Time for MQ to get serious about instrumentation and admin. Again.

Outstanding RFEs and feature requests have been a hot topic on the MQ list server of late.  Looking at the RFEs that have been posted and discussed, there’s a general architectural requirement many of them seem to have in common: Better support for administration and auditing.

It’s tough to ding IBM for lack of instrumentation in the product and I remember well a concerted and very public campaign to gather user experience feedback a few years back. There is considerable instrumentation in the product and that’s a Good Thing. Thanks, Hursley team and MQ management!

However, it is only recently that MQ users have been enabling security at scale, and many of the new security features are driving usage pattern changes. Much of the demand for instrumentation stands apart from security, but much of it is directly related and as the security implementations ramp up, previously latent requirements for instrumentation and administration become newly visible and in that light many gaps have emerged.  The need is urgent based on rapidly evolving market requirements and both customers and IBM will need to reevaluate their enhancement priorities.  We can’t assume priorities carry over from the last release.

Just as MQ approached what might be considered a well-developed set of administrative and instrumentation function, the market requirements evolved to make those look anemic. In light of ubiquitous breaches and more stringent security requirements, MQ needs a lot more admin and instrumentation functionality if we want to do things like prove to an auditor that the system wasn’t penetrated and have any confidence whatsoever when we say that.

Given recent developments with breaches, evolving attacks, and vulnerabilities now being discovered in deep infrastructure code like OpenSSL, that is to be expected. Furthermore, I know the MQ management team are aware that these requirements are emerging, and the reasons why, because I campaigned for them during my time as MQ Product Manager.

Continue reading

Posted in Events, IBMMQ, IIB, News, Security, WMQ Security | Tagged , , , , , , , , , , | 3 Comments

First inaugural Bats of a Feather

We’re trying something new at MQTC this year and if it goes well it may become a regular event.  Let us know what you think by voting and participating in the contest.  It’s conceived as a cross between the Birds of a Feather sessions from IMPACT and the slightly more subversive events that take place at Def Con.  We’re calling it Bats of a Feather and prizes will be awarded.

MQTCBATS_PrizesUpdate 9/14/2015 Prizes announced!

Ever wanted a Pebble Steel watch?  Your own quadcopter?  How about a Smartphone Controlled Paper Airplane?  Grab the mic and tell your MQ horror story and you may go home with one of these.  Save a bit of room in your suitcase!

Registered topics (so far):

  • MQ Lost my message (redux) – Glen Brumbaugh
  • Crazy high CPU usage on Z/OS after MQ clients updated to 7.5 – Linda Foley
  • Look, you can see the DR datacenter from here – AJ Aronoff

Don’t let Glen run off with the top prize uncontested! Tweet your topic title with hashtag #MQTCBATS to register, comment here with a topic, or email me.

Continue reading

Posted in Events, MQTC, News | Tagged , , | 11 Comments

Are messaging hubs an anti-pattern?

I have worked over the last decade with many customers who were consolidating their MQ footprint. It’s a familiar pattern – there are many queue managers, they tend to be lightly loaded, why not consolidate to a central hub? Now that many of the projects with which I have firsthand knowledge have been in Production for a few years some common patterns are emerging and they aren’t good.

Continue reading

Posted in General, IBMMQ | Tagged , , , , | 4 Comments

Zero to SSL in under 5 Minutes

A viewer of the Zero to Hello World video recently challenged me to do a similar video for SSL. Challenge accepted!

Posted in IBMMQ, Security, WMQ Security | Tagged , , , , , , , , | 1 Comment

Spring Cleaning a Windows MQ Installation

If you have ever attended one of my conference sessions, read my articles, or hired me to perform any kind of MQ work, then you know that I consider SupportPac MS0P to be an indispensable add-on for MQ Explorer.  I recommend it to everybody.  The folks at Hursley Lab are probably sick by now of my stirring up crowds at the conference by insisting it should be part of the base functionality in Explorer and fully supported.  Given all that, you’d think I personally would have it installed in the MQ Explorer on my laptop.  Until tonight, you would have been wrong.

Tonight I dropped everything else and concentrated on getting MS0P to run.  I was eventually successful, but learned a lot about MQ along the way.  I’m writing it all down to hopefully save others from the same ordeal.

Continue reading

Posted in IBMMQ | Tagged , , , , , , , | 3 Comments

IBM MQ Security Requirements Questionnaire

Over the years I have often been asked for security templates and other canned assets to help make MQ security planning, implementation, and operation easier. These often become the source material for conference presentations, articles and videos.  Some of these assets focus directly on configuration.  The benefit of these is to take a lot of the heavy lifting off the hands of the MQ administrator.  That leaves the administrator free to focus on the more business-specific task of designing the appropriate security architecture.  The question then is whether we can take some of the heavy lifting from that task as well.  I don’t believe that is easy to do safely, but the good news is that we can at least take much of the randomness out.

Continue reading

Posted in IBMMQ, Security, WMQ Security | Tagged , , , , , , , , | 1 Comment

Presentation from today’s NY/NJ MQ User Group meeting

I will move this to SlideShare after making a few more edits per today’s comments and notes.  At that point I will link to it from the Links page, same as all the others.  But for now, please enjoy!

This is the version of the slides with the Notes pages printed:
20150602 Managing CA Certs – Notes

Posted in General | Leave a comment