Skip to main content

Secure Messaging Scenarios with WebSphere MQ

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 27 November 2012, updated 03 April 2013

  1. .EPUB (2.4 MB)
  2. .PDF (2.5 MB)

Google Play Books

Share this page:   

ISBN-10: 0738437409
ISBN-13: 9780738437408
IBM Form #: SG24-8069-00

Authors: T.Rob Wyatt, Glenn Baddeley, Neil Casey, Long Nguyen, Jørgen H. Pedersen and Morten Sætra

    menu icon


    The differences between well-designed security and poorly designed security are not always readily apparent. Poorly designed systems give the appearance of being secure but can over-authorize users or allow access to non-users in subtle ways. The problem is that poorly designed security gives a false sense of confidence. In some ways, it is better to knowingly have no security than to have inadequate security believing it to be stronger than it actually is. But how do you tell the difference? Although it is not rocket science, designing and implementing strong security requires strong foundational skills, some examples to build on, and the capacity to devise new solutions in response to novel challenges. This IBM® Redbooks® publication addresses itself to the first two of these requirements. This book is intended primarily for security specialists and IBM WebSphere® MQ administrators that are responsible for securing WebSphere MQ networks but other stakeholders should find the information useful as well.

    Chapters 1 through 6 provide a foundational background for WebSphere MQ security. These chapters take a holistic approach positioning WebSphere MQ in the context of a larger system of security controls including those of adjacent platforms' technologies as well as human processes. This approach seeks to eliminate the simplistic model of security as an island, replacing it instead with the model of security as an interconnected and living system. The intended audience for these chapters includes all stakeholders in the messaging system from architects and designers to developers and operations.

    Chapters 7 and 8 provide technical background to assist in preparing and configuring the scenarios and chapters 9 through 14 are the scenarios themselves. These chapters provide fully realized example configurations. One of the requirements for any scenario to be included was that it must first

    be successfully implemented in the team's lab environment. In addition, the advice provided is the cumulative result of years of participation in the online community by the authors and reflect real-world practices adapted for the latest security features in WebSphere MQ V7.1 and WebSphere MQ V7.5. Although these chapters are written with WebSphere MQ administrators in mind, developers, project leaders, operations staff, and architects are all stakeholders who will find the configurations and topologies described here useful.

    The third requirement mentioned in the opening paragraph was the capacity to devise new solutions in response to novel challenges. The only constant in the security field is that the technology is always changing. Although this book provides some configurations in a checklist format, these should be considered a snapshot at a point in time. It will be up to you as the security designer and implementor to stay current with security news for the products you work with and integrate fixes, patches, or new solutions as the state of the art evolves.

    Table of Contents

    Chapter 1. Introduction

    Chapter 2. What is security

    Chapter 3. Authentication and authorization

    Chapter 4. Connection-level security

    Chapter 5. Message-level security

    Chapter 6. WebSphere MQ security controls

    Chapter 7. Operating system specifics

    Chapter 8. Scenario preparation

    Chapter 9. Scenario: WebSphere MQ administration

    Chapter 10. Scenario: Securing IBM WebSphere MQ connections to connect a business partner

    Chapter 11. Scenario: Fine-grained cluster security

    Chapter 12. Scenario: CRL/OCSP certificate revocation

    Chapter 13. Scenario: End-to-end security using WebSphere MQ AMS

    Chapter 14. Scenario: WebSphere MQ AMS revocation checking

    Appendix A. Working with the itsoME message exit

    Appendix B. Additional tooling for WebSphere MQ Internet pass-thru

    Appendix C. Certificate administration techniques and special WebSphere MQ security checks

    Appendix D. Additional material


    Others who read this also read