Posts Tagged ‘Secure messaging’

IBM MQ V9 – A fast, secure, reliable and more agile MQ

April 19, 2016

edwin-moses-getty_2129850b

Some of you reading this blog may recall the great athlete Ed Moses – who had a record 122 race winning streak in just about the hardest event – the 400M Hurdles. You need to be strong, fast, and agile just to compete, and to keep winning you need to be reliable. Well, this is how we view IBM MQ, especially with the latest release – IBM MQ V9. You may have seen a recent blogpost on here that had a Statement of Direction talking about a new way of delivering IBM MQ – one that provided a Long Term Support release, and a Continuous Delivery release. The aim of this model is to give customers more choice to select either highly stable releases with just fixes, or releases that benefitted from additional function in the fixpacks.

TRY IT: Click here to get a free trial of MQ

UPDATE: There is a FAQ on the new support model. Read it here.

On April 19th, IBM announced MQ V9 which is the first release that moves to this new more agile delivery model. As such at the initial release it delivers a small set of additional capabilities that will be available to all customers. Then subsequent mod-level updates will deliver even more updates to customers choosing the continuous delivery stream, but all customers moving to V9 will get the benefit of the new capabilities being delivered in this release.

As with previous releases of IBM MQ, customers have a lot of choice in where and how they may want to deploy this version. IBM supports deployment of MQ – and MQ Advanced pretty much on every commercial IT environment where business critical applications may be exchanging data reliably, securely, and at scale. This could be on-premise, deployed in cloud environments like IBM Softlayer, Microsoft Azure or Amazon AWS. IBM also supports virtualization with many customers deploying in VM images, and also in Docker containers, which can be deployed anywhere, including in IBM’s Bluemix platform. This flexibility enables customers to make use of enterprise messaging to support deployments on-premise, on cloud or in hybrid environments.

So what are the key new features of MQ V9 being delivered in this release? Well there are a number of them that are called out in the announcement letters – so you can read the MQ V9 distributed announcement letter here. And the MQ V9 z/OS MLC announcement letter here. And you can read the MQ V9 One Time Charge announcement letter here. But below I will call out a few of the features that I think will be most important to customers.

One of the features likely to be most interesting is a change to the MQ Client Channel Definition Table (CCDT), which is needed by the MQ Client application to provide the channel definitions needed to connect to the MQ Queue Manager. This file is created automatically and prior to MQ V9 needed to be distributed to the client application prior to use. The big change from this new release is that the CCDT can be a web addressable file instead of needing to be distributed out to every client, and to then need to do that with every change. By having a web addressable CCDT accessed by URI, then there are much lower administration needs, and also the MQ infrastructure can be much more dynamic as changes can be made centrally and take effect quickly and without application disruption.

 

The second big change to the new release of MQ is in MQ Advanced Message Security (MQ AMS). This feature, which is a priced extension to MQ (available either separately or as a part of MQ Advanced) provides policy based encryption at rest of the MQ message contents. By using this capability, businesses can be assured that their message contents can only be unencrypted and read by the targeted application destination, and there is no risk of exposure should any security breach take place which provides access to the system or storage where the MQ Queue Manager holds its queues. This privacy and integrity has been assured by the generation of asymmetric keys for every exchange between client and queue manager, which provides an extremely high level of security, but can introduce a high overhead in terms of the processor cost of the asymmetric key generation.

MQ AMS performance

With MQ V9, a new mode of operation is added to MQ AMS, called ‘Confidentiality’. In this mode there is an initial asymmetric key exchange then subsequent exchanges can reuse (to an extent that can be configured) a symmetric key. This still provides a high level of security and protection for the message content, but with a dramatically lower level of overhead in terms of encryption workload cost. IBM expects that due to the increasing importance of security and protecting systems and data from breaches, that this new feature of MQ AMS will help more customers protect their message contents and therefore their business and customer data. IBM expects to produce performance data for the new AMS configuration around the time that MQ V9 is generally available. But the early testing shows considerable improvement.

 

A further change for MQ AMS is the support of non-IBM JREs for use with MQ AMS. Previously applications written in Java that relied on a non-IBM JRE wouldn’t work with MQ AMS. In MQ V9 this has now changed so that suitable non-IBM JREs can be used, as well as IBM JREs, extending the ability of more customers to use MQ AMS.

 

There are a number of other new functions and capabilities available in MQ V9, such as updates to MQ Managed File Transfer capabilities – which are described in the announcement letter, and with the movement to a Continuous Delivery model customers should expect to see more capabilities being delivered in mod levels on top of MQ V9 in the future.

 

With the recent announcement of the End of Support for MQ V7.1 – announced here – along with the related end of support of the older separate versions of MQ FTE and MQ AMS, this latest release of MQ V9, along with the recent announcement of the update to the MQ Appliance provides customers with a strong set of choices of how to take advantage of the latest new releases as they plan to move off the older releases of MQ they may be using, keeping their deployment of MQ up to date and supported.

When you are taking advantage of the benefits of IBM MQ, you may not need to have to work as hard as Ed Moses did to be #1.

UPDATE: Mark Taylor has provided one of his highly useful videos detailing more of the new function in MQ V9. Watch it here.

 

A message awakens: What is IBM MQ and why do you need it?

January 5, 2016

Stormtroopers

Why are we here? Not in the existential way. The answer to that is not in this blog. That would probably require more than the page of general MQ related discourse that I generally include. No, this is more why are you reading about IBM MQ? And maybe more pertinently why am I writing about it.

Do you ever read the book of the film? The novelisation. It’s what happens when instead of a book being turned into a film, generally with about 2/3 of the detail and exposition cut out, you have an original film, and then it is made into a book. Generally these tend to be less satisfying than an original novel.

Earlier in 2015, in an effort to try and communicate more with the tens of thousands of people who use IBM integration products, the team in IBM Hursley have been doing live Google Hangouts on multiple subjects – and these are then saved as YouTube videos. With my colleague John McNamara I have done a number of these and 3 of them have been titled “What is messaging” to try to cover why you might find messaging valuable and useful as opposed to some of the other choices around for communicating and exchanging data.

You can see the 3 videos here: Part 1  and Part 2 and also Part 3 

John and Leif

In those videos we tried, as best we could, to be product agnostic – to focus instead on messaging as an approach rather than a specific implementation such as IBM MQ. However the question naturally arises why should you specifically use IBM MQ?

Now in the years I have been writing this blog I have written a few posts that talk to the usefulness of IBM MQ – see here, here and here. However why is it that IBM MQ is still the selection of so many businesses today?

Again, as with the ‘why are we here’ question above, this isn’t something that can be quickly and easily summed up in an easy to read blog entry. So what I will do is try and call out some of the major reasons in simple terms, and then hopefully, as time permits through the year, I will try to add more detail.

Why use IBM MQ then?

  • It works – it does what you need it to do
    • There are many thousands of the world’s leading businesses using IBM MQ, and not just using it – but they are depending on it. They trust it to work, and do what it is asked to do, connecting their business simply, securely, rapidly and reliably.
  • Businesses depend on it – as above – for critical parts of their business – at its heart IBM MQ is built around transactions
    • The business world, and IBM MQ, is largely based on the notion of ‘once and once only’ transactions. While there are other approaches, so much of the critical aspects of business depend on this style of transactionality.
    • It is not easy to offer reliable, persistent messaging that provides once and once only delivery. That’s why many other messaging providers can’t offer this, and why many businesses select IBM MQ
  • IBM MQ scales to meet your business need
    • Developing a small scale application that needs messaging is great and it can be simple to use one of many different messaging tools
    • Ensuring this messaging tool works as the application usage scales is another matter. IBM MQ scales horizontally and vertically, running highly efficiently on single machines or spanning multiple machines in large clusters.
    • Whether sending a few messages per day or scaling to a billion messages per day, it is likely you want good performance. As well as being efficient in scaling, IBM MQ also offers high performance to move messages rapidly between application endpoints.
  • Your business is at risk – how secure is your messaging software?
    • You can’t afford to take risks with your business data, or the information your customers entrust with you. IBM MQ has multiple layers of security on the system itself and the data being moved and supports the latest encryption standards. Can you afford not to protect your messaging layer?
  • Highly available – it’s what you need and your customers expect
    • You can’t afford to go offline – you need to run all day, everyday. IBM MQ can be right there with you, with built-in support for High Availability as well as being able to use multiple different approaches such as vendor-based clustering, or virtualization.
  • Everything you need, functions and tooling
    • While the problems solved by messaging are well understood – and there is a great benefit from simplifying applications, some of that is lost when the need for additional functions require multiple different messaging offerings. With richness of function and a complete span of capabilities IBM MQ offers a single solution
    • Deploying a messaging solution is only part of using the solution. There is a need for management and tooling to provide insight in what is happening to all the messages, and to identify exceptions etc. With support from multiple different tooling vendors, and dozens of additional free tools and add-ons, as well as the ability to create your own utilities, IBM MQ can be tailored to meet the needs of your business solution.
  • Help when you need it, where you need it
    • With more than 20 years of leadership, and substantial market presence, there are thousands of skilled professionals able to provide guidance in how and why to use IBM MQ, how to configure it, how to program with it, and how to deploy and maintain it. And all that supported by IBM’s global 24×7 support organization to help when needed.

So that’s a few of the high points about IBM MQ. I will look to write more in detail about some of these through the year ahead – although I am also pretty sure I will be adding some new entries about product announcements and enhancements as well. Watch this space.

Appliance close up