A neighborhood watch for your clusters, Securing cluster queues from unauthorized applications

From the developerWorks archives

Nandini Devi

Date archived: January 3, 2017 | First published: April 09, 2014

When you have multiple applications connected to a cluster, it will become necessary to secure your cluster queues from unauthorized applications putting messages to them. Authorizing those applications to put messages into the cluster queues can be done by a remote queue manager or by the local queue manager in the cluster. As per business security demands, IBM MQ clusters are configured with SSL, channel exits, and other means of security that decide whether the cluster queue managers can trust each other. Based on those security settings between the cluster queue managers, the MQ admininistrator who is designing the cluster needs to decide whether users should be authorized locally or remotely to access the clustered queues. In a complex cluster environment, it is difficult to set different level of access for the cluster queues residing in the same queue manager. This article describes scenarios using features available in IBM MQ V7.5 and earlier. It also describes the problem scenarios associated with them and explains the best cluster queue security practices that help when designing complex MQ cluster environments. This content is part of the IBM WebSphere Developer Technical Journal.

This content is no longer being updated or maintained. The full article is provided "as is" in a PDF file. Given the rapid evolution of technology, some steps and illustrations may have changed.

ArticleTitle=A neighborhood watch for your clusters: Securing cluster queues from unauthorized applications