We've had the Request For Enhancement (RFE) process for a little while now, but MQ V8 is the first release we've shipped since we started gathering requirements using this process. Now that the release has been announced, we have been through our list of candidate requirements and closed off a number of them. From a personal perspective this was a very satisfying exercise to work through - and very cathartic!
From the announcement letters, you'll have seen we had a number of security features in MQ V8. One of those features was an enhancement to the MQ CHLAUTH rules introduced in MQ V7.1. In MQ V8 you can now use hostnames instead of IP addresses if you wish. This was raised as RFE 21982 and was the most voted for un-delivered RFE, and second highest voted for from all RFEs (closed or not), so we got the message that it was a pretty important thing for us to do! At the same time, we sorted out another issue raised in RFE 34976, about turning off reverse lookup of hostnames, something that was previously only controlled by an undocumented service parameter. We added it as a proper queue manager attribute, on both distributed and z/OS, in MQ V8.
There were quite a few RFEs asking for enhancements around the area of password checking, some requesting supplied exits (like the CSQ4BCX3 exit we have on z/OS) others asking for authentication via LDAP, or PassPhrases on z/OS. The requests were all rather different (so the RFEs couldn't all be closed as duplicates) but ultimately quite a number of them are satisfied by our Connection Authentication line item, where you can have applications supply a user ID and password and have the queue manager make use of those to authenticate the connection, either against the O/S or against an LDAP server. RFEs 22568, 29335, 30709, 31523, 42463 and 44077 were all closed off as delivered.
We've had a single digital certificate to represent the whole queue manager right back from when SSL was first introduced in MQ V5.3. In MQ V8 we have relaxed both the mandated name and the single certificate by giving you a place to provide the label of the certificate you want to use, both overall for the queue manager, and per channel, so now different channels can present a different certificate to the partner. This was most eloquently requested by RFE 26672, and also in RFE 34056. It was also the basic problem described by RFE 28672 which has also been closed as delivered.
You can read more about these security features in MQ V8 in the "IBM WebSphere MQ V8 Security Features: Deep Dive" presentation from the IMPACT 2014 Conference.
There are a number of z/OS specific features in MQ V8, as there always are. One of the most wished for z/OS features was completed in MQ V8 and that was providing the ability to move your buffer pools above the bar and utilise 64-bit storage for them. This was raised as RFE 22361. Since we were making changes to buffer pools, we also made another change that you, our customers, requested via RFE 22368, to increase the number of buffer pools, so you can now have the same number as you have page sets, making buffer pool management easier.
We've done quite a bit of work on our SMF stats in V8, including supplying stats for the CHINIT address, and the channels which run there, as well as improving the granularity of our stats as requested by RFE 29399. Now you can configure stats per queue, and you can start gathering stats for long running tasks.
There was no V7.5 of MQ on z/OS, so there was a lot of interest about when z/OS customers would be able to get hold of the Split Cluster Transmit queue feature that the distributed platforms supplied in V7.5. I suspect it is no surprise to most that it appears in MQ V8, the next available release on z/OS. It was requested in RFE 24104.
You can read more about these, and other, z/OS specific features in MQ V8 in the "IBM WebSphere MQ for z/OS: Latest Features Deep Dive" presentation from the IMPACT 2014 Conference.
The IBM i platform was in a similar position to z/OS because there was no V7.5 release there either. There was, of course, a V8 version of it though, and that provided the Advanced Message Security (AMS) feature built into the queue manager, just as for the other distributed platforms in V7.5. This meets requirement 37862 which was raised.
We have a number of very popular SupportPacs for MQ. One of the most popular was MO72, an alternative to runmqsc, that could run on a client (something runmqsc couldn't previously do). In MQ V8, runmqsc is enhanced to allow it to run as a client program, using the -c flag, and also, you can use it to create or edit Client Channel Definition Table (CCDT) files on a client only installation using the -n flag. This means you are no longer forced to create the CCDT on the queue manager box and then move it to the client box. There were a few RFEs that requested this including RFE 26417, and RFE 35525. At the same time as providing this, we have stabilised the CSQUTIL MAKECLNT utility on z/OS which provided the same ability if you only had queue managers on z/OS.
Nothing stays still in the IT world and the MQ SOE is no exception. We do get a lot of requests for updates to the SOE outwith the cycle of a new release, and these are not mentioned here, but of course, some are done in a new release, such as a new level of MS Visual Studio as raised in RFE 30504, or support for Windows Server 2012 as raised in RFE 32936.
Quite a number of the RFEs and line items mentioned above were sizable peices of work. But an RFE doesn't have to be for a big thing, smaller requests are also just fine, for example RFE 30310, which requested the behaviour of the SUBUSER attribute make more sense, and RFE 41015, which got dmpmqcfg to capture all authority records, not just those which has objects associated with them (and also we fixed this via an APAR for earlier releases), were requested and slotted in, in between other big peices of work that had to be done.
This is not a complete list of all the features in MQ V8, just those that were requested through RFEs. If you want a more complete view of MQ V8, check out the collection of MQ V8 material here.
If you were one of the RFE raisers mentioned above, or listed in the table below, Thank You! If you took the time to vote on RFEs that others had raised, Thank You! Thank you for taking the time to raise your requirement for us to see, and making it public so others could vote on it and help to convey its importance back to us here at the Hursley Lab. If your requirement has only been partially satisfied, it may still have been closed as delivered (a comment in the closing text may indicate this). Please check whether the V8 function covers everything you wanted, and if necessary raise a new requirement with the remaining pieces. This helps us to see what is wished for when we have delivered some of the requirement, and gives you the opportunity to see that some of what you asked for has now been delivered. And of course, if you have any new requirements for us to consider for a future release, get raising!
The following table has a list of the closed RFEs, many of which are noted in the text above (but not all).
|RFE 21982||CHLAUTH: Using DNS instead of IP|
|RFE 22361||WMQ/z 64-bit Buffer Pools|
|RFE 22368||WMQ/z Increase number of Buffer Pools|
|RFE 22568||Password validation|
|RFE 23674||Limit impact to MQ WTOs from OPSMVS automation rule processing|
|RFE 24104||Add option for Split Cluster Transmit Queues in the current version of MQ on z/OS|
|RFE 26417||Integrate SupportPac MO72 into base WebSphereMQ product|
|RFE 26672||Requesting the enhancement to support for SSL certificate per channel or group of channels|
|RFE 28672||WMQ Security Enhancement – Key/Cert Selection Based on Alias|
|RFE 29335||JMS / MQ Java: automatically add userid/password values into SecurityParms structure|
|RFE 29399||Lack of granularity for MQseries SMF type 116 - CLASS(1) records|
|RFE 30310||Default SUBUSER on DEFINE SUB command|
|RFE 30504||VS2010 XMS Build|
|RFE 30709||WMQ Authentication via LDAP|
|RFE 31523||support for usernames longer than 12 characters|
|RFE 31465||WebSphere MQ for z/OS, CSQ1LOGP|
|RFE 32645||Enhancement so that MQ better protects itself from a system ECSA shortage by abending just affected thread and not entireQMGR|
|RFE 32936||when does IBM plan to support Windows Server 2012 and .NET V4.5 for the Websphere MQ product|
|RFE 34056||Allow multiple active SSL Certificates so all clients don't need to update certificate at same time|
|RFE 34976||The ServiceParm that was introduced by APAR PK88882 should be made available as a QMGR parameter and also documented|
|RFE 35525||Please create MO72 equivalent for WMQ 7.1 / 7.5 client|
|RFE 37862||IBMi WMQ AMS required|
|RFE 38198||MQ Uncommitted Unit of Work threshold in DB2 stored procedures and UDF's|
|RFE 39555||Externalize mq.ini overrides (non-default values) or values not honored during execution (such as TCP Buffer settings)|
|RFE 40332||Add support for Code Page 1166 to MQ v. 7.0.1 and 7.1|
|RFE 41015||Update dmpmqcfg to capture authority records for profiles for names of queues that don't exist yet|
|RFE 42430||Enhance dmpmqcfg command to provide same functionality as saveqmgr|
|RFE 42463||MQ product supported function to authenticate z/OS userid/password for MQExplorer client channels|
|RFE 43197||Need of LP64 compilation option for Websphere MQ z/OS|
|RFE 44077||PassPhrase support for WMQ for z/OS channel security exits|