IBM MQ security deep dive including AMS MQTC 2017Robert Parker
This presentation was delivered at the MQTC conference in Ohio in September 2017. It covers two security features in detail: AMS and Channel Authentication.
Presented at MQ Technical Conference - 24th September 2018
Security features are important in any modern day application and MQ is no exception. In order to ensure user data is protected to the user's requirements applications must supply a variety of configurable security features. In this session we will be providing an introduction to all of IBM MQ's security features and a high level overview of why you would use them.
531: Controlling access to your IBM MQ systemRobert Parker
This presentation was originally presented at IBM TechCon 2021. In it we go through the various options in IBM MQ to secure your queue manager and control applications and users from accessing your vital configuration and data.
Presented at MQ Technical Conference 2018
More businesses are discovering the benefit of the cloud and moving parts or the whole of their infrastructure onto cloud platforms. In this session we will be looking at how you can utilize IBM MQ in the cloud including considerations you must make before moving your MQ infrastructure into the cloud. We will also look at what resources are available for you to use as a starting point for moving IBM MQ in the cloud.
This presentation was delivered at the MQTC 2017 conference in Ohio. It covers different concepts and features of MQ you need to consider when moving your IBM MQ infrastructure into the cloud.
IBM MQ security deep dive including AMS MQTC 2017Robert Parker
This presentation was delivered at the MQTC conference in Ohio in September 2017. It covers two security features in detail: AMS and Channel Authentication.
Presented at MQ Technical Conference - 24th September 2018
Security features are important in any modern day application and MQ is no exception. In order to ensure user data is protected to the user's requirements applications must supply a variety of configurable security features. In this session we will be providing an introduction to all of IBM MQ's security features and a high level overview of why you would use them.
531: Controlling access to your IBM MQ systemRobert Parker
This presentation was originally presented at IBM TechCon 2021. In it we go through the various options in IBM MQ to secure your queue manager and control applications and users from accessing your vital configuration and data.
Presented at MQ Technical Conference 2018
More businesses are discovering the benefit of the cloud and moving parts or the whole of their infrastructure onto cloud platforms. In this session we will be looking at how you can utilize IBM MQ in the cloud including considerations you must make before moving your MQ infrastructure into the cloud. We will also look at what resources are available for you to use as a starting point for moving IBM MQ in the cloud.
This presentation was delivered at the MQTC 2017 conference in Ohio. It covers different concepts and features of MQ you need to consider when moving your IBM MQ infrastructure into the cloud.
M08 protecting your message data in IBM MQ with encryptionRobert Parker
This presentation was originally presented at IBM TechCon 2020. In it we go through the various options in IBM MQ to protect both connections and message data using encryption focussing on the TLS and AMS features.
These slides were presented at the Cloud Technical University 2017 in Madrid.
Businesses are transforming their enterprise IT infrastructure to run in the Cloud. This doesn't have to be a simple lift and shift, it
promotes selfservice practices and new automated deployment and management techniques. This session will explain the many
possibilities and techniques that are available to run MQ in such environments, whether you're looking to move to a public or private
cloud, such as Bluemix, Azure, AWS, OpenStack or Docker environments.
Deploying and managing IBM MQ in the CloudRobert Parker
When moving to the cloud you want to ensure that the deployment and management of your cloud queue managers is as easy and streamlined as possible. In this session we will look at a few tools you can use to deploy and manage your queue managers, as well as where you can find examples of these tools in action.
This presentation was given at the WebSphere User Group in Hursley, June 2017.
Interconnect 2017: 6885 Deploying IBM MQ in the cloudRobert Parker
Presentation delivered at Interconnect 2017 Session ID 6885.
Most businesses are either already using cloud technologies, or are planning to do so in the near future. Whether it's moving to a public or private cloud environment, or simply adopting cloud-like practices in deploying and managing your on-premise systems, many of you are doing this with IBM MQ. There are an almost endless number of cloud technologies available: IBM Bluemix, Microsoft Azure, Amazon Web Services, OpenStack, Docker, Kubernetes, Chef, Google Cloud Platform... This session will give an overview of many of these technologies and platforms, and describe how IBM MQ should be deployed, configured and managed when using them.
Presented at MQ Technical Conference 2018
Several businesses are now moving to implement new or existing infrastructures in containers rather than traditional on-prem or virtual machine environments. In this session we will talk about the benefits of containers and show how IBM MQ can be ran in a container. Providing an example and sample of how you can get started running IBM MQ in a container.
CTU 2017 I173 - how to transform your messaging environment to a secure messa...Robert Parker
These presentation slides were presented at the Cloud Technical University 2017 in Madrid.
With today's focus on security, ensuring you utilize all of the options available to maximize your systems security is a high priority for
many businesses. In this session, we will work through a stepbystep case study that details how you can enhance the security of
your Queue Managers using the different features available in IBM MQ.
In this presentation we show how IBM MQ can be used to provide a secure, reliable messaging fabric across multiple clouds from on-premises private clouds to a range of public cloud providers including a managed service on IBM Cloud.
This presentation gives an overview of the many updates to the IBM MQ family of messaging products over the year leading up to March 2018. Learn how MQ has been continuously delivering new features and capabilities, enabling enterprise level messaging in ever more cloud and on-prem solutions, whether you're building your own MQ environment, using the MQ Appliance or looking to consume MQ as a service. This presentation touches on the main updates made to MQ during the 9.0.x releases.
Building an Active-Active IBM MQ Systemmatthew1001
Shows how message availability and service availability can be configured to reduce downtime and improve overall availability of your MQ network. Demonstrates how Uniform Clusters can be used to help keep your service availability high.
Designing IBM MQ deployments for the cloud generationDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can efficiently provision resources in an automated, self-service fashion, to be deployed as a service. In this session, we look at what that means with IBM MQ, and where previous design and deployment practices may not suit a more agile approach. We'll share what's possible with IBM MQ today, including the current best practices to achieve a low-touch, scalable solution whether deploying to the cloud or to on-premise systems.
InterConnect 2016: IBM MQ self-service and as-a-serviceDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can provision resources in an automated, self-service or "as-a-Service" fashion, often from a self-service portal or as part of an on-premise Platform-as-a-Service (PaaS). In this session, we explain the tools and techniques that are available to integrate MQ into such an environment. This changes an MQ deployment from a high-touch activity with significant interaction between humans on the application and middleware teams to an automated, efficient process.
This presentation gives an overview of the many updates to the IBM MQ family of messaging products leading up to the release on MQ V9.1 LTS in July 2018. Learn how MQ has been continuously delivering new features and capabilities, enabling enterprise level messaging in ever more cloud and on-prem solutions, whether you're building your own MQ environment, using the MQ Appliance or looking to consume MQ as a service. This presentation introduces the main updates made to MQ during the 9.0.x continuous delivery releases that culminated in MQ 9.1 long term support release.
Enterprise messaging and IBM MQ is a critical part of any system, this session shows you how MQ is rapidly evolving to meet your needs. Irrespective of your platform or environment, this session introduces many of the updates to MQ in 2019 and 2020, whether that's in administration, building fault tolerant, scalable messaging solutions, or securing your systems.
MQTC 2016 - IBM MQ Security: Overview & recapRobert Parker
Security features are important in any modern day application and MQ is no exception. In order to
ensure user data is protected to the user's requirements applications must supply a variety of
configurable security features. In this session we will be providing an introduction to all of IBM MQ's
security features and a high level overview of why you would use them.
M08 protecting your message data in IBM MQ with encryptionRobert Parker
This presentation was originally presented at IBM TechCon 2020. In it we go through the various options in IBM MQ to protect both connections and message data using encryption focussing on the TLS and AMS features.
These slides were presented at the Cloud Technical University 2017 in Madrid.
Businesses are transforming their enterprise IT infrastructure to run in the Cloud. This doesn't have to be a simple lift and shift, it
promotes selfservice practices and new automated deployment and management techniques. This session will explain the many
possibilities and techniques that are available to run MQ in such environments, whether you're looking to move to a public or private
cloud, such as Bluemix, Azure, AWS, OpenStack or Docker environments.
Deploying and managing IBM MQ in the CloudRobert Parker
When moving to the cloud you want to ensure that the deployment and management of your cloud queue managers is as easy and streamlined as possible. In this session we will look at a few tools you can use to deploy and manage your queue managers, as well as where you can find examples of these tools in action.
This presentation was given at the WebSphere User Group in Hursley, June 2017.
Interconnect 2017: 6885 Deploying IBM MQ in the cloudRobert Parker
Presentation delivered at Interconnect 2017 Session ID 6885.
Most businesses are either already using cloud technologies, or are planning to do so in the near future. Whether it's moving to a public or private cloud environment, or simply adopting cloud-like practices in deploying and managing your on-premise systems, many of you are doing this with IBM MQ. There are an almost endless number of cloud technologies available: IBM Bluemix, Microsoft Azure, Amazon Web Services, OpenStack, Docker, Kubernetes, Chef, Google Cloud Platform... This session will give an overview of many of these technologies and platforms, and describe how IBM MQ should be deployed, configured and managed when using them.
Presented at MQ Technical Conference 2018
Several businesses are now moving to implement new or existing infrastructures in containers rather than traditional on-prem or virtual machine environments. In this session we will talk about the benefits of containers and show how IBM MQ can be ran in a container. Providing an example and sample of how you can get started running IBM MQ in a container.
CTU 2017 I173 - how to transform your messaging environment to a secure messa...Robert Parker
These presentation slides were presented at the Cloud Technical University 2017 in Madrid.
With today's focus on security, ensuring you utilize all of the options available to maximize your systems security is a high priority for
many businesses. In this session, we will work through a stepbystep case study that details how you can enhance the security of
your Queue Managers using the different features available in IBM MQ.
In this presentation we show how IBM MQ can be used to provide a secure, reliable messaging fabric across multiple clouds from on-premises private clouds to a range of public cloud providers including a managed service on IBM Cloud.
This presentation gives an overview of the many updates to the IBM MQ family of messaging products over the year leading up to March 2018. Learn how MQ has been continuously delivering new features and capabilities, enabling enterprise level messaging in ever more cloud and on-prem solutions, whether you're building your own MQ environment, using the MQ Appliance or looking to consume MQ as a service. This presentation touches on the main updates made to MQ during the 9.0.x releases.
Building an Active-Active IBM MQ Systemmatthew1001
Shows how message availability and service availability can be configured to reduce downtime and improve overall availability of your MQ network. Demonstrates how Uniform Clusters can be used to help keep your service availability high.
Designing IBM MQ deployments for the cloud generationDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can efficiently provision resources in an automated, self-service fashion, to be deployed as a service. In this session, we look at what that means with IBM MQ, and where previous design and deployment practices may not suit a more agile approach. We'll share what's possible with IBM MQ today, including the current best practices to achieve a low-touch, scalable solution whether deploying to the cloud or to on-premise systems.
InterConnect 2016: IBM MQ self-service and as-a-serviceDavid Ware
Businesses are transforming their enterprise IT infrastructure so that application teams can provision resources in an automated, self-service or "as-a-Service" fashion, often from a self-service portal or as part of an on-premise Platform-as-a-Service (PaaS). In this session, we explain the tools and techniques that are available to integrate MQ into such an environment. This changes an MQ deployment from a high-touch activity with significant interaction between humans on the application and middleware teams to an automated, efficient process.
This presentation gives an overview of the many updates to the IBM MQ family of messaging products leading up to the release on MQ V9.1 LTS in July 2018. Learn how MQ has been continuously delivering new features and capabilities, enabling enterprise level messaging in ever more cloud and on-prem solutions, whether you're building your own MQ environment, using the MQ Appliance or looking to consume MQ as a service. This presentation introduces the main updates made to MQ during the 9.0.x continuous delivery releases that culminated in MQ 9.1 long term support release.
Enterprise messaging and IBM MQ is a critical part of any system, this session shows you how MQ is rapidly evolving to meet your needs. Irrespective of your platform or environment, this session introduces many of the updates to MQ in 2019 and 2020, whether that's in administration, building fault tolerant, scalable messaging solutions, or securing your systems.
MQTC 2016 - IBM MQ Security: Overview & recapRobert Parker
Security features are important in any modern day application and MQ is no exception. In order to
ensure user data is protected to the user's requirements applications must supply a variety of
configurable security features. In this session we will be providing an introduction to all of IBM MQ's
security features and a high level overview of why you would use them.
Simplifying IBM MQ Security in your MQ estateRobert Parker
Presented at the IBM Community webinar. Watch the recording here: https://ibm.webcasts.com/starthere.jsp?ei=1640754&tp_key=ae9f8ed0d4
This presentation focused on how to tackle IBM MQ Security, breaking it into smaller features in order to implement it in smaller chunks for easier to understand implementations.
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Robert Parker
Presentation delivered at Interconnect 2017. Session ID 6893: Keep out the bad guys by securing your MQ messaging environment.
With today's focus on security, ensuring you utilize all of the options available to maximize your systems security is a high priority for many businesses. In this session, we will work through a step-by-step case study that details how you can enhance the security of your Queue Managers using the different features available in IBM MQ.
These slides from my talk at the buildingIoT conference discuss how to secure communication with the Internet of Things protocol "MQTT". It discusses Network, Host, Application and Data Security and also covers advanced topics like OAuth 2.0 and X509 client certificate authentication.
Expanding your options with the IBM MQ Appliance - IBM InterConnect 2016Leif Davidsen
This presentation was given at IBM InterConnect 2016 and provides an overview of what the IBM MQ Appliance is, what benefits it provides to a customer in choosing it as a deployment option for MQ, and how a physical appliance can be a good way to deliver unique benefits such as High Availability and Disaster Recovery. Session jointly presented by Leif Davidsen and Anthony Beardsmore
The enterprise differentiator of mq on zosMatt Leming
IBM MQ is renowned for its enterprise qualities and this presentation will show you how this is taken to the next level
when running on IBM's enterprise platform, z/OS. Learn how its integration with the z/OS platform provides the perfect
solution for your enterprise needs, whether that's through its unique shared queue HA capability or its integration to
the latest z/OS security capabilities.
A survey on Improvement of virtual network communication security of trusted ...ijsrd.com
Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their faster-pased adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest and revived interest as a security mechanism for IaaS. In this paper we present a protocol and We address the lack of an implementable mechanism to to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances and images in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
IBM MQ V8 introduced a number of new security features. This session will take you through the two major features, Multiple Certificates and Connection Authentication. In IBM MQ V8 you are no longer restricted to only using one certificate for you queue manager with an IBM enforced label. Now you can have your own certificate labels and can allocated a different certificate for any specific channel. How about authentication? Finding that digital certificates are more security than your need? Want some authentication without having to write a security exit. IBM MQ V8 gives you built-in user ID and password validation. Other security features related to the MQ CHLAUTH rules are covered in a separate session
IBM MQ Whats new - including 9.3 and 9.3.1Robert Parker
I presented at the IBM MQ French User Group in Paris on the topic of What's new in MQ. I covered both what was new in IBM MQ 9.3 LTS and what was new in the latest IBM MQ 9.3.1 CD release.
MQTC 2016: Monitoring and Tracking MQ and ApplicationsRobert Parker
Knowing what your Queue Managers and applications are doing can be important to detect potential
problems or improvements that can be made to your network. In this session you will discover the MQ
features that can be used to both monitor and track Queue Managers and applications as well as how to
effectively use them
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
These slides were presented at Interconnect with Leif Davidsen presenting why securing your environment is important and then i presented what security features in IBM MQ can be used to protect your environment.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
1. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
IBM MQ Security:IBM MQ Security:
Overview & recapOverview & recap
Rob Parker, IBM
parrobe@uk.ibm.com
2. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Important Disclaimer
THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL
PURPOSES ONLY.
WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE
INFORMATION CONTAINED IN THIS PRESENTATION, IT IS PROVIDED “AS IS”, WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
IN ADDITION, THIS INFORMATION IS BASED ON IBM’S CURRENT PRODUCT PLANS AND
STRATEGY, WHICH ARE SUBJECT TO CHANGE BY IBM WITHOUT NOTICE.
IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR
OTHERWISE RELATED TO, THIS PRESENTATION OR ANY OTHER DOCUMENTATION.
NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO, OR SHALL HAVE THE EFFECT
OF:
CREATING ANY WARRANTY OR REPRESENTATION FROM IBM (OR ITS AFFILIATES OR ITS OR THEIR
SUPPLIERS AND/OR LICENSORS); OR
ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT GOVERNING THE
USE OF IBM SOFTWARE.
Information regarding potential future products is intended to outline our general product
direction and it should not be relied on in making a purchasing decision. The information
mentioned regarding potential future products is not a commitment, promise, or legal obligation
to deliver any material, code or functionality. Information about potential future products may
not be incorporated into any contract. The development, release, and timing of any future
features or functionality described for our products remains at our sole discretion.
4. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Introduction – Typical MQ
In a Typical MQ setup there is:
A Queue Manager (QMGR)
A number of Queues
Applications that connect to the QMGR via:
Local Bindings
Client connections
Configuration is updated via Command line or Explorer
10/03/17
MQCONNX
Application (User4)
MQCONNX
Application (User2)
QMGR
Network
Com
m
unications
Inter process
Communications
Q1..Qn
5. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Introduction – Security Checks (Client)
When a user connects via client:
10/03/17
CHLAUTH
BlockAddr
TLS
CHLAUTH
Mapping
Security Exit
Connection
Authentication
CHLAUTH
Block User
Authorisation
6. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Introduction - Security Checks (Local)
When a user connects via local bindings:
10/03/17
Authorisation
Connection
Authentication
8. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
We use Authentication to ask clients connecting to prove they are who
they say they are.
Usually used in combination with authorisation to limit user's abilities.
Connection authentication feature available in MQ v8 and above.
Allows authentication using user credentials supplied by client applications.
User credentials can be local OS users or LDAP users.
A failure to authenticate results in a MQRC_NOT_AUTHORIZED 2035 error being
returned.
IBM MQ now can send two different userids in the connection data.
The userid that is running the application.
The userid and password that the application wants to authenticate with.
10/03/17
9. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
10/03/17
CHCK…
NONE
OPTIONAL
REQUIRED
REQDADM
MQCONNX
Application (User4)
MQCONNX
Application (User2)
QMGR
Network
Com
m
unications
Inter process
Communications
DEFINE AUTHINFO(USE.PW) AUTHTYPE(xxxxxx)
CHCKLOCL(OPTIONAL)
CHCKCLNT(REQUIRED)
ALTER QMGR CONNAUTH(USE.PW)
REFRESH SECURITY TYPE(CONNAUTH)
MQRC_NOT_AUTHORIZED (2035)
MQRC_NONE (0)
User
Repository
12. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
We use Authorization to limit what connected users can and cannot do.
This is performed by creating authority records
We create authority records for a specific user or group.
User level authority records are available on Linux but not by default
Authority is given on MQ objects and dictate what actions they can
performed (PUT, GET, OPEN, etc)
If a user or group does not have authority to do what they are trying to do,
they get blocked.
MQRC_NOT_AUTHORIZED (2035)
Users who are members of the mqm group have full administrator access.
A channel or channel authentication rule can change the userid used for
authority checks
10/03/17
13. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Which user will be used for authorization?
Method Notes
Client machine user ID flowed to
server
This will be over-ridden by anything else. Rarely do you
want to trust an unauthenticated client side user ID.
MCAUSER set on SVRCONN
channel definition
A handy trick to ensure that the client flowed ID is never
used is to define the MCAUSER as ‘rubbish’ and then
anything that is not set appropriately by one of the next
methods cannot connect.
MCAUSER set by ADOPTCTX(YES) The queue manager wide setting to adopt the password
authenticated user ID as the MCAUSER will over-ride either
of the above.
MCAUSER set by CHLAUTH rule To allow more granular control of MCAUSER setting, rather
than relying on the above queue manager wide setting, you
can of course use CHLAUTH rules
MCAUSER set by Security Exit Although CHLAUTH gets the final say on whether a
connection is blocked (security exit not called in that case),
the security exit does get called with the MCAUSER
CHLAUTH has decided upon, and can change it.
14. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Again with Early Adopt
Method Notes
Client machine user ID flowed to
server
This will be over-ridden by anything else. Rarely do you
want to trust an unauthenticated client side user ID.
MCAUSER set on SVRCONN
channel definition
A handy trick to ensure that the client flowed ID is never
used is to define the MCAUSER as ‘rubbish’ and then
anything that is not set appropriately by one of the next
methods cannot connect.
MCAUSER set by ADOPTCTX(YES) The queue manager wide setting to adopt the password
authenticated user ID as the MCAUSER will over-ride either
of the above.
MCAUSER set by CHLAUTH rule To allow more granular control of MCAUSER setting, rather
than relying on the above queue manager wide setting, you
can of course use CHLAUTH rules
MCAUSER set by Security Exit Although CHLAUTH gets the final say on whether a
connection is blocked (security exit not called in that case),
the security exit does get called with the MCAUSER
CHLAUTH has decided upon, and can change it.
15. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
Authority records are created or modified using one of three tools:
runmqsc
SET AUTHREC(<Object name>) OBJTYPE(<Object type>) GROUP(<group name>)
AUTHADD|AUTHRMV(<authority to give|remove>)
setmqaut
setmqaut –m <QM name> -n <Object name> -t <Object type> -g <Group
name> <authorizations to give or remove>
IBM MQ Explorer
By right clicking on the object you want to grant/remove authorities for and selecting
“Object Authorities -> Manage Authority Records”
10/03/17
18. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
TLS uses Private-Public asymmetric keys to exchange symmetric keys
used to encrypt data.
The symmetric keys exchanged are referred to as “session keys”.
The asymmetric keys are associated with a certificate that is used for identity.
IBM MQ’s integration of TLS provides the following two features:
Encryption of transmissions between client/queue manager to queue manager.
[optional] Authentication with a queue manager.
19. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
Certificates are created, stored and managed using tools supplied with
IBM MQ
runmqakm
runmqckm
iKeyman (strmqikm)
Certificates must be stored in a keystore format recognised by the queue
manager (CMS)
The keystore password must also be available to the queue manager in a secure stash
file.
IBM MQ Channels can only have a single CipherSpec set on them
A CipherSpec is a string which details the hashing and encryption algorithm to use.
A list of the cipher strings you can supply are detailed on the knowledge centre.
20. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
IBM MQ allows clients to either connect anonymously or with mutual
authentication
If a client connects with a certificate then it must be known and trusted by the queue
manager.
CipherSpec lists are updated when new vulnerabilities arise
In later versions of IBM MQ you may notice the list size changing.
We do not delete CipherSpecs, we disable them by default.
MQv8 added in multiple certificates feature
Allows you to specify a different certificate to use at the channel level
Allows you to specify a certificate to use on the queue manager
Before you would be forced to name your certificate ibmwebspheremq<QM name>
21. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
Once you have created a Key store for the server to use:
ALTER QMGR SSLKEYR(<location of keystore>)
Once you have created the certificate for the server to use (MQv8+ only)
ALTER QMGR CERTLABL(<certificate label>)
SSLKEYR
QM's Digital
Certificate
CA Sig
ALTER QMGR
SSLKEYR('var/mqm/qmgrs/QM1/ssl/key')
CERTLABL(‘QM1Certificate’)
REFRESH SECURITY TYPE(SSL)
22. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
Once you have created a Key store for the server to use:
ALTER QMGR SSLKEYR(<location of keystore>)
Once you have created the certificate for the server to use (MQv8+ only)
ALTER QMGR CERTLABL(<certificate label>)
To enable TLS on a channel, specify a CipherSpec to use.
ALTER CHANNEL(<channel name>) CHLTYPE(<channel type>)
SSLCIPH(<Cipher string>)
ALTER CHANNEL(X) SSLCAUTH(REQUIRED)
SSLCIPH(TLS_RSA_WITH_AES_128_CBC_SHA256)
SSLKEYR
QM's Digital
Certificate
CA Sig
23. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
Once you have created a Key store for the server to use:
ALTER QMGR SSLKEYR(<location of keystore>)
Once you have created the certificate for the server to use (MQv8+ only)
ALTER QMGR CERTLABL(<certificate label>)
To enable TLS on a channel, specify a CipherSpec to use.
ALTER CHANNEL(<channel name>) CHLTYPE(<channel type>)
SSLCIPH(<Cipher string>)
To force clients to connect with a mutual authentication, set the SSLCAUTH to
REQUIRED
ALTER CHANNEL(<channel name>) CHLTYPE(<channel type>) SSLCAUTH(OPTIONAL|
REQUIRED)
To set a different certificate to use on a channel (MQv8+ only)
ALTER CHANNEL(<channel name>) CHLTYPE(<channel type>)
CERTLABL(<certificate label>)
SSLKEYR
QM's Digital
Certificate
CA Sig
25. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
Channel authentication rules are filters that can be applied for incoming
connections
Allowlisting – Allow connections based on a filter
Blocklisting – Block a connection based on a filter
The filters are applied on channels and are applied to all incoming
connections for that channel
The filter can be either very specific or generic. (Exact channel name or wildcard)
26. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
There are four types of filters:
TLS Distinguished name (Issuer and Subject)
Client User ID name
Remote Queue Manager name
IP/Hostname
For IP/Hostname the connection can be allowed/blocked at the listener or
channel
For Client user ID, the userid blocked can be the userid connected with or
the final adopted userid
30. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
Security exits are bespoke, customer created exits that are ran during the
security checking.
MQ comes with an API that can interact with MQ to provide extra control
over a connection.
They allow customers to expand MQ's security to suit their needs.
For example a customer could write a security exit to only allow connection to a
channel during 08:00 to 17:00.
Before MQ v8 they could be used to provide connection authentication
functionality.
When executed the security exit will have access to the channel definition,
information about the incoming connection and information
It will also have a piece of data passed to it that is set on the channel - SCYDATA
10/03/17
31. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Creation and configuration
To create a Security exit, first create a C file with the following skeleton
code.
void MQENTRY MQStart() {;}
void MQENTRY EntryPoint (PMQVOID pChannelExitParms,
PMQVOID pChannelDefinition,
PMQLONG pDataLength,
PMQLONG pAgentBufferLength,
PMQVOID pAgentBuffer,
PMQLONG pExitBufferLength,
PMQPTR pExitBufferAddr)
{
PMQCXP pParms = (PMQCXP)pChannelExitParms;
PMQCD pChDef = (PMQCD)pChannelDefinition;
/* Add Security Exit Code Here */
}
32. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Creation and configuration
Next compile the C file into a dll and place it into:
<MQ Data Root>/exits/<Installation Name>
With the exit in place you can now edit the channel configuration you
want the exit to be invoked on
ALTER CHANNEL(<channel name>) CHLTYPE(<channel type>)
SCYEXIT(<exit filename without extension>)
SCYDATA(<Data to pass to security exit>)
34. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
AMS stands for Advanced Message Security
It is message level security
It is a separate licensable feature - included in MQ Advanced
AMS is an end-to-end security model, messages stay signed/encrypted
through the whole lifetime of a message
In transit
At rest
With AMS you can create policies for a queue that describe how messages
should be protected when applications put or get messages using that
queue name.
Signing
Encryption
Both
10/03/17
35. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Details
AMS does not perform any access control:
Only privacy and integrity protection
Should be used with existing access control, authentication, etc
Encryption level protection prevents unauthorised users reading message
data.
Including MQ administrators.
Signing protection prevents messages from being altered.
Signing & Encryption use certificates – Same as TLS.
No application code changes required to use AMS.
10/03/17
36. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Configuration
Differences between AMS & TLS configuration
Both sides must have a certificate
Both sides must have exchanged the public certificate
The full certificate chain must be present in the key store
Policies can be created in explorer, runmqsc or using setmqspl
setmqspl –m <QM name> -p <Q Name> -s <Signing algorithm>
-a <Authorised signers> -e <Encryption algorithm> -r <Recipients>
SET POLICY(<Q NAME>) SIGNALG(<Signing algorithm>)
ENCALG(<Encryption algorithm>) SIGNER(<Authorised signers>)
RECIP(<Recipients>) ACTION(ADD|REPLACE|REMOVE)
38. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Where can I get more information?
10/03/1738
Blog posts
tagged with
“cloud”
39. MQ Technical Conference v2.0.1.7Capitalware's MQ Technical Conference v2.0.1.7
Would you like to take part in IBM MQ Design Research?
The IBM MQ team is currently conducting some long term research with
our MQ customer base.
With this survey we would like to understand:
Who is interreacting with MQ and what are their responsibilities?
Which customers are interested in moving IBM MQ into the cloud?
Which customers would like to take part in future research?
We estimate the survey should take 4 minutes to complete.
Please note: This survey is for distributed users only.
If you’re interested, go to ibm.biz/MQ-Customer-Survey