Configuring Advanced Message Security for z/OS

Use these topics as a step by step guide for configuring Advanced Message Security (AMS).

Before you begin

Before you start to configure AMS, ensure that the following queue manager configuration steps have been performed:
  1. [V9.2.0 Jul 2020]From IBM® MQ for z/OS® 9.1.3 onwards, ignore this step.

    For versions of IBM MQ for z/OS prior to IBM MQ 9.1.3, APF authorize the library thqual.SDRQAUTH, as described in APF authorize the IBM MQ load libraries.

  2. Add the CSQ0DRTM module to the LPA, as described in Update the z/OS link list and LPA.
  3. Add an entry for CSQ0DSRV to the z/OS program properties table (PPT), as described in Update the z/OS program properties table.
  4. Include the CSQ4INSM member in the CSQINP2 concatenation of queue manager started task procedure, as described in Customize the initialization input data sets.
  5. [V9.2.0 Jul 2020]For versions of IBM MQ for z/OS prior to IBM MQ 9.1.3, include the thqual.SDRQAUTH library in the queue manager STEPLIB concatenation, as described in Create procedures for the IBM MQ queue manager.

    From IBM MQ for z/OS 9.1.3 onwards, you can enable AMS using the AMSPROD attribute. See product usage recording with IBM MQ for z/OS products for more details.

What to do next

Configure policies for queues protected by AMS. Security policies are described in Administering Advanced Message Security security policies.

There are examples of AMS configurations in Example configurations on z/OS.