Re: MQ Client Channel Security Products?
It does. --- mikhail malamud <[EMAIL PROTECTED]> wrote: > I do not think MQIPT supports client server > channels, does it? > > - Original Message - > From: "Phil Blake" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, June 24, 2003 11:08 AM > Subject: MQ Client Channel Security Products? > > > > Karl, > > > > > > Another option could be to use the IBM WebSphere > MQ SupportPac > MS81(found > > here > > > http://www.ibm.com/software/integration/support/supportpacs/individual/ms81.html > > ) which is free and has full service support. MS81 > has had SSL support > for > > more than 2 years and will allow varying levels of > WMQ clients/servers > to > > talk to each other. The latest level pre-reqs Java > 1.4 and there are > > various install images available from the download > site, but in > theory, it > > should work on any platform running Java 1.4. > > > > > > MS81 is designed to run in a firewall, but can be > run anywhere in a > TCP/IP > > network. > > > > > > Hope this helps, > > > > > > Phil Blake > > > > > > - Message from Karl Ng > <[EMAIL PROTECTED]> on Thu, 19 Jun > 2003 > > 15:30:25 -0400 - > > > > Subject: MQ Client Channel Security > > Products? > > > > > > > > > > > > We are using MQ Clients V5 on various platforms > (NT,Solaris,etc..) to > > connect to our MQ manager on MVS V1.2. We would > like to implement some > kind > > of client channel security and would like to know > what others use? Do > you > > write your own channel security exits?If yes, Is > there any information > you > > can share? > > > > > > OR do you use vendor product?If yes, what product > and ballpark cost? > > > > > > Thanks, > > Karl > > (on behalf of our MQ admin.) > > > > Instructions for managing your mailing list > subscription are provided > in > > the Listserv General Users Guide available at > http://www.lsoft.com > > Archive: http://vm.akh-wien.ac.at/MQSeries.archive > > Instructions for managing your mailing list > subscription are provided in > the Listserv General Users Guide available at > http://www.lsoft.com > Archive: http://vm.akh-wien.ac.at/MQSeries.archive __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: MQ Client Channel Security Products?
I do not think MQIPT supports client server channels, does it? - Original Message - From: "Phil Blake" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 24, 2003 11:08 AM Subject: MQ Client Channel Security Products? > Karl, > > > Another option could be to use the IBM WebSphere MQ SupportPac MS81(found > here > http://www.ibm.com/software/integration/support/supportpacs/individual/ms81.html > ) which is free and has full service support. MS81 has had SSL support for > more than 2 years and will allow varying levels of WMQ clients/servers to > talk to each other. The latest level pre-reqs Java 1.4 and there are > various install images available from the download site, but in theory, it > should work on any platform running Java 1.4. > > > MS81 is designed to run in a firewall, but can be run anywhere in a TCP/IP > network. > > > Hope this helps, > > > Phil Blake > > > - Message from Karl Ng <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 > 15:30:25 -0400 - > > Subject: MQ Client Channel Security > Products? > > > > > > We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to > connect to our MQ manager on MVS V1.2. We would like to implement some kind > of client channel security and would like to know what others use? Do you > write your own channel security exits?If yes, Is there any information you > can share? > > > OR do you use vendor product?If yes, what product and ballpark cost? > > > Thanks, > Karl > (on behalf of our MQ admin.) > > Instructions for managing your mailing list subscription are provided in > the Listserv General Users Guide available at http://www.lsoft.com > Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
MQ Client Channel Security Products?
Karl, Another option could be to use the IBM WebSphere MQ SupportPac MS81(found here http://www.ibm.com/software/integration/support/supportpacs/individual/ms81.html ) which is free and has full service support. MS81 has had SSL support for more than 2 years and will allow varying levels of WMQ clients/servers to talk to each other. The latest level pre-reqs Java 1.4 and there are various install images available from the download site, but in theory, it should work on any platform running Java 1.4. MS81 is designed to run in a firewall, but can be run anywhere in a TCP/IP network. Hope this helps, Phil Blake - Message from Karl Ng <[EMAIL PROTECTED]> on Thu, 19 Jun 2003 15:30:25 -0400 - Subject: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.) Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? Here is poor mans client security not just for MQseries client but for any type of client/server interaction. I would seriously look at SSH tunneling. It is a bit sloppy but takes less than half a day to deploy and minimal maintenance, you also completely encapsulate authentication, confidentiality and integrity out of MQSeries world. SSH had been ported to OS/390 see http://s390.nichols.de/ssh/ I have successfully used SSH tunneling to secure communications between windows and unix machines for both server to server and client to server connections. Using SSH you could not only secure client/server communications but also control who has access to the queue manager by generating and giving out key to only predefined hosts. - Original Message - From: Karl Ng To: [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 3:30 PM Subject: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.)
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? One other security product to consider - IBM's recently announced WebsphereMQ Extended Security Edition V5.3 which includes MQ5.3 SSL plus Tivoli Access Manager for Business Integration. Unfortunately not yet available for OS/390. Steve. -Original Message-From: David C. Partridge [mailto:[EMAIL PROTECTED]Sent: 20 June 2003 12:10To: [EMAIL PROTECTED]Subject: Re: MQ Client Channel Security Products? No, compression isn't being taken out of DSMQ. DCMQ is a complementary product to DSMQ, it does end to end compression as messages are put to or gotten from the queues. DSMQE2E can process (if so configured as to allow it) messages sent by DCMQ are compressed. You typically wouldn't install both DCMQ and the E2E part of DSMQ on the same QM. The channel data compression will remain in DSMQ Link (aka DSMQP2P) as we've found there can be quite a bit of benefit in compressing data prior to encryption. The platforms we support for E2E are 390 (2.1, 5.2 and 5.3), and Windows, AIX, HP_UX, Linux, and Solaris for 5.3 QMs with API crossing exit. We are investigating options for the other platforms. We don't support 5.2 Solaris as the version of the crossing exit at the 5.2 level needed quite a few fixes written for us which were done in 5.3 base, but were never rolled back into the 5.2 code. YMMV == "Your Mileage May Vary" from USA adverts for vehicles giving fuel consumption figures. To be read as the benefits may vary depending on the data compressibility and size. Dave
Re: MQ Client Channel Security Products?
I think you still need a security exit or a product even if you are using SSL with MQ5.3. The only way SSL solves this is if you obtain a separate certificate for each user of the MQClient. Even then, this will only work if the clients only connect to MVS queue managers where the distinguished name on the certificate can be mapped to a userid. - Bruce Giordano "Kelly, Steve" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Sent by: MQSeries List Subject: Re: MQ Client Channel Security Products? <[EMAIL PROTECTED]> Friday June 20, 2003 04:55 AM Please respond to MQSeries List There are a number of products around. Primeur's DSMQ (which we use extensively at the customer where I'm currently working), Candle's MQSecure, CQ's ProtectMQ. Dunno costs I'm afraid. Best solution however, IMHO, is to upgrade to MQ5.3 and use the SSL implementation that comes with that release. Steve. ___ Steve Kelly CommerceQuest enabling the dynamic enterprise -Original Message- From: Karl Ng [mailto:[EMAIL PROTECTED] Sent: 19 June 2003 20:30 To: [EMAIL PROTECTED] Subject: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.) (See attached file: C.htm) Title: MQ Client Channel Security Products? There are a number of products around. Primeur's DSMQ (which we use extensively at the customer where I'm currently working), Candle's MQSecure, CQ's ProtectMQ. Dunno costs I'm afraid. Best solution however, IMHO, is to upgrade to MQ5.3 and use the SSL implementation that comes with that release. Steve. ___ Steve Kelly CommerceQuest enabling the dynamic enterprise -Original Message-From: Karl Ng [mailto:[EMAIL PROTECTED]Sent: 19 June 2003 20:30To: [EMAIL PROTECTED]Subject: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.)
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? No, compression isn't being taken out of DSMQ. DCMQ is a complementary product to DSMQ, it does end to end compression as messages are put to or gotten from the queues. DSMQE2E can process (if so configured as to allow it) messages sent by DCMQ are compressed. You typically wouldn't install both DCMQ and the E2E part of DSMQ on the same QM. The channel data compression will remain in DSMQ Link (aka DSMQP2P) as we've found there can be quite a bit of benefit in compressing data prior to encryption. The platforms we support for E2E are 390 (2.1, 5.2 and 5.3), and Windows, AIX, HP_UX, Linux, and Solaris for 5.3 QMs with API crossing exit. We are investigating options for the other platforms. We don't support 5.2 Solaris as the version of the crossing exit at the 5.2 level needed quite a few fixes written for us which were done in 5.3 base, but were never rolled back into the 5.2 code. YMMV == "Your Mileage May Vary" from USA adverts for vehicles giving fuel consumption figures. To be read as the benefits may vary depending on the data compressibility and size. Dave
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? Dave I thought compression was being taken out of DSMQ? Data compress MQ replaces? Also, when you say transparent application level security, does this mean the new API exits for MQ, cause of course they aren't supported on MVS (API crossing exit instead) or Tandem, VMS etc, only version 5.3 machines (and 5.2 on Solaris). YMMC? Neil -Original Message-From: David C. Partridge [mailto:[EMAIL PROTECTED]Sent: 20 June 2003 10:53To: [EMAIL PROTECTED]Subject: Re: MQ Client Channel Security Products? Each to their own view I guess, and I will admit to being biased :-) The SSL 5.3 song works well if you're all 5.3 and all TCP/IP, but what about other transports such as SNA, or those with mixed networks or non 5.3 QMs (lots of folks still run VMS and Tandem or MVS MQ 2.1). We also offer compression as part of the product. Also DSMQ is more than just channel exit security, we also provide an application transparent end to end security solution for MQ as part of the product. For those who know Tivoli's AMBI or PDMQ, it is similar in concept, but much easier to implement and has IMHO more functionality and is just as secure. Furthermore you don't require the whole Tivoli Access Manager infrastructure to make it work. For example DSMQ supports segmented messages and can also compress data prior to encryption processing (YMMV). Cheers,David C. PartridgeSecurity and MQ Products ManagerPrimeur GroupTel: +44 (0)1926 511058Mobile: +44 (0)7713 880197
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? Each to their own view I guess, and I will admit to being biased :-) The SSL 5.3 song works well if you're all 5.3 and all TCP/IP, but what about other transports such as SNA, or those with mixed networks or non 5.3 QMs (lots of folks still run VMS and Tandem or MVS MQ 2.1). We also offer compression as part of the product. Also DSMQ is more than just channel exit security, we also provide an application transparent end to end security solution for MQ as part of the product. For those who know Tivoli's AMBI or PDMQ, it is similar in concept, but much easier to implement and has IMHO more functionality and is just as secure. Furthermore you don't require the whole Tivoli Access Manager infrastructure to make it work. For example DSMQ supports segmented messages and can also compress data prior to encryption processing (YMMV). Cheers,David C. PartridgeSecurity and MQ Products ManagerPrimeur GroupTel: +44 (0)1926 511058Mobile: +44 (0)7713 880197
Re: MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? There are a number of products around. Primeur's DSMQ (which we use extensively at the customer where I'm currently working), Candle's MQSecure, CQ's ProtectMQ. Dunno costs I'm afraid. Best solution however, IMHO, is to upgrade to MQ5.3 and use the SSL implementation that comes with that release. Steve. ___ Steve Kelly CommerceQuest enabling the dynamic enterprise -Original Message-From: Karl Ng [mailto:[EMAIL PROTECTED]Sent: 19 June 2003 20:30To: [EMAIL PROTECTED]Subject: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.)
MQ Client Channel Security Products?
Title: MQ Client Channel Security Products? We are using MQ Clients V5 on various platforms (NT,Solaris,etc..) to connect to our MQ manager on MVS V1.2. We would like to implement some kind of client channel security and would like to know what others use? Do you write your own channel security exits?If yes, Is there any information you can share? OR do you use vendor product?If yes, what product and ballpark cost? Thanks, Karl (on behalf of our MQ admin.)
