| Author |
Message
|
| George Carey |
 Posted: Tue Nov 27, 2007 10:07 am Post subject: MQ Extended Security Edition |
 |
|
Knight
Joined: 29 Jan 2007
Posts: 500
Location: DC
|
Has anyone had experience with ESE product and care to give a short review stating pluses and minuses, ease of use etc.,
In particular the Web ad for it says it can be used independently from the Tivoli Framework.
http://www-111.ibm.com/ecatalog/Detail.wss?locale=en_US&synkey=K154541H19998N46
Has anyone used it in that context and can offer ease of install, setup, impact to existing code, etc. on Unix platforms and true independence from Tivoli Framework.
Looking for supported and easiest to use MQ Client authentication product available. IBM usually violates the KISS principle to justify cost but wonder if this product might be different?
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding") |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Tue Nov 27, 2007 8:32 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
  Well, here is a vendor plug that meets your 2 conditions: cheap and KISS: MQ Authenticate User Security Exit (MQAUSX)
- MQAUSX is extremely light-weight and very easy to implement.
- MQAUSX can authenticate a UserId and Password against: OS, LDAP or MQAUSX file.
- MQAUSX's cost is per queue manager and is very low.
- There is no charge for client usage, allowing for an unlimited number of client applications / users.
For a free trial, simply send an email to support at capitalware dot biz (you get the idea)
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| David.Partridge |
| Posted: Wed Nov 28, 2007 12:34 am Post subject: |
|
|
Master
Joined: 28 Jun 2001
Posts: 249
|
I can't speak from direct experience of it in a production environment, but I have had a play with it. Ease of use - not!
On the other hand I will admit to a degree of bias, as I was in a former life the product owner of Primeur's Data Secure for MQ which also provides an end to end security solution for MQ.
I wouldn't rush out and recommend DSMQ for channel protection these days with SSL channels around even though it does have some plus points in that arena. However, DSMQ is an excellent alternative to TAMBI (which is the add on to MQ that makes the Extended Security Edition) when you are looking to implement end to end (application to application) protection of data without requiring application modification.
_________________
Cheers,
David C. Partridge |
|
| Back to top |
|
|
| George Carey |
| Posted: Wed Nov 28, 2007 9:55 am Post subject: ESE users |
|
|
Knight
Joined: 29 Jan 2007
Posts: 500
Location: DC
|
Thank you gents for responding ... I hope you don't mind if I take your comments as somewhat of a 'FOX Newsian' item ...
(i.e. somewhat informative but mostly trying to sell a view ... and this parenthetical is only for those who think Fox's 'Fair and Balanced' slogan really means anything and didn't know this already!  ) .
But again thank you gents for your input. Still hoping to get some feedback from actual users of the ESE product, however
P.S. And David if that avatar Icon is any real likeness you need to start calling yourself 'Hollywood Dave!' 
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding") |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Nov 30, 2007 6:47 am Post subject: Re: ESE users |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| George Carey wrote: |
Thank you gents for responding ... I hope you don't mind if I take your comments as somewhat of a 'FOX Newsian' item ...
(i.e. somewhat informative but mostly trying to sell a view ... and this parenthetical is only for those who think Fox's 'Fair and Balanced' slogan really means anything and didn't know this already! ) . |
Hi George,
No offense taken.
What you should do is make a list of 10 (or more) features / requirements that you and your company want from the product. The list should be broken into at least 2 categories: 'must have' and 'nice to have'.
Since there are only 3 vendor products in the market that do what you want, you should try each one out for yourself. Now score each feature / requirement (from above) out of 10 and then total each product's score and whoever has the higher score, you should buy.
Hope that helps.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| George Carey |
| Posted: Fri Nov 30, 2007 1:15 pm Post subject: score sheet |
|
|
Knight
Joined: 29 Jan 2007
Posts: 500
Location: DC
|
Yes, I will have to make a score sheet for a phase II product usage. For the time being (Phase I) usage of MS0R supportpac of Joergen P.'s installed and works quite nicely after some configuration questions were answered by Joergen.
If it works well, may be no change for a phase II. But would still like to gather ESE users input/info in the interim ... .
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding") |
|
| Back to top |
|
|
| David.Partridge |
| Posted: Mon Dec 03, 2007 12:46 am Post subject: |
|
|
Master
Joined: 28 Jun 2001
Posts: 249
|
> Hollywood Dave
Well I can dream! For those brought up on the "Eagle" the avatar should be immediately recognisable as "Dan Dare", saviour of the spaceways, and arch enemy to the evil green skinned Mekon!
Over to the more serious stuff. I was rather assuming you were looking for an end to end security solution given that you proposed TAMBI, but in a later post you mentioned MS0R which is more aimed at client authentication IIRC.
Do you actually want to sign (or sign and encrypt) messages as they leave the sending application, and have them protected on the queues and in the logs as they pass through your MQ infrastructure until the final recipient application gets them? If so, then I'd say that either TAMBI or DSMQ will do the job from technical perspective. I'd suggest that when all's said and done, it will boil down to which product you feel more comfortable with ...
I do agree with Roger that you really should look at all the candidates thoroughly - I'd hate for Tivoli to get the business "by default".
_________________
Cheers,
David C. Partridge |
|
| Back to top |
|
|
| pbmsmit |
| Posted: Wed Dec 12, 2007 8:31 am Post subject: MQ Extended Security Edition |
|
|
Apprentice
Joined: 11 Jul 2003
Posts: 42
Location: Chicago
|
I did a proof of concept with MQESE and it is doing what it promises but implementation is 'not simple'. You have to install several products and some have conflicting prereqs (like the JVM or WebSphere release). I got it working after several days but there are a lot of enhancements possible. The IBM lab is aware of these. The z/OS version is a complete different product and requires PDAS z/OS as a prereq and that's not easy to customize. I got great help from the IBM program manager and the lab and that helped me a lot. MQESE is a great product on many platforms but it lacks support on iSeries.
Pricing can be an issue if you have large servers, you pay per CPU, so if you have a cluster of 64 CPUs (and use only one for MQ) you pay for 64. z/OS pricing is a different story.
I agree with the advice earlier: define your 'must have' requirements and evaluate whether you need all the functions of MQESE. Hope MQESE will be integrated with MQ itself (v8??).
_________________
Peter Smit
LaSalle Bank Corporation, member of ABN AMRO NV Group |
|
| Back to top |
|
|
|
|
