Trust is a fragile gift. Protect your customers’ trust with end to end encryption from IBM MQ Advanced and MQ Appliance

Every time any of us go online we are taking a leap of faith and putting our identity and personal data at risk. Whether you are reading a blog post, watching a video, checking your account or buying something, you have probably had to expose your identity a little. It might be just being tracked by cookies, or you may have needed to create an account, or prove your identity, or even share your bank or payment details. All of these actions can leave you, or your personal information at risk.

 

As a consumer, while you are expected to take some precautions to protect yourself, much of the responsibility lies with the businesses in whom you are putting your trust when you provide them with your personal data. But what happens when that trust is misplaced? Would you make a different choice of who you trust if you thought the business or organisation was going to lose control of your data?

 

Breaches happen regularly. The happen to all sizes of company or organisation. It could be a retailer, or a bank. It could be an airline, or a dating site. It could be an accidental exposure, or it could be the result of malicious hacking or malware. Sometimes the reason is clearly an attempt to divert money or steal payment information. However, sometimes access to the data itself is enough. The UK government is drawing up guidelines to block access to all porn sites unless the user is verified, creating a potentially large database of user information that could be a target of hackers. There are many costs associated with security breaches: fines, lost business, reputational damage, with lots of details in the IBM and Ponemon Report.

 

If you go onto some of the sites which have had breaches, very few of them mention it. They would rather you forgive and forget. However, I would certainly like to know they have taken steps to ensure it doesn’t happen again. And if any business I am looking to put my trust in are a user of IBM MQ, I would hope they are also using IBM MQ Advanced or MQ Appliance, as these provide the access to MQ Advanced Message Security (MQ AMS).

One of the ways in which breaches can happen is not by the failure to secure a program but the failure to consider the end to end security aspects. For messaging, while encrypting the messages over the wire is normal, without considering encryption at rest there can be a risk of access to the storage itself. Unauthorised access to storage, either accidental or otherwise, would expose the contents of all messages unless these contents were encrypted. And adding in application to application encryption is complex and expensive.

 

With MQ Advanced or MQ Appliance, you can define policies within MQ to have the message contents encrypted without any required changes to the applications themselves. This encryption of the contents will ensure that even if the access to any of the storage between sender and receiver were compromised, then those contents are protected, and the trust of your customers has been earned.

Even if your total security focus is successful enough to prevent actual breaches, there is a benefit from protecting your message contents in this way. As a conscientious business you will have regular security audits, potentially consuming weeks of time to validate your security. How much simpler would it be to explain the end to end encryption of your messages, ensuring data protection and removing the need to include in the audit of the messaging system the potential access to possibly dozens of systems. And by excluding the possibility of unauthorised access to data, you have reduced the overhead of complying with GDPR or other regulations.

 

The latest performance improvement to the implementation of this encryption in MQ Advanced as detailed here show that for the Confidentiality setting there is only an impact of a few percentage points on overall throughput, which should mean every customer ought to be considering why not use this, rather than why use it. Or if using the MQ Appliance, which has this feature included, then the performance of the M2002 model is exceptionally high, giving a great platform for robust, rapid and secure messaging.

Your customers are putting trust in you. Isn’t it about time you responded to their needs, protected their data, and moved to use MQ’s end to end encryption with MQ Appliance and MQ Advanced? Start reviewing how to use it today. Your customers and your business are waiting.

Advertisements

Custom-build or container image? The choice is always yours with IBM MQ

Once upon a time (as all good stories begin) I was doing my final year project for my Computer Science degree. The project was based on the custom chip design software and systems we had access to. During the previous summer I had interned at LSI Logic (at the time a large custom chip designer and fabricator) and had written some code for them to lay out a custom resistor on the chip.

The goal I had been set was to lay out the resistor taking the smallest amount of silicon, within the parameters of the space on the chip with the resistive layer. After all, space on a chip was expensive, and it was critical to be able to do what was needed without taking up space that could be used for other tasks.

When discussing my final year project with my tutor, he suggested I redo that program for the chip design system at University, but also create a new program for a programmable logic array generator. For this, the goal would be for the user/customer to enter all the logic gate sequences they wanted, and the entire chip would be designed and laid out to meet the requirements.

This was a very different type of requirement. Lots of different individual components would be plugged together, but the outcome would be effectively an entire chip designed and ready for fabrication in seconds. Every component needed a separate design file, and they all needed to be created such that they would work together successfully and a new integrated design file would be built. Once the initial hard work of the component design was done, such that all the components would fit together, then it became easy, after a bit of coding, to build the output file based on the multiple required inputs. And entire custom chips would be ready to build in seconds.

What’s the relevance of this ancient history? When reviewing discussions with customers regarding deploying in containers I was reminded of some of the design choices I made back in those days of project work. I have written previously here and here about containers. The programmable logic array generator is conceptually pretty similar to container deployment. The design generated will not be the most efficient, either in terms of layout or size. But it will be ready to go in seconds. And if you want to make changes, you do so and run it again and generate another design file, ready to go. Undoubtedly this is great, as long as you are happy to not go for maximum efficiency. And these days, when trying to minimize operational cost instead of minimizing hardware usage, or maximizing performance, then this is a good trade off.

The other part of my project – the resistor design and layout program gives the other aspect of the decisions being made today. It was built to be as efficient as possible. It would have been possible to have more standard forms of resistor, but given the constraints and business goals, this would have used more silicon. And there are still lots of systems, or parts of systems where performance, throughput and efficiency is worth the extra effort. And so not everything is best with a ‘one-size-fits-all’ approach. Sometimes you need to have just the right solution in place.

 

Looking around the connectivity segment, I see fewer and fewer solutions which give customers a choice. Everyone wants simplicity, but in order to build and deploy the right solution, you need more than just having a hammer and treating every problem as a nail.

IBM MQ is offered in multiple forms – as base or Advanced software to be configured and managed by the customer, as container images (IBM Cloud Paks) for deployment in environments like IBM Cloud Private and Red Hat OpenShift, as a physical appliance, as a native z/OS offering, or as a public cloud hosted and managed solution. Even as a part of the IBM Cloud Integration Platform. The combination of these deployment options, as well as the proven technical advantages IBM MQ has over other messaging offerings is designed to provide customers with the best solution for all possible use cases.

 

With IBM MQ you get to have your cake, and eat it.

 

(Sadly I have misplaced my project write-up or I would have included the original design images from the PLA and resistor programs)

Not just the great State of Texas but the Integrate State of Texas. Learn more about IBM Cloud Integration Platform and IBM MQ at the 2019 Integration TechCon

I have written about MQ and containers before here and here and let’s face it, I will be writing about them again in the future. Just about every customer is trying to build a modernization strategy which today means a container strategy.

Containers are a great fit for stateless objects. Things like micro-services, but also other applications. And as well as those objects, the other integration capabilities like API Connect are stateless, and thus easily get provisioned and cleaned up through a container/dev-ops approach. And Kubernetes is widely used as a deployment and orchestration environment for containers. However you might have questions about how a stateful product like IBM MQ, which holds critical persistent data fits in a container deployment strategy.

To help with this, IBM is investing to provide modern container-based offerings, such as IBM Cloud Integration Platform, which like a number of our other offerings and platforms are based on IBM Cloud Private.

Offerings like the Cloud Integration platform are designed to not just offer containerized versions of the individual products but provide additional integrated services which enable common shared single sign-on, logging and monitoring for the integration capabilities, with more to come.

One of the capabilities within the Cloud Integration Platform is MQ Advanced. This is delivered as an IBM Cloud Pak, providing the production ready containerized image, along with a Helm chart and full IBM support for the product and the environment.

However, let’s review why you might be moving to container deployments of various offerings, as it could be for many reasons:

• Faster deployment
• Simpler provisioning
• Faster, easier maintenance
• Deployment in any environment
• Lightweight images
• Rapid version migration
• Reduced operational costs
• etc. etc.

 

Layered above these reasons will be some of the benefits provided by the individual integration offerings that might be deployed in containers. And then there are the further benefits that could be available if taking advantage of integrated offerings.

 

That sounds like a lot of consider. Wouldn’t it be great if there was some easy way to get insights not just into the individual products but the IBM Cloud Integration Platform? And it would be best if there was lots of technical information and not just high level content. So welcome to the 2019 IBM Integration TechCon, held in Grapevine Texas April 30^th to May 2^nd this year. Hear from technical experts in all the IBM integration products including multiple deep topics on MQ, MQ Appliance, MQ on Cloud and MQ Advanced, and also sessions on IBM Cloud Integration Platform.

Register today

Banish those winter blues with IBM MQ V9.1.2

In the depths of winter in the UK we are told that Monday 21^st January is referred to as Blue Monday, when the fun of New Year has died away and it is clearly a long time to go until the arrival of the lighter warmer days of spring. But now, just a couple of weeks after Blue Monday, Big Blue IBM is trying to relieve the gloom with the announcement of the latest CD release: IBM MQ V9.1.2. You can read the announcement letter here.

 

As the 2^nd Continuous Delivery release of MQ V9.1, this builds on the previous release with a number of enhancements and new capabilities.

Probably the one that will be of most interest to people is a new capability which is the first step in what will be an ongoing series of updates to MQ. We are calling this a Uniform Cluster, and this specific enhancement is designed to make it easier to balance workload across queue managers which could be both growing and shrinking. This workload balancing will be without the need for the applications to co-ordinate changes in the MQ Queue Manager destinations. Instead MQ will itself balance the workload across the set of Queue Managers defined to be a part of this ‘Uniform Cluster’. Initially this is only for applications written in C. This area of MQ is likely to continue to be an area of focus, as further enhancements could easily be considered with a view to MQ being far easier to scale up and scale down, much as a cloud native service would be expected to do.

 

Another key enhancement is around the use of REST messaging. When this feature was initially introduced, it sparked lots of interest, as there are many use cases where it would be helpful to call MQ without having MQ Client libraries. In this release, connection pools are supported allowing for the caching of connections for reuse, which should improve throughput and reduce resource use.

 

Other updates in the base MQ capabilities include .NET core support for Linux to add to the Windows support added in MQ V9.1.1. Also improvements to scalability and availability when working with WebSphere Liberty for XA transactions.

 

Increasingly important to many MQ customers is MQ Advanced. The MQ MFT feature of MQ Advanced, which is widely used to onboard file data into MQ and then send and consume that data as MQ messages gets further REST API functions to enhance administration. This continues what we have seen in the last few releases for MQ MFT.

 

Other interesting improvements include updates to the Salesforce and Blockchain bridges, and the MQ Appliance sees errors logs integrated with system log external targets.

 

There are a number of other really interesting updates to the MQ family which have also come out at this time.

 

Probably everyone is seeing a lot of the same interest in container deployments. And IBM MQ has been supporting container deployments for many years, and recently have put out an IBM Cloud Pak to better support deployment on IBM Cloud Private. However we have now also released a container image of MQ Advanced for Developers for Pivotal Cloud Foundry. This will be available shortly.

 

The MQ Cloud offering, which provides a hosted MQ environment maintained by IBM has been seeing lots of growth and enhancement, with new data centers being added for both IBM Cloud and AWS, as well as adding functional support for the MQ AMS end to end encryption and the MQ MFT features. The latest update adds a Lite plan, allowing ongoing free use of a hosted MQ environment, without the need for a credit card, limited to 1000 messages per month. Check it out here and now!

 

And finally, something else for the developers. While MQ continues to be a robust production platform on Linux, Windows and other environments, there hasn’t been any IBM provided releases for Mac. If you wanted to develop MQ applications on Mac you would need a VM with a supported OS. However we have now released the MQ client for Mac – you can download today from here and start developing much more simply today.

UPDATE: Now we have availability of MQ V9.1.2 here is a blog from Ian Harwood expanding some of the points and with links to access MQ etc.

And if all that doesn’t blow away the winter blues, what will? Maybe a trip to San Francisco for the Think 2019 Conference? I have a number of presentations there so come by and say hello. Otherwise there will be a number of other events through the year. Let’s hope for some sunny and warm weather!

Is your business getting indigestion? IBM MQ can ease that pain by ingesting your file data into MQ including MQ on Cloud.

Christmas and New Year is over for another year. At this time of year, it can be easy to eat and drink too much. Consuming too much can lead to indigestion and the results can be unpleasant.

 

But have you considered it might be similar when you move data through your enterprise? Data can be large. Data can be small. But once it exists, it has a purpose. And that means it has a use, and value. In that case it should delivered, in a timely way, with security and reliability, to where it can add value to the business.

 

However, moving the data can be a problem. Data can be moved by the application as it is created. And certainly, IBM MQ has a long history of being an ideal solution for this, as it is designed to connect applications, exchanging data reliably and asynchronously.

MQ messages have a maximum size of 100MB. Which is actually very large for individual application generated messages, especially if you are sending the data out as it is created, so while some use cases do use very large message sizes, mostly it is much smaller. And not only is MQ optimized for this traffic, enabling it to send millions, or even billions of messages per day through your network, your own infrastructure is likely built to meet this need.

 

But consider when data is created, or pulled in from elsewhere, and may be at rest in the filing system. It needs to move through the business to where it will add value. But this data in the filing system might be thousands, or millions of individual records, imported or built up over time. Trying to send gigabytes, or even terabytes of data in one lump is going to give your network the equivalent of indigestion. It’s going to be blocked up until it can pass through. Traditional file transfer approaches suffer from this issue.

 

Let’s think of how this might happen. You are a retailer. Some of your stores process their transactions as they happen, flying through the network as each one is small. Others instead batch them up and send them as a file. The file can be very large, and if coming from a remote location could take minutes or even hours to come through the network, because of the way that networks can slow down data transfer rates because of errors. This impacts the ability of the business to act on this data.

 

An important feature of MQ Advanced (and MQ Appliance), and now MQ on Cloud is the ability to ‘ingest’ the data from files on the file system into MQ. This data is then moved as MQ messages through your network. As even the largest files are automatically broken into chunks suitable for sending as MQ messages, with all the reliability, security and assured delivery that MQ provides, your business gets the benefit of the data delivery, without suffering ill effects from the movement.

 

Moving all data, from applications and the file system, all through a single reliable high-performance pipe like IBM MQ gives your business the assurance that all data is handled with the right care and attention. And your business suffers no ill effects even when handling the biggest inputs. Allowing more of the data traffic to move rapidly and reliably through your network, without everything slowing down.

Your data is no longer getting stuck in a file, or in a remote system. It won’t even get lost moving between systems. It is moving freely between systems as it moves as MQ messages. No single message is too large for the network. And the business gets to benefit from your data now being handled and processed directly as MQ messages. It is no longer file data, so no longer stuck in the slow lane. Data ingestion is better than indigestion. Accelerate your data use by ingesting your file data with MQ on Cloud, MQ Advanced or MQ Appliance.

Don’t forget you can download and try all the features of MQ Advanced for free from this download page and you can also try MQ on Cloud in just a few clicks here.

Happy 25th birthday to IBM MQ. Something to rely on, yesterday, today, tomorrow.

 

December 31^st, 1993. It seems like a very long time ago. It actually was a long time ago, but that was when IBM announced the availability of a brand-new software product: MQSeries.

If we think back to 1993, what else is memorable from that year?

Movies released in 1993 that are still memorable:

Schindler’s List

Jurassic Park (no comments about dinosaurs with reference to MQ thank you)

Groundhog Day

With maybe additional mentions to The Nightmare Before Christmas, Sleepless in Seattle, and The Fugitive.

Some Albums from 1993:

Pablo Honey by Radiohead

Modern Life is Rubbish by Blur

Tuesday Night Music Club by Sheryl Crow

August and Everything After by Counting Crows

Some Memorable Books from 1993:

Trainspotting

The Shipping News

Girl, Interrupted

Memorable TV shows that started in 1993

The X-Files

Frasier

NYPD Blue

Hopefully some of these will give you some memories from 1993. But they will likely also make you remember this was a long time ago. It seems like Trainspotting, Groundhog Day, The X-Files etc. have been with us forever.

These, and the others are cultural reference points that you simply rely on everyone having seen, read or at least understand the references. They are with us even to this day. And so is IBM MQ, although it is much more a cornerstone of our culture which most people have never heard of and have no idea that they use every day. And they certainly wouldn’t think they rely on a product from so long ago.

 

There are not many other software products that are still around from 1993, and still being used in the same way. One example (also developed in Hursley) is CICS which has been around for even longer. Another example would be Microsoft Windows. Certainly, there are sometimes press stories about a business still running an old release of Windows. And we experience the same with MQ. We have customers still running in production versions of MQ from 15 years ago or more. And this is because, on the whole, IBM MQ doesn’t go wrong. It does something simple, but very effectively. It is designed to never lose a message. Therefore, if you are building a system that needs to connect and exchange data between applications, and this data is important, then a good idea is to use IBM MQ to exchange the data, as then you shouldn’t need to worry about, and mitigate for any data loss.

A 25-year life span is impressive for an enterprise software product. There are clearly very few of these. But given that most of the world’s leading businesses, the ones you likely use every day, have built their IT infrastructure to depend on IBM MQ, perhaps it is not surprising that it is still here. But, as the product manager (offering manager) for IBM MQ, this isn’t something we take for granted. We continue to focus on the needs of the customer. What can we do to make IBM MQ better today? And how can we make it better for tomorrow? Whether on mainframe, or mobile. As a physical appliance, a virtual machine, a container or a cloud hosted service, MQ is still doing what it is designed for, and moves trillions of messages every day, all important to someone.

Being around for another 25 years is never certain. Only if we continue to be essential to our customers. Focusing on delivering data between applications, systems and services with reliability, security, scalability and robustness. Without being there for our customers we would not be here.

 

IBM MQ thanks all the customers and users for 25 years.

 

One of the long standing MQ supporters – Morag Hughson – has collected details from a number of MQ birthday celebrations over the years – you can read those here

License to Thrill – bring your MQ license to the cloud – with MQ V9.1, not 007

Your typical IT infrastructure these days has more clouds than a sunny day in England. We easily go from no clouds, to dozens of clouds in an instant. And unless you are prepared and can adjust for this situation, you can quickly start having a bad day.

Let’s think of a common scenario. One which I get asked at least once a week. You are a business, and you are starting to explore the opportunities for running on public cloud. You aren’t likely to go ‘all in’ on day one, but you have 1 or 2 projects that will be a great fit, or so you hope.

But how do you get started? You probably have a cloud in mind. Maybe AWS. Maybe Azure. Maybe even both. Your developers are keen to get started. But you remind them, in order for the applications to work with your wider environment, you will want them to exchange data with many of your other applications using IBM MQ.

This has a number of benefits. Not only are you ensuring you are reliably and securely exchanging the data between applications. But as the different applications connect using IBM MQ, they can remain mostly unaware of where they are running and where the applications they are connecting to are running. As application deployment updates happen, IBM MQ configurations can be updated but the applications remain unchanged, not caring about the deployment details.

But one of your concerns might be around licensing. As you are used to running IBM MQ on-premises, you are used to running ILMT to track your deployments and using this to generate reports to show to IBM you are running within your entitlements. But how does this happen if you are running in a public cloud? Let’s assume you haven’t chosen the option of the hosted service of IBM MQ on cloud, but have chosen to deploy and manage your own MQ deployments on your clouds of choice.

The good news is that you can make use of the same PVUs that you have typically used to entitle your on-premises deployments. Imagine your new deployments will require throughput that you have been testing and figure out you will need 5 cores of IBM running on AWS, and workload needing 10 cores of IBM MQ Advanced running on Azure. How does this map to your existing PVU entitlement that you currently have sitting unused ‘on the shelf’.

The good news is that IBM has evaluated deployments on public cloud infrastructures and allows simply mapping of public cloud cores to IBM PVUs. You can review that information here with the general rule looking like for each vCPU that your deployment uses in public cloud, you need to ensure you have 70 PVUs of entitlement. So for the example given above, the 5 cores on AWS would require 350 PVUs of MQ entitlement and 700 PVUs of MQ Advanced on Azure. In common with most other IBM software, there isn’t a license key. But you will need to be able to keep records that can be shared with IBM to show your deployment and that you are compliant with your entitlement. Ordinarily, on-premises, this would require ILMT to run everywhere. However when deploying MQ on public clouds, these also have good reporting mechanisms. IBM will accept these reports as proof of deployment, and of the size of the deployment. However, if possible it is preferred to also ensure ILMT is deployed on these cloud environments to ensure consistent reporting with other environments. This, however, isn’t mandated, as long as you bring your own license to the cloud to provide entitlement.

So whether a “License to Thrill”, or a “For Your Eyes Only”, you can be sure “Messages are Forever” with the reliable, secure, once and once only messaging of IBM MQ, on public cloud, or on premises.

If you want to get started there are a number of technical blogs like this.

Or don’t forget our Quick Start for IBM MQ on AWS with a blog here and the actual link available here

Trying to contain your excitement – IBM MQ and Containers

The world of enterprise IT is always in a state of perpetual change. The one thing that doesn’t change is the ongoing change we are all living with and occasionally challenged by. What’s maybe most interesting about the change going on today is that the change is not one major shift but many different shifts. Some of these are interrelated and overlapping. Others less so.

One of the major changes has, somewhat obviously, been the shift to cloud. This shift is ongoing and is very broad, encompassing both public and private clouds, and indeed multi-cloud. There are some other changes going on which are distinctly related to this cloud move, and these are very much an enabler to this change. This is the ‘containerization’ of IT deployments, seen today in the widespread adoption of Docker containers and Kubernetes environments to deploy them. This technology underpins much of the public and private cloud use, and itself is driven by, and enabled through the shift to a ‘devops’ style of management which allows for better use of resources, and for businesses to be far more agile. This approach is described in a number of ways. Typically this has been as “cattle and pets” to describe the difference between containers and more bespoke systems, but one of my colleagues (thanks Woz) likes to describe the environment as more like hire cars, versus your own car.

With a hire car, you start using it when you want. You do what you want with it. Then when you finish using it you stop using it, not thinking about it again. You haven’t needed to maintain it. You haven’t done anything to it. That car may as well no longer exist as far as you are concerned. Compare that to your own car. You decide exactly what car you want, then once you have it, you likely have it for a long time. You might personalize it. You probably maintain it, and enhance it over time with new tyres, wheels, exhaust. You leave your things inside it, knowing that when you go back to it, they will still be there.

 

That analogy is pretty good for the difference between containers and more traditional long-running environments. Containers are stateless. Once you get rid of them, there is nothing left in the container. This is like a hire car. When you pick up a hire car, it is exactly as you expect it. Nothing inside it. And when you return it to the hire car company, you better remember to take your luggage, your sunglasses, and the rest of your family members, as they certainly won’t be in the car if you come back and hire it again the next day or the next week. The car you own, however, has state. If you leave a bottle of water in it, then it will still be there the next time you use it. The fuel level will be the same (unless your children have used it and emptied the tank). And your sunglasses will be there within easy reach when the clouds clear and the sun comes out.

 

So, let’s talk about IBM MQ and containers. Because MQ is, at its heart, a stateful product. It preserves state in the form of messages. And yet if containers are stateless, why would you run MQ in a container? Isn’t it a contradiction? The answer is no. But it is certainly something you need to think about. And that goes back to why, and how you are using containers. As mentioned above, you are using containers probably as part of a devops environment. You will be deploying applications in containers, which will run as long as needed, and then the container, and the application will be removed. At least until next time. But what does IBM MQ do? It connects applications together. It provides a long running persistent environment to allow multiple applications to reliably and securely exchange messages. It doesn’t matter to MQ if one application in a container goes away. MQ just sits there and runs. It waits for the next application to appear and to put and get more messages. Some messages will sit in the queues for longer than others, depending on the message and depending on when the consuming applications are running. MQ, in essence, doesn’t really care if it is running in a container or not. MQ has supported containers since 2015. MQ can be run natively in Docker based container environments, in Kubernetes environments, in Red Hat OpenShift and in IBM Cloud Private. Indeed the recent MQ on Cloud hosted service is deployed as MQ in containers on both IBM Cloud and AWS. But in many expected use cases, although MQ will be running in a container, it is unlikely that the devops plan will see those MQ containers brought up and shut down as frequently as application containers are brought up and shut down. The administration team will need to be sure that all the messages in the queues have been drained before removing the container running MQ. Otherwise they will destroy a message, which is likely to have business value.

While you may run MQ in a container, businesses should be aware those containers are likely to be much longer running, because MQ is stateful, and preserving that state means keeping MQ up and running.

 

In summary, you absolutely can run IBM MQ in containers, and in your choice of container environment, such as IBM Cloud Private, or Red Hat OpenShift, or a combination. With a container based devops environment, that might be the best way to deploy and manage MQ. And there is a new way to license MQ running in containers as described here. However, the long running nature of MQ might also lead you to review whether, if MQ might be running continuously for months or even years, whether you want to treat MQ the same as your stateless applications. Does running in a container really make sense? It should certainly be thought about. You might even consider deploying MQ in a VM or maybe even deploying the MQ Appliance, which you could even think of as a container – just one that is rather more substantial than the ephemeral nature of the other containers you are using.

 

Many of the updates that IBM has made with IBM MQ over the last few years have been focused on responding to the customer choice. Wherever and however customers run applications, IBM MQ will be there to support those deployments and environments. On the cloud as a managed service. In containers. As a physical appliance. On the mainframe. Meeting your needs. Never losing a message. No wonder it’s hard to contain your excitement.

Next steps might involve downloading container images here.

Or reading more about MQ and containers here

All aboard the 9.1.x CD train. First stop is IBM MQ V9.1.1.

I am sure everyone knows the phrase about buses. If you miss one, don’t worry. There’ll be another one along in a minute. And while it could be said that applies to Continuous Delivery releases, I think it is more like getting on board a train. The destination is the next Long Term Support release, and you think you know what stops will be coming up. But maybe you don’t know exactly what you will find at each destination. You know there will be something new to discover at each stop. You could almost think of the train growing at each stop with the content of each new continuous delivery release, ready to be delivered finally to the Long Term Support destination.

 

Which brings us to the latest MQ CD release, MQ V9.1.1, announcing today, which is the first CD release in the 9.1.x set of releases. The experience we have of our 9.0.x CD releases is that we have seen a lot of interest from customers. Some have been able to move quickly to take up the CD stream into their environments and run them in production, at least for some of their queue managers. Others have been able to experiment with the new features in their test environments to see whether it is worth their while adopting the content early. And there seems to be a larger set of users who, while they haven’t been adopting the CD content into the production systems, the earlier availability and visibility of the new content has helped them move much more rapidly to adoption and use of the MQ V9.1 LTS release than we might have previously expected. I have personally talked with a lot of existing MQ customers who have either already started using MQ V9.1 LTS or are planning to move to use it very shortly.

The MQ V9.1.1 release isn’t a destination in itself. It is the first part of our continuing journey. The MQ team works to accommodate a mix of strategic development priorities into releases to move the MQ offering forward, as well as other customer driven priorities, and reacting to and supporting other offerings and platforms as they change and adapt. Let’s find out how this mix has shaped the release. As well as suggesting you read the announcement content in the announcement letter, I will call out a few of the interesting new features.

 

One important new set of capabilities, driven by customer requests, is around the choice and negotiation of the use of TLS ciphers. Security of the MQ environment is hugely important in the current environment and is likely to remain a key area of focus. The importance of security and data protection is one reason customers are moving to MQ Advanced or MQ Appliance as a way to get the end to end encryption in MQ AMS. But this release focusing on enhancement to the security used in the TLS ciphers – used for encryption on the wire, not encryption at rest. As time passes, some ciphers become less secure and customers need to take prompt action in their environments to ensure the ciphers they use are updated to meet their own business requirements as well as the needs of the different systems.

In MQ v9.1.1 the choice of ciphers can be negotiated dynamically from a set or ‘whitelist’ available on each MQ channel. This reduces the potential for downtime and administrative overhead through faster movement to new ciphers when an old cipher is deprecated. Weaker ciphers can be removed from the list of allowable ciphers without needing to wait for a security fix update from IBM.

 

Another update driven by customer requests is the new support in MQ V9.1.1 for .NET Core for Windows. Customers who choose .NET as a framework for running applications on Windows environments have been looking to move to .NET Core. Following a number of requests, we have now added support for .NET Core for Windows environments to help support those customers.

 

As we have seen in the 9.0.x CD stream, one of the important set of capabilities that was added was the REST API for Admin for MQ. And at the end of that set of releases we started to look at adding REST API calls for the administration of MQ Managed File Transfer features, available with MQ Advanced and MQ Appliance. Many customers find it value to ingest and move data through MQ, even when the starting point or destination for this data is a file on the file system. To MQ, it is all just data moving in MQ messages. Therefore, from an administration point of view, it is important to offer similar features and controls for managing the movement of this data through MQ as is available for MQ exchanges of application data. In MQ V9.1.1 the MQ MFT feature gains REST API calls to list the resource monitors as an alternative to previous methods.

 

A further update is to provide support for pausing message delivery to Message Driven Beans running in WebSphere Liberty, in addition to the support previously made available for WebSphere Application Server.

 

The MQ V9.1.1 release offers a good foundation to start the journey through the various 9.1.x CD releases. There was a mix of updates driven by customer needs, wider platform and offering support as well as some functions to enhance longer term MQ strategic plans. We are now pulling out of this station and heading to the next one. Hitch up the V9.1.1 wagon to your V9.1 MQ train, hop on board and enjoy the ride.

Reach out with IBM MQ and Amazon Web Services

Some of you reading this might be old enough to remember a commercial from AT&T urging you to “Reach out and Touch Someone” with a phone call. Which was a pretty clever concept – taking the ephemeral and remote nature of a phone call and making a real difference to people’s lives, actions and feelings.

Every business today is still trying to do this: interact with their customers, partners, and the market in general. And just as with phone calls the medium they are choosing to use is ever more widely IT infrastructure, which is more frequently now developed and running in clouds. And why is this? Why are businesses building and running applications in clouds such as Amazon Web Services?

A key reason is speed. That is speed to build, speed to deploy, and speed to reach those customers who you are trying to ‘reach out and touch’. Because the market is moving faster than ever, and you need to move just as fast, because if you don’t your competitors will.

Deploying applications on clouds such as AWS has never been faster or easier. But simply building an application does not mean you have built a business. If you are investing to build applications to engage with customers and progress opportunities, then it is essential that you handle those business opportunities with care. If you build an application to engage with a customer, then you need to capture that engagement and not lose that data. If you have taken an order you need to make sure you process it once and once only, not duplicate it or lose it. Your new cloud-based applications need to connect to the rest of your business with a reliable and secure messaging layer such as IBM MQ.

The good news is that IBM MQ can be deployed anywhere in your business, and beyond to provide the connectivity infrastructure you need, where you need it. That includes IBM MQ running on AWS. This has been possible for years, but now there is a new option: IBM MQ on Cloud deployed on AWS. In this case IBM will deploy and maintain the MQ Queue Manager on your chosen AWS region, and all you need to do is configure the Queues and use MQ as required. You can not only respond quickly to business needs and opportunities but do so without the concern of managing the physical infrastructure or keeping MQ deployed and running, allowing more time to work with customers.

If you want to reach out and touch your customers by making use of IBM MQ on Cloud running on AWS then you probably want to find out more. Why not check out the upcoming webinar about MQ on AWS by Woz Arshad  which goes out on November 14^th.

And if that’s not enough, and you are coming to AWS re:Invent in Las Vegas at the end of November, we will have experts from IBM Hursley there to talk to, with David Richards giving a talk (DEM42 : IBM MQ on AWS – Don’t Go Home Without it, Wednesday 28^th November at 1.10pm), and myself, David and Matt Roberts in the Expo. Maybe not ‘reach out and touch us’ but come by and say hello! We will be happy to tell you more about IBM MQ on AWS, and the unique benefits it offers, such as connecting workloads on AWS to on-premises applications.