MQ – Security

MQ Technical Conference.  September 2018.  Powerpoint.
MQ Security:  A Holistic Approach“  (46 slides).

View the Presentation

This Conference presentation first provides an overview of essential security concepts:  Entities, Identities, Authentication, Authorization, and Audit.  The presentation then goes on to describe how these concepts map to MQ features.  MQ security capabilities covered include SSL/TLS processing, Connection Authentication, Channel Authentication, Object Access Manager (OAM), Security Exits, Advanced Message Security (AMS), Event Queues, and Logs.  All MQ capabilities discussed are mapped back to the essential security concepts that they support.

The available MQ security features are then described in the context of both local Applications (Server Bindings) and Client Connections using TCP/IP (Client Bindings).  Finally, this presentation places MQ security within a larger context.  Additional MQ issues impacting security (Clustering, Triggering, and Command Server) are covered.  Finally,  external security issues such as physical security, enterprise Single Sign-On (SSO), Operating System and file system security, are mentioned to define the context within which MQ security exits.

This presentation is designed to provide an overview of MQ security and to create a framework in which the individual MQ security features can be analyzed and implemented.  Each of the individual security features covered could be, and already have been, individual presentations in their own right.  By the end of the presentation, the viewer should have a basic understanding of security concepts, the MQ features available to implement those concepts, and the way in which the various features can be configured to implement the required security.

MQ – SSL/TLS Certificate Management

MQ Technical Conference.  September 2015.  Powerpoint presentation.
IBM MQ – SSL/TLS Certificate Management“  (55 slides).

View the Presentation

This presentation provides an overview of the lifecycle of both Personal and Signer x.509 certificates and then provides detailed examples of both Keystore and Certificate processing.  The entire Certificate lifecycle, from request to deployment, is covered and illustrated using screenshots from the IBM iKeyMan tool.  Finally, the tools available for Certificate management are identified.

By the end of the presentation, the viewer should have a basic understanding of the data content and Signing chain of an x.509 certificate as well as the lifecycle for a Certificate.  The viewer should be prepared to begin managing x.509 certificates in order to support MQ SSL/TLS channel processing.

IBM MQ, SSL/TLS, and Certificates

MQ Technical Conference.  September 2014.  Powerpoint presentation.
IBM MQ – SSL & TLS – A User Perspective“  (58 slides).

View the Presentation

The presentation provides an overview of Secure Socket Layer (SSL) / Transport Layer Security (TLS) processing and the lifecycle of x.509 certificates within these protocols.  The presentation covers the following points:

  • Business challenge that SSL/TLS address
  • SSL/TLS History (what it was and was not designed for)
  • Overview of x.509 certificate contents
  • The x.509 certificate management lifecycle
  • The certificate lifecycle, illustrated using the IBM iKeyMan tool

By the end of the presentation, the viewer should have a conceptual understanding of both SSL/TLS encryption across MQ channels as well as the lifecycle and management of the certificates that support that encryption.