Sharpening the saw

I am fortunate this year to participate in many seminars and conferences.  I just finished IMPACT and on June 5th I’ll be in New York for the WSMQAdmin seminar there.  The following week I’ll be in Zurich for the TI&M WebSphere Messaging and Web Services Security seminar.  Later this year are four more WQMQAdmin seminars and IBM’s WebSphere Technical Convention in Berlin.  Sometimes when I ask people whether they will attend one of these events the response back is “I’m just too busy.  I can’t find the time.”  If this describes you, then I urge you to reconsider.  Please let me explain why.

Continue reading

Posted in Events, General | Tagged , , | Leave a comment

IMPACT 2012 WMQ Sessions

Here are the MQ sessions at IMPACT for the week. Asterisk indicates repeat sessions. sessions where I am presenting or participating are in Red.

Mon 10:45 – 12:00  1577 – WebSphere MQ: Securing your Queue Manager*
Mon 14:00 – 15:15  1576 – Introduction to WebSphere MQ*
Mon 14:00 – 15:15  1597 – Roundtable: WebSphere MQ Feedback*
Mon 15:45 – 17:00  2255 – WebSphere Connectivity and Integration Feature Session with Q&A Panel
Mon 17:15 – 18:30  1575 – What’s New in the WebSphere MQ Family of Products

Tue 10:45 – 12:00  1579 – WebSphere MQ for Managed File Transfer
Tue 10:45 – 12:00  1592 – WebSphere MQ: Machine 2 Machine Communications using Telemetry
Tue 13:30 – 14:45  1593 – WebSphere MQ: Publish/Subscribe Messaging
Tue 13:30 – 16:30  1595 – Hands-on Lab: WebSphere MQ
Tue 15:15 – 16:30  1581 – Extending WebSphere MQ and WebSphere Message Broker to the Cloud
Tue 15:15 – 16:30  1597 – Roundtable: WebSphere MQ Feedback*
Tue 16:45 – 18:00  1576 – Introduction to WebSphere MQ*

Wed 9:00 – 10:15  1589 – WebSphere MQ: What is your system up to?*
Wed 10:45 – 12:00  1578 – WebSphere MQ: Securing your Messages*
Wed 10:45 – 12:00  1591 – WebSphere MQ for zOS Internals
Wed 13:30 – 14:45  1596 – Meet the Experts: WebSphere MQ*
Wed 13:30 – 14:45  1585 – WebSphere MQ: Connecting to the Internet of Things
Wed 13:30 – 14:45  1586 – Using IBM WebSphere Application Server and IBM WebSphere MQ Together*
Wed 13:30 – 16:30  1594 – Hands-on Lab: WebSphere MQ Security (Distributed Platforms)
Wed 15:15 – 16:30  1584 – WebSphere MQ: Highly Scalable Publish Subscribe using Multicast
Wed 16:45 – 18:00  1588 – WebSphere MQ for Distributed Platforms Performance
Wed 16:45 – 18:00  1597 – Roundtable: WebSphere MQ Feedback*

Thu 8:45 – 10:00  1590 – WebSphere MQ for Distributed Platforms Internals
Thu 8:45 – 10:00  1587 – WebSphere MQ for z/OS Performance
Thu 8:45 – 10:00  1597 – Roundtable: WebSphere MQ Feedback*
Thu 10:30 – 11:45  1596 – Meet the Experts: WebSphere MQ*
Thu 10:30 – 11:45  1586 – Using IBM WebSphere Application Server and IBM WebSphere MQ Together*
Thu 13:30 – 14:45  1589 – WebSphere MQ: What is your system up to?*
Thu 13:30 – 14:45  1580 – WebSphere MQ: Simplifying Migration
Thu 15:15 – 16:30  1582 – WebSphere MQ for z/OS Shared Queues (Advanced)
Thu 16:45 – 18:30  1583 – WebSphere MQ: Clustering update

Fri 08:45 – 10:00  1577 – WebSphere MQ: Securing your Queue Manager*
Fri 10:15 – 11:30  1578 – WebSphere MQ: Securing your Messages*

Posted in Events | Leave a comment

No such thing as a persistent queue!

The widespread usage of the phrase “persistent queue” has a negative impact because people believe that queue attribute actually does something. It’s always worth taking time to stamp out usage of that phrase wherever we find it and I’ll attempt to explain why.

Continue reading

Posted in WMQ | Tagged , , , , , , | 3 Comments

Paul Clarke facts

Chuck Norris has nothing on Paul Clarke.  Here’s my Top 10 reasons why:

10 – Documented message priorities are 0-9 but there’s an undocumented “Paul” priority.

9 – Paul doesn’t use message selectors. He just thinks about which message he wants and the QMgr delivers it.

8 – There is no message expiry. Only messages that Paul has allowed to live and those he has not.

7 – The signed certs trust the CA but the CAs trust Paul.

6 – Paul used to get terrible service in restaurants so he optimized the put-to-getting-waiter algorithm.

5 – Andy Stanford-Clark’s house has a sign out front that reads “Powered by Paul.”

4 – Paul authenticates to your QMgr with “it’s me.”

3 – When WebSphere MQ was invented they found a message already on the queue with the MQMD.UserID == pclarke.

2 – Paul doesn’t need his passport at customs.  He shows them his identity context.

And the #1 Paul Clarke fact:

Paul can cause a message in a rolled back UOW to be committed *and* still maintain transactional integrity!

Posted in Humor | Tagged , , , | Leave a comment

PCI zone and non PCI zone in same DataPower box

I’ve been having PCI Déjà vu lately.  It seems the same questions keep coming up over and over.  One strategy for compliance that is nearly ubiquitous is to segregate the PCI data from the rest of the network.  In practical terms, this usually means a dedicated subnet or network, firewalled from the rest of the intranet and with dedicated software and hardware components.  When people approach PCI compliance as simple configuration they eventually ask “why not put the non-PCI data in the PCI enclave?”  The theory is that if the PCI network is good enough for the PCI data then it is good enough for the less sensitive data and having just one set of components would cut costs.  Because I’m lazy and didn’t want to write yet another response to this, I thought I’d post the latest one here.

Continue reading

Posted in General, WMQ Security | Tagged , , , , , , | Leave a comment

GWC Webinar posted

The WebSphere MQ Security Deeper Dive slides from the  Global WebSphere Community webinar last month are now posted on this site.  You can get them from the Links page or just click here.  If you want the screencast and recording they are available form the Global WebSphere Community’s site here.  Thanks go to the great folks at Global WebSphere Community who were excellent to work with in planning, producing and executing the webinar!

Posted in News, Publications, WMQ, WMQ AMS, WMQ Security | Leave a comment

Previous security lab reposted

I acted a bit too hastily in removing the old WMQ Security Lab download when the new one was posted.  Several readers reminded me that the new lab is for v7.1 and that isn’t even out yet!  Everyone who needs these materials is obviously still on v6.0 or v7.0 so mea culpa.  The download is restored to it’s rightful place on the Links page.

Posted in Publications, WMQ, WMQ Security | Leave a comment

Credit card security fail

I suppose it says something about my travel schedule when a local purchase at Best Buy triggers a card security alert, but charges across country or overseas do not.  When I arrived home after picking up one of the new 3TB disk drives there was a voice mail from my bank informing me that I needed to call right away regarding a suspicious card transaction.  The number they provided was not the same customer service number on the back of the credit card. This pegged my mental fraud detector so I called the number on the back of the card instead.  The Customer Service Rep politely informed me that “we don’t handle those here” and that I would need to call the number provided in the voice mail and no she could not verify that the number in the voice mail belonged to the bank. “But it must be the right number or they wouldn`t have called you, right?”  Sigh… Amateur. Continue reading

Posted in Fail, News | 2 Comments

Encrypting passwords in config files – secure or not?

Not long ago a colleague told me he wished that he could use a .kdb format keystore for his Java applications.  When I inquired as to why, he said he liked that the .kdb includes the ability to stash an encrypted version of the password, whereas with his Java application he was obliged to store the password in a configuration file and, more importantly to his mind, in plain text.  My initial reaction was that encrypting the Java passwords would probably be a good thing.  Judging by the frequency with which this requirement comes up, I’m guessing most people would agree.  Intuitively, it makes sense – an encrypted password must be more secure than one in plain text, right?  The more I think about it, the more I’m convinced that the opposite is the case.  I’ll explain why after the break. Continue reading

Posted in General, WMQ Security | 2 Comments

WMQ Security in v7.1

For those of you who missed it, Morag presented the WMQ Security session at this year’s WebSphere Technical Conference last week.  This was exciting for a few reasons, not the least of which was – did I mention MORAG presented? So good to have her back at the conference.

Of course, for this iteration she had written all new content for the conference.  There are so many changes related to security in v7.1 that almost all of the session was devoted to the new features!  There is almost nothing left of my content from the deck but hey, it was pushed out by new features and that’s a problem I love to have.  This blog post is a very high level overview of those new features.

Continue reading

Posted in News, WMQ, WMQ Security | 1 Comment