Well, I made it to Barcelona on Sunday after 20 hours on various planes and in various terminals. My luggage arrived on Tuesday having seen MUCH more of Europe than I was able to. Unfortunately, I had the camera and the luggage was therefore unable to take any interesting photos of all the places to which it traveled. In the interim I had to buy some clothes and discovered there’s a fortune to be made buying jeans in the US and selling them over here. If the WMQ security thing doesn’t work out, I’m going into exports.
I’ve presented the two sessions from last year – WMQ Basic Security and WMQ High Availability – as well as the new WMQ Advanced Security. All of them seemed to be well received although I’m told that the slides are not yet available on the conference web site. I will follow up with the conference staff on that but in the meantime, I’ve uploaded the slides here:
As I mentioned in the sessions, the “Basic” presentation is about locking down administrative rights to the queue manager. The premise is that if this is not done, none of the “Advanced” configurations are meaningful. The Advanced slide deck is not so much about specific configurations as it is about patterns – architecture patterns, trust models, deployment patterns and so forth. These patterns both constrain and inform the process of securing the messaging network in a meaningful way.
Once we understand the patterns, it is possible to devise an appropriate security model. The presentation also points out that sometimes the appropriate model is largely implemented in the message layer rather than in the connectivity layer which is where base WMQ security functions. As the network perimeter disappears, we are increasingly forced to protect the data itself and that means signing and possibly also encrypting messages. I often encounter strong resistance when I suggest that channels should always be authenticated, for example with SSL or an exit. When I present the slides on network topologies it becomes apparent that authenticating channels is just the first step and that message-level, end-to-end security is looming large on the horizon. This is especially so with the SOA logical hub-and-spoke topologies, increased B2B connectivity and the requirement to securely move messages across transport providers. I fully expect message-level encryption to become the standard in a few years but not without a lot of struggle and pain. Not, perhaps, without one or more additional high-profile internal network breaches to raise the standard of due diligence.
Wednesday I present the High Availability pitch once more and the WMQ Basic Security is repeated Friday morning. If you are at the conference in Barcelona, I invite you to attend one of my sessions or just flag me down in the halls and say hello. I’d love to meet you and we don’t even need to talk about security or MQ. OK, maybe just a little.