| Author |
Message
|
| mq_crazy |
 Posted: Thu Oct 07, 2004 12:45 pm Post subject: MQ security |
 |
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| I am pretty new to MQ. I have cluster of 4 queue managers and 1 queue manager not in cluster. All 4 cluster queue managers are part of our company and send messages to the one outside the cluster that belongs to different company. I am thinking of putting security. What do you suggest??? whats the best security all the other companies use??? |
|
| Back to top |
|
 |
| Anirud |
| Posted: Thu Oct 07, 2004 1:08 pm Post subject: |
|
|
Master
Joined: 12 Feb 2004
Posts: 285
Location: Vermont
|
| If you are talking about SSL Certificates on MQ Channels, you can buy certificates from third party Certification Authorities like Verisign, GeoTrust, GlobalSign etc. They are all good. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Oct 07, 2004 8:00 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| Quote: |
I am thinking of putting security.
|
Are you putting on security for a specific reason? If yes, what is that reason, and then you will have direction as to what to do.
Or do want to have "security" just to say "Yeah, I got security." Close and lock the door on your way out of the server room. That's a type of security! 
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| csmith28 |
| Posted: Thu Oct 07, 2004 8:23 pm Post subject: @Peter |
|
|
Grand Master
Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
|
LOL, you're killing me. Not in a Muslim Extremist Beheading civilians sort of way, but still you're killing me.
For the last two years I have had to renewed SSL Certs on my Dev, Integration Testing, Quality Assurance, Production and Disaster Recovery MQMangers.
Most recently I have had to request SSL Certs for the New Education and ProdFix environments.
To date none of the applications that connect to my MQManagers actually use SSL but.
But I have to do this because the Lead Application Developers and Project Managers say that, "they might start using SSL authentication" some day,...... maybe. 
Some day maybe I will go on a multi-state mass-murder spree. Wanna come along for laughs?
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Fri Oct 08, 2004 6:35 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| Hey guys thanks for the replies. Basically i want to setup security just to say that we have. PLease suggest me the easiest and best way to setup. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Oct 08, 2004 6:59 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| mqkid wrote: |
| Hey guys thanks for the replies. Basically i want to setup security just to say that we have. PLease suggest me the easiest and best way to setup. |
Write down on a piece of paper "MQ Is Secure, as of this date."
Put this in a folder somewhere.
Tell everyone that MQ is now secure.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| hguapluas |
| Posted: Fri Oct 08, 2004 7:58 am Post subject: |
|
|
Centurion
Joined: 05 Aug 2004
Posts: 105
Location: San Diego
|
To say you want security is fine. But, do you want security to protect the data payload or do you want security because as had been said earlier, you want to say you have it.
If you want payload security, do SSL. Otherwise, the data in the MQ message can be read by a saavy hacker. If you were in a HIPPA situation, you'd have to do SSL and other things to secure your communications. Or if you are passing corporate secrets, financial data etc, then again, consider SSL. If you just want to say you have security, hire Guido and post him in front of your MQ server |
|
| Back to top |
|
|
| mq_crazy |
| Posted: Fri Oct 08, 2004 9:18 am Post subject: |
|
|
Master
Joined: 30 Jun 2004
Posts: 295
|
| I want to do a trial setup of SSL on two of my personal pcs that running mq 5.3 on winxp and have mq connectivity. Is there any document on easy step by step instructions on how to set it up because i never worked on SSL?? |
|
| Back to top |
|
|
| Anirud |
| Posted: Fri Oct 08, 2004 11:01 am Post subject: |
|
|
Master
Joined: 12 Feb 2004
Posts: 285
Location: Vermont
|
click on the repository tab on this form and go to documentation. You will find a very good SSL Certificates document and follow the steps.
Regards. |
|
| Back to top |
|
|
| offshore |
| Posted: Fri Oct 08, 2004 11:29 am Post subject: |
|
|
Master
Joined: 20 Jun 2002
Posts: 222
|
For SSL I would start with the WMQ Security manual. Found on IBM's website:
http://publibfp.boulder.ibm.com/epubs/pdf/csqzas01.pdf
I suppose it's as close to step by step you can get.
I wonder if you have network SSL and MQ Channel SSL if they cancel each other out so that you no SSL???
Oh well it's Friday!!!
Or:
1.]
setmqaut -m QMGR_NAME -t qmgr -g GROUP_NAME +none
refresh security
2.]
endmqm -i QMGR_NAME <- this works really well for security. |
|
| Back to top |
|
|
|
|
