Posts Tagged ‘MQ Advanced Message Security’

Simple can be better – the new MQ and MQ Advanced licensing

January 24, 2017

simplicity

Last year my son did a school project on flight – and his project focused on Leonardo da Vinci, and it was fascinating for us all to learn more about Leonardo’s genius. Not just an artist, his incredible imagination seemed to create and explore new worlds, never dreamed of before. And yet for all his visionary ideas, his quote above also stands out: “Simplicity is the ultimate sophistication”.

The same idea can be seen in Blaise Pascal (and Mark Twain) saying “I didn’t have time to write a short letter, so I wrote a long one instead”. Sadly this applies to this blog entry as well so in the interests of brevity, a quick summary of what’s described in more detail below:
IBM is simplifying the MQ licensing for new purchases:
• Parts now as follows: MQ, MQ Advanced, MQ Idle Standby, MQ Advanced Idle Standby, MQ Advanced for Developers
• MFT Agents are no longer separately and individually licensed but are free to deploy and use when connected to MQ Advanced entitled Queue Managers – essentially providing a free to use MQ MFT network when you use MQ Advanced
• The parts being withdrawn are only those for new entitlements to the separate MQ MFT, MQ AMS and MQ Telemetry parts but not the Subscription and Support renewal parts – you can continue with your existing entitlement as before.
• If you have MQ Advanced today this change applies to all your existing MQ Advanced entitlement – not just to the latest MQ V9.0.1 release.

Today, our world is moving faster and faster. Businesses need to be more agile. Do more with less. Get more for their money. Keeping things simple makes sense today. Even more so as business environments are highly dynamic, and need to balance between unique requirements and common deployments for ease of development, deployment, operations and maintenance.

When it comes to critical offerings like IBM MQ – providing reliable, secure, scalable and robust enterprise messaging, why should we make it more complex than it needs to be? From January 24th 2017, IBM is simplifying the IBM MQ licensing structure to make it simple to describe, simple to purchase, simple to understand and simple to deploy and use.

What are we talking about? Well, for nearly 25 years IBM has been selling IBM MQ – and we still are. But for almost 15 years IBM has been selling extensions to IBM MQ as separate offerings: MQ Managed File Transfer, MQ Advanced Message Security and MQ Telemetry. These all built on and extended the value offered by IBM MQ – and in 2012, as part of MQ V7.5 we brought all the separate components together into a single package, and also created a single offering called MQ Advanced to provide entitlement to the MQ Server along with all of the MQ Server extensions.

Since then, MQ Advanced has been the most popular way to extend MQ, over buying the individual product parts. However, there was always a complexity about the MQ Advanced license for customers using it for Managed File Transfer. This was because MQ’s Managed File Transfer was available as both the MFT Service component that came with MQ Advanced, but also was licensed as MQ MFT Agents on a per Install basis. Even though you might have bought lots of MQ Advanced licenses, you would still need to buy MQ MFT Agents for those systems where you wanted to deploy MQ managed file transfer capabilities, but where you didn’t have MQ Advanced installed. This would be even more noticeable since MQ V9.0.1 shipped which allowed the MQ MFT Agents to be redistributable and made them available in a zip format, suitable for embedding in other solutions. Having per install licensing for MFT Agents would restrict the potential for use of this style of deployment.

MQMFT image

As part of this license change, the MQ MFT Agents are no longer chargeable, or licensed per Install. Instead they are free to deploy and use – in any quantity, as long as the appropriate MQ Servers are licensed with MQ Advanced entitlements. The Agent QM, and the co-ordination QM, and the Logging QM for the MFT Agents must all have MQ Advanced entitlement. These can be all the same Queue Manager, or they can be separated – but all must have MQ Advanced entitlement – but then all MQ MFT Agents using these QMs can be deployed and used at no cost, whether 1 Agent, 100 Agents or more.

mq-new-licenses

The licensing for MQ and MQ Advanced going forward is now very simple. You select IBM MQ if you just want MQ, or IBM MQ Advanced if you want MQ and any other capability. Both are licensed by PVU (perpetual or monthly license) – so by the capacity of the machine where you install the MQ server or by the Virtual Processor Core as described here. Along with IBM MQ and IBM MQ Advanced, there are Idle Standby parts for both, and also IBM MQ Advanced for Developers. Just a handful of parts giving you so much potential for your business.

The additional features in MQ Advanced include MQ Managed File Transfer (as mentioned above) which allows the contents of files to be sent reliably and securely over the MQ network as MQ messages. Differentiating factor with this solution is that the file contents can be directly consumed as messages, moving file transfer into virtually real time data usage. Now available to be deployed anywhere at no additional cost when connected to MQ Advanced Queue Managers. Then there is Advanced Message Security, which provides end to end message content encryption. Since MQ V9 this has a new option allowing for encryption at virtually no impact to performance or throughput, helping you protect your business and customer data from exposure in the case of a breach. And MQ Telemetry which enables your MQ applications to connect directly using the MQTT protocol to mobile phones and the Internet of Things.

It’s all so much simpler now to explain, to buy and to use. But what if you have previously bought some of the separate parts. We have made sure to keep the existing renewal parts available so you can continue to use them and stay current with support on them. So nothing needs to change – you can continue exactly as before. But you might want to consider moving to MQ Advanced entitlement as only this will provide the ability to connect MQ MFT Agents at no cost, and there is no entitlement to buy or deploy new MQ MFT Agents without MQ Advanced entitlement in the future. Existing purchased MQ MFT Agent entitlements remain valid and can continue to be deployed and used.

Feel free to reach out to your IBM rep, your IBM business partner or even me to discuss this, and what it might mean to you. We have tried to do this very carefully so that there is no negative impact on anyone today, and that going forward there are lots of benefits – such as the ability to deploy a much larger MQ managed file transfer network at no additional cost with MQ Advanced entitlement. And as an added change, we have ensure that the MQ Appliance license also allows for connection of MQ MFT Agents at no cost – so that provides an additional deployment and connectivity option for MQ MFT solutions.

Manwithfiles

I will try to write another blog shortly about our MQ Managed File Transfer solution soon – but this one needs to end so you can get back to work.

Think what you can do with this now. It’s going to be a busy year. Let’s start now.

No waiting in these queues. IBM MQ V9 and the MQ Appliance M2001 delivers fast, reliable and secure message queuing

June 29, 2016

wile_e_coyote

Recent weeks have been pretty busy on this blog, reflecting just how busy the MQ development team has been in bringing out new and updated offerings in MQ V9 and the MQ Appliance M2001 here and here. And of course in our cloud messaging options.

As both of these have been fairly full of new content I thought I would do just a short update to focus on a couple of key benefits which are specifically measurable in these 2 refreshed offerings. After all, a lot of the new and improved features can sometimes be hard to quantify in terms of the benefits they provide, but in each offering this time there are some easy to define benefits.

As you may have seen in my most recent update, the MQ Appliance M2001 added large capacity SSD storage which enables much faster throughput for persistent messages. These are the messages that get written to storage to ensure they are still available in the case of failure before the message has been successfully deliver to all consumers. At high rates of message throughput, there can be a lot of contention for access to storage with traditional hard drives. With the new MQ Appliance M2001, this potential bottleneck has been removed. You can now read the latest MQ Appliance M2001 performance report here which shows that the performance in those scenarios which saw large volumes of persistent messages sees improvement of up to 3.5 times the previous message rate.

Clearly this represents a significant improvement and given that persistent messages are used in those business critical situations where IBM MQ delivers so much value, it is a hugely important benefit.

 

In MQ V9 there were a number of enhancements but the one I specifically want to call out is, as part of the MQ Advanced package, the enhancement to MQ Advanced Message Security (MQ AMS). The change here was to add a new mode of operation – Confidentiality. This new mode changed the way in which the encryption operations are performed on the message contents (MQ AMS offers policy based encrypted message contents which ensures data at rest is protected in case of a security breach). The goal of this change was to continue to offer a strong level of security for the message contents without too big of an impact on the performance and throughput from the effects of the encryption used.

Now instead of new asymmetric keys being generated for every exchange, the feature can be configured to allow for reusable symmetric keys to be used after the initial generation of an asymmetric key. This still provides a very high level of security, but depending on the reuse count before a new asymmetric key is generated, can drastically cut the performance overhead. The benefits can see more than an order of magnitude increase in throughput. You can see a quick snap shot of some of the early results in Jon Rumsey’s blog here – which includes a small table showing performance improvements exceeding 10x gains. With everyone concerned about security these days, the ability to better protect your information and customer data with little performance impact has to be a good thing.

 

So what are you waiting for? With secure, reliable enterprise messaging for on-premise deployments, cloud deployments or physical appliances, there is no waiting with IBM MQ V9 or IBM MQ Appliance M2001.

no-waiting

[An interesting history of Wile E. Coyote here]

How is the new IBM MQ Appliance different from a BBQ?

February 17, 2015

MQ Appliance Image

When I am eating at home I really love to BBQ. However, living in the UK, we don’t always have the perfect weather to enjoy BBQs, especially when you have a charcoal BBQ. It mustn’t be windy, and you really don’t want it too cold, or rainy. So conditions have to be right, and then there is the issue of whether you have enough charcoal, can you start it ok, do you have the right food to cook on it? And if you are cooking on it will you have enough fuel on to cook everything you need, or will you have to add charcoal in the middle of cooking?

So although I would generally prefer to cook and eat on the BBQ, it is far simpler on the whole to cook in the ovens in the kitchen. They are there and ready, rain or shine, up to temperature in a few minutes, and able to cook pretty much any type of food quickly and simply. And you know what – once you get to understand your oven, you can get it to produce food pretty much as good as the BBQ. In most cases a lot more reliable and certainly a lot quicker and cleaner. I have a pair of ovens – so I can ‘hot-swap’ between them!

Cropped oven

If you need enterprise messaging, then maybe you are in the same dilemma? You know you need enterprise messaging – but the amount of effort you find it takes to install it and deploy it on a system if too high to think about using it everywhere. So you limit use to just your enterprise datacentre. But then there is the problem of keeping it up to date once you have it on multiple different machines, all of them running your business. What you need is a solution where you can just switch on – much like an oven.

IBM is really happy to announce today a new offering – the IBM MQ Appliance. With this you get all the enterprise messaging benefits of IBM MQ V8 – but in a state of the art physical appliance. No more having to configure and maintain a separate physical server and then install IBM MQ. The MQ Appliance is designed to be unboxed and up and running in less than 30 minutes, making it faster and simpler for new MQ messaging capacity to be available wherever you need it.

We anticipate the MQ Appliance will be welcomed in the enterprise datacentre where a highly capable appliance will be able to process high MQ messaging workloads in a single physical footprint, and with not just a simple deployment process but far easier maintenance, with fixes for both MQ and the firmware delivered together as a single firmware flash, allowing you to keep your appliance up to date quickly and simply, knowing the fixpack has been tested by IBM on exactly the same hardware.

Another anticipated use case will be outside the enterprise datacentre, such as in remote locations where there is a need for MQ Queue Managers but no local MQ skills on site to setup or maintain the MQ environment. This could be a factory, branch office, warehouse, or a business partner. Now, if a MQ Appliance is shipped out to the location, it can simply be unboxed, plugged in, and have any further administration done remotely.

Appliances can be deployed in a High Availability pair, with persistent messages mirrored from one appliance to the other, to ensure continuity of workload in the case of failure, without any complex setup or external storage dependencies. A pair of appliances work even more seamlessly than my pair of ovens pictured above – with queue managers starting up and processing work automatically, with no marooned messages.

The appliance is built using the experience of the IBM DataPower appliances to ensure that you can depend on it for your enterprise, but it focuses on delivering just an optimized MQ experience. No tuning is needed to get the best performance out of the MQ Appliance. And a new browser based tool, the MQ Console, provides a customized interface for monitoring and configuring MQ on the appliance.

The MQ Appliance will be available on March 13, 2015, and will be available as the M2000A, and the M2000B – 2 price points to meet different message throughput needs in the market. You can read the announcement letter here. Visit the webpage. And feel free to talk to your IBM rep or selected business partners about it today. Why not come and see us and the IBM MQ Appliance in person at IBM InterConnect 2015, in fabulous Las Vegas. We even have a video posted on YouTube of me talking briefly about the MQ Appliance. We don’t do that everyday!

I will admit, that as good as it is, the MQ Appliance isn’t a great way to cook ribs, burgers or steak. For that, I’ll pick my BBQ.

cropped bbq