Posts Tagged ‘WebSphere MQ’

No waiting in these queues. IBM MQ V9 and the MQ Appliance M2001 delivers fast, reliable and secure message queuing

June 29, 2016

wile_e_coyote

Recent weeks have been pretty busy on this blog, reflecting just how busy the MQ development team has been in bringing out new and updated offerings in MQ V9 and the MQ Appliance M2001 here and here. And of course in our cloud messaging options.

As both of these have been fairly full of new content I thought I would do just a short update to focus on a couple of key benefits which are specifically measurable in these 2 refreshed offerings. After all, a lot of the new and improved features can sometimes be hard to quantify in terms of the benefits they provide, but in each offering this time there are some easy to define benefits.

As you may have seen in my most recent update, the MQ Appliance M2001 added large capacity SSD storage which enables much faster throughput for persistent messages. These are the messages that get written to storage to ensure they are still available in the case of failure before the message has been successfully deliver to all consumers. At high rates of message throughput, there can be a lot of contention for access to storage with traditional hard drives. With the new MQ Appliance M2001, this potential bottleneck has been removed. You can now read the latest MQ Appliance M2001 performance report here which shows that the performance in those scenarios which saw large volumes of persistent messages sees improvement of up to 3.5 times the previous message rate.

Clearly this represents a significant improvement and given that persistent messages are used in those business critical situations where IBM MQ delivers so much value, it is a hugely important benefit.

 

In MQ V9 there were a number of enhancements but the one I specifically want to call out is, as part of the MQ Advanced package, the enhancement to MQ Advanced Message Security (MQ AMS). The change here was to add a new mode of operation – Confidentiality. This new mode changed the way in which the encryption operations are performed on the message contents (MQ AMS offers policy based encrypted message contents which ensures data at rest is protected in case of a security breach). The goal of this change was to continue to offer a strong level of security for the message contents without too big of an impact on the performance and throughput from the effects of the encryption used.

Now instead of new asymmetric keys being generated for every exchange, the feature can be configured to allow for reusable symmetric keys to be used after the initial generation of an asymmetric key. This still provides a very high level of security, but depending on the reuse count before a new asymmetric key is generated, can drastically cut the performance overhead. The benefits can see more than an order of magnitude increase in throughput. You can see a quick snap shot of some of the early results in Jon Rumsey’s blog here – which includes a small table showing performance improvements exceeding 10x gains. With everyone concerned about security these days, the ability to better protect your information and customer data with little performance impact has to be a good thing.

 

So what are you waiting for? With secure, reliable enterprise messaging for on-premise deployments, cloud deployments or physical appliances, there is no waiting with IBM MQ V9 or IBM MQ Appliance M2001.

no-waiting

[An interesting history of Wile E. Coyote here]

Flash aaaahh – saviour of the universe: IBM MQ Appliance M2001

June 10, 2016

flash_gordon_facebook_cover_by_audrey41lorgeoux-d538dgo

Anyone who is a fan of cheesy sci-fi movies, or soundtracks by Queen will have the words “Flash, Flash I love you but we only have 14 hours to save the earth” running through their head, along with the line in the song that goes “Flash aaaaah, saviour of the universe”. And of course he did save the universe from Ming the Merciless.

But what if I told you Flash could also save your business? Not Flash Gordon of course, but flash storage, in the form of the SSDs that are now a part of the IBM MQ Appliance M2001 which is now generally available (June 10th 2016). We did cover this in an earlier blogpost, but I thought I would take advantage of our initial shipment date to cover just how critical the IBM MQ Appliance, backed by state of the art 3.2TB SSDs can be to your business.

MQ Appliance M2001

Each MQ Appliance M2001 model has 2 of the 3.2TB SSDs in a RAID 1 configuration. This means that every persistent message and all log data is written not just once to the SSD storage, but twice giving you complete redundancy of data. And a key part of the MQ Appliance functionality is the High Availability configuration – essentially nothing more than a simple menu option when creating a queue manager – allowing you to have the MQ queue manager on one MQ Appliance synchronously replicated to another MQ Appliance. This means that any message written to the SSDs on one MQ Appliance is not just copied to the second pair of SSDs but is written under the same unit of work that writes the messages on the first MQ Appliance. This therefore means you have 4 copies of the message stored for both reliability and availability.

Another part of the MQ Appliance update was the ability to do not just synchronous replication for High Availability but also asynchronous replication for Disaster Recovery to another MQ Appliance. Therefore you can point the MQ queue manager at another, typically off-site MQ Appliance and the same message will replicate there, ensuring there are another 2 copies of the message, and providing your business with a highly resilient messaging system designed to ensure optimum reliability and availability of messages.

After all, think about how important your messages are to your business. In effect, they are your business. Your messages are your business transactions, your new orders, your customer address details, your stock levels and distribution information. Lose your messages and you lose everything.

With the latest SSD technology inside the MQ Appliance you are calling on Flash to save your business – and with the MQ Appliance M2001, Flash saves the day again.

 

[Flash Gordon image title image above is from  http://orig07.deviantart.net/fc1d/f/2012/163/5/d/flash_gordon_facebook_cover_by_audrey41lorgeoux-d538dgo.jpg]

MQ in the Cloud – Your messaging ‘silver lining’

May 16, 2016

MQ clouds puttenham

As the senior product manager for a product like IBM MQ, I don’t just spend my day writing blogs – but frequently get questions from both colleagues and our many customers. And recently, one of the most common questions I get is whether MQ runs in the cloud.

The answer is “Yes” – that was easy wasn’t it.

However maybe there is some more information to share, to help describe the journey to cloud and to exploit the benefits provided by IBM MQ at every step, whether you are looking for enterprise grade business critical messaging in your private cloud infrastructure, in a public cloud (hosted or not) or a hybrid cloud spanning the combination of these.

 

Mostly the cloud environment that IBM customers I have been talking to are thinking about is best described as “Hybrid”. Almost all of our customers are starting to explore some aspects of the benefits of cloud – and what it means to them. But deployment, especially of business critical applications, is likely to happen in stages. Today many customers run virtually all application workload on-premise, but typically this will be in virtual machine environments. There is a shift to deploy selected workload in the cloud. Perhaps this might start with engagement or marketing applications, but these applications and the associated workload doesn’t run in isolation on the cloud but in conjunction with the rest of the enterprise running on-premise, or connecting to partners in the wider business ecosystem. Then as businesses shift some of their critical back office applications to cloud deployment options, the hybrid nature of infrastructure will increase.

Fundamental to the success of this change is the availability of reliable and secure connectivity to allow the safe and scalable exchange of information between applications independent of whether they are running together in the cloud, on-premise or any other combination.

How does IBM MQ work in this type of deployment? Well, as has been proven for more than 20 years, IBM MQ provides a way to exchange data in the form of messages between applications, systems and services and to do so reliably, securely, rapidly and simply. Messages are moved through MQ Queue Managers that can be deployed locally to the application – wherever that application may be, or remote from the application but accessed by MQ Clients bound to the application.

In pretty much any type of hybrid environment, MQ continues to be a critically useful middleware tool. Either the application running in the cloud environment can make use of the MQ Client to connect to a MQ Queue Manager running elsewhere (such as on-premise) or the MQ Queue Manager can itself be deployed in the cloud environment along with the application. And you might use your own tools to deploy MQ, or you could use tools such as Chef to deploy MQ. Other options for deployment include a MQ plug-in for IBM UrbanCode Deploy.

MQ offers support for running on IBM SoftLayer, Microsoft Azure, Amazon Web Services, and OpenStack cloud. It leverages a Bring Your Own Software License to make it simple for customers to choose where to deploy the IBM MQ license entitlements they may already have. For deployments of IBM MQ on SoftLayer you might choose to use the MQ Advanced pattern designed for IBM PureSystems which can run on the SoftLayer environment.

In addition to this deployment style, IBM recently confirmed MQ is supported to run in Docker environments which further extends where MQ might be deployed to meet customer needs, such as hosted PaaS environments like IBM Bluemix.

Docker_(container_engine)_logo

So basically for every cloud environment, or virtualised environment, or container, your business can continue to take advantage of the benefits of IBM MQ – whether by running MQ Queue Managers in the cloud environment, or continuing to run them on-premise (perhaps as the physical MQ Appliance), or in any hybrid combination.

So what are you waiting for? For MQ on cloud – the answer is yes.

*UPDATED to add link to the AWS example – see above*

IBM MQ V9 – A fast, secure, reliable and more agile MQ

April 19, 2016

edwin-moses-getty_2129850b

Some of you reading this blog may recall the great athlete Ed Moses – who had a record 122 race winning streak in just about the hardest event – the 400M Hurdles. You need to be strong, fast, and agile just to compete, and to keep winning you need to be reliable. Well, this is how we view IBM MQ, especially with the latest release – IBM MQ V9. You may have seen a recent blogpost on here that had a Statement of Direction talking about a new way of delivering IBM MQ – one that provided a Long Term Support release, and a Continuous Delivery release. The aim of this model is to give customers more choice to select either highly stable releases with just fixes, or releases that benefitted from additional function in the fixpacks.

TRY IT: Click here to get a free trial of MQ

UPDATE: There is a FAQ on the new support model. Read it here.

On April 19th, IBM announced MQ V9 which is the first release that moves to this new more agile delivery model. As such at the initial release it delivers a small set of additional capabilities that will be available to all customers. Then subsequent mod-level updates will deliver even more updates to customers choosing the continuous delivery stream, but all customers moving to V9 will get the benefit of the new capabilities being delivered in this release.

As with previous releases of IBM MQ, customers have a lot of choice in where and how they may want to deploy this version. IBM supports deployment of MQ – and MQ Advanced pretty much on every commercial IT environment where business critical applications may be exchanging data reliably, securely, and at scale. This could be on-premise, deployed in cloud environments like IBM Softlayer, Microsoft Azure or Amazon AWS. IBM also supports virtualization with many customers deploying in VM images, and also in Docker containers, which can be deployed anywhere, including in IBM’s Bluemix platform. This flexibility enables customers to make use of enterprise messaging to support deployments on-premise, on cloud or in hybrid environments.

So what are the key new features of MQ V9 being delivered in this release? Well there are a number of them that are called out in the announcement letters – so you can read the MQ V9 distributed announcement letter here. And the MQ V9 z/OS MLC announcement letter here. And you can read the MQ V9 One Time Charge announcement letter here. But below I will call out a few of the features that I think will be most important to customers.

One of the features likely to be most interesting is a change to the MQ Client Channel Definition Table (CCDT), which is needed by the MQ Client application to provide the channel definitions needed to connect to the MQ Queue Manager. This file is created automatically and prior to MQ V9 needed to be distributed to the client application prior to use. The big change from this new release is that the CCDT can be a web addressable file instead of needing to be distributed out to every client, and to then need to do that with every change. By having a web addressable CCDT accessed by URI, then there are much lower administration needs, and also the MQ infrastructure can be much more dynamic as changes can be made centrally and take effect quickly and without application disruption.

 

The second big change to the new release of MQ is in MQ Advanced Message Security (MQ AMS). This feature, which is a priced extension to MQ (available either separately or as a part of MQ Advanced) provides policy based encryption at rest of the MQ message contents. By using this capability, businesses can be assured that their message contents can only be unencrypted and read by the targeted application destination, and there is no risk of exposure should any security breach take place which provides access to the system or storage where the MQ Queue Manager holds its queues. This privacy and integrity has been assured by the generation of asymmetric keys for every exchange between client and queue manager, which provides an extremely high level of security, but can introduce a high overhead in terms of the processor cost of the asymmetric key generation.

MQ AMS performance

With MQ V9, a new mode of operation is added to MQ AMS, called ‘Confidentiality’. In this mode there is an initial asymmetric key exchange then subsequent exchanges can reuse (to an extent that can be configured) a symmetric key. This still provides a high level of security and protection for the message content, but with a dramatically lower level of overhead in terms of encryption workload cost. IBM expects that due to the increasing importance of security and protecting systems and data from breaches, that this new feature of MQ AMS will help more customers protect their message contents and therefore their business and customer data. IBM expects to produce performance data for the new AMS configuration around the time that MQ V9 is generally available. But the early testing shows considerable improvement.

 

A further change for MQ AMS is the support of non-IBM JREs for use with MQ AMS. Previously applications written in Java that relied on a non-IBM JRE wouldn’t work with MQ AMS. In MQ V9 this has now changed so that suitable non-IBM JREs can be used, as well as IBM JREs, extending the ability of more customers to use MQ AMS.

 

There are a number of other new functions and capabilities available in MQ V9, such as updates to MQ Managed File Transfer capabilities – which are described in the announcement letter, and with the movement to a Continuous Delivery model customers should expect to see more capabilities being delivered in mod levels on top of MQ V9 in the future.

 

With the recent announcement of the End of Support for MQ V7.1 – announced here – along with the related end of support of the older separate versions of MQ FTE and MQ AMS, this latest release of MQ V9, along with the recent announcement of the update to the MQ Appliance provides customers with a strong set of choices of how to take advantage of the latest new releases as they plan to move off the older releases of MQ they may be using, keeping their deployment of MQ up to date and supported.

When you are taking advantage of the benefits of IBM MQ, you may not need to have to work as hard as Ed Moses did to be #1.

UPDATE: Mark Taylor has provided one of his highly useful videos detailing more of the new function in MQ V9. Watch it here.

 

Going faster by not moving – IBM Appliance M2001

April 19, 2016

totoise-rocket-patch

Go faster. Faster. Move it! Or actually don’t move it. There are times when to go faster you need to stop moving. We are all familiar with the parable of the tortoise and the hare – where slow and steady wins the race. But what about not moving at all? Sometimes that makes you go much faster. And in the case of the latest update to the IBM MQ Appliance that is exactly what we are doing. Hopefully you already know about the MQ Appliance, which IBM releases early in 2015, and have continued to enhance since its release. You can read my original entry here, and the update at the end of last year here.

 

But today, April 19th, IBM is announcing another update to the MQ Appliance which not only provides additional functional enhancement, by allowing queue managers to both synchronously replicate for HA and also asynchronously replicate for DR, and adds support for the AMQP based MQ Light API, but also sees a small but important hardware update, making this a slightly refreshed model – the MQ Appliance M2001.

HA+DR

There are 2 key hardware changes in this model update. To help support the simultaneous HA and DR function, which would use both existing 10Gb network cards, the existing 2 port connection is being replaced with a 4 port connection, providing 4 of these 10GB network ports, enabling 2 to be used for HA and DR and ensuring 2 can be used by applications connecting to the appliance, as well as the existing 1Gb ports.

M2001

The second hardware change is the replacement of the existing pair of 1.2TB hard disk drives (HDD) with a pair of 3.2TB solid state drives (SSD). As well as the benefit of the greatly increased storage capacity, the major benefit of using SSDs is the increase in performance for persistent message throughput. The MQ Appliance is a highly capable system which can process a lot of MQ messages. However, when using persistent messaging, which needs to be written to disk, it is critical that the storage can keep pace with the high rate of workload being handled by the system and at times with heavy workloads the spinning disk simply couldn’t move fast enough. IBM has selected the latest generation of SSDs to provide large capacity, high performance for both reading and writing data at high rates, and also this latest generation of SSDs, even if the MQ Appliance is used heavily all day, every day, should last for the 5 year supported lifespan of the MQ Appliance. Therefore, this provides the payoff from our ‘tortoise and hare’ parable – with no moving parts in the SSDs, they can be a lot faster than spinning disks. Expect to see updated performance figures for the new MQ Appliance M2001 around the time of its availability (June 10th 2016), but early figures suggest for some workloads performance improvements of up to 3 times have been seen.

 

There continue to be 2 editions of the MQ Appliance – the M2001A, providing full access to all the processor cores, and the M2001B, which provides access only to a subset of the cores – with an upgrade available from the B to the A system if needed. For customers who may have already purchased the MQ Appliance M2000, please talk to your IBM sales rep to see whether your appliance can take advantage of an upgrade of the HDDs and network card if available.

 

With the improved HA and DR functions, the increased storage capacity and the greatly increased performance, IBM believes this enhanced MQ Appliance makes even more sense to be used as the heart of your IBM MQ deployment, or as a highly available pair of appliances that can be deployed anywhere you need MQ capability. And for customers who may be running older versions of MQ which were recently subject to an announcement of End of Support – as can be seen here – then the latest version of the IBM MQ Appliance can represent a very good deployment option which is then far simpler to deploy as well as to maintain.

 

By moving from spinning disks, to SSDs with no moving parts, you really can go faster by standing still.

 

 

A message awakens: What is IBM MQ and why do you need it?

January 5, 2016

Stormtroopers

Why are we here? Not in the existential way. The answer to that is not in this blog. That would probably require more than the page of general MQ related discourse that I generally include. No, this is more why are you reading about IBM MQ? And maybe more pertinently why am I writing about it.

Do you ever read the book of the film? The novelisation. It’s what happens when instead of a book being turned into a film, generally with about 2/3 of the detail and exposition cut out, you have an original film, and then it is made into a book. Generally these tend to be less satisfying than an original novel.

Earlier in 2015, in an effort to try and communicate more with the tens of thousands of people who use IBM integration products, the team in IBM Hursley have been doing live Google Hangouts on multiple subjects – and these are then saved as YouTube videos. With my colleague John McNamara I have done a number of these and 3 of them have been titled “What is messaging” to try to cover why you might find messaging valuable and useful as opposed to some of the other choices around for communicating and exchanging data.

You can see the 3 videos here: Part 1  and Part 2 and also Part 3 

John and Leif

In those videos we tried, as best we could, to be product agnostic – to focus instead on messaging as an approach rather than a specific implementation such as IBM MQ. However the question naturally arises why should you specifically use IBM MQ?

Now in the years I have been writing this blog I have written a few posts that talk to the usefulness of IBM MQ – see here, here and here. However why is it that IBM MQ is still the selection of so many businesses today?

Again, as with the ‘why are we here’ question above, this isn’t something that can be quickly and easily summed up in an easy to read blog entry. So what I will do is try and call out some of the major reasons in simple terms, and then hopefully, as time permits through the year, I will try to add more detail.

Why use IBM MQ then?

  • It works – it does what you need it to do
    • There are many thousands of the world’s leading businesses using IBM MQ, and not just using it – but they are depending on it. They trust it to work, and do what it is asked to do, connecting their business simply, securely, rapidly and reliably.
  • Businesses depend on it – as above – for critical parts of their business – at its heart IBM MQ is built around transactions
    • The business world, and IBM MQ, is largely based on the notion of ‘once and once only’ transactions. While there are other approaches, so much of the critical aspects of business depend on this style of transactionality.
    • It is not easy to offer reliable, persistent messaging that provides once and once only delivery. That’s why many other messaging providers can’t offer this, and why many businesses select IBM MQ
  • IBM MQ scales to meet your business need
    • Developing a small scale application that needs messaging is great and it can be simple to use one of many different messaging tools
    • Ensuring this messaging tool works as the application usage scales is another matter. IBM MQ scales horizontally and vertically, running highly efficiently on single machines or spanning multiple machines in large clusters.
    • Whether sending a few messages per day or scaling to a billion messages per day, it is likely you want good performance. As well as being efficient in scaling, IBM MQ also offers high performance to move messages rapidly between application endpoints.
  • Your business is at risk – how secure is your messaging software?
    • You can’t afford to take risks with your business data, or the information your customers entrust with you. IBM MQ has multiple layers of security on the system itself and the data being moved and supports the latest encryption standards. Can you afford not to protect your messaging layer?
  • Highly available – it’s what you need and your customers expect
    • You can’t afford to go offline – you need to run all day, everyday. IBM MQ can be right there with you, with built-in support for High Availability as well as being able to use multiple different approaches such as vendor-based clustering, or virtualization.
  • Everything you need, functions and tooling
    • While the problems solved by messaging are well understood – and there is a great benefit from simplifying applications, some of that is lost when the need for additional functions require multiple different messaging offerings. With richness of function and a complete span of capabilities IBM MQ offers a single solution
    • Deploying a messaging solution is only part of using the solution. There is a need for management and tooling to provide insight in what is happening to all the messages, and to identify exceptions etc. With support from multiple different tooling vendors, and dozens of additional free tools and add-ons, as well as the ability to create your own utilities, IBM MQ can be tailored to meet the needs of your business solution.
  • Help when you need it, where you need it
    • With more than 20 years of leadership, and substantial market presence, there are thousands of skilled professionals able to provide guidance in how and why to use IBM MQ, how to configure it, how to program with it, and how to deploy and maintain it. And all that supported by IBM’s global 24×7 support organization to help when needed.

So that’s a few of the high points about IBM MQ. I will look to write more in detail about some of these through the year ahead – although I am also pretty sure I will be adding some new entries about product announcements and enhancements as well. Watch this space.

Appliance close up

IBM announces IBM MQ V8

April 22, 2014

Image

There are some things that come around every day. Good things, like new business and new customers. Other daily occurrences are not so good, like hardware failures, network problems, or security fixes to apply. Then there are some things that come around much less frequently, but they are worth waiting for. Good days like when a new version of IBM MQ is announced. Days like today.

That’s right. At IBM we are happy to announce IBM MQ V8. You can read the announcement letters here: Click here for the announcement letter for IBM MQ V8 on distributed platforms. Click here for the announcement letter for IBM MQ for z/OS V8. And click here for the announcement letter for the various IBM MQ V8 offerings on z/OS with a One Time Charge pricing metric.

There are a lot of new capabilities, and plenty of enhancements and improvements included in the announcements. At this point I will just call out a few of the high level items, and leave myself plenty of opportunity to come back on subsequent blogs and dive a little deeper into some of the new and improved areas.

Let’s start with one of the changes that maybe either big or small depending on your perspective. We are starting, with this version, to call this product IBM MQ, as opposed to WebSphere MQ, mirroring a change you may have seen in some other products in recent years. After all MQ connects your entire infrastructure, so referring to it as IBM MQ rather than WebSphere MQ is perhaps more indicative of that breadth of coverage. It does of course continue to work with all the previous releases of WebSphere MQ, and in fact when you order it and install it, you will still see it as WebSphere MQ, but over time, expect changes in the product to reflect the new branding, while continuing to deliver the same robust messaging infrastructure.

So what else is new? Plenty of course has changed for the better, and many of the changes can be grouped as enhancements to boost both security and scalability, improving support for standards, and also doing more to exploit the hardware being used. This changes should reflect an overall improvement in the ease of use of IBM MQ in this release, simplifying configuration and reducing operational tasks.

From a security point of view, some of the key changes include the authentication of userids defined in the operating system, or in LDAP for distributed platforms. More changes include support for multiple certificate authorities in a single queue manager, and the use of DNS Hostnames in Channel Authentication Records.

From a scalability point of view MQ is now better at scaling to the limits of a SMP machine. And there are various other enhancements, especially for publish-subscribe, including a change in the way clustering works for pub-sub. These changes in scalability are particularly designed to improve real-world scalability, rather than being tuned to demonstrate performance in confected examples.

Notable in new standards is support for JMS 2.0 with new messaging features and updates to the API. Also there are enhancements in Microsoft .NET support as well as WCF extensions. And for improved connectivity options, the function that was previously a part of MQ Telemetry Advanced is now a part of MQ Telemetry, giving customers more for less.

For our customers using MQ on z/OS there are some particularly notable enhancements that offer new capabilities and exploit some of hardware updates likely to be available. There is support for 64 bit buffer pools, and a wider log Relative Byte Address as well as support for the zEDC compression and Coupling Facility Flash. Likely to be of real interest is the announcement that we have removed the Client Attachment Feature, meaning that there will no longer be a charge to connect MQ Clients on other platforms to MQ on z/OS. This applies from today, not just on MQ V8 but on WMQ V7.0.1 and V7.1 as well.

As I said, there is quite a lot of new information to share here. I didn’t even get a chance to mention that the MQ AMS code is now integrated into the base on all platforms, and available on IBM i for the first time. Lots more detail to come so please come back for more, and hopefully I will see you at IBM Impact next week in fabulous Las Vegas.

Image

Life’s too short to drink bad coffee?

February 4, 2014

Image

It has been a lot longer than I wanted since I last wrote an entry on this blog. I guess I have been searching for inspiration. The problem of course being that I work on a lot of things that I can’t talk about until they are ready to announce. So what can I say about what we already have in the market?

I was struck last week with some inspiration. I don’t recommend getting your inspiration the same way, as I was off sick for a couple of days with a temperature of 104F, but it did give me a couple of days thinking time, on a restricted diet. One of the things I was missing was my espresso and cappuccino. I have, for reasons that don’t matter here, two separate espresso machines. A manual La Pavoni and a Gaggia Classic. For either to make decent espresso you need freshly ground coffee, ideally from freshly roasted beans.

Image

I buy my beans from a small UK roaster called hasbean, and have been for a number of years. But here’s the thing. Until a few months ago, I had just bought the same ‘espresso blend’ of beans from them. I went to their website, clicked on their ‘blends’ page, selected the espresso blend I chose, and bought it. Again and again. I was perfectly happy with my choice. The beans were roasted that day and posted out. I would drink my coffee and be happy. Except (and you knew that was coming) I gradually thought there might be something more. Maybe my coffee could be better. I knew it was already way better than the coffee providers on the high street. In fact it was rare I would drink a coffee outside the house that I liked as much as mine. But my feeling persisted. And maybe what I might have done would have been to find another roaster. But all of a sudden, when I was on the hasbean website about to buy some more coffee, I looked a little closer at the website – and clicked on one of the tabs for a specific coffee region…in this case I clicked on America. And there a whole world opened up. Yes there was Brazil, which I knew provided many of the beans in my chosen blend. But there were options for Bolivia, Guatemala, Colombia, El Salvador. The list went on. And click a country, and there was even more choice. Individual producers. Detailed notes of the crop, the harvest conditions, the processing method, and tasting notes. A whole world of choice ready to be roasted and posted.

This was what I had been missing, and it was there for me all along, right in front of my face. Now I am selecting a range of individual beans, drinking different, better coffee, but from the same roaster, and mostly at the same price I was paying. There was even an option to pay a little more for some exceptional beans. Truly a win-win.

So is this relevant for WebSphere MQ users? Well I did visit a long standing customer last month who admitted that they didn’t use any publish-subscribe. Now IBM has been suggesting trying out publish-subscribe for years. It is there in the product. There is no additional cost to use it. And for many uses, you get far more flexible deployments.

Then there is security. Changes made in the V7.1 release back in 2011 gave the product far more usable security, but still customers continue to use exits which now ought to be redundant thanks to the same or better function in the product. Then there are transactional clients, improvements in clustering, API options, etc. etc. And that’s before I even start mentioning Telemetry support, Managed File Transfer and Advanced Message Security options.

Now I understand that WebSphere MQ isn’t a cup of coffee, even if an espresso machine can be complex to use well. Applications connected with WebSphere MQ are systems that run for years, or even decades. And it can take quite a bit of work to consider changing them. But with features like multi-version install, and even the new ability to download the entire WebSphere MQ Advanced stack at no cost for development use, we have been working to make it easier to try new ways of using WebSphere MQ. So at no additional cost, you could be making your applications more flexible, more robust or more secure. You could be simplifying your administration tasks, and reducing the overhead of recurring operational activities. And for a little more you could be encrypting messages end to end without changing your applications, or using your MQ network to move your file data, and to make better use of it. I am pretty sure that with MQTT you could even hook up your coffee machine to your smartphone. 

Now that I have been trying the new coffees I won’t be going back to less variety. Why shouldn’t you be trying some of the good stuff too? Tomorrow morning I’ll be drinking for the first time some Colombian El Meridiano Rioblanco Washed. What are you going to be trying tomorrow?

 

Did you remember to lock your car?

November 12, 2013

Image

We’ve all done it. You have driven your car to a car park, walked away, and then had a momentary pang of doubt about whether you locked your car. It has become second nature to lock your car. To keep it secure. The car even locks the doors itself when it is in motion. But when you park it and walk away, that’s when the uncertainty comes in, and also when your car is most vulnerable.

It is the same with your enterprise messaging. What happens when you use a product like WebSphere MQ to send a message across your enterprise? Well, of course, what is happening is the application takes some data and packages it in the contents section of a message structure, along with some header information to describe the message and the destination. The message is then dispatched. All in all that’s pretty similar to you getting in your car and driving to the shops to buy something like food for dinner, or presents for a birthday. There is a destination and something of value to be transferred. With a car, you have to park in a space in a car park. With messaging, instead of a car park you have a queue manager and queues.

Messages start in an application and a MQ Client packages the information to be moved into a message. This then is sent to a queue manager, to be written into a queue. According to the destination or other information, the message is then sent on to either another queue, another queue manager, or to the destination client application.

As far as securing the message goes, when the message is moving between the client application and the queue manager, then the MQ resources are secured by MQ built-in security definitions and the message and contents itself is secured while moving over the ‘wire’ by use of SSL. However while the message is encrypted by SSL as it moves, once it reaches the queue manager, and is written to the queue, it is unencrypted and thus sits on the queue without any encryption. Thus if the system with the queue manager is penetrated, the messages on the queues are available in the clear. This is the same as parking your car in a ‘secure car park’ but leaving the car unlocked as the car park is secure. Would you do that? I’m pretty sure I wouldn’t.

Now what would we like to happen? What would be smart would be a routine that ensured our car was locked, pretty much at all times unless people wanted to get in and out of it – subject to key rules – such as ensuring people could actually get out or in when they needed. For messages we would want to make sure the message contents were secure at all times, including when sitting in queues, but would continue to be available to the receiving applications, and of course would still expose the header information needed for routing etc.

What IBM offers for WebSphere MQ is WebSphere MQ Advanced Message Security, which is also available as part of the entitlement of WebSphere MQ Advanced. This is a policy-based encryption capability which allows message contents to be encrypted from sending application to receiving application. So the contents are encrypted while it flows over the network and while it sits in intermediary queues. The applications are unchanged, with just updated client libraries to be used. And the security is based on policies, so different rules might apply for different message contents, or different queue managers. After all there are some times when you have to leave your car unlocked. So I’m pretty sure you have rules for securing your car. Isn’t it about time you had rules for securing your messages?

Image

 

When dinosaurs ruled the earth? They still do.

October 16, 2013

Image

 

One of the odd things about having worked in IBM for 24 years now is that there are people I work with at IBM who hadn’t been born when I started working in IBM Hursley. And when I started I was given a desk with a 3270 mainframe terminal on it which weirded me out somewhat. At University, studying Computer Science I had been used to using Unix machines with large graphical displays. And the closest I had come to a mainframe was the department Vax, and various other mini computers connected to the UK academic JANET network around the country which we were happy to hack into in order to play MUD and MIST in Essex and Aberystwyth. I had assumed that mainframes were dead. And pretty much so did everyone else out in the world.

Funny thing was they didn’t die. They evolved. Just like dinosaurs did. Mainframes back in the 80s and early 90s were different beasts to those we see today – completely different technology – but still the same goal. Very high performance. Very high throughput. Very high reliability. Which, by an odd coincidence, is the same set of characteristics that businesses need for their core business systems. These aren’t systems that the regular public have much to do with, even though they interact with them every day. When checking their bank account, withdrawing money, booking a holiday, interacting with a large business in any way, you are driving work on a mainframe. You never see it, because it just works. Any failure you see would typically be on the front-end. If there was a failure on your ATM, it is likely a Windows (or similar) error screen you see, not a mainframe error message. These machines are invisible, ever present, running and running like the Duracell bunny. Running the world? I think they might just be. And it appears I am not alone in thinking that.

If you have applications on a mainframe, running your business world, then these applications won’t run in splendid isolation. They need to connect to the rest of your business, sharing data, completing orders, adding new customers. And ideal for these workloads, and any new workloads is WebSphere MQ. We have a specific offering for running on IBM System z mainframes – WebSphere MQ for z/OS – which is built to exploit many of the key features in our leading mainframes. It handles a million messages per second. It uses the Coupling Facility and Shared Queues to help you to avoid ever losing messages. And of course it has tremendous robustness and security, ideal for ensuring your business can keep doing what it needs to do. Day-in, day-out.

And October 15th 2013 we announced a new way to buy this offering – WebSphere MQ for z/OS Value Unit Edition. This offers the exact same product as the existing WebSphere MQ for z/OS, but is available to buy as a ‘One Time Charge’ transaction, rather than being charged per monthly usage as the existing WebSphere MQ for z/OS product is. So now there is a choice of how to buy this leading messaging solution for z/OS – a monthly license charge, or buy it upfront for your new workloads, deployed on new logical partitions (called zNALC). The dinosaurs just got a little more agile, a little faster. I guess they are evolving into birds.

Image