| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WMQ \ Searching for a robust security tool - Help! |
« View previous topic :: View next topic » |
| Author |
Message
|
| hopsala |
 Posted: Mon Nov 21, 2005 1:49 pm Post subject: WMQ \ Searching for a robust security tool - Help! |
 |
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Ola,
Let's face it, native WMQ security interface and design isn't very good; to control it you use the silly "xxxmqaut" commands, it's stored in queues so it may only be viewed with other more elaborate commands, and the connection user-resource is too tightly coupled to be viewed comfortably.
So, what i'm looking for is a product with the following features:- Supply a simple way to configure, backup and view MQ security settings: users and queues, MCAUSER, certificates, the works. (did any one say - GUI?)
- Work with any platform, with MQ client preferably.
- To have a central security database of some sort, from which all QMs will take their security settings; so in order to use context-based checks I won't have to configure security on each QM individually. (Active Directory might be a good choice here for a central store.)
although 3 is the most problematic+complex, it is the most important on my list; obviously it requires a security installable service that replaces OAM, so that's an implicit demand here. In short, i'm looking for a good, robust WMQ security product; if you know one that answers only some of these demands, i'd like to hear about it just as well.
Any ideas? |
|
| Back to top |
|
 |
| hopsala |
| Posted: Thu Nov 24, 2005 12:52 pm Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
| Is there no one who can help a fellow human in need? Any hint would help. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Nov 24, 2005 3:19 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I don't know of such a product.
But I'm sure if you give Roger a month or two... 
Edit:
I remembered about the WebSphere MQ Extended Security Edition, which has a bundle of Tivoli Access Manager.
I don't know if it does what you want, but it's worth a look.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| hopsala |
| Posted: Sun Nov 27, 2005 12:31 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Yes, there's a relevant component that comes along with TAM, but (knowledgable) rumour has it it's not really top notch.
Do you think this is a product organizations will wish to buy? My company is considering to be the marketer/supported of such a product, but I wonder... |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Sun Nov 27, 2005 2:53 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
if you are looking for a 'start', you could look at MQDocument it als backs up security definitions and makes them 'human' readable in a browser or Word document.
See also MS Word Document of Sample Queue Manager
it does not do mcauser settings or ssl keys, but I could look into that if there is interest.
configuring security settings is also on my radar one day.
Working with any platform is a bit wide as there are so many, do you have any specfic platforms in mind, also an MQ client has no access to the underlying OS of the server and that's where you can set or unset the security settings (provided using the WMQ native commands).
In V6 there are PCF commands for authorisation, but no equivalent runmqsc commands 
the last a central database could be build from the current settings, deplying them back from a central place is a little harder 
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| hopsala |
| Posted: Sun Nov 27, 2005 3:35 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Well, as I said, if I could find something that supplies only some of these requirements, i'll be satisfied. But what i'm looking for is not an import-export type-tool (good as it may be ), i'm looking for a robust control and deployement tool. I want several QMs to query (using MQ, even) the same security db before accepting connections - it's rather basic when you think of it, AD has been with us for a long time now...
You're right about the client bit, I forgot it only applies to v6; This is the least of my problems, my biggest is that I can't seem to be able to find such a product. (other than TAM) |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
