What's new in IBM MQ 9.2.0 for Multiplatforms - base and Advanced entitlement
For Multiplatforms, IBM® MQ 9.2.0 delivers a number of new features that are available with base product entitlement, and also with Advanced entitlement.
- Active/active messaging
- Extending your network
- Managing IBM MQ
-
- Support for Transport Layer Security (TLS) 1.3
- Increased level of control to determine how IBM MQ uses available storage
- Version 2 of the REST API
- Enhancements to the administrative REST API
- Host header validation for the IBM MQ Console and REST API
- Updated IBM MQ Console look and feel
- Enhancements to the IBM MQ Bridge to Salesforce
- Configurable ephemeral directory
- Userdata directory
- License acceptance after installation on Linux
- Installing IBM MQ for Linux with the yum installer on Linux Red Hat
- More effective integration with WebSphere Liberty
- Developing IBM MQ
Automatic balancing of a pool of connected applications across a set of available queue managers
- Uniform clusters
- Uniform clusters are a specific pattern of an IBM MQ cluster that provides applications with a highly available and horizontally scaled collection of queue managers. When an application interacts with a uniform cluster as a single group, the queue managers work together to maintain an even balance of application instances across the cluster, including across queue manager maintenance and restarts. Automatic balancing across a set of clustered queue managers is supported for applications written in C, JMS, IBM MQ .NET, and XMS .NET. For more information, see About uniform clusters.
- Single set of configuration files
- A single set of configuration files can be defined once and used to deploy
multiple queue managers into the uniform cluster, ensuring the configuration is consistent across
them. You have various options to help you configure uniform clusters. You can:
- Apply automatic configuration from an MQSC script at startup.
- Apply automatic configuration from an INI script at startup.
- Use additional qm.ini file stanzas to assist automatic cluster configuration.
- Provide an input file to runmqsc; see Running MQSC commands from text files for more details.
- Application resource monitoring
- You can display the status of one or more applications, and application instances, connected to a queue manager, cluster, or a uniform cluster by using the DISPLAY APSTATUS MQSC command or the Inquire Application Status and Inquire Application Status (Response) PCF commands. This information allows you to monitor and troubleshoot application balancing.
- JSON format client channel definition table
- The JSON format for the client channel definition table (CCDT) gives various improvements over the existing binary format CCDT, including the ability to define duplicate channel definitions of the same name. This is a client-side feature (that is, you need an IBM MQ 9.2.0 client, not an IBM MQ 9.2.0 queue manager). For more information, see Configuring a JSON format CCDT.
IBM MQ Internet Pass-Thru
- Inclusion of IBM MQ Internet Pass-Thru
- IBM MQ Internet Pass-Thru (MQIPT) is a utility that can be used to implement messaging solutions between remote sites across the internet. In IBM MQ 9.2.0, MQIPT is a fully-supported optional component of IBM MQ that you can download from IBM Fix Central for IBM MQ. MQIPT has previously been available as support pack MS81.
- Enhanced protection of stored passwords in MQIPT
- From IBM MQ 9.2.0, all passwords that are stored in the MQIPT configuration can be protected by encrypting the passwords using the mqiptPW command. IBM MQ 9.2.0 also introduces a new, more secure, protection method for passwords that are stored for use by MQIPT, and the ability for you to specify an encryption key that is used to encrypt and decrypt stored passwords. For more information, see Encrypting stored passwords.
- Improved administration of MQIPT
- The following new features of MQIPT in
IBM MQ 9.2.0 allow easier and more secure administration of
MQIPT using the mqiptAdmin command.
- Local instances of MQIPT can be administered using
the mqiptAdmin command without the need for MQIPT to listen on a command port. The
mqiptAdmin command must be run under the user ID that was used to start the
MQIPT instance. Alternatively, on AIX® and Linux®, the
root
user can be used. - MQIPT can be configured to authenticate administrative commands received by a command port. If remote command authentication is enabled, users of the mqiptAdmin command must enter the correct access password, specified in the AccessPW property in the MQIPT configuration, whenever an administrative command is issued using a command port.
- MQIPT can be configured to listen for administrative commands using a command port that is secured by TLS. This uses encryption to protect data sent between the mqiptAdmin command and the MQIPT instance being administered, including the access password if MQIPT is configured to require authentication for commands received by the command port. The TLS command port can be configured in addition to the unsecured command port that is available in previous versions of MQIPT.
- A local address can be specified to restrict connections to either the unsecured or the TLS command port to those from a specific network interface. This can be used, for instance, to prevent remote administration of MQIPT, while allowing different users on the local machine to use the command port to administer MQIPT.
- Local instances of MQIPT can be administered using
the mqiptAdmin command without the need for MQIPT to listen on a command port. The
mqiptAdmin command must be run under the user ID that was used to start the
MQIPT instance. Alternatively, on AIX® and Linux®, the
Support for Transport Layer Security (TLS) 1.3
- Transport Layer Security (TLS) 1.3 support for a range of protocols
- IBM MQ 9.2.0 supports Transport Layer Security (TLS) 1.3 for a range of protocols. TLS 1.3 can be used for connections between queue managers and for C, C++, IBM MQ classes for Java, and IBM MQ classes for JMS client applications.
- New CipherSpecs for TLS 1.3
- The new CipherSpecs for TLS 1.3 that IBM MQ 9.2.0 provides are described in Enabling CipherSpecs. (For a list of these CipherSpecs, see the TLS 1.3 CipherSpecs section in Table 1.) All the new CipherSpecs work both with RSA and Elliptic Curve certificates.
- Provision for a list of acceptable TLS CipherSpecs
- From IBM MQ 9.2.0, you can provide a custom list of ordered and enabled CipherSpecs that IBM MQ is permitted to use. For more information on how to configure a custom list, see Providing a custom list of ordered and enabled CipherSpecs on Multiplatforms.
- TLS Handshake Transcript
- IBM MQ 9.2.0 adds support for the TLS handshake transcript available from the IBM Global Security Kit (GSKit) cryptographic provider. This functionality is available on Distributed platforms that utilize IBM MQ both in the queue manager and client. To view the TLS handshake transcript, GSKit and GSKit trace must be enabled and a TLS handshake must fail. The transcript will then be collected and written out as part of the amqrmppa or client application trace file.
- TLS 1.3 on IBM i
- The availability of TLS 1.3 on IBM MQ is dependent on the availability of TLS 1.3 in the underlying IBM i operating system. For details on what IBM i versions support TLS 1.3 and how to enable it, see System TLS support for TLSv1.3.
Increased level of control to determine how IBM MQ uses available storage
From IBM MQ 9.2.0, you have the option of configuring and monitoring queues that will support substantially more than the two terabyte default limit used in releases of IBM MQ prior to IBM MQ 9.2.0. You also have the option of reducing the size a queue file can grow to. To enable you to configure queues, there is an additional attribute on local and model queues, MAXFSIZE and to monitor queues there are two additional queue status attributes, CURFSIZE and CURMAXFS. For more information, see Modifying IBM MQ queue files.
Version 2 of the REST API
https://host:port/ibmmq/rest/v2/
You can continue to use the version 1 URL for existing applications. Most REST API resources are available in both versions. However, new REST API resources are available only with the version 2 URL. For example, the new publish URL in the messaging REST API is available only with the version 2 URL.
- GET subscription
- GET channel
- POST queue
- PATCH queue
- GET queue
- DELETE queue
For more information, see REST API versions.
Enhancements to the administrative REST API
IBM MQ 9.2.0 introduces new administrative REST API enhancements with the
/admin/action/qmgr/{qmgrName}/mqsc
resource. Before IBM MQ 9.2.0, this resource could be used to send MQSC commands to a
queue manager for processing. Now, you can choose to send the MQSC command to the queue manager, and
receive responses, in JSON format instead of the MQSC command format.
/admin/action/qmgr/{qmgrName}/mqsc
resource in the following format:
{
"type": "runCommand",
"parameters": {
"command": "DEFINE CHANNEL(NEWSVRCONN) CHLTYPE(SVRCONN)"
}
{
"type": "runCommandJSON",
"command": "define",
"qualifier": "channel",
"name": "NEWSVRCONN",
"parameters": {
"chltype": "svrconn"
}
}
- The following commands are now supported:
- DISPLAY CONN(connectionID) TYPE (HANDLE)
- DISPLAY CONN(connectionID) TYPE (*)
- DISPLAY CONN(connectionID) TYPE (ALL)
- Single quotation marks are automatically escaped. You no longer need to use an additional single quotation mark to specify a single quotation mark in an attribute value.
- In the SET POLICY command, the SIGNER and RECIP attributes are now list attributes. Instead of specifying a string value for these attributes, you now use a JSON array. This change enables you to specify multiple values for the SIGNER and RECIP within a single command.
- Enhanced MQSC syntax error checking is now available. When an MQSC syntax error is detected in the JSON input, instead of returning a 200 response and the MQSC error in the response body, a 400 response is returned with a new error message indicating where the syntax error occurred.
For more information about the /admin/action/qmgr/{qmgrName}/mqsc
resource and
the format of the JSON you can specify in the request body, see POST
/admin/action/qmgr/{qmgrName}/mqsc
.
Host header validation for the IBM MQ Console and REST API
You can configure the mqweb server to restrict access to the IBM MQ Console and REST API such that only requests that are sent with a host header that matches a specified allowlist are processed. An error is returned if a host header value that is not on the allowlist is used. For more information, see Configuring host header validation for the IBM MQ Console and REST API.
Updated IBM MQ Console look and feel
From IBM MQ 9.2.0 a new console, with a new look and feel, is available on Multiplatforms. For more information, see Quick tour of the New Web Console.
Enhancements to the IBM MQ Bridge to Salesforce
- Changes to tracing and logging on IBM MQ Bridge to Salesforce
- IBM MQ 9.2.0 introduces additional configuration options that permit two major classes of additional topology, and changes to the way in which tracing and logging work on IBM MQ Bridge to Salesforce. For more information, see Additional configuration options for IBM MQ Bridge to Salesforce and runmqsfb (run IBM MQ Bridge to Salesforce) for details of the changes to this command.
- Secure password encryption for IBM MQ Bridge to Salesforce
- IBM MQ 9.2.0 provides additional security options for the IBM MQ Bridge to Salesforce, including options for how passwords are stored. For more information, see runmqsfb (run IBM MQ Bridge to Salesforce).
Configurable ephemeral directory
Userdata directory
From IBM MQ 9.2.0, the queue manager filestore includes a userdata directory that you can use for storing the persistent state of an application. For more information, see Userdata directory and Storing persistent application status.
License acceptance after installation on Linux
From IBM MQ 9.2.0, on Linux, you have the option of accepting the correct license for your enterprise after you install the product. For more information, see License acceptance on IBM MQ for Linux.
Installing IBM MQ for Linux with the yum installer on Linux Red Hat
From IBM MQ 9.2.0, you can use the yum installer on Linux Red Hat to install, modify, and uninstall IBM MQ.
Using the yum installer enables you to install IBM MQ components without needing to consider the dependencies that the component has. The yum installer automatically installs the pre-requisite components as part of the installation process.
For more information, see Installing IBM MQ on Linux Red Hat using yum and Uninstalling or modifying IBM MQ on Linux.
More effective integration with WebSphere Liberty
- Message-driven bean problem resolution
- From IBM MQ 9.2.0, the maxSequentialDeliveryFailures activation specification property defines the maximum number of sequential message delivery failures to a message-driven bean (MDB) instance that the resource adapter tolerates, before pausing the MDB. For more information, see IBM MQ message-driven bean pause in WebSphere® Liberty.
- Full Liberty XA support with client channel definition tables
- When using WebSphere Liberty 18.0.0.2 onwards, with IBM MQ 9.2.0, you can make use of queue manager groups within the client channel definition table (CCDT) in conjunction with XA transactions. This means that it is now possible to make use of workload distribution and availability, provided by queue manager groups, whilst maintaining transaction integrity. For more information, see Full Liberty XA support with client channel definition tables.
Enhancements to the messaging REST API
- Ability to browse messages on a queue
- IBM MQ 9.2.0 introduces the ability to browse messages
on a queue by using the messaging REST API:
- You can use the
/messaging/qmgr/{qmgrName}/queue/{queueName}/message
resource with an HTTP GET to browse the next message on the queue. For more information, see GET/messaging/qmgr/{qmgrName}/queue/{queueName}/message
. - You can use the
/messaging/qmgr/{qmgrName}/queue/{queueName}/messagelist
resource with an HTTP GET to view a list of messages on the queue. For more information, see GET/messaging/qmgr/{qmgrName}/queue/{queueName}/messagelist
.
- You can use the
- Enhanced REST messaging performance with connection pools
- To optimize the performance of the messaging REST API, connections to IBM MQ queue managers are pooled. That is, instead of each REST request creating, using, and destroying its own connection, each REST request uses a connection from a connection pool. By default, 20 connections are available for each queue manager pool. You can change the maximum number of pooled connections and the default behavior of the messaging REST API when all connections are in use by using the setmqweb properties command. For more information, see Configuring the messaging REST API.
- Publish messages to topics with the messaging REST API
- From IBM MQ 9.2.0, you can publish
messages to a specified topic by using the messaging REST API. You can use the
/messaging/qmgr/{qmgrName}/topic/{topicString}/message
resource with an HTTP POST to publish a message to the topic. For more information, see POST/messaging/qmgr/{qmgrName}/topic/{topicString}/message
.
Support for running applications on Microsoft .NET Core
- .NET Core support Windows and Linux
- From IBM MQ 9.2.0, IBM MQ supports .NET Core on IBM MQ .NET and XMS .NET on Windows and Linux.
- Support for development of .NET Core applications on macOS
- IBM MQ 9.2.0 supports the development of .NET Core applications on macOS. Once developed, these applications can be run supported on either Windows or Linux environments. For more information, see Developing IBM MQ .NET Core applications on macOS.
- Simplified creation of .NET Core applications
- IBM MQ 9.2.0 adds .NET project templates to Microsoft Visual Studio, enabling you to write your applications more quickly. For more information, see Using the IBM MQ .NET project template and Using the IBM MQ XMS .NET project template.
Advanced Message Queuing Protocol (AMQP) shared subscription enhancement
IBM MQ 9.2.0 adds support to AMQP channels for consuming data from subscriptions and shared-subscriptions for example when using the Qpid™ JMS client library. For more information, see Developing AMQP client applications.