MQ V8004 Summary

811 vues

Publié le

Summary of contents of MQ V8.0.0.4.
See https://youtu.be/FGb_XMmdLB0 for video version.

Publié dans : Logiciels
0 commentaire
1 j’aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Nombre de vues
811
Sur SlideShare
0
Issues des intégrations
0
Intégrations
9
Actions
Partages
0
Téléchargements
34
Commentaires
0
J’aime
1
Intégrations 0
Aucune incorporation

Aucune remarque pour cette diapositive

MQ V8004 Summary

  1. 1. © 2015 IBM Corporation IBM Software Group WebSphere Software IBM Confidential IBM MQ Version 8.0.0.4 for Distributed platforms Summary Mark Taylor
  2. 2. Overview – "Continuous Delivery"  V8.0.0.3 FixPack released June 18 for all distributed platforms – New function alongside the usual APARs  Some function automatically enabled, some needs specific configuration – Often gated by CMDLEVEL (similar to NEWFUNC on z/OS) – Use of all V8.0.0.3 function requires setting CMDLEVEL to 802  V8.0.0.4 FixPack released October 2015 – More new function – Various RFEs satisfied – No new CMDLEVEL needed to use new function
  3. 3. Message Expiry Cap  An attribute that enforces an expiry limit for messages  Allows administrators to override application behaviour – If app asks for too large (or unlimited) expiry value, it is set to the cap  Initial implementation using CUSTOM on queues and topics – ALTER QL(X) CUSTOM('CAPEXPRY(nnn)') – ALTER TOPIC(X) CUSTOM('CAPEXPRY(ASPARENT)')  "CUSTOM" is another mechanism for new features in service stream – Any future MQ version would migrate the function to a real attribute – May change spellings, details when made first-class attribute RFE 21984, 37837
  4. 4. Event formatting sample program  No sample ever shipped to format "standard" events – Authorisation, queue full, service interval, command/config etc – Other samples are available for acct/stats, activity reports – Several SupportPacs but product only has out-of-date source code in the KC  New sample amqsevt formats events into readable English-ish text – Option to stay with full MQI constant name instead of making it look nice – Uses MQCB to read from multiple event queues. No polling required – Can connect as client to any remote queue manager including z/OS – Source code included
  5. 5. Examples **** Message #1 (320 Bytes) on Queue SYSTEM.ADMIN.QMGR.EVENT **** Event Type : Queue Mgr Event [44] Reason : Unknown Alias Base Queue [2082] Event created : 2015/07/07 10:54:51.17 GMT Queue Mgr Name : V8003_A Queue Name : EVT.NO.BASE.QUEUE Base Object Name : EVT.NOT.DEFINED Appl Type : Unix Appl Name : amqsput Base Type : Queue **** Message #4 (300 Bytes) on Queue SYSTEM.ADMIN.QMGR.EVENT **** Event Type : Queue Mgr Event[44] Reason : Not Authorized [2035] Event created : 2015/07/07 10:54:51.30 GMT Queue Mgr Name : V8003_A Reason Qualifier : Open Not Authorized Queue Name : EVT.NO.PUT Open Options : 0x00002010 [ fiq out ] User Identifier : db2inst1 Appl Type : Unix Appl Name : amqsput
  6. 6. MQI string formatting assistance  C header file now included to help convert MQI numbers to strings  Many developers have MQI strerror-like functions – The hard work is now done for you – The new cmqstrc .h is automatically updated (300+ new verbs!)  Similar to Java MQConstants.lookup() capability for all sets of constants printf("Error is %sn",MQRC_STR(2035)); printf("Completion Code is %sn",MQCC_STR(CompCode)); printf("%s is %sn", MQIA_STR(MQIA_PLATFORM),MQPL_STR(MQPL_UNIX)); will show MQRC_NOT_AUTHORIZED MQCC_OK MQIA_PLATFORM is MQPL_UNIX
  7. 7. Command/Configuration Events for security changes  Configuration events give an audit trail of object changes • Reports complete set of object attributes  Command events are "who did what, how" – Show which parameters were used in the command  Existing command events for MQSC SET AUTHREC and PCF equivalent – Not for setmqaut  No config events for any of these operations  V8.0.0.4 adds command events for setmqaut  Also adds configuration events for all mechanisms RFE 53559
  8. 8. Example **** Message #1 (324 Bytes) on Queue SYSTEM.ADMIN.COMMAND.EVENT **** Event Type : Command Event Reason : Command MQSC Event created : 2015/07/07 10:26:47.82 GMT Correlation Id : 414D5120563830335F41202020202CC001F03 COMMAND CONTEXT Event User Id : metaylor Event Origin : Console Event Queue Mgr : V8003_A Command : Set Auth Rec COMMAND DATA Auth Profile Name : self Object Type : Queue Mgr Principal Entity Names : db2inst1 Auth Add Auths : Connect $ setmqaut -m V8003_A -t qmgr -p db2inst1 +connect The setmqaut command completed successfully.
  9. 9. **** Message #2 (316 Bytes) on Queue SYSTEM.ADMIN.CONFIG.EVENT **** Event Type : Config Event Reason : Config Change Object Object state : Before Change Correlation Id : 414D5120563830335F41202020202CC001F03 Event created : 2015/07/07 10:26:47.82 GMT Event User Id : metaylor Event Origin : Console Event Queue Mgr : V8003_A Object Type : Auth Rec Auth Profile Name : self Auth Rec Type : Queue Mgr Entity Name : db2inst1 Entity Type : Principal Authorization List : None **** Message #3 (316 Bytes) on Queue SYSTEM.ADMIN.CONFIG.EVENT **** Event Type : Config Event Reason : Config Change Object Object state : After Change Correlation Id : 414D5120563830335F41202020202CC001F03 Event created : 2015/07/07 10:26:47.82 GMT Event User Id : metaylor Event Origin : Console Event Queue Mgr : V8003_A Object Type : Auth Rec Auth Profile Name : self Auth Rec Type : Queue Mgr Entity Name : db2inst1 Entity Type : Principal Authorization List : Connect
  10. 10. Certificate expiry made easier to parse  New option for runmqakm to print dates in a standard format $ ./runmqakm -cert -list -db ./key.kdb –pw passw0rd –expiry –rfc3339 Certificates found * default, - personal, ! trusted, # secret key ! "Entrust.net Certification Authority (2048)" Not After : 2019-12-24T18:20:51Z ! "Entrust.net Client Certification Authority" Not After : 2019-10-12T19:54:30Z ! "Entrust.net Global Client Certification Authority" Not After : 2020-02-07T16:46:40Z RFE 65496 $ ./runmqakm -cert -list -db ./key.kdb -pw passw0rd –expiry Certificates found * default, - personal, ! trusted, # secret key ! "Entrust.net Certification Authority (2048)" Not After : 24 December 2019 18:20:51 GMT ! "Entrust.net Client Certification Authority" Not After : 12 October 2019 20:54:30 GMT+01:00 ! "Entrust.net Global Client Certification Authority" Not After : 7 February 2020 16:46:40 GMT
  11. 11. MQLight integration  Next delivery phase of support for MQLight client connections to an MQ queue manager – V8.0.0.2 and V8.0.0.3 provided changes in MQ (eg to define AMQP channels) – Had separate Tech Preview download for the channel "listener" service  V8.0.0.4 removes need for the Tech Preview download  MQLight integration becomes part of standard MQ installation – "AMQP Service" is selectable component during install – All Unix/Linux platforms and Windows – Change to fileset component list forces a manufacturing refresh – PPA downloads then give an install image already at V8.0.0.4 – This will not be available in V8.0.0.4 fixpack from FixCentral – But V8.0.0.5 will go on top of earlier versions, no matter how you got there (will not update a non-existent AMQP component)
  12. 12. XA Configuration  When MQ is a transaction manager, XAOpenString in qm.ini defines how to connect to a resource manager (database) – String can contain connection credentials  Long-lived requirement not to have plain-text passwords in the file – Most people have used OS authentication (ie which id is running the program) with no need to provide additional credentials – Sample exits have shown how to solve this but you had to write some code  V8.0.0.4 includes an official solution  New command setmqxacred to define id/password for DB connection – XAOpenString now can refer to ++USERID++, ++PASSWORD++ and have variables replaced – Separate file contains obfuscated password similar to mqccred channel exit RFE 53133
  13. 13. SSL/TLS Configuration verification  SupportPac MH03 provides a tool to validate SSL/TLS configurations  Checks include – Missing files – Incorrect SSLKEYR queue manager attribute – Password settings – Certificate labels, expiry dates and trust chains – Validate queue manager and client certificates against each other – Verifies SSLCAUTH/SSLPEER settings with queue manager  MH03 does not work with current MQ versions – built on old toolkits  Now part of MQ product – Renamed to mqcertck – Updated to work with current MQ versions and recognise new features such as per-channel certificates
  14. 14. Relocatable/redistributable client  Shipping client as a simple tar/zip image removing need to install – Application users do not need OS admin privileges to install MQ code – Developers will still need a properly-installed SDK for header files  Windows and Linux x64 for now – Additional platforms would be considered based on demand  License changes make it legal to embed client image with applications  Includes C, C++, COBOL, Java and .Net libraries  Client images still also available in traditional format RFE 26670, 38765, 26671, 30697 etc
  15. 15. And for the future  Continue to plan for more frequent delivery of new function  Incremental changes instead of releases containing large amounts

×