WebSphere MQ Security
From the early nineties, when IBM MQ Series first hit the market, during many years no one in the MQ universe really bothered too much about security. MQ seemed secure by being a simple peer to peer messaging protocol that is uncommon and unknown. As time went by, IBM packed more and more features into the product. More and more customers used MQ until it eventually became to a quasi-standard for reliable messaging. But only in the past few years awareness was raised that MQ security is vital since the product has evolved to a very powerful and dynamic platform for remote interaction. Yet, MQ's dynamic power is hidden under the hood. It is so easy to install a queue manager and not much more of a challenge to set up a simple MQ network. When we get to securing our MQ network however, we find the task to be surprisingly complex and multi-layered. Even though IBM's documentation of MQ overall may be classified above average at least - some important details regarding MQ security are incomplete or even misleading. For MQ, common security measures such as SSL are somewhat peculiar to implement and some properties of typical roles are interchanged. In our freshman days we learned that security always is as strong as its weakest link and hence a little inadvertence may render the whole network insecure. So regarding security it's vital to make a good job. The author is active in the IT since 1978 when he as a teenager learned the basics of programming. During his 15 years of scientific research in cloud physics and climatology he was strongly involved with numerical modeling as well as device control and data acquisition on all kinds of platforms. In 1999 he decided to concentrate on software engineering and integration architecture based on IBM middleware. Since then he integrates enterprise networks by the aid of WebSphere MQ and its associated product family. The author is IBM certified in several MQ categories and engineered, e.g., the IBM 3rd party MQ SupportPac ma6o. MQ security is in his portfolio since 2001, when he designed and implemented the encryption of the entire MQ network of a major Swiss bank - based on a third party product since IBM did not provide MQ over SSL before 2005.
Weiterlesen weniger lesen