ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » where is AMS needed for IBM MQ?

Post new topic  Reply to topic Goto page Previous  1, 2
 where is AMS needed for IBM MQ? « View previous topic :: View next topic » 
Author Message
fjb_saper
PostPosted: Thu Oct 26, 2017 12:47 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Vitor wrote:
MQMB&WAS wrote:
Looks like it can encrypt the messages on its own. so, does it work if I put it in front of qmgr A?




The sender MCA on A and the receiver MCA on B wouldn't be able to decrypt the messages. Which they need to do in order to insert xmit headers. Likewise on the hop from B to C. If this is what the vendor is expecting.

I thought AMS did not encrypt the headers, just for this purpose, so that you can route messages but won't be able to read the actual payload. Am I mistaken?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
exerk
PostPosted: Thu Oct 26, 2017 3:10 pm    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

The sending end and the receiving end applications require that the required certificates for encryption/decryption are shared between the two ends and the queue manager must be AMS-capable (e.g. interceptors enabled), that's a given; the message payloads are 'sealed' in an encrypted envelope but the addressing 'headers' are not so that any intermediate, non-AMS queue managers can route but not read,which seems logical to me as otherwise the potential licence uplift would be significant as every intermediate queue manager would need to be AMS-capable - but that is just my understanding and I acknowledge I may be totally incorrect.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » IBM MQ Security » where is AMS needed for IBM MQ?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.