IBM MQ Advanced Message Security
IBM® MQ Advanced Message Security ( IBM MQ AMS ) is a component of IBM MQ that provides a high
level of protection for sensitive data flowing through the IBM MQ network, while not impacting the end applications.
IBM MQ AMS overview
IBM MQ applications can use IBM MQ Advanced Message Security to send sensitive data, such as high-value financial transactions and personal information, with different levels of protection by using a public key cryptography model.
Installing IBM MQ Advanced Message Security
Install IBM MQ Advanced Message Security component on various platforms.
Auditing on z/OS
IBM MQ Advanced Message Security for z/OS® provides a means for optional auditing of MQI operations on policy-protected queues. When enabled, IBM System Management Facility (SMF) audit records are generated for the success and failure of these operations on policy-protected queues. Operations audited include MQPUT, MQPUT1, and MQGET.
Using keystores and certificates
To provide transparent cryptographic protection to IBM MQ applications, IBM MQ Advanced Message Security uses the keystore file, where public key certificates and a private key are stored. On z/OS, a SAF key ring is used instead of a keystore file.
IBM MQ Advanced Message Security uses security policies to specify the cryptographic encryption and signature algorithms for encrypting and authenticating messages that flow through the queues.
Problems and solutions
Information is provided to help you identify and resolve problems relating to IBM MQ Advanced Message Security.
Example configurations on z/OS
This section provides example configurations of policies and certificates for IBM MQ Advanced Message Security queuing scenarios on z/OS.