What's new in IBM MQ 9.2.0 for Multiplatforms - Advanced entitlement only
IBM® MQ 9.2.0 delivers a number of new features that are available only with IBM MQ Advanced for Multiplatforms entitlement.
- Active/active messaging
- Extending your IBM MQ network
- Managing IBM MQ
- Deploying the IBM MQ Advanced container
Disaster recovery for high availability replicated data queue managers
You can now configure a replicated data queue manager (RDQM) that runs on a high availability group on one site, but can fail over to another high availability group at another site if some disaster occurs that makes the first group unavailable. This is known as a DR/HA RDQM. See RDQM disaster recovery and high availability.
Replicated data queue managers now available on RHEL 8
You can now configure replicated data queue managers on RHEL 8.2 and onwards. See Installing RDQM (replicated data queue managers).
Highly available Managed File Transfer agents
From IBM MQ 9.2.0, you can set up Managed File Transfer standard and bridge agents to be highly available. You can configure multiple instances of the same MFT agent on two or more servers in active and standby mode. If the active instance of the agent fails at any time, even when transfers are not in progress, another instance of the agent automatically starts up and enables file transfer to continue. This occurs, even in cases where one of the agents fails due to network issues, hardware issues, or any other reason that causes the agent to stop. For more information, see Highly available agents in IBM MQ Managed File Transfer.
Use of IBM Aspera fasp.io Gateway streaming for IBM MQ messages
Queue managers can be configured so that IBM MQ system, application, and Managed File Transfer messages pass through an Aspera gateway to reach a destination using the Aspera FASP protocol in place of TCP/IP. For some use cases, this allows messages to move between destinations more rapidly than otherwise would be the case.
From IBM MQ 9.2.0, IBM MQ Advanced for Multiplatforms provides entitlement for using an IBM Aspera fasp.io Gateway. An IBM MQ Advanced for Multiplatforms queue manager can also use an Aspera gateway running on Linux® on POWER® Systems or Linux for IBM Z.
An Aspera gateway is set up, under Linux or Windows, for use by sending and receiving queue managers. Each of these queue managers must be one of IBM MQ Advanced for z/OS® VUE, IBM MQ Advanced for Multiplatforms, or IBM MQ Appliance queue managers. The gateway does not need to run on the same server as the queue manager, or on the IBM MQ Appliance.
For more information, see Defining an Aspera gateway connection on Linux or Windows.
Note that use of the Aspera gateway is limited to IBM MQ messages unless the gateway is separately entitled.
Enhancements to the IBM MQ Bridge to blockchain
- IBM MQ Bridge to blockchain Hyperledger Fabric support
- From IBM MQ 9.2.0, the IBM MQ Bridge to blockchain is updated to add support for Hyperledger Fabric for interaction between IBM MQ and the blockchain. This support replaces previous APIs that were used for connectivity. For more information, see Configuring IBM MQ for use with blockchain.
- Changes to tracing and logging on IBM MQ Bridge to blockchain.
- IBM MQ 9.2.0 introduces changes to the way in which tracing and logging work on IBM MQ Bridge to blockchain. For more information, see Additional configuration options for IBM MQ Bridge to blockchain.
- Secure password encryption for IBM MQ Bridge to blockchain
- IBM MQ 9.2.0 provides additional security options for the IBM MQ Bridge to blockchain, including options for how passwords are stored. For more information, see runmqbcb (run IBM MQ Bridge to blockchain).
Support for PKCS #11 cryptographic hardware in MQIPT
From IBM MQ 9.2.0, IBM MQ Internet Pass-Thru (MQIPT) can access digital certificates that are stored in cryptographic hardware that supports the PKCS #11 interface. See Using PKCS #11 cryptographic hardware for more information.
New features and enhancements for Managed File Transfer
- Highly available Managed File Transfer agents
- From IBM MQ 9.2.0, you can set up Managed File Transfer standard and bridge agents to be highly available. You can configure multiple instances of the same MFT agent on two or more servers in active and standby mode. If the active instance of the agent fails at any time, even when transfers are not in progress, another instance of the agent automatically starts up and enables file transfer to continue. This occurs, even in cases where one of the agents fails due to network issues, hardware issues, or any other reason that causes the agent to stop. For more information, see Highly available agents in IBM MQ Managed File Transfer.
- Managed File Transfer support for FTP server on existing IBM i systems
- From IBM MQ 9.2.0 you can use an FTP
server, running on IBM i, to upload and download
files, from or to, the root file system ("/") of the Integrated File System (IFS)Attention:
- You do not require IBM MQ for IBM i to be installed on your IBM i machine.
- You can use the root (/) file system only. Other file systems are not supported.
- New fteClearMonitorHistory command for clearing resource monitor history
- From IBM MQ 9.2.0, the fteClearMonitorHistory command provides a mechanism for clearing the history of a Managed File Transfer resource monitor to simplify the process of re-initiating failed transfers. For more information, see Clearing resource monitor history and fteClearMonitorHistory.
- New property for specifying the permission of the MFT log file
- The MFT Logger enables you to log data about the use of Managed File Transfer in an offline store for additional review or auditing. IBM MQ 9.2.0 introduces a new property, wmqfte.file.logger.filePermissions, in the logger.properties file which allows you to enable read permissions on the logger file, making it easier for additional sources to read these logs and consume the data for analysis. For more information, see the MFT logger.properties file.
- Option to specify wait time for Managed File Transfer database logger shut down
- From IBM MQ 9.2.0, a new property, immediateShutdownTimeout, is added to the logger.properties file. When this property is called, the logger waits for the specified amount of time for any outstanding operations to complete and shut down gracefully. For more information, see The MFT logger.properties file.
- Option to specify an installation name with the fteCreateEnvironment command
- IBM MQ 9.2.0 introduces an additional parameter to the fteCreateEnvironment command, which sets the environment variable for the configuration and transfer of files for the Redistributable Managed File Transfer Agent. You can use the new -n parameter to specify an installation name. For more information, see Creating the initial configuration for the Redistributable Managed File Transfer Agent and fteCreateEnvironment.
- New REST API calls for Managed File Transfer administration
- IBM MQ 9.2.0 expands the existing administrative
REST API for Managed File Transfer, by adding
- REST API calls for creating a new resource monitor, listing MFT resource monitor status along with other configuration information, and deleting an existing resource monitor, or deleting the history of an existing resource monitor. For more information, see admin/mft/monitor.
- A REST API call for creating file transfers. For more information, see admin/mft/transfer.
- Support for the
MQWebUser
role in the MFT REST API - From IBM MQ 9.2.0, you can use the
MQWebUser
role to authenticate: - Enhanced credentials protection
- IBM MQ 9.2.0 introduces enhanced security features. See the changes to fteObfuscate and Improvements to MFT security for more information.
Identification of installs of High Availability Replica
From IBM MQ 9.2.0, when installing and configuring IBM MQ Advanced for RDQM, you can nominate individual installs as either IBM MQ Advanced or IBM MQ Advanced High Availability Replica. This is then reported with IBM License Management Tool (ILMT) to allow for correct license identification. For more information, see setmqinst (set IBM MQ installation).
Improved password protection for Java Advanced Message Security clients
An improvement has been deployed to Java Advanced Message Security (AMS) clients that allows them to parse configurations that contain encrypted passwords. This allows for the protection of keystore and truststore passwords inside an AMS configuration file.
This new improved system deprecates the old password protection system, and if your enterprise protected passwords in Java AMS clients prior to IBM MQ 9.2.0, you should protect the passwords again using the new command.
A command has been provided that can encrypt plain text passwords into the encrypted format usable with Java AMS clients. For more information, see Advanced Message Security - Java.
.zip images of IBM MQ are available for use with development and production containers
IBM MQ server is now packaged as a .zip file to support clients building their own container images for Linux for x86-64 environments. The .zip file enables IBM MQ container images to be built that can run under the Red Hat® OpenShift® restricted security context constraints (SCC) without requiring privilege escalation. The .zip images are available as CD release updates only, with no long-term support option, and can only be used for building container images.
MQ Operators replace Helm as the mechanism for deploying an IBM MQ Advanced container
At IBM MQ 9.1.5, IBM MQ introduced version 1.0.0 of a Kubernetes Operator that provides native integration with Red Hat OpenShift Container Platform. MQ Operator 1.0.0 is only compatible with IBM MQ 9.1.5. For IBM MQ 9.2.0, MQ Operator 1.1.0 is added, which is compatible with IBM MQ 9.1.5 and IBM MQ 9.2.0.
From IBM MQ 9.2.0, MQ Operators are the supported mechanism for deploying an IBM MQ Advanced container. Helm is no longer supported.