Advanced Message Security
Advanced Message Security (AMS) is a component of IBM® MQ that provides a high level of protection for sensitive data flowing through the IBM MQ network, while not impacting the end applications.
About this task
Advanced Message Security expands IBM MQ security services to provide data signing and encryption at the message level. The expanded services guarantee that message data has not been modified between when it is originally placed on a queue and when it is retrieved. In addition, AMS verifies that a sender of message data is authorized to place signed messages on a target queue.
AMS provides the following functions:
- Secures sensitive or high-value transactions processed by IBM MQ.
- Detects and removes rogue or unauthorized messages before they are processed by a receiving application.
- Verifies that messages were not modified while in transit from queue to queue.
- Protects the data not only as it flows across the network but also when it is put on a queue.
- Secures existing proprietary and customer-written applications for IBM MQ.
![[z/OS]](ngzos.gif)
From IBM MQ 9.1.3, IBM MQ for z/OS® provides the ability to optionally remove and add AMS
protection from, or to, messages that flow across the network, respectively. This is known as
Server to Server Message Channel Agent (MCA) Interception..![[AIX, Linux, Windows]](ngalw.gif)
From IBM MQ 9.1.4 and IBM MQ 9.1.0 Fix Pack 4, a check is added to the IBM MQ library code that runs
within the customer's application program. The check runs early in its initialization to read the
value of the environment variable AMQ_AMS_FIPS_OFF and, if it is set to any
value, then the IBM Global Security Kit (GSKit) code is run in non-FIPS
mode in that application.