview of why you would use them.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
IBM MQ: An Introduction to Using and Developing with MQ Publish/SubscribeDavid Ware
IBM MQ allows application programmers to use the publish/subscribe application model with ease. This session takes you through the fundamental publish/subscribe concepts and how they relate to IBM MQ. Covering aspects of system design, configuration and application programming, this session is essential for all users looking to adopt publish/subscribe with IBM MQ.
We start with an introduction to what Apache Camel is, and how you can use Camel to make integration much easier. Allowing you to focus on your business logic, rather than low level messaging protocols, and transports. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We look into web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities. In addition to the web tooling we will also show you other tools in the making.
High availability of a messaging system is essential. This is especially true for IBM MQ systems which are absolutely critical to the smooth running of many enterprises. IBM MQ Advanced made achieving high availability even easier with Replicated Data Queue Managers. Learn how this and other HA capabilities fits into a system that provides both high availability of the messaging system as a whole and every last piece of critical messaging data that you care about.
WebSphere MQ includes a alternative of APIs and supports the Java™ Message Service (JMS) API. WebSphere MQ is that the market-leading messaging integration middleware product. Originally introduced in 1993 (under the IBM MQSeries® name), WebSphere MQ provides associate degree an, reliable, scalable, secure, and superior transport mechanism to handle businesses property necessities.
In this session, we will start with the importance of monitoring of services and infrastructure. We will discuss about Prometheus an opensource monitoring tool. We will discuss the architecture of Prometheus. We will also discuss some visualization tools which can be used over Prometheus. Then we will have a quick demo for Prometheus and Grafana.
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdfJesmar Cannao'
ProxySQL is well-affirmed into thousands of production environments for the features we all know: multiplexing, query routing, and rewriting to name a few.
Let's go through those use cases which maybe are the least common: from keeping malicious eyes away from your production data to rebuilding your non-production environment, from stopping having hanging transactions to monitor your instance, from query firewalling to changing ProxySQL configuration without a single line of SQL!
When the sky is the limit, ProxySQL gives you some boost!
Designing IBM MQ deployments for the cloud generationDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can efficiently provision resources in an automated, self-service fashion, to be deployed as a service. In this session, we look at what that means with IBM MQ, and where previous design and deployment practices may not suit a more agile approach. We'll share what's possible with IBM MQ today, including the current best practices to achieve a low-touch, scalable solution whether deploying to the cloud or to on-premise systems.
Getting started with Apache Camel presentation at BarcelonaJUG, january 2014Claus Ibsen
This session will teach you how to get a good start with Apache Camel. We will introduce you to Apache Camel and how Camel its related to Enterprise Integration Patterns. And how you go about using these patterns in Camel routes, written in Java code or XML files.
We will then discuss how you can get started developing with Camel, and how to setup new projects from scratch using Maven and Eclipse tooling.
This session includes live demos that show how to build Camel applications in Java, Spring, OSGi Blueprint and alternative languages such as Scala and Groovy. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We also take a moment to look at web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities.
Experiments with Randomisation and Boosting for Multi-instance ClassificationLARCA UPC
A fairly recent development in the WEKA software has been the addition of algorithms for multi-instance classification, in particular, methods for ensemble learning. Ensemble classification is a well-known approach for obtaining highly accurate classifiers for single-instance data. This talk will first discuss how randomisation can be applied to multi-instance data by adapting Blockeel et al.'s multi-instance tree inducer to form an ensemble classifier, and then investigate how Maron's diverse density learning method can be used as a weak classifier to form an ensemble using boosting. Experimental results show the benefit of ensemble learning in both cases.
MQTC 2016 - IBM MQ Security: Overview & recapRobert Parker
Security features are important in any modern day application and MQ is no exception. In order to
ensure user data is protected to the user's requirements applications must supply a variety of
configurable security features. In this session we will be providing an introduction to all of IBM MQ's
security features and a high level overview of why you would use them.
Aplication and Transport layer- a practical approachSarah R. Dowlath
This presentation was done for a Networking course. It really shows from a more practical standpoint how the application layer and the transport layer communicates with each other and operates on a whole to get the job done. It gives the reader more insight of how the pieces come together in an IT networking world.
Advanced Crypto Service Provider – cryptography as a serviceSmart Coders
Data and information security is crucial and essential for most of the IT environments. As data is more often stored in the cloud securing it becomes a non trivial challenge.
IBM Advanced Crypto Service Provider (ACSP) is a solution that enables remote access to the IBM’s cryptographic coprocessors. Such approach allows for utilization of strong hardware based cryptography as a service (“cryptography as a service”) in distributed environments where data security cannot be guaranteed.
ACSP is a “network hardware security module (NetHSM)” that provides access to cryptographic resources via IBM Common Cryptographic Architecture (CCA) interface and the PKCS#11 standard.
More at https://ibm.box.com/v/acsp-vault-ibm-forum-2015
Video recording from that presentation can be found at https://vimeo.com/smartcoders/acsp-vault-ibm-forum-2015
Recover A RSA Private key from a TLS session with perfect forward secrecyPriyanka Aash
They always taught us that the only thing that can be pulled out from a SSL/TLS session using strong authentication and latest Perferct Forward Secrecy ciphersuites is the public key of the certificate exchanged during the handshake - an insufficient condition to place a MiTM attack without to generate alarms on the validity of the TLS connection and certificate itself. Anyway, this is not always true. In certain circumstances it is possible to derive the private key of server regardless of the size of the used modulus. Even RSA keys of 4096 bits can be factored at the cost of a few CPU cycles and computational resources. All that needed is the generation of a faulty digital signature from server, an event that can be observed when occurring certain conditions such as CPU overheating, RAM errors or other hardware faults. Because of these premises, devices like firewall, switch, router and other embedded appliances are more exposed than traditional IT servers or clients. During the talk, the author will explain the theory behind the attack, how common the factors are that make it possible and his custom pratical implementation of the technique. At the end, a proof-of-concept, able to work both in passive mode (i.e. only by sniffing the network traffic) and in active mode (namely, by participating directly in the establishment of TLS handshakes), will be released.
(Source: Black Hat USA 2016, Las Vegas)
These slides were presented at the Cloud Technical University 2017 in Madrid.
Businesses are transforming their enterprise IT infrastructure to run in the Cloud. This doesn't have to be a simple lift and shift, it
promotes selfservice practices and new automated deployment and management techniques. This session will explain the many
possibilities and techniques that are available to run MQ in such environments, whether you're looking to move to a public or private
cloud, such as Bluemix, Azure, AWS, OpenStack or Docker environments.
3450 - Writing and optimising applications for performance in a hybrid messag...Timothy McCormick
Messaging architectures in any environment, from local standalone deployments through to public clouds, must provide the highest reliability yet maximize their performance. This session gives you an insight into IBM MQ and how applications can be made to perform to their absolute best while maintaining the data integrity that IBM MQ is renowned for. We'll see how this can be achieved through a combination of good application design, system tuning and architectural patterns.
3425 - Using publish/subscribe to integrate applicationsTimothy McCormick
Publish/subscribe is the messaging model of choice for a wide range of messaging environments. Ranging from traditional MQ applications, applications running in frameworks like JEE and .NET or applications using the new MQ Light and open source AMQP capabilities, either on premise or in a Hybrid cloud. When MQ is at the heart of the solution all these environments can interoperate over a shared publish/subscribe infrastructure. This session will take you from the fundamentals of publish/subscribe through to how you can join these diverse systems together.
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it, then just remember to renew it every couple of years. Then, suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again, then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them with confidence this session will show you how!
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Introducing IBM Message Hub: Cloud-scale messaging based on Apache KafkaAndrew Schofield
IBM Message Hub is a new Bluemix service for messaging in the cloud. It's ideal for linking together microservices to build a scalable, flexible application in the cloud. It's great for feeding data at speed into other services such as analytics. You can also use it to bridge securely from your enterprise MQ systems into the cloud.
HHM-3540: The IBM MQ Light API: From Developer Laptop to Enterprise Data Cen...Matt Leming
The IBM MQ Light API makes it simple for developers to create responsive applications that are easy to scale without having to become messaging experts. Increasingly, development teams choose from a wide variety of languages, so the MQ Light API is available in a range of popular languages such as Ruby and Python, with the syntax tailored to fit naturally in each. The same API can be used with MQ Light installed on a laptop, with enterprise MQ queue managers, or in the cloud with the Message Hub service, so you can move seamlessly between these environments. Come and see how this API can make your developers more productive.
CTU 2017 I173 - how to transform your messaging environment to a secure messa...Robert Parker
These presentation slides were presented at the Cloud Technical University 2017 in Madrid.
With today's focus on security, ensuring you utilize all of the options available to maximize your systems security is a high priority for
many businesses. In this session, we will work through a stepbystep case study that details how you can enhance the security of
your Queue Managers using the different features available in IBM MQ.
WebSphere MQ CHLAUTH - including V8 changesMorag Hughson
WebSphere MQ V7.1 introduced a new feature for securing channels, known as Channel Authentication Records, or CHLAUTH for short. This new feature allows you to set rules to indicate which inbound connections are allowed to use your queue manager and which are banned. In V8, CHLAUTH was updated to tie in with a number of other new security features, including connection authentication (using CHCKCLNT on CHLAUTH); more advanced certificate checking (using SSLCERTI on CHLAUTH) and hostname support.
This session will take you through the concepts behind this feature, how to create these rules and how to monitor and manage their use.
IBM WebSphere MQ V8 Security Features: Deep DiveMorag Hughson
This presentation takes a detailed look at three features in the newly announced IBM WebSphere MQ V8 product: Hostnames in CHLAUTH; Changes for Channels using SSL/TLS Certificates; and User ID & Password Connection Authentication. Full notes pages are provided.
Presented at MQ Technical Conference - 24th September 2018
Security features are important in any modern day application and MQ is no exception. In order to ensure user data is protected to the user's requirements applications must supply a variety of configurable security features. In this session we will be providing an introduction to all of IBM MQ's security features and a high level overview of why you would use them.
531: Controlling access to your IBM MQ systemRobert Parker
This presentation was originally presented at IBM TechCon 2021. In it we go through the various options in IBM MQ to secure your queue manager and control applications and users from accessing your vital configuration and data.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
This session will look at how security facilities are provided on WebSphere MQ for z/OS, including
a look at what security is available, how it is activated/deactivated, what types of resources can be
protected and an insight as to how WebSphere MQ for z/OS determines which userids it uses for
the checks it performs.
How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...ScyllaDB
Scylla includes multiple features that collectively provide a robust security model. Most recently we announced support for encryption-at-rest in Scylla Enterprise. This enables you to lock-down your data even in multi-tenant and hybrid deployments of Scylla. Join Tzach and Dejan for an overview of security in Scylla and to see how you can approach it holistically using the array of Scylla capabilities. He will review Scylla Security features, from basic to more advanced, including:
Reducing your attack surface
Authorization & Authentication
Role-Based Access Control
Encryption at Transit
Encryption at Rest, in 2019.1.1 and beyond
LDAP authentication is a common requirement for any enterprise software. It gives users consistent login procedures across multiple components of the IT infrastructure, while centralizing the control of access rights. Scylla Enterprise now supports authentication via LDAP. We will look into how to configure Scylla Enterprise for LDAP interaction and how to fine-tune access control through it.
IBM MQ V8 Security: Latest Features Deep-DiveMorag Hughson
More than ever, security issues are on the top of everyone's list of priorities. Find out about the approach taken by IBM MQ. This session will cover the security features in the latest release of IBM MQ.
Similar to 3429 How to transform your messaging environment to a secure messaging environment. (20)
Simplifying IBM MQ Security in your MQ estateRobert Parker
Presented at the IBM Community webinar. Watch the recording here: https://ibm.webcasts.com/starthere.jsp?ei=1640754&tp_key=ae9f8ed0d4
This presentation focused on how to tackle IBM MQ Security, breaking it into smaller features in order to implement it in smaller chunks for easier to understand implementations.
IBM MQ Whats new - including 9.3 and 9.3.1Robert Parker
I presented at the IBM MQ French User Group in Paris on the topic of What's new in MQ. I covered both what was new in IBM MQ 9.3 LTS and what was new in the latest IBM MQ 9.3.1 CD release.
M08 protecting your message data in IBM MQ with encryptionRobert Parker
This presentation was originally presented at IBM TechCon 2020. In it we go through the various options in IBM MQ to protect both connections and message data using encryption focussing on the TLS and AMS features.
Presented at MQ Technical Conference 2018
More businesses are discovering the benefit of the cloud and moving parts or the whole of their infrastructure onto cloud platforms. In this session we will be looking at how you can utilize IBM MQ in the cloud including considerations you must make before moving your MQ infrastructure into the cloud. We will also look at what resources are available for you to use as a starting point for moving IBM MQ in the cloud.
Presented at MQ Technical Conference 2018
Several businesses are now moving to implement new or existing infrastructures in containers rather than traditional on-prem or virtual machine environments. In this session we will talk about the benefits of containers and show how IBM MQ can be ran in a container. Providing an example and sample of how you can get started running IBM MQ in a container.
This presentation was delivered at the MQTC 2017 conference in Ohio. It covers different concepts and features of MQ you need to consider when moving your IBM MQ infrastructure into the cloud.
IBM MQ security deep dive including AMS MQTC 2017Robert Parker
This presentation was delivered at the MQTC conference in Ohio in September 2017. It covers two security features in detail: AMS and Channel Authentication.
Deploying and managing IBM MQ in the CloudRobert Parker
When moving to the cloud you want to ensure that the deployment and management of your cloud queue managers is as easy and streamlined as possible. In this session we will look at a few tools you can use to deploy and manage your queue managers, as well as where you can find examples of these tools in action.
This presentation was given at the WebSphere User Group in Hursley, June 2017.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
3429 How to transform your messaging environment to a secure messaging environment.
1. How to transform your messaging
environment to a secure
messaging environment.
Robert Parker – parrobe@uk.ibm.com
IBM Hursley – UK
2. Introduction
• Aims of this presentation
– Step by step of each security feature in MQ
– Will take an unsecured Queue Manager and secure it
– At the end we will have a secured Queue Manager
• Each security feature section will have:
– What is it and Why do you use it
– Main points of the feature
– How to configure it.
3. Available Security Features
• Connection Authentication
• Authorization
• Channel Authentication
• SSL/TLS
• Security Exits
• AMS
4. Security provided on Client to Queue Manager
connections
Channel Authentication
(BLOCKADDR)
SSL/TLS
Channel Authentication
(ADDR/USER/SSL Map)
Security Exit
Connection
Authentication
Channel Authentication
(BLOCKUSER)
Authorization
MQRC_NONE
MQRC_NOT_AUTHORIZED
Or
8. Connection Authentication – What is it?
• Authentication is used to force clients to identify themselves.
• It is usually used in combination with authorization.
• Connection authentication was added as a feature of MQ in version 8.
*****
9. Connection Authentication – Main Points
• MQ allows you to specify levels of security for connections
– Client and local can be set to different levels
– Different client connections can have different levels using Channel
Authentication records.
• Also allows two different user repositories to check supplied credentials
against
– Operating system OAM.
– LDAP Server
*****
10. Connection Authentication – How to configure it
CHCK…
NONE
OPTIONAL
REQUIRED
REQDADM
MQCONNX
Application (User4)
MQCONNX
Application (User2)
QMGR
INTERCONNECTInter process
Communications
DEFINE AUTHINFO(USE.PW) AUTHTYPE(xxxxxx)
CHCKLOCL(OPTIONAL)
CHCKCLNT(REQUIRED)
ADOPTCTX(NO)
ALTER QMGR CONNAUTH(USE.PW)
REFRESH SECURITY TYPE(CONNAUTH)
MQRC_NOT_AUTHORIZED (2035)
MQRC_NONE (0)
User
Repository
Application (User4)
11. Connection Authentication – How to configure it
DEFINE AUTHINFO(USE.OS) AUTHTYPE(IDPWOS)
DEFINE AUTHINFO(USE.LDAP) AUTHTYPE(IDPWLDAP)
CONNAME(‘ldap1(389),ldap2(389)’)
LDAPUSER(‘CN=QMGR1’)
LDAPPWD(‘passw0rd’) SECCOMM(YES)
MQCONNX
User1 + pwd1
Application (User2)
QMGR
INTERCONNECT
O/S User
Repository
(z/OS + Dist)
LDAP Server (Dist only)
12. Connection Authentication – How to configure it
DEFINE AUTHINFO(USE.PW) AUTHTYPE(xxxxxx)
CHCKCLNT(OPTIONAL)
SET CHLAUTH(‘*’) TYPE(ADDRESSMAP) ADDRESS(‘*’)
USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
ADOPTCTX(NO)
SET CHLAUTH(‘*’) TYPE(SSLPEERMAP)
SSLPEER(‘CN=*’) USERSRC(CHANNEL)
CHCKCLNT(ASQMGR)
CHCKCLNT
ASQMGR
REQUIRED
REQDADM
QMgr
User's Digital
Certificate
CA
Sig
MQCONNX
User1 + pwd1
Application (User2)
MQRC_NONE (0)
SSL/TLS Network
Communications
MQCONNX
User3 + pwd3
Application (User4)
MQRC_NOT_AUTHORIZED (2035)
16. Authorization – What is it?
• Authorization is used to limit what connected applications can do.
• Authority can be given on a per group basis
– Windows allows per user
• Authority to perform an action is given.
– By default a user/group will not have any authority
• Best practice is to only grant minimum required authority
17. Authorization – Main points
• Each object in MQ can have separate authorities for each user/group
– Additionally you can also supply a generic object name
• MQ supplies 5 tools to view and modify authority records
– MQ Explorer
• Display, create and alter authority records for all objects
– runmqsc
• Display, create & Alter Authority records for all objects
– setmqaut
• Create & Alter authority records for requested objects
– dspmqaut
• Displays authority records for requested objects
– dmpmqaut
• Outputs authority records for requested objects, output can be inputted into QMGR.
• What user/group is used for the authority check depends on what happens before…
18. Authorization – Main points
Method Notes
Client machine user ID flowed to
server
This will be over-ridden by anything else. Rarely do you want
to trust an unauthenticated client side user ID.
MCAUSER set on SVRCONN
channel definition
A handy trick to ensure that the client flowed ID is never used
is to define the MCAUSER as ‘rubbish’ and then anything that
is not set appropriately by one of the next methods cannot
connect.
MCAUSER set by ADOPTCTX(YES) The queue manager wide setting to adopt the password
authenticated user ID as the MCAUSER will over-ride either
of the above.
MCAUSER set by CHLAUTH rule To allow more granular control of MCAUSER setting, rather
than relying on the above queue manager wide setting, you
can of course use CHLAUTH rules
MCAUSER set by Security Exit Although CHLAUTH gets the final say on whether a
connection is blocked (security exit not called in that case),
the security exit does get called with the MCAUSER
CHLAUTH has decided upon, and can change it.
19. Authorization – How to configure it
• Example 1: Granting clients the ability to read to the Queue
– Here we will give the group “readers” authority to connect
– In a command prompt
• Queue Manager to create authority record for
• Object type you are creating authority record for
• Group to give authority to
• Authorities
– + will grant authority
– - will remove authority
Setmqaut –m INTERCONNECT –t qmgr –g readers +connect
20. Authorization – How to configure it
• Example 1: Granting clients the ability to read to the Queue
– Here we will give the group “readers” GET and BROWSE authority
– In runmqsc.
• Object to grant authorities for
• Object type
• Group to grant authority
• Authority to add
SET AUTHREC PROFILE(CLIENT.DATA.Q) OBJTYPE(QUEUE) +
GROUP(‘readers’) AUTHADD(GET) AUTHADD(BROWSE)
22. Channel Authentication – What is it?
• Allows Granular control over connections
– Can Supply a whitelist or blacklist to block or allow connections
• Can filter on:
– SSL distinguished name (both issuer and subject)
– Client user ID
– Remote Queue Manager name
– IP/Hostname
• Blocking at channel (ADDRESSMAP) or listener (BLOCKADDR) level
• Values used in filters can be specific or generic
23. Channel Authentication – Main Points
• Specific rules have higher precedence than generic rules
– 1) Addressmap blocking ‘*’
2) Addressmap allowing ‘127.0.0.1’
– Any connections from 127.0.0.1 will be allowed by (2).
– Other connections blocked by (1)
• When creating Channel Authentication rule you can set it to use a
different User ID for future Authority checks:
1. NOACCESS – Blocks the connection regardless
2. CHANNEL – Use the User ID specified in Channel MCA
• If this is blank then we use the userid supplied by application
3. MAP – Use the User ID specified in this rule.
24. Channel Authentication – How to configure it.
• Example 1: Blacklisting bad connections
– Aim: Block connections from 129.1.198.X
• In Rumqsc:
• Channel name
• Rule type
• Address to match to
• Action
• Warn
SET CHLAUTH(‘CLIENT.CONNECTIONS’) TYPE(ADDRESSMAP) +
ADDRESS(‘129.1.198.*’) USERSRC(NOACCESS) WARN(NO)
25. Channel Authentication – How to configure it.
• Example 2: Whitelisting good connections
– Aim: Block connections all connections except from 129.198.1.7
• In Rumqsc:
SET CHLAUTH(‘CLIENT.CONNECTIONS’) TYPE(ADDRESSMAP) +
ADDRESS(‘*’) USERSRC(NOACCESS) WARN(NO)
SET CHLAUTH(‘CLIENT.CONNECTIONS’) TYPE(ADDRESSMAP) +
ADDRESS(‘129.198.1.7’) USERSRC(CHANNEL)
28. SSL/TLS – What is it?
• SSL/TLS is used for two reasons in MQ:
– Authentication with a Queue Manager
– Encrypting and protecting data in transit between a client or Queue Manager
and destination Queue Manager.
• Uses a certificate containing a public-private key pair in order to
establish a secure link.
– Called an SSL Handshake.
• During the SSL Handshake, asymmetric encryption is used.
– Once the handshake is completed symmetric encryption is used to transfer
data.
29. SSL/TLS – Main Points
• Channels are enabled for SSL/TLS by setting a CipherSpec.
– Only one CipherSpec can be used on a channel.
• A server Queue Manager must have a certificate
• A client application (or client Queue Manager) does not require a
certificate.
– But does require a copy of the server Queue Manager’s public certificate.
• As of MQ v8 a channel can use a different certificate than the Queue
Manager it is defined on.
30. SSL/TLS – Main Points
• MQ Supplies 3 tools for your certificate and key repository management
needs:
– strmqikm (or IBM Key Management)
• IBM JRE GUI tool for managing certificates
– runmqckm
• command line tool to manage certificates – can handle JKCS repositories
– runmqakm
• Command line tool to manage certificates – can handle Elliptic Curve certificates
• Default location for Queue Manager Key Repository is
– <MQ Data Root>/qmgrs/<QM Name>/ssl/key.kdb
• Can be changed using Queue Manager SSLKEYR attribute
• Default certificate used by the Queue Manager is
– Ibmwebspheremq<qmname>
• Can be changed in MQ v8+ using Queue Manager CERTLABL attribute
31. SSL/TLS – How to configure it
• Example 1: Setting up a Queue Manager to use SSL/TLS
• First create the Key Repository the Queue Manager will use:
– In a command prompt:
• What we are altering
• Action to perform
• Name and location of key repository to create
• Password to access the key repository
• Tells runmqakm to stash the password which is used by MQ.
runmqakm –keydb –create –db
/var/mqm/qmgrs/INTERCONNECT/ssl/key.kdb –pw passw0rd -stash
32. SSL/TLS – How to configure it
• Example 1: Setting up a Queue Manager to use SSL/TLS
• Next create the Queue Manager’s certificate
– In a command prompt
• What we are altering
• The action to perform
• Where to store the certificate
• Tells runmqakm to use the stash file to access the key repository
• The distinguished name to give the certificate
• The label to refer to the certificate
runmqakm –cert –create –db
/var/mqm/qmgrs/INTERCONNECT/ssl/key.kdb –stashed –dn
“CN=INTERCONNECT,OU=MQ,O=IBM,C=UK” –label
ibmwebspheremqinterconnect
33. SSL/TLS – How to configure it
• Example 1: Setting up a Queue Manager to use SSL/TLS
• Next set the Queue Manager to use Key Repository
– Unless you are using defaults
– In runmqsc
• Location of the key repository to use
– No file extension!
• Label of certificate to use
ALTER QMGR SSLKEYR(‘/var/mqm/qmgrs/INTERCONNECT/ssl/key’) +
CERTLABL(‘ibmwebspheremqinterconnect’)
34. SSL/TLS – How to configure it
• Example 1: Setting up a Queue Manager to use SSL/TLS
• Finally set a channel to use SSL
– In runmqsc
• Channel name
• Whether to use mutual authentication
• The CipherSpec to use on this channel
ALTER CHANNEL(‘CLIENT.CONNECTIONS’) SSLCAUTH(REQUIRED) +
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
35. SSL/TLS – How to configure it
• Example 1: Client application changes
• MQSCO structure
– SSL Security Parameters
– Location of Key Repository
– Certificate label to use (MQ v8 Only)
• MQCNO structure
– Connection Options
MQCNO cno = {MQCNO_DEFAULT};
cno.Version = MQCNO_VERSION_4;
cno.SSLConfigPtr = &sco;
MQCONNX(QMName,
&cno,
&hConn,
&CompCode,
&Reason);
MQSCO sco = {MQSCO_DEFAULT};
sco.version = MQSCO_VERSION_5
sco.KeyRepository = “/var/client/clientkeyr”;
Sco.CertificateLabel = “clientcertificate”
36. SSL/TLS – How to configure it
• Example 1: Client application
• Alternatively if you cannot adjust your application
– In command prompt
EXPORT MQSSLKEYR=var/client/clientkeyr
EXPORT MQCERTLABL=clientcertificate
37. SSL/TLS – How to configure it
• Example 1: Client application
– Ensure the certificate trust chain is complete on each side
ibmwebspheremqinterconnect
Queue Manager KeystoreClient Keystore
runmqakm –cert –extract –db
/var/mqm/qmgrs/INTERCONNECT/ssl/key.kdb –stashed –label
ibmwebspheremqinterconnect –file /var/certs/qmgr.cer
Qmgr.cer
38. SSL/TLS – How to configure it
• Example 1: Client application
– Ensure the certificate trust chain is complete on each side
ibmwebspheremqinterconnect
Queue Manager KeystoreClient Keystore
runmqakm –cert –add –db /var/client/clientkeyr.kdb –stashed
–label qmgrsignercert –file /var/certs/qmgr.cer
Qmgr.cerqmgrsignercert
39. SSL/TLS – How to configure it
• Example 1: Client application (Mutual Authentication)
– Ensure the certificate trust chain is complete on each side
ibmwebspheremqinterconnect
Queue Manager KeystoreClient Keystore
client.cerqmgrsignercert
clientcertificate
clientsignercert
runmqakm –cert –extract –db /var/client/clientkeyr.kdb
–stashed –label clientcertificate –file
/var/certs/client.cer
runmqakm –cert –add –db
/var/mqm/qmgrs/INTERCONNECT/ssl/key.kdb –stashed –label
clientsignercert –file /var/certs/client.cer
41. Security Exits – What is it?
• Security exits are bespoke, customer created exists that are ran during
the security checks.
• MQ contains an API used in the security exits to extract information
about an incoming connection.
– This information can then be used in the security exit to determine whether
to allow or disallow a connection.
• Prior to MQ v8 a security exit was used in MVS to supply connection
authentication capabilities
– CSQ4BCX3
42. Security Exits – Main Points
• Security exits are stored in <MQ Data Root>/exits/<Installation name>
– MQ will look in this folder when an exit is attached to a channel
• Exits are referenced in SCYEXIT channel attribute
– Without the file suffix or location
• As well as security exits there are also:
– Receive exits – RCVEXIT
– Send exits – SENDEXIT
• For each exit you can also supply custom data to pass to the exit using
the channel’s ***DATA attribute
– For example Security exit data using SCYDATA
43. Security Exits – How to Configure it
• First write a C Application with the following skeleton code:
void MQENTRY MQStart() {;}
void MQENTRY EntryPoint (PMQVOID pChannelExitParms,
PMQVOID pChannelDefinition,
PMQLONG pDataLength,
PMQLONG pAgentBufferLength,
PMQVOID pAgentBuffer,
PMQLONG pExitBufferLength,
PMQPTR pExitBufferAddr)
{
PMQCXP pParms = (PMQCXP)pChannelExitParms;
PMQCD pChDef = (PMQCD)pChannelDefinition;
/* TODO: Add Security Exit Code Here */
}
44. Security Exits – How to Configure it
• Next compile and link the exit as a Dynamic library and place in:
– <MQ Data Root>/exits/<Installation name>
45. Security Exits – How to Configure it
• Next specify the exit on the channel:
– In runmqsc
• Channel name
• Name of security exit to run
– Without location or file extension
• Custom data to pass to the security exit
ALTER CHANNEL(‘CLIENT.CONNECTIONS’) SCYEXIT(‘mqccred’) +
SCYDATA(‘sec exit data’)
47. AMS – What is it?
• AMS provides a higher level of protection to messages
• Has two levels of protection - policies
– Integrity protection
• Prevents messages from being tampered with.
• Guarantees message has been received from known source
– Integrity and privacy protection
• Same benefits as Integrity protection
• Also provides encryption to prevent unauthorised recipients seeing message
• AMS does not perform access control but simply provides privacy and
integrity to messages.
• Messages are protected using certificates that each signer and recipient will
need.
– Depending on level of protection
!*54%
@”p
48. AMS – Main points
• It is an end-to-end security model
– Messages are protected from creation until destruction
• Messages can be protected so that only authorised users can see message data
– This means even MQ Administrators cannot view a message.
• Messages are protected both in transit and at rest
– Satisfies the standards compliance for certain data types (HIPAA, PCI, etc)
• AMS is incorporated into MQ Client applications without the need for re-building
applications
– No code changes are necessary!
• Message size will increase in order to incorporate AMS format
– New message size = 1280 + [Old Message Length] + (200 x [# of recipients])
!*54%
@”p
49. AMS – Main points
• Unlike SSL, it requires the FULL trust chain
– Subject certificate, signer certificate, signer’s signer certificate, etc
• MQ has three tools for defining and managing policies
– MQ Explorer
• Define, display, delete policies
– setmqspl
• define, delete policies
– dspmqspl
• Display policies
!*54%
@”p
50. AMS – How to configure it
• Example 1: Configuring MQ to protect messages
– In a command prompt:
• Queue Manager
• Queue to protect
• Signing algorithm
• Authorised signer(s)
• Encryption algorithm
• Authorised recipient(s)
!*54%
@”p
setmqspl -m INTERCONNECT -p CLIENT.DATA.Q -s SHA512 -a
"CN=CLIENT1,O=CLIENTORG,C=UK" -e AES256 -r
"CN=CLIENT2,O=CLIENTORG,C=UK"
51. AMS – How to configure it
• Example 1: Application changes
!*54%
@”p
Alice’s
Sending/Receiving
App
AliceCertificate
MQS_KEYSTORE_CONF=/…/Keystore.conf
(Or create Keystore.conf in home directory)
No Changes Necessary!
Keystore.conf
cms.keystore=/…/Keystore
cms.certificate=AliceCertificate
Keystore
53. Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly
available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to
interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights,
trademarks or other intellectual property right.
•IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business
Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON,
OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®,
PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-
Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other
product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
54. Where can I get more information?
IBM Messaging developerWorks
developer.ibm.com/messaging
IBM Messaging Youtube
https://www.youtube.com/IBMmessagingMedia
LinkedIn
Ibm.biz/ibmmessaging
Twitter
@IBMMessaging
IBM MQ Facebook
Facebook.com/IBM-MQ-8304628654/