Posts Tagged ‘IBM MQ Advanced’

Two steps forward, no steps back with IBM MQ V9.0.4

October 24, 2017

hopscotch

Compromise is everywhere. We are told to take the rough with the smooth. The easy with the hard. The quick win and the hard slog. And with software we often have to accept compromises. Especially so these days with the drive for new function forcing some compromises with stable deployments.

Not so with the latest update to the MQ family of products. For the last 15 months IBM has been delivering updates to MQ using a Continuous Delivery stream. There have been many useful additions, but they have always required adoption of the latest version to take advantage of the new features. With the latest update moving to MQ V9.0.4, there are even more substantial updates of useful features for both base MQ and MQ Advanced. However in recognition of the need for customers to keep some systems back-level while also wanting to take advantage of new features, some of these updates are designed to allow existing deployed systems to take advantage of the new capabilities, both without being updated and without breaking the Continuous Delivery and Long Term Support principles.

In addition to this extremely useful update, which I will get to in a minute, which can be used across the entire MQ estate, there are some groundbreaking updates that will allow huge changes in the way MQ is used, deployed and managed in this update. It is more leaps forward rather than steps forward.

For MQ Advanced we have 3 key new capabilities:

  • A new ‘easy HA’ feature – Replicated Data Queue Managers
  • More flexible Managed File Transfer deployments
  • Availability of an enhanced Blockchain bridge

For MQ Base (which is part of MQ Advanced) there are a number of other enhancements

  • Additional commands supported as part of the REST API for admin
  • Availability of a ‘catch-all’ for MQSC commands as part of the REST API for admin
  • Ability to use a single MQ V9.0.4 Queue Manager as a single point gateway for REST API based admin of other MQ environments including older MQ versions such as MQ V9 LTS and MQ V8.
  • Ability to use MQ V9.0.4 as a proxy for IBM Cloud Product Insights reporting across older deployed versions of MQ
  • Availability of an enhanced MQ bridge for Salesforce
  • Initial availability of a new programmatic REST API for messaging applications

 

All of these features are called out in the new announcement letter for MQ V9.0.4 here. And there are further updates available for the MQ Appliance listed in the specific announcement letter for it here and in another blog entry here. There are also announcement letters for IBM MQ z/OS V9.0.4 and IBM MQ Advanced for z/OS VUE V9.0.4

However, let’s try and call out some details of the key points of the MQ V9.0.4 update below:

RDQM1

The new High Availability feature (officially described as Replicated Data Queue Managers or RDQM) provides a significant new way to configure High Availability. It is only available for MQ Advanced users on x86 Red Hat Linux. It is designed as a 3 node system which uses replication of messages and logs between the local disks available to each Queue Manager. This style of replication of local disks was previously only available with the MQ Appliance. As moving to this new style of HA will allow customers to stop using network storage for MQ, we anticipate it will be very popular. As well as the disk level replication, Floating IP will be used to help applications move seamlessly to a failover QM. And 3 nodes help to prevent ‘split-brain’ situations where 2 nodes are simultaneously active.

The licensing of the above deployment requires MQ Advanced as already stated. However as long as all Queue Managers on all 3 nodes are Replicated Data Queue Managers, and all 3 systems are the same capacity, then only one node needs to have a MQ Advanced license entitlement. The other 2 nodes can be licensed with MQ Advanced High Availability Replica parts (these parts used to be called Idle Standby parts).

RESTproxy

The changes to the REST API for admin are also significant. Over the last few releases more and more ‘verbs’ have been added to allow REST API calls to configure and manage MQ. This was designed to allow more modern tools to be built as an alternative to MQSC and PCF based tooling. The latest V9.0.4 release adds more verbs and also a way to call the remaining equivalent MQSC functions within a REST API structure. However what is perhaps more interesting is that a single V9.0.4 Queue Manager can now act as a ‘gateway’ Queue Manager to allow these new REST API driven tools to configure and manage Queue Managers that are older and don’t include this new Continuous Delivery function. This is hopefully a very good way of providing the best of both worlds. Allowing the older production Queue Managers to remain deployed but still take advantage of new features.

Similar to this ‘bridge’ feature is one for IBM Cloud Product Insights, where the ability to publish deployed Queue Manager data to Cloud Product Insights was limited to releases on the Continuous Delivery stream, but now a single V9.0.4 Queue Manager enables older installs to publish data to this useful dashboard tool.

The MQ bridge for Salesforce has been enhanced to allow MQ to publish data into Salesforce, instead of simply receiving push notifications from Salesforce.

Customers with MQ Advanced who want to explore the possibilities offered by Blockchains now can deploy a bridge which enables MQ applications to query the Blockchain, and also provide data input into it. An earlier version of this was available only to customers with MQ Advanced for z/OS VUE, but this version is available to customers using MQ Advanced on distributed platforms.

MQ Advanced customers also get more flexibility in how they can deploy the file logger in MQ Managed File Transfer scenarios, as this logger can now be deployed on a different machine to the MQ Queue Manager.

And finally, feedback from customers told us that developers were looking to make sure of MQ, but with fewer dependencies, to free them up from client and language bindings. As such we have also added the first layer of support for a new set of programmatic REST APIs for messaging applications. This will replace the previous HTTPBridge function which has already been deprecated. Over the next few releases it is hoped that more functions will be supported in this REST API for messaging to allow additional messaging calls to be supported.

Counting up the advances it does look like it is more than 2 steps forward, and certainly no steps back. And with the ability to use some of these features alongside your older MQ releases, what are you waiting for? Download it from here today. Or try it on Amazon AWS Quick Start.

Want to know more. Check out the webcast. Register or replay at this link.

Advertisements

What is GDPR and how does it affect IBM MQ use?

September 26, 2017

Imagine as a business that you were given the opportunity to grow turnover by 4%, at a stroke, or to increase revenue by €20 million. This would be certainly a key focus area. Well, there is good news and bad news, because these figures are accurate, and can apply to your business, but they are fines that will be applied to your business if you are in breach of the GDPR regulations that will be enforced in May 2018. And your business will be liable for whichever is the greater amount. As such, it is a subject that demands attention. And it can apply to any business if it concerns the personal data of EU citizens, even if your business is not based in the EU.

Screen Shot 2017-09-26 at 11.42.31

GDPR is a complex piece of legislation, and not one that can be solved through any one single act or solution. It requires understanding of the legislation, and then a thorough review of existing governance and processes, especially those involved in data handling and security, and ensuring that all people involved in all these aspects are aware of changes being made, and why these are important and must be complied with.

Amongst the key criteria for GDPR compliance are a number of aspects that are likely to need to be reflected in the choices made in MQ deployment to help to meet the compliance needs. However, it must be understood that taking this action around MQ alone will not achieve GDPR compliance, but simply be a part of that compliance.

Given that GDPR is concerned with data protection, it should be clear that data privacy is key in reaching compliance. This isn’t the only aspect, as there are multiple additional aspects such as the ‘right to be forgotten’ providing a requirement to remove data, and also the need to track the movement of data through all systems. Considering all these aspects together, it should be clear that reducing the movement of data to modes of transport that allow for end to end encryption, as well as logging, reporting and monitoring for the movement of data are likely to be seen as essential to aid in GDPR compliance.

Steps that you can take to help demonstrate your MQ environment is helping your business comply with GDPR regulations:

  • As well as using authentication and authorization to secure your MQ system, end-to-end encryption is available as part of MQ Advanced and MQ Appliance to supplement this
    • Using end-to-end encryption could be the only way to protect personal data wherever in the organization it moves, as it moves as it reduces the need to ensure control of all intermediate systems to protect the data.
    • End-to-end encryption can help to demonstrate privacy by design as part of your compliance verification process.
  • IBM MQ can be configured to log all messages and accesses which can be used to track all movement of data, and who had access to it.
    • Making use of the tools available with IBM MQ to monitor and report on message movement can be an essential part of good data governance
    • Building new tools using the REST API for MQ admin to offer a custom view of MQ configuration and operation could be a critical aspect of generating reports on data movement and protection.
  • Holding personal data in files is widespread in many businesses
    • Holding and moving those files around your business could add further vulnerabilities.
    • File data needs to be handled and managed with the same care as application data as it is just as likely to be personal data that needs to be protected.
    • As part of the MQ Advanced and MQ Appliance entitlement, businesses can move file data securely, and with monitoring and tracking, through the MQ network, helping to meet GDPR compliance without additional complexity

 

As mentioned at the start, there is no single solution that can address all the aspects of GDPR within your business. Ensuring your MQ environment is configured to securely move data with end to end encryption, with comprehensive logging and reporting of messaging access and movement can be a critical step in the wider compliance task.

 

Work with your IBM representative to ensure you hear more about the benefits of MQ Advanced entitlement to allow your business to move file data and to encrypt messages and data end to end, and thus reduce the risk of data being exposed in a security breach. Or review whether the MQ Appliance would be a good fit for your business, providing the same benefits in end to end encryption and file data movement.

 

Read more about MQ Advanced here: https://www-03.ibm.com/software/products/en/ibm-mq#othertab3

Read more about the MQ Appliance here: https://www-03.ibm.com/software/products/en/ibm-mq#othertab4

For additional information about how IBM can help you with GDPR see here: https://www.ibm.com/analytics/us/en/technology/general-data-protection-regulation/

GDPR robot