Posts Tagged ‘Security’

Don’t get caught out by clouds of hot air. IBM MQ builds reliable bridges in a multi-cloud world.

October 5, 2018

oldmanyells

More and more businesses are realizing the value of moving to the cloud. There are as many, if not more reasons to move to the cloud as there are different clouds. Any single business is likely to have already deployed to multiple different clouds, both public and private. And different departments will have different priorities and success goals covering agility, availability, location, cost, or multiple other reasons. Certainly some businesses will be looking for the expected benefits of cloud but want to still run in their own data center using a private cloud architecture.

 

Central to these decisions are the business applications, which are already changing rapidly, benefitting from this new deployment environment. Cloud deployed applications typically scale more readily and may be built out of many cloud specific common services, designed to maximize the positive aspects of deploying and running in the cloud, and not have you running off a cliff, instead of running into the future.

wile e coyote cliff

There are however other important design points. If an application is built solely to use the tools and environment specific to a single cloud, then flexibility and freedom to change will be limited. Around 80% of businesses already admit to using more than one cloud provider, which will see a need for applications running on different clouds to connect together, as well as connecting to any applications still running on-premises. Additionally, applications may need to use functions that are available on multiple different cloud environments in case the applications need to be redeployed on other clouds. And that will definitely be important when it comes to the connectivity mechanism for data exchange between applications.

 

IBM MQ was originally built to connect applications running in different environments, allowing them to exchange data with reliability and security, and to provide a common, cross-platform way for applications to do so. And this is exactly the challenge now being faced with applications built for different environments having to connect and exchange data across different clouds as well and into and out of the on-premises data center.

Screen Shot 2018-07-27 at 15.30.23

A strong benefit of IBM MQ is that all applications can drive their connectivity through a single consistent interface. This not only simplifies the application development, but ensures that the application can remain unaware of not just where it is running itself, but also where the applications that it is trying to connect with are running.

 

As an asynchronous messaging layer, IBM MQ can buffer the connectivity between applications that run at different speeds, and also, with MQ running in every locations, then connectivity breaks between locations, or latency issues can be handled by IBM MQ rather than by complex logic within the applications.

Screen Shot 2018-10-05 at 18.59.13

IBM MQ is able to be deployed as an IBM managed and hosted messaging server on IBM Cloud and AWS, or deployed and managed by customers on any public cloud. And on-premises, IBM MQ can be deployed in mainframes, as a physical appliance, or on servers such as Linux, Windows or more, in containers or in VMs. This flexibility, combined with the persistence, security, reliability, scalability and high availability that much of the world’s leading businesses depend on mean that you can move to the cloud with confidence.

 

There is no better way to bridge between your applications and across the clouds that with IBM MQ.

Millau2

Advertisements

What is happening in your business? What are your customers doing? Let IBM Event Streams show you the way ahead

September 27, 2018

Screen Shot 2018-09-27 at 15.55.31

You are developing applications to make your business more responsive. The heart of your business depends on the once-and-once-only delivery of IBM MQ messages to ensure your invoicing, shipment and supply-chain applications can reliably and securely move data between systems, and keep your business running smoothly. But you need to do more.

The world is moving faster, and your customers are harder to reach, and harder to keep. You need to build applications that engage more directly with customers, providing your business with an increased level of insight into their behavior as they engage with you online.

Screen Shot 2018-09-27 at 15.58.24

You want to be in more control and respond to the events taking place triggered by your customers. To do this your new engaging applications need to be event driven and inform you of each action and activity as it happens. Although you know the benefits that IBM MQ provides with messaging, you want to receive a greater amount of data from these new applications as a stream of events, which is a different type of messaging to that provided by IBM MQ.

What you need is IBM Event Streams, powered by Apache Kafka. Newly announced by IBM, and becoming Generally Available on Friday September 28th, 2018, this offering will allow you to build new applications using Kafka clusters deployed on-premises or in a cloud environment. Your applications can now be built to take advantage of streaming event data offering more insight for your business. As an added benefit IBM Event Streams not only comes with IBM’s enterprise class support, but also a bridge to allow connectivity between IBM MQ and IBM Event Streams. You can then feed your applications with activity in your core business applications, as well as your new event streaming applications.

And the place to start is our webinar on October 2nd 2018. Presented by Alan Chatt, you can hear all the details you need to get started with IBM Event Streams. Register here.

Screen Shot 2018-09-27 at 15.56.48

MQ Advanced powered by MQ V9.1 – now it’s time for business – join the webinar

September 3, 2018

Screen Shot 2018-09-03 at 12.24.37

It’s early September and seasons are changing. For some, summer is turning to autumn, and elsewhere, winter is changing to spring. Despite holidays ending for some, business is never on holiday. There are increasing demands to improve availability, response times, security and agility.

 

Businesses can’t take infrastructure for granted. In fact, it is critical to the success of the business. Ensuring that IT infrastructure is delivering maximum value is a huge differentiator in an ever more competitive world. And that can mean not being left behind and taking the best advantage of what your infrastructure can do.

 

IBM MQ has been at the heart of many of the world’s leading businesses for years. And MQ Advanced allows businesses to do even more with their MQ infrastructure, moving more data, from any environment more securely and reliably. The recent release of MQ V9.1 provided even more value to customers, especially if they are using or if they upgrade to MQ Advanced.

 

On September 12th there will be a webinar covering the benefits of MQ Advanced and the advances included in IBM MQ V9.1. Simply click here to register and find out how your business can take advantage.

Complying with GDPR and the importance of protecting data with MQ Advanced

July 11, 2018

padlock

As a business, acquiring and keeping customers is crucial. You need to ensure that you are continually delighting them, ensuring you deliver the best value, and are easy to do business with. And one critical thing above all others is to ensure that the customer can trust your business.

 

Why is this important? A key reason is that the customer is trusting your business with their information, and you therefore have a responsibility to keep it safe. Because if a customer can’t trust you with their information, they won’t do business with you.

Screen Shot 2017-09-26 at 11.42.31

And it is not just a question of customer trust. There is more and more legislation around the world designed to ensure that businesses are taking the protection and security of 3rd party data seriously. The headlines recently around this have been driven by the deadline date for the EU’s GDPR. But honestly protecting your own data, as well as customer information should have been essential practice anyway.

 

Meeting the needs of GDPR, other legislation in this area, and also customer trust isn’t just about ticking a box and can’t be addressed through a single change or product. There needs to be a comprehensive approach to ensure there aren’t gaps in the security. One of the best ways to ensure that is the thought of ‘privacy by design’ as mentioned in GDPR. Instead of having to try to protect multiple aspects of security in every system, you can ensure security is applied much more widely so that individual areas of security and multiple connected systems are protected without additional effort or overview.

 

There are multiple reasons why a business might use IBM MQ’s messaging to move data within a business, or between businesses. Thousands of the world’s leading businesses have depended on it for reliable, scalable, secure and highly available messaging for 25 years. And while IBM MQ is a secure environment, today’s connected business systems, with the challenge of regulations like GDPR requiring demonstrable protection and records of who could have had access, and the need to show removal of data requires even more security. And this is available as a part of IBM MQ Advanced or IBM MQ Appliance with end-to-end encryption including encryption of data at rest.

 

Why is this important, and how would it help protect data, as well as help to comply with GDPR and other legislation? Consider a typical connected environment with messages flowing across many different connected systems. Maybe data originating from a customer will bounce across different business systems as a message: ordering, invoicing, manufacturing, shipping, loyalty programs. Some of these might be with the enterprise, and others might be 3rd party businesses who provide a service. As messages flow, they will get persisted to disk to ensure they don’t get lost in case of a failure. But how to ensure that every system and every disk is protecting these messages without having to be in control of all these systems and disks, which might be owned by other organizations?

Screen Shot 2018-07-11 at 11.13.48

The end to end encryption in MQ Advanced is policy-based and doesn’t require application updates. In fact, the applications themselves will be unaware that the messages will be encrypted between the sending and receiving applications. The messages being sent over MQ will have the MQ message contents encrypted, but the messaging header (properties) will remain in the clear. As each message is persisted to disk in a queue, the contents will remain encrypted. The messages will only be decrypted at the destination application as set in the policy. With this in place, it becomes irrelevant how many systems the message will travel through between source and destination, or even the security or ownership of each system. It can be demonstrated that the message will not be accessible except to the receiving application, therefore ensuring that there is a complete record of who has had access to every message, and therefore it is under complete control.

 

The enhancements to this end-to-end encryption in MQ Advanced V9.0 and most recently in MQ V9.1 (announced July 2018) not only provide this strong encryption that doesn’t require application changes, but also can be applied with virtually no performance impact either.

 

With your business under pressure from GDPR and other legislation, and the need to ensure your customers can trust you to look after their data and personal information, it has become essential to consider the move to MQ Advanced in order to take advantage of this cutting-edge data protection capability.

Update: For more information in detail about the security features of the IBM MQ family and how they might help as part of a GDPR approach, here is link to a presentation by Jamie Squibb on this topic, presented to Guide Share Europe earlier this year.

Get started today, by downloading the MQ Advanced trial, or MQ Advanced for developers or even simpler try out the new hosted IBM MQ on IBM Cloud .

Two steps forward, no steps back with IBM MQ V9.0.4

October 24, 2017

hopscotch

Compromise is everywhere. We are told to take the rough with the smooth. The easy with the hard. The quick win and the hard slog. And with software we often have to accept compromises. Especially so these days with the drive for new function forcing some compromises with stable deployments.

Not so with the latest update to the MQ family of products. For the last 15 months IBM has been delivering updates to MQ using a Continuous Delivery stream. There have been many useful additions, but they have always required adoption of the latest version to take advantage of the new features. With the latest update moving to MQ V9.0.4, there are even more substantial updates of useful features for both base MQ and MQ Advanced. However in recognition of the need for customers to keep some systems back-level while also wanting to take advantage of new features, some of these updates are designed to allow existing deployed systems to take advantage of the new capabilities, both without being updated and without breaking the Continuous Delivery and Long Term Support principles.

In addition to this extremely useful update, which I will get to in a minute, which can be used across the entire MQ estate, there are some groundbreaking updates that will allow huge changes in the way MQ is used, deployed and managed in this update. It is more leaps forward rather than steps forward.

For MQ Advanced we have 3 key new capabilities:

  • A new ‘easy HA’ feature – Replicated Data Queue Managers
  • More flexible Managed File Transfer deployments
  • Availability of an enhanced Blockchain bridge

For MQ Base (which is part of MQ Advanced) there are a number of other enhancements

  • Additional commands supported as part of the REST API for admin
  • Availability of a ‘catch-all’ for MQSC commands as part of the REST API for admin
  • Ability to use a single MQ V9.0.4 Queue Manager as a single point gateway for REST API based admin of other MQ environments including older MQ versions such as MQ V9 LTS and MQ V8.
  • Ability to use MQ V9.0.4 as a proxy for IBM Cloud Product Insights reporting across older deployed versions of MQ
  • Availability of an enhanced MQ bridge for Salesforce
  • Initial availability of a new programmatic REST API for messaging applications

 

All of these features are called out in the new announcement letter for MQ V9.0.4 here. And there are further updates available for the MQ Appliance listed in the specific announcement letter for it here and in another blog entry here. There are also announcement letters for IBM MQ z/OS V9.0.4 and IBM MQ Advanced for z/OS VUE V9.0.4

However, let’s try and call out some details of the key points of the MQ V9.0.4 update below:

RDQM1

The new High Availability feature (officially described as Replicated Data Queue Managers or RDQM) provides a significant new way to configure High Availability. It is only available for MQ Advanced users on x86 Red Hat Linux. It is designed as a 3 node system which uses replication of messages and logs between the local disks available to each Queue Manager. This style of replication of local disks was previously only available with the MQ Appliance. As moving to this new style of HA will allow customers to stop using network storage for MQ, we anticipate it will be very popular. As well as the disk level replication, Floating IP will be used to help applications move seamlessly to a failover QM. And 3 nodes help to prevent ‘split-brain’ situations where 2 nodes are simultaneously active.

The licensing of the above deployment requires MQ Advanced as already stated. However as long as all Queue Managers on all 3 nodes are Replicated Data Queue Managers, and all 3 systems are the same capacity, then only one node needs to have a MQ Advanced license entitlement. The other 2 nodes can be licensed with MQ Advanced High Availability Replica parts (these parts used to be called Idle Standby parts).

RESTproxy

The changes to the REST API for admin are also significant. Over the last few releases more and more ‘verbs’ have been added to allow REST API calls to configure and manage MQ. This was designed to allow more modern tools to be built as an alternative to MQSC and PCF based tooling. The latest V9.0.4 release adds more verbs and also a way to call the remaining equivalent MQSC functions within a REST API structure. However what is perhaps more interesting is that a single V9.0.4 Queue Manager can now act as a ‘gateway’ Queue Manager to allow these new REST API driven tools to configure and manage Queue Managers that are older and don’t include this new Continuous Delivery function. This is hopefully a very good way of providing the best of both worlds. Allowing the older production Queue Managers to remain deployed but still take advantage of new features.

Similar to this ‘bridge’ feature is one for IBM Cloud Product Insights, where the ability to publish deployed Queue Manager data to Cloud Product Insights was limited to releases on the Continuous Delivery stream, but now a single V9.0.4 Queue Manager enables older installs to publish data to this useful dashboard tool.

The MQ bridge for Salesforce has been enhanced to allow MQ to publish data into Salesforce, instead of simply receiving push notifications from Salesforce.

Customers with MQ Advanced who want to explore the possibilities offered by Blockchains now can deploy a bridge which enables MQ applications to query the Blockchain, and also provide data input into it. An earlier version of this was available only to customers with MQ Advanced for z/OS VUE, but this version is available to customers using MQ Advanced on distributed platforms.

MQ Advanced customers also get more flexibility in how they can deploy the file logger in MQ Managed File Transfer scenarios, as this logger can now be deployed on a different machine to the MQ Queue Manager.

And finally, feedback from customers told us that developers were looking to make sure of MQ, but with fewer dependencies, to free them up from client and language bindings. As such we have also added the first layer of support for a new set of programmatic REST APIs for messaging applications. This will replace the previous HTTPBridge function which has already been deprecated. Over the next few releases it is hoped that more functions will be supported in this REST API for messaging to allow additional messaging calls to be supported.

Counting up the advances it does look like it is more than 2 steps forward, and certainly no steps back. And with the ability to use some of these features alongside your older MQ releases, what are you waiting for? Download it from here today. Or try it on Amazon AWS Quick Start.

Want to know more. Check out the webcast. Register or replay at this link.

Simple can be better – the new MQ and MQ Advanced licensing

January 24, 2017

simplicity

Last year my son did a school project on flight – and his project focused on Leonardo da Vinci, and it was fascinating for us all to learn more about Leonardo’s genius. Not just an artist, his incredible imagination seemed to create and explore new worlds, never dreamed of before. And yet for all his visionary ideas, his quote above also stands out: “Simplicity is the ultimate sophistication”.

The same idea can be seen in Blaise Pascal (and Mark Twain) saying “I didn’t have time to write a short letter, so I wrote a long one instead”. Sadly this applies to this blog entry as well so in the interests of brevity, a quick summary of what’s described in more detail below:
IBM is simplifying the MQ licensing for new purchases:
• Parts now as follows: MQ, MQ Advanced, MQ Idle Standby, MQ Advanced Idle Standby, MQ Advanced for Developers
• MFT Agents are no longer separately and individually licensed but are free to deploy and use when connected to MQ Advanced entitled Queue Managers – essentially providing a free to use MQ MFT network when you use MQ Advanced
• The parts being withdrawn are only those for new entitlements to the separate MQ MFT, MQ AMS and MQ Telemetry parts but not the Subscription and Support renewal parts – you can continue with your existing entitlement as before.
• If you have MQ Advanced today this change applies to all your existing MQ Advanced entitlement – not just to the latest MQ V9.0.1 release.

Today, our world is moving faster and faster. Businesses need to be more agile. Do more with less. Get more for their money. Keeping things simple makes sense today. Even more so as business environments are highly dynamic, and need to balance between unique requirements and common deployments for ease of development, deployment, operations and maintenance.

When it comes to critical offerings like IBM MQ – providing reliable, secure, scalable and robust enterprise messaging, why should we make it more complex than it needs to be? From January 24th 2017, IBM is simplifying the IBM MQ licensing structure to make it simple to describe, simple to purchase, simple to understand and simple to deploy and use.

What are we talking about? Well, for nearly 25 years IBM has been selling IBM MQ – and we still are. But for almost 15 years IBM has been selling extensions to IBM MQ as separate offerings: MQ Managed File Transfer, MQ Advanced Message Security and MQ Telemetry. These all built on and extended the value offered by IBM MQ – and in 2012, as part of MQ V7.5 we brought all the separate components together into a single package, and also created a single offering called MQ Advanced to provide entitlement to the MQ Server along with all of the MQ Server extensions.

Since then, MQ Advanced has been the most popular way to extend MQ, over buying the individual product parts. However, there was always a complexity about the MQ Advanced license for customers using it for Managed File Transfer. This was because MQ’s Managed File Transfer was available as both the MFT Service component that came with MQ Advanced, but also was licensed as MQ MFT Agents on a per Install basis. Even though you might have bought lots of MQ Advanced licenses, you would still need to buy MQ MFT Agents for those systems where you wanted to deploy MQ managed file transfer capabilities, but where you didn’t have MQ Advanced installed. This would be even more noticeable since MQ V9.0.1 shipped which allowed the MQ MFT Agents to be redistributable and made them available in a zip format, suitable for embedding in other solutions. Having per install licensing for MFT Agents would restrict the potential for use of this style of deployment.

MQMFT image

As part of this license change, the MQ MFT Agents are no longer chargeable, or licensed per Install. Instead they are free to deploy and use – in any quantity, as long as the appropriate MQ Servers are licensed with MQ Advanced entitlements. The Agent QM, and the co-ordination QM, and the Logging QM for the MFT Agents must all have MQ Advanced entitlement. These can be all the same Queue Manager, or they can be separated – but all must have MQ Advanced entitlement – but then all MQ MFT Agents using these QMs can be deployed and used at no cost, whether 1 Agent, 100 Agents or more.

mq-new-licenses

The licensing for MQ and MQ Advanced going forward is now very simple. You select IBM MQ if you just want MQ, or IBM MQ Advanced if you want MQ and any other capability. Both are licensed by PVU (perpetual or monthly license) – so by the capacity of the machine where you install the MQ server or by the Virtual Processor Core as described here. Along with IBM MQ and IBM MQ Advanced, there are Idle Standby parts for both, and also IBM MQ Advanced for Developers. Just a handful of parts giving you so much potential for your business.

The additional features in MQ Advanced include MQ Managed File Transfer (as mentioned above) which allows the contents of files to be sent reliably and securely over the MQ network as MQ messages. Differentiating factor with this solution is that the file contents can be directly consumed as messages, moving file transfer into virtually real time data usage. Now available to be deployed anywhere at no additional cost when connected to MQ Advanced Queue Managers. Then there is Advanced Message Security, which provides end to end message content encryption. Since MQ V9 this has a new option allowing for encryption at virtually no impact to performance or throughput, helping you protect your business and customer data from exposure in the case of a breach. And MQ Telemetry which enables your MQ applications to connect directly using the MQTT protocol to mobile phones and the Internet of Things.

It’s all so much simpler now to explain, to buy and to use. But what if you have previously bought some of the separate parts. We have made sure to keep the existing renewal parts available so you can continue to use them and stay current with support on them. So nothing needs to change – you can continue exactly as before. But you might want to consider moving to MQ Advanced entitlement as only this will provide the ability to connect MQ MFT Agents at no cost, and there is no entitlement to buy or deploy new MQ MFT Agents without MQ Advanced entitlement in the future. Existing purchased MQ MFT Agent entitlements remain valid and can continue to be deployed and used.

Feel free to reach out to your IBM rep, your IBM business partner or even me to discuss this, and what it might mean to you. We have tried to do this very carefully so that there is no negative impact on anyone today, and that going forward there are lots of benefits – such as the ability to deploy a much larger MQ managed file transfer network at no additional cost with MQ Advanced entitlement. And as an added change, we have ensure that the MQ Appliance license also allows for connection of MQ MFT Agents at no cost – so that provides an additional deployment and connectivity option for MQ MFT solutions.

Manwithfiles

I will try to write another blog shortly about our MQ Managed File Transfer solution soon – but this one needs to end so you can get back to work.

Think what you can do with this now. It’s going to be a busy year. Let’s start now.

A message awakens: What is IBM MQ and why do you need it?

January 5, 2016

Stormtroopers

Why are we here? Not in the existential way. The answer to that is not in this blog. That would probably require more than the page of general MQ related discourse that I generally include. No, this is more why are you reading about IBM MQ? And maybe more pertinently why am I writing about it.

Do you ever read the book of the film? The novelisation. It’s what happens when instead of a book being turned into a film, generally with about 2/3 of the detail and exposition cut out, you have an original film, and then it is made into a book. Generally these tend to be less satisfying than an original novel.

Earlier in 2015, in an effort to try and communicate more with the tens of thousands of people who use IBM integration products, the team in IBM Hursley have been doing live Google Hangouts on multiple subjects – and these are then saved as YouTube videos. With my colleague John McNamara I have done a number of these and 3 of them have been titled “What is messaging” to try to cover why you might find messaging valuable and useful as opposed to some of the other choices around for communicating and exchanging data.

You can see the 3 videos here: Part 1  and Part 2 and also Part 3 

John and Leif

In those videos we tried, as best we could, to be product agnostic – to focus instead on messaging as an approach rather than a specific implementation such as IBM MQ. However the question naturally arises why should you specifically use IBM MQ?

Now in the years I have been writing this blog I have written a few posts that talk to the usefulness of IBM MQ – see here, here and here. However why is it that IBM MQ is still the selection of so many businesses today?

Again, as with the ‘why are we here’ question above, this isn’t something that can be quickly and easily summed up in an easy to read blog entry. So what I will do is try and call out some of the major reasons in simple terms, and then hopefully, as time permits through the year, I will try to add more detail.

Why use IBM MQ then?

  • It works – it does what you need it to do
    • There are many thousands of the world’s leading businesses using IBM MQ, and not just using it – but they are depending on it. They trust it to work, and do what it is asked to do, connecting their business simply, securely, rapidly and reliably.
  • Businesses depend on it – as above – for critical parts of their business – at its heart IBM MQ is built around transactions
    • The business world, and IBM MQ, is largely based on the notion of ‘once and once only’ transactions. While there are other approaches, so much of the critical aspects of business depend on this style of transactionality.
    • It is not easy to offer reliable, persistent messaging that provides once and once only delivery. That’s why many other messaging providers can’t offer this, and why many businesses select IBM MQ
  • IBM MQ scales to meet your business need
    • Developing a small scale application that needs messaging is great and it can be simple to use one of many different messaging tools
    • Ensuring this messaging tool works as the application usage scales is another matter. IBM MQ scales horizontally and vertically, running highly efficiently on single machines or spanning multiple machines in large clusters.
    • Whether sending a few messages per day or scaling to a billion messages per day, it is likely you want good performance. As well as being efficient in scaling, IBM MQ also offers high performance to move messages rapidly between application endpoints.
  • Your business is at risk – how secure is your messaging software?
    • You can’t afford to take risks with your business data, or the information your customers entrust with you. IBM MQ has multiple layers of security on the system itself and the data being moved and supports the latest encryption standards. Can you afford not to protect your messaging layer?
  • Highly available – it’s what you need and your customers expect
    • You can’t afford to go offline – you need to run all day, everyday. IBM MQ can be right there with you, with built-in support for High Availability as well as being able to use multiple different approaches such as vendor-based clustering, or virtualization.
  • Everything you need, functions and tooling
    • While the problems solved by messaging are well understood – and there is a great benefit from simplifying applications, some of that is lost when the need for additional functions require multiple different messaging offerings. With richness of function and a complete span of capabilities IBM MQ offers a single solution
    • Deploying a messaging solution is only part of using the solution. There is a need for management and tooling to provide insight in what is happening to all the messages, and to identify exceptions etc. With support from multiple different tooling vendors, and dozens of additional free tools and add-ons, as well as the ability to create your own utilities, IBM MQ can be tailored to meet the needs of your business solution.
  • Help when you need it, where you need it
    • With more than 20 years of leadership, and substantial market presence, there are thousands of skilled professionals able to provide guidance in how and why to use IBM MQ, how to configure it, how to program with it, and how to deploy and maintain it. And all that supported by IBM’s global 24×7 support organization to help when needed.

So that’s a few of the high points about IBM MQ. I will look to write more in detail about some of these through the year ahead – although I am also pretty sure I will be adding some new entries about product announcements and enhancements as well. Watch this space.

Appliance close up

Life’s too short to drink bad coffee?

February 4, 2014

Image

It has been a lot longer than I wanted since I last wrote an entry on this blog. I guess I have been searching for inspiration. The problem of course being that I work on a lot of things that I can’t talk about until they are ready to announce. So what can I say about what we already have in the market?

I was struck last week with some inspiration. I don’t recommend getting your inspiration the same way, as I was off sick for a couple of days with a temperature of 104F, but it did give me a couple of days thinking time, on a restricted diet. One of the things I was missing was my espresso and cappuccino. I have, for reasons that don’t matter here, two separate espresso machines. A manual La Pavoni and a Gaggia Classic. For either to make decent espresso you need freshly ground coffee, ideally from freshly roasted beans.

Image

I buy my beans from a small UK roaster called hasbean, and have been for a number of years. But here’s the thing. Until a few months ago, I had just bought the same ‘espresso blend’ of beans from them. I went to their website, clicked on their ‘blends’ page, selected the espresso blend I chose, and bought it. Again and again. I was perfectly happy with my choice. The beans were roasted that day and posted out. I would drink my coffee and be happy. Except (and you knew that was coming) I gradually thought there might be something more. Maybe my coffee could be better. I knew it was already way better than the coffee providers on the high street. In fact it was rare I would drink a coffee outside the house that I liked as much as mine. But my feeling persisted. And maybe what I might have done would have been to find another roaster. But all of a sudden, when I was on the hasbean website about to buy some more coffee, I looked a little closer at the website – and clicked on one of the tabs for a specific coffee region…in this case I clicked on America. And there a whole world opened up. Yes there was Brazil, which I knew provided many of the beans in my chosen blend. But there were options for Bolivia, Guatemala, Colombia, El Salvador. The list went on. And click a country, and there was even more choice. Individual producers. Detailed notes of the crop, the harvest conditions, the processing method, and tasting notes. A whole world of choice ready to be roasted and posted.

This was what I had been missing, and it was there for me all along, right in front of my face. Now I am selecting a range of individual beans, drinking different, better coffee, but from the same roaster, and mostly at the same price I was paying. There was even an option to pay a little more for some exceptional beans. Truly a win-win.

So is this relevant for WebSphere MQ users? Well I did visit a long standing customer last month who admitted that they didn’t use any publish-subscribe. Now IBM has been suggesting trying out publish-subscribe for years. It is there in the product. There is no additional cost to use it. And for many uses, you get far more flexible deployments.

Then there is security. Changes made in the V7.1 release back in 2011 gave the product far more usable security, but still customers continue to use exits which now ought to be redundant thanks to the same or better function in the product. Then there are transactional clients, improvements in clustering, API options, etc. etc. And that’s before I even start mentioning Telemetry support, Managed File Transfer and Advanced Message Security options.

Now I understand that WebSphere MQ isn’t a cup of coffee, even if an espresso machine can be complex to use well. Applications connected with WebSphere MQ are systems that run for years, or even decades. And it can take quite a bit of work to consider changing them. But with features like multi-version install, and even the new ability to download the entire WebSphere MQ Advanced stack at no cost for development use, we have been working to make it easier to try new ways of using WebSphere MQ. So at no additional cost, you could be making your applications more flexible, more robust or more secure. You could be simplifying your administration tasks, and reducing the overhead of recurring operational activities. And for a little more you could be encrypting messages end to end without changing your applications, or using your MQ network to move your file data, and to make better use of it. I am pretty sure that with MQTT you could even hook up your coffee machine to your smartphone. 

Now that I have been trying the new coffees I won’t be going back to less variety. Why shouldn’t you be trying some of the good stuff too? Tomorrow morning I’ll be drinking for the first time some Colombian El Meridiano Rioblanco Washed. What are you going to be trying tomorrow?

 

Did you remember to lock your car?

November 12, 2013

Image

We’ve all done it. You have driven your car to a car park, walked away, and then had a momentary pang of doubt about whether you locked your car. It has become second nature to lock your car. To keep it secure. The car even locks the doors itself when it is in motion. But when you park it and walk away, that’s when the uncertainty comes in, and also when your car is most vulnerable.

It is the same with your enterprise messaging. What happens when you use a product like WebSphere MQ to send a message across your enterprise? Well, of course, what is happening is the application takes some data and packages it in the contents section of a message structure, along with some header information to describe the message and the destination. The message is then dispatched. All in all that’s pretty similar to you getting in your car and driving to the shops to buy something like food for dinner, or presents for a birthday. There is a destination and something of value to be transferred. With a car, you have to park in a space in a car park. With messaging, instead of a car park you have a queue manager and queues.

Messages start in an application and a MQ Client packages the information to be moved into a message. This then is sent to a queue manager, to be written into a queue. According to the destination or other information, the message is then sent on to either another queue, another queue manager, or to the destination client application.

As far as securing the message goes, when the message is moving between the client application and the queue manager, then the MQ resources are secured by MQ built-in security definitions and the message and contents itself is secured while moving over the ‘wire’ by use of SSL. However while the message is encrypted by SSL as it moves, once it reaches the queue manager, and is written to the queue, it is unencrypted and thus sits on the queue without any encryption. Thus if the system with the queue manager is penetrated, the messages on the queues are available in the clear. This is the same as parking your car in a ‘secure car park’ but leaving the car unlocked as the car park is secure. Would you do that? I’m pretty sure I wouldn’t.

Now what would we like to happen? What would be smart would be a routine that ensured our car was locked, pretty much at all times unless people wanted to get in and out of it – subject to key rules – such as ensuring people could actually get out or in when they needed. For messages we would want to make sure the message contents were secure at all times, including when sitting in queues, but would continue to be available to the receiving applications, and of course would still expose the header information needed for routing etc.

What IBM offers for WebSphere MQ is WebSphere MQ Advanced Message Security, which is also available as part of the entitlement of WebSphere MQ Advanced. This is a policy-based encryption capability which allows message contents to be encrypted from sending application to receiving application. So the contents are encrypted while it flows over the network and while it sits in intermediary queues. The applications are unchanged, with just updated client libraries to be used. And the security is based on policies, so different rules might apply for different message contents, or different queue managers. After all there are some times when you have to leave your car unlocked. So I’m pretty sure you have rules for securing your car. Isn’t it about time you had rules for securing your messages?

Image