MQ – Security

Prison Perimeter Security

MQ Technical Conference.  September 2018.  Powerpoint.
MQ Security:  A Holistic Approach“  (46 slides).

View the Presentation

This Conference presentation first provides an overview of essential security concepts:  Entities, Identities, Authentication, Authorization, and Audit.  The presentation then goes on to describe how these concepts map to MQ features.  MQ security capabilities covered include SSL/TLS processing, Connection Authentication, Channel Authentication, Object Access Manager (OAM), Security Exits, Advanced Message Security (AMS), Event Queues, and Logs.  All MQ capabilities discussed are mapped back to the essential security concepts that they support.

The available MQ security features are then described in the context of both local Applications (Server Bindings) and Client Connections using TCP/IP (Client Bindings).  Finally, this presentation places MQ security within a larger context.  Additional MQ issues impacting security (Clustering, Triggering, and Command Server) are covered.  Finally,  external security issues such as physical security, enterprise Single Sign-On (SSO), Operating System and file system security, are mentioned to define the context within which MQ security exits.

This presentation is designed to provide an overview of MQ security and to create a framework in which the individual MQ security features can be analyzed and implemented.  Each of the individual security features covered could be, and already have been, individual presentations in their own right.  By the end of the presentation, the viewer should have a basic understanding of security concepts, the MQ features available to implement those concepts, and the way in which the various features can be configured to implement the required security.

Author: Glen Brumbaugh

Services (Cloud & SOA) Architect. MQ & Integration Bus Subject Matter Expert. Over 40 years of software development (over 5 million lines of code), design, architecture, and project leadership experience in the financial, insurance, retail, government and other industry sectors. Over two decades of Cloud, Middleware, ESB, and SOA consulting experience and was part of the team that supported the initial release of MQSeries in the U.S. Initially trained by the Hursley Laboratory developers and went on to teach MQSeries classes (beginning with v 1.0) and lead numerous MQ, Message Broker, and related software deployments. Worked with IIB since version 1.0 (NEON) and supported the entire range of IBM middleware products (DataPower, MQSeries Workflow, WebSphere Process Server, Business Process Manager, WebSphere Application Server, WebSphere Service Registry & Repository, API Connect). Developed extensive MQ software in C, COBOL, and Java and has programming experience in every MQ API. Developed hundreds of Message Broker (now Integration Bus) Message Flows using SOA design principles. Both MQ and IIB installation, configuration, administration, monitoring, security, and performance experience on virtually all platforms (Windows, UNIX, IBM i, and z/OS). Presented both nationally and internationally at IBM Conferences, Seminars, Workshops, and User Groups on a variety of MQ, Message Broker, & SOA topics. Extensively documented WMQ Standard Operating Procedures & Best Practices and a principal author/editor of the well known "TechDoc" series of IBM middleware reference documents. Graduate of the University of California, Berkeley. College Professor (Computer Science). Army veteran. Jump qualified. Off-shore sailor. Master SCUBA Diver rating. Eagle Scout and Sierra Club member. Proud father of two daughters (St. John's College and UCLA).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s