Blog and podcast to resume

Posted on April 23, 2011 by T.Rob

I’ve spent the last five years since joining IBM as a consultant in Software Services for WebSphere. This has been the most rewarding and happiest time in my career and I’ve made many new friends from my customer assignments and my IBM colleagues. But my mission in life is to make sure all the WebSphere MQ out there in the world is secured and there are limits to how many customers I can reach working one at a time. That’s one reason I love presenting at the conferences and writing articles – I get a chance to meet and influence many customers at a time. I can spend 40 hours on a customer engagement and help one customer, or I can spend half that time on an article or a few hours at the podium and help many customers. That’s leverage and I’m going to need a lot of it to reach as many MQ users as I want to.

One down side to consulting was that I was focused so narrowly on customer assignments that there was little time for anything else. That was especially true in the last year due to a sharp increase in demand for security services. The net result was that as consulting work ramped up, extracurricular activities such as the developerWorks column, the blog and the podcast ground to a halt. This meant that the activities which had the most leverage were the ones that fell by the wayside.

All that is about to change. As of August 1, I’ll be moving to the WebSphere messaging family product management team. Actually, I have always worked with the lab and product management teams but up to now it was as a customer or as an IBMer in my “spare” time. Beginning next month it will be my primary role and I won’t be consulting anymore. In addition to things like fully participating in the Early Access Programs, I’ll have time (in fact, be expected) to resume blogging, writing articles and podcasting. My conference schedule will likely expand as well, although at the moment all I know of is a possibility of staffing some of the IMPACT Comes to You events here in the US. More on that as it develops.

Over the next few weeks as I transition, I’ll try to get the blog caught up with some of the WMQ security news you might have missed, then resume the blog and podcast in earnest. The recent Fix Pack included security-relevant APARs for which there’s a CVE published. I’ll put the details in the next post but if you have compliance concerns be thinking about applying the Fix Pack if you have not already done so.

Posted in News | Tagged | Leave a comment

Hang on – switching hosting providers

Posted on April 23, 2011 by T.Rob

After a long and happy relationship with Webzpro, I am afraid I need to switch hosting providers.  In their never-ending battle with spam, Webzpro has changed their email policy to no longer support some features which I require.  Other than this policy change, I’ve been quite happy there but unfortunately, this is a deal-breaker for me.

Please bear with me while I relocate.  I’ve found a new host with the features that I require and, they say, the ability to transfer my existing content seamlessly.  If you can still read this tomorrow, then perhaps all that is true.

Finally, I’m not investing in SSL at the new host until I’ve fully moved in there and tested the blog and podcasting functions.  Hopefully this won’t present any major issues.  Wish me luck!  Here goes…

Posted in News | Tagged | 2 Comments

Handy IMPACT conference cross reference

Posted on March 29, 2011 by T.Rob

With IMPACT fast approaching, I’ve compiled a cross reference of all the web sites, twitter handles, hastags and session agendas that I know of.  Feel free to add more in the comments!

Continue reading

Posted in Events, IBMMQ, MQ AMS, MQMFT, News, WMQ Security | Tagged , , , , , , | 2 Comments

WMQ Security bulletin site

Posted on January 15, 2011 by T.Rob

Been wondering how to know if your WMQ is up to date for security patches?  Wonder no more!  Just go visit the Security Bulletin for WebSphere MQ page.  The Recommended Fixes page lists all of the Fix Packs and from there you can scan the included APARs for things that look like they might be security related.  But that’s kind of a hit-or-miss proposition.  That’s why I’m really excited that the new site lists all the security-related fixes in one place and ties these back to both the CVE web site and the Fix Pack that addresses the issue.

In some cases an item will be listed before a fix is available.  You can always open a PMR and ask for an Interim Fix (a.k.a. an “iFix”) by referencing the specific APAR if the vulnerability is that urgent.  In most cases though, just apply the Fix Pack when it is released.

The site lists only those fixes that apply to WMQ base.  Currently there is no similar listing for WMQ AMS or WMQ FTE but it’s something I’ve requested.  If you find the site useful, please let IBM know about it through the Feedback form at the bottom of the page or your account team

Posted in IBMMQ, News, WMQ Security | Tagged , , , , , , , , , , , | Leave a comment

Pages updated

Posted on January 15, 2011 by T.Rob

I’ve just updated the WMQ and Links pages with new content.  There are a couple new Mission:Messaging articles and I fixed a few broken links on the Links page.  On the WMQ page I’ve added some new content, rearranged some stuff and fixed a few more broken links.  Among the notable new content is links to the FTE and AMS Infocenters and I managed to locate a site where you can download patches and updated for GSKit!  Did you know GSKit 8.0.14.7 is out?  I didn’t.

Posted in IBMMQ, MQ AMS, News | Tagged , , , , | Leave a comment

WMQ Security Open Mic announced!

Posted on August 26, 2010 by T.Rob

developerWorks Technical Exchange is hosting a WebSphere MQ Open Mic on the topic of security September 16 from 11am – 12pm EDT.  The panel will include Tom Schneider, Morag Hughson, Paul O’Donnell and myself.  The deadline for be pre-submitted questions is September 7th.  There will be an open Q&A at the end but I expect this to be a very busy session and I would not count on having time for all the ad-hoc questions so pre-submit your question if possible!

The agenda so far is:

  • I put SSL on my application channels, is there anything else I need to do?
  • How do I apply authorization to a topic?
  • What security considerations exist for WebSphere MQ File Transfer Edition (WMQ FTE)?
  • How can I find the cause of a not authorized error on z/OS?
  • How can I list security profiles used by WebSphere MQ on z/OS?
  • Open lines for live question and answer period

There will be a replay available within a few days after the session.  Full details are available on the event page.  We are looking forward to meeting with you!

Posted in Events, IBMMQ, WMQ Security | 2 Comments

Let's (not) do the time warp again!

Posted on June 26, 2010 by T.Rob

Wow, the last 24 hours has been…interesting…here at Store and Forward.  Friday night I noticed all of my blog posts after October 2009 had disappeared!  My hosting provider’s front page lists daily backups as one of their services so I contacted them and asked for a restore.  After the restore, the site looked exactly the  same – like a time capsule from October of last year.

Obviously the site had been like this long enough to have gotten picked up in the latest backups so I asked how far back the backups go.  One week.  One lousy week.  Sigh…  I guess if these are going to be meaningful, I’m going to have to take my own backups.  But wait – how is the site completely intact from 8 months ago if the hosting provider doesn’t keep backups?  Had someone hacked the site and…and carefully deleted all the content after a specific date?  Highly unlikely.

I signed onto the server using SCP to see if I could find any files with recent dates.  Oddly, the server gave me a different certificate fingerprint.  Was there a man-in-the-middle here?  A little more research and I found that the host I was pointing to was the one my site lived on before I added the SSL certificate, which had required a move.  Ahhh…so I wasn’t hacked and the hosting provider hadn’t restored from an incredibly old backup.  They had updated DNS and pointed me to the old server which, rather inconveniently, had the old version of my site still there. Whoops!

So DNS has been restored and it seems to have propagated across the net.  The site has all the current posts and I’m taking my own backups now.  Thanks to a few people who emailed to let me know.  I happened to find this about 6 hours before the first email arrived but it’s nice to know I would have been alerted.

Posted in Change Log, Events, News | Tagged , , | Leave a comment

Security remediation – DIY?

Posted on May 25, 2010 by T.Rob

It’s nice to have been around long enough to be able to watch the WMQ community grow over the years.  You can watch the postings on the Vienna List Server or MQSeries.net work though themes as the community goes through its growing pains.  When I first came to MQSeries, the community was still wrapping it’s collective brain around messaging and there was a lot of discussion on how to design messaging applications, naming standards and even on what symbols to use to diagram a messaging network.  Later, discussion moved to things of a more technical nature such as how to keep channels up and running.  Over the years the community has worked through many story arcs, including performance & tuning, version compatibility, product family name changes, JMS, clustering and WebSphere family interoperability.  Security has been trending upward over the last year or so and I’m seeing this both in the online communities and at customer engagements.

The current topics of community interest give us an indication of what activity is going on in WMQ shops.  Security is a hot topic because people out there are getting serious about implementing it.  In the universe of Good Things, this is floating quite near the top, as far as I’m concerned.  But there is a hidden pothole that I want to warn you about and that is verification.  Let me explain further by given an example from my conference presentation.

Continue reading

Posted in IBMMQ, WMQ Security | 1 Comment

Lab materials actually posted this time!

Posted on May 5, 2010 by T.Rob

The link I gave out earlier http://bit.ly/WMQSecurityLab is actually a good link, the problem was that after uploading the files, I neglected to update the index page to point to them.  That’s been fixed now and the session materials have been posted.  Feel free to give out the short link above or from this page, just click on the “links” tab above.  The WMQ Security presentation and the WMQ Security Hands-On Lab materials are there now.  Sorry for any confusion and much thanks to everyone who emailed or told me in the sessions today about the problem.

Thanks also to all of you who attended the lab here at #ibmimpact and stuck it out through the text file editing issues in Module 2.  Based on feedback from today’s session I have a few changes that will be made in both the lab guide and the scripts.  Check back here in a couple of weeks for the updated versions.  Your feedback is essential and VERY much appreciated!

Posted in General | Leave a comment

WebSphere Client Experience Program has extensive presence at IMPACT

Posted on April 30, 2010 by T.Rob

Wow, I can’t believe how many WebSphere Client Experience Program sessions are at IMPACT this year!  IBM has been working for quite some time to build stronger partnerships between the folks using WebSphere software and the folks developing it.  One of the visible signs of that effort has been the growing presence of the of WebSphere Client Experience Program at IMPACT over the past few years.

In case you are not familiar with the program, CEP offers many ways to interact with the product lab such as early design reviews, scenario and usage exercises, usability evaluations, surveys, and more. The activities can come from any product / initiative in WebSphere and can be run in-person or over a teleconference and Web conference. I have reposted the current schedule after the break.  Be sure to check the online agenda and the eratta sheets at breakfast for any schedule changes during the week.

Join the social media revolution!  Visit WebSphere CEP online at http://bit.ly/WebSphereCEP and don’t forget to add the #ibmimpact hashtag your tweets and blog posts so they show up in the social aggregator.

Continue reading

Posted in Events, IBMMQ, News | Leave a comment