| Author |
Message
|
| manivelan |
 Posted: Thu Feb 25, 2010 11:07 am Post subject: Encryption in MQ |
 |
|
Newbie
Joined: 25 Feb 2010
Posts: 3
|
We are looking for Data Level Encryption in the messages we will be receiving/sending from/to external queue managers.
The query is whether the telecon provider will take care of this encryption or we need to incorporate this level of encryption in both the queue managers.
-Mani |
|
| Back to top |
|
 |
| zpat |
| Posted: Thu Feb 25, 2010 11:17 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I would suggest using SSL on the channels with peer authentication, both to encrypt the traffic and validate the identity of the other party.
Use externally signed certificates (like from verisign).
Also make sure you assign a MCA userid on the receiver channel that has access rights restricted just to the necessary queues - otherwise you can give the third-party admin access to your MQ network.
MQ works well to external parties - if only it was used more often in place of inferior options like file transfer.
Get it working without SSL first and then enable SSL, managing the certificates can be a bit of a learning curve (use ikeyman on Unix) but there are things to help such as the support pac that checks out your SSL install. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Feb 25, 2010 11:20 am Post subject: Re: Encryption in MQ |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| manivelan wrote: |
| The query is whether the telecon provider will take care of this encryption or we need to incorporate this level of encryption in both the queue managers. |
What encryption (if any) your telecon provider uses for data transmission is a question for them. If they have (or can provide) hardware encryption then that may suit you.
If not, you'll need to encrypt in the product.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu Feb 25, 2010 2:29 pm Post subject: Re: Encryption in MQ |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| manivelan wrote: |
We are looking for Data Level Encryption in the messages we will be receiving/sending from/to external queue managers.
The query is whether the telecon provider will take care of this encryption or we need to incorporate this level of encryption in both the queue managers.
-Mani |
Do you need encryption of individual messages sitting on queues on the sending & receiving queue managers? If yes, channel encryption (channel message exits) or SSL is not sufficient, and you may need MQ ESE or an application program layer that does encryption before putting the messages into MQ and decryption after getting them from MQ.
_________________
Glenn |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Feb 25, 2010 3:18 pm Post subject: Re: Encryption in MQ |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| gbaddeley wrote: |
| you may need MQ ESE or an application program layer that does encryption before putting the messages into MQ and decryption after getting them from MQ. |
I would have mentioned this, except the OP seemed more focused on messages in transit.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
