[MQ 9.3.0 Jun 2022][MQ 9.3.0 Jun 2022][UNIX, Linux, Windows, IBM i]

What's new in IBM MQ 9.3.0 for Multiplatforms - base and Advanced entitlement

For Multiplatforms, IBM® MQ 9.3.0 delivers a number of new features that are available with base product entitlement, and also with Advanced entitlement.

License entitlement, installation, and upgrade
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
The following capabilities are new for Long Term Support at IBM MQ 9.3.0:
Streaming queues
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
Administration
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
Security
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
The following capabilities are new for Long Term Support and Continuous Delivery at IBM MQ 9.3.0:
Scalability
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
Application development
The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
The following capabilities are new for Long Term Support and Continuous Delivery at IBM MQ 9.3.0:

License entitlement, installation, and upgrade

[Windows][MQ 9.3.0 Jun 2022]New Confirm License Entitlement panel
From IBM MQ 9.3.0, the new Confirm License Entitlement panel in the Windows interactive installer is presented after feature selection if you have chosen to install any IBM MQ Advanced features (MQ Telemetry Service, Advanced Message Security, or Managed File Transfer Service), or if you are upgrading from an installation that already has these features.
This panel simply warns you that these features are considered IBM MQ Advanced functionality and should only be installed if you have entitlement to IBM MQ Advanced. This warning reduces the risk of users installing IBM MQ Advanced features in error. For more information, see Installing the server using the Launchpad.
[MQ 9.3.0 Jun 2022][Linux]Support for upgrading IBM MQ for Linux® without uninstalling the earlier version
From IBM MQ 9.3.0, you can choose to upgrade IBM MQ on Linux platforms without uninstalling the earlier version of IBM MQ. The version that you are upgrading from must be at IBM MQ 9.2.0, or later, and no fix packs can be installed for the earlier version. That is, the fix pack number in the version.release.modification.fixpack (V.R.M.F) release identifier must be 0.
Previously, when you moved from an earlier version of IBM MQ to a later version in a single stage migration scenario, you had to uninstall the earlier version of IBM MQ before you installed the later version. Now, you can choose to install the later version without uninstalling the earlier version, which can make the upgrade process quicker and easier.
For more information, see Upgrading an IBM MQ installation on Linux.
[MQ 9.3.0 Jun 2022]IBM MQ code signing support
IBM MQ deliverables that you can download from IBM are signed with a digital signature. From IBM MQ 9.3.0, to aid with verifying the deliverables, IBM MQ provides an additional package that you can download from Fix Central. This package contains signatures and the public keys to verify them. For more information, see IBM MQ code signatures.
[MQ 9.3.0 Jun 2022][IBM i]Support for dspmqinst and setmqinst on IBM MQ for IBM i
From IBM MQ 9.3.0, support has been added to display the IBM MQ entitlement and set or unset the High Availability Replica and non-production IBM License Metric Tool. For more information, see dspmqinst and setmqinst.

Streaming queues

[MQ 9.3.0 Jun 2022]Streaming queues to realize additional value from data already flowing through IBM MQ
IBM MQ 9.3.0 adds the streaming queues feature, which allows you to configure a queue to put a near-identical copy of every message to a second queue. Streaming queues can be useful in certain scenarios, where you need to create a copy of your messages. For example:
  • Streaming messages to Apache Kafka using the Kafka Connect source connector for IBM MQ. For more information, see kafka_connect_mq_source.
  • Performing analysis on the data going through the system.
  • Storing messages for recovery at a later time.
  • Capturing a set of messages to use in development and test systems.
  • Consuming IBM MQ event messages from the system event queues, and sending additional copies to other queues or topics.
For more information, see Streaming queues.

Administration

[MQ 9.3.0 Jun 2022]IBM MQ Console Application quick start
Enhancements to the IBM MQ Console can help new users to get started more easily than ever before, following simple steps to create a messaging configuration with an application. For more information, see Quick tour of the IBM MQ Console.
[MQ 9.3.0 Jun 2022]Remote queue manager support for the IBM MQ Console
IBM MQ 9.3.0 adds support for managing remote queue managers in the IBM MQ Console. Adding remote queue managers to the IBM MQ Console enables you to administer all your queue managers in a single IBM MQ Console instance. The remote queue managers can be queue managers that are running in a different installation on the same system as the IBM MQ Console, or queue managers that are running on a different system. For more information, see Adding a remote queue manager to the IBM MQ Console.
[MQ 9.3.0 Jun 2022]Configurable IBM MQ Console message browsing controls
At IBM MQ 9.3.0, general updates have been made to improve the usability of the IBM MQ Console for a better user experience. These include the capability to download and view complete message contents from the IBM MQ Console, enhancing the prior previewing capability. You can configure these capabilities with three new parameters, mqConsoleMaxMsgCharsToDisplay, mqConsoleMaxMsgRequestSize and mqConsoleMaxMsgsPerRequest, that have been added to the setmqweb command. For more information, see setmqweb (set mqweb server configuration).
[MQ 9.3.0 Jun 2022]Dead-letter queue handler included in client package
The dead-letter queue (DLQ) handler can connect to a remote queue manager and is included in the client package, in addition to the server package in which it is already available. This means that the DLQ handler can now connect to either a local or remote queue manager, including an IBM MQ Appliance or cloud environment.
You can use the runmqdlq command with the -c parameter to specify that it should establish a client connection to a remote queue manager. For more information, see runmqdlq (run dead-letter queue handler).
A built version of the sample program, named amqsdlqc, is included. You can use this to connect to a remote queue manager in client mode. For more information, see The sample DLQ handler amqsdlq.
[AIX, Linux, Windows][MQ 9.3.0 Jun 2022]New IGNSTATE parameter for using MQSC DELETE commands idempotently
IBM MQ 9.3.0 introduces the IGNSTATE parameter for DELETE commands. This parameter allows you to specify whether you want the command to return an error return code if the object is already in the state the command would move it to. For more information about the IGNSTATE parameter and its options, see, for example, DELETE queues.
Specifying this parameter allows you to use the command DELETE in an iterative manner, for example in scripts, without the command or script failing after the first run because an object has already been deleted and no longer exists. Since the IGNSTATE parameter is an addition to the existing DELETE command functionality, the default behavior for existing scripts is to continue to operate as they have done previously.
Note that, when running in runmqsc -n mode, that is, not connected to a queue manager, the two available DELETE commands, DELETE AUTHINFO and DELETE CHANNEL, accept the IGNSTATE parameter, but there is no difference in behavior between YES and NO options. If runmqsc is run normally, DELETE AUTHINFO and DELETE CHANNEL act like other objects.
[AIX][MQ 9.3.0 Jun 2022]Support for zlibNX compression library
From IBM MQ 9.3.0, channel compression of message data that uses ZLIBFAST or ZLIBHIGH compression techniques can opt to use hardware-acceleration in IBM MQ for AIX®.
Opting to use the zlibNX library for channel compression will typically result in lower CPU usage and consequently improve message throughput rates. The impact of the zlibNX hardware-acceleration on channel compression will vary according to how large and how compressible the message data is. Highly compressible messages that are over 2KB in size are most likely to benefit from opting to use the zlibNX library.
For more information on data compression, see Data compression (COMPMSG). For information on the AMQ_USE_ZLIBNX environment variable, which enables the support in IBM MQ for AIX, see Environment variables descriptions.

Security

[AIX][MQ 9.3.0 Jun 2022][Linux]Permitting non-operating system users in the Object Authority Manager
From IBM MQ 9.3.0, the authority model has been simplified for IBM MQ running in a container environment, where usernames cannot be managed in the traditional way. The additional UserExternal option enables you to define permissions for users without the users having to exist in a Lightweight Directory Access Protocol (LDAP) server by allowing you to specify a non-operating system user name with a maximum of 12 characters to be used both for checking and setting authorizations.
For more information on the UserExternal option, see the -oa parameter of the crtmqm command and the SecurityPolicy parameter of the Service stanza of the qm.ini file.
[MQ 9.3.0 Jun 2022]TLS 1.3 support from IBM MQ Java applications
From IBM MQ 9.3.0, using the Java runtime environment (JRE) provided by IBM MQ permits the use of the TLS 1.3 CipherSpecs as described in TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS.
Note: In the Java runtime environment shipped as part of IBM MQ, the Java Security Provider for FIPS has been updated from IBMJCEFIPS to IBMJCEPlusFIPS.
[MQ 9.3.0 Jun 2022]Support for Transport Layer Security (TLS) 1.3 in MQIPT
From IBM MQ 9.3.0, IBM MQ Internet Pass-Thru (MQIPT) supports Transport Layer Security (TLS) 1.3. Three new CipherSuites are provided for use with TLS 1.3.
TLS 1.3 can be used on routes where MQIPT is configured as a TLS server, TLS client, or TLS proxy. Connections between the mqiptAdmin command and MQIPT can also be secured with TLS 1.3.
TLS 1.3 is enabled by default on routes that use TLS, and the TLS command port, from IBM MQ 9.3.0. To disable TLS 1.3, specify the protocols to be enabled using the SSLClientProtocols, SSLServerProtocols, or SSLCommandPortProtocols properties.
For more information about TLS support in MQIPT, see SSL/TLS support. The new CipherSuites are listed in the TLS 1.3 section of Table 1.
[MQ 9.3.0 Jun 2022]Encryption of passphrases for MQTT channels
IBM MQ 9.3.0 adds support for encryption of passphrases for MQTT channels. For more information, see Encrypting passphrases for MQTT TLS channels and Migration of plain text passphrases to encrypted passphrases.
[MQ 9.3.0 Jun 2022]SecureCommsOnly setting available on the queue manager
From IBM MQ 9.3.0, a security enhancement has been deployed to allow queue managers to be configured to only allow secure communications. A warning message is issued on startup if plain text communications are enabled. For more information, see SecureCommsOnly.
[MQ 9.3.0 Jun 2022]More flexible configuration for SNI support
The Server Name Indication (SNI) extension of TLS enables a client to indicate the hostname to which it is attempting to connect at the start of the handshaking process. From IBM MQ 9.3.0, an improvement has been made to allow the SNI to store either the IBM MQ channel name or the hostname.

The OutboundSNI property of the SSL stanza allows you to select whether the SNI should be set to the target IBM MQ channel name to the remote system when initiating a TLS connection, or to the hostname. For more information about the OutboundSNI property, see SSL stanza of the qm.ini file and SSL stanza of the client configuration file.

For more information on how this property is used, see Connecting to a queue manager deployed in a Red Hat® OpenShift® cluster.

[MQ 9.3.0 Jun 2022]OutboundSNI property for NMQI and XMS .NET clients
From IBM MQ 9.3.0, NMQI and XMS .NET client applications can use either a property or an environment variable to set the OutboundSNI property. In addition, the default value for this property has been changed to channel. Before IBM MQ 9.3.0 the OutboundSNI property was always set to * for the .NET clients.
For more information, see XMS .NET property mapping for administered objects and OutboundSNI property.
[MQ 9.3.0 Jun 2022]Support for multiple queue manager certificates in MQIPT
From IBM MQ 9.3.0, per-channel certificates can be used on a queue manager for TLS connections received from IBM MQ Internet Pass-Thru (MQIPT), where the MQIPT route is configured as a TLS client.
IBM MQ supports the use of multiple certificates on the same queue manager, using a per-channel certificate label, specified using the CERTLABL attribute on the channel definition. Inbound channels to the queue manager rely on detecting the channel name using TLS Server Name Indication (SNI), in order for the queue manager to present the correct certificate. From IBM MQ 9.3.0, MQIPT can be configured to allow multiple certificates to be used by the destination queue manager by either setting the SNI to the channel name, or passing through the SNI received on the inbound connection to the route.
For more information about multiple certificate support and MQIPT, see IBM MQ multiple certificate support with MQIPT.
[MQ 9.3.0 Jun 2022]TLS support for the IBM MQ .NET XA Monitor application
The IBM MQ .NET client provides an XA Monitor application, WmqDotnetXAMonitor, that you can use to recover any incomplete distributed transactions. From IBM MQ 9.3.0, the WmqdotnetXAMonitor application includes the option to establish a secure connection to the queue manager. For more information, see Using the WMQDotnetXAMonitor application and WmqDotNETXAMonitor application configuration file settings.
[MQ 9.3.0 Jun 2022]Additional configuration option to control TLS environment in C clients
A new configuration option has been added to C clients to allow a different mode of operating when creating TLS connections. For more information, see the EnvironmentScope attribute of the SSL stanza of the client configuration file.
[MQ 9.3.0 Jun 2022]Improved password protection for IBM MQ clients using cryptographic hardware
IBM MQ 9.3.0 deploys an improvement to IBM MQ clients that allows them to parse cryptographic hardware configuration strings that contain encrypted passwords. This allows for the protection of PKCS #11 token pins inside the SSLCryptoHardware attribute in the SSL stanza of the mqclient.ini file, and the MQSSLCRYP environment variable.
Important: This is not applicable for cryptographic hardware settings provided to the queue manager using the queue manager SSLCRYP setting, or provided to client applications using the MQSCO.CryptoHardware structure field.
A command has been provided that can encrypt plain text passwords into the encrypted format usable with cryptographic hardware configuration strings for IBM MQ clients. For more information, see IBM MQ clients using cryptographic hardware.
User data traced by MQIPT can be configured
[MQ 9.3.0 Jun 2022][MQ 9.3.0 Jun 2022]From IBM MQ 9.3.0, the amount of user data in network transmissions received and sent by MQIPT routes that is traced can be configured using the TraceUserData property. If this property is not specified, only the first 64 bytes of data in network transmissions is traced.
[MQ 9.3.0 Jun 2022][AIX, Linux, Windows][MQ 9.3.0 Jun 2022]Support for PKCS#12 key repositories
From IBM MQ 9.3.0 you can configure queue managers and client applications to use PKCS#12 key repositories for TLS communications. To facilitate key repositories with different extensions, the mechanism to provide key repositories to queue managers or client applications has been updated to support a full file path.

For more information, see Changing the key repository location for a queue manager on AIX, Linux, and Windows and Specifying the key repository location for an IBM MQ MQI client on AIX, Linux, and Windows.

[MQ 9.3.0 Jun 2022][AIX, Linux, Windows][MQ 9.3.0 Jun 2022]Support for key repository passwords
From IBM MQ 9.3.0 you can provide key repository passwords directly to queue managers and clients, instead of requiring a stash file. To ensure the secure storage of key repository passwords, the queue manager and client applications have been extended to support the storage of key repository passwords encrypted using the IBM MQ Password Protection system.

For more information, see Supplying the key repository password for a queue manager on AIX, Linux, and Windows and Supplying the key repository password for an IBM MQ MQI client on AIX, Linux, and Windows.

Scalability

[MQ 9.3.0 Jun 2022]Application re-balancing support
IBM MQ 9.3.0 adds support for controlling or influencing the re-balancing behavior between uniform clusters to suit the needs of specific types of application; for example, minimizing interruptions to in flight transactions, or ensuring requester applications receive their responses before being moved.
One of the goals of uniform clustering is to allow workload to be distributed across a group of queue managers. In IBM MQ 9.2.4 (and later implementations) behavior was modified so that applications are only balanced when they are actively performing IBM MQ operations. Applications check to see whether they should move when they are performing an IBM MQ operation like MQPUT, MQGET, or MQCMIT.
Important: An application which has only performed an MQCONN operation is not rebalanced until it subsequently performs one of these MQI operations.
You can use the default behaviors described in Influencing application re-balancing in uniform clusters or make changes, either at configuration or deployment time through the client.ini file. Alternatively, you can make the balancing behavior and requirements part of the application logic using the MQBNO structure.
IBM MQ 9.3.0 also adds support for re-balancing the following types of application:
[MQ 9.3.0 Jun 2022]Support for dynamic balancing of Java Platform, Enterprise Edition inbound connections in a uniform cluster
From IBM MQ 9.3.0, a new property dynamicallyBalanced is available when configuring ActivationSpecs. For more information, see Configuring the resource adapter for inbound communication.
[MQ 9.3.0 Jun 2022]IBM MQ scaler for KEDA
From IBM MQ 9.3.0, auto-scaling of client applications is possible based on queue depth. This feature uses the Kubernetes-based Event Driven Autoscaler (KEDA), which is a lightweight, open source solution designed to provide better scaling options for event-driven client applications on Kubernetes. You can use KEDA to scale client applications running on IBM MQ queue managers, including queue managers in containers.
For more information, see Introduction to KEDA. The IBM MQ scaler for KEDA was contributed by the IBM MQ development team and is maintained by the KEDA community. If you have a question or would like to raise a issue, use the kedacore GitHub repo: https://github.com/kedacore/keda/issues.

Application development

[MQ 9.3.0 Jul 2022]Support for the Apache Qpid JMS client library
IBM MQ 9.3.0 adds two additional channel attributes for AMQP channels, TMPMODEL and TMPQPRFX, enabling you to set the model queue and queue prefix that you use, while creating a temporary queue using Qpid JMS. For more information, see Developing AMQP client applications and DEFINE CHANNEL.
[AIX, Linux, Windows][MQ 9.3.0 Jun 2022]Point-to-point messaging on AMQP channels
IBM MQ 9.3.0 adds point-to-point messaging support to IBM MQ AMQP channels, so that AMQP clients such as Apache Qpid™ JMS applications can connect to IBM MQ and send messages to queues or temporary queues, or receive messages from queues and temporary queues. For more information, see Developing AMQP client applications.
IBM MQ 9.3.0 also adds browse support for point-to-point messaging to IBM MQ AMQP channels, so that AMQP clients, like Apache Qpid JMS applications, can connect to IBM MQ and browse messages. For more information, see Developing AMQP client applications.
[MQ 9.3.0 Jun 2022]Java 17 support for IBM MQ clients
IBM MQ 9.3.0 adds Java 17 support for IBM MQ classes for Java and IBM MQ classes for JMS for Oracle and Adoptium.
[MQ 9.3.0 Jun 2022]REST Messaging API: greater access to message properties when sending and receiving messages using the REST API
The following new features provide increased access to message properties when sending or receiving messages by using the REST API:
  • A new REST API V3 has been introduced. New features are available by using the v3 version of the resource URL.
  • Support for a message priority request header has been added.
  • Application-specific correlation IDs can now be used (bringing the use of Correlation and Message IDs more in line with JMS).
  • Support for setting and reading multiple user-defined message properties has been added.
Details of the new features are available in the following topics:
[MQ 9.3.0 Jun 2022][MQ 9.3.0 Jun 2022][Jakarta Messaging 3.0]Support for Jakarta Messaging 3.0
The JMS specification defines a set of named Java interfaces that software conforming to the specification must implement. From IBM MQ 9.3.0, Jakarta Messaging 3.0 is supported. This extends the set of environments in which IBM MQ can be used.
IBM MQ 9.2 and earlier support JMS 2.0, which also supports the functionality defined in JMS 1.0 and JMS 1.1. IBM MQ 9.3.0 continues to support JMS 2.0 for existing applications, and adds support for Jakarta Messaging 3.0 for new development:
  • A new -j option is added to the setmqenv and crtmqenv commands. You can use this option to specify whether you require an environment suitable to run JMS 2.0 or Jakarta Messaging 3.0 applications.
  • Two new sample scripts, setjms30env and setjms30env_64, are provided. You can use them to set the environment for Jakarta Messaging 3.0 applications. For more information, see Setting environment variables for IBM MQ classes for JMS/Jakarta Messaging.
  • An additional set of Java classes are provided. They implement the interfaces specified in Jakarta Messaging 3.0. These classes have different names from the existing implementation classes and are packaged into new JAR and RAR files. For the Javadoc information for these classes, see IBM MQ classes for JMS 3.0.
    Note: For Jakarta Messaging 3.0, control of the JMS specification moves from Oracle to the Java Community Process. However, Oracle retains control of the "javax" name, which is used in other Java technologies that have not moved to the Java Community Process. So, while Jakarta Messaging 3.0 is functionally equivalent to JMS 2.0 there are some differences in naming:
    • The official name for Jakarta Messaging 3.0 is Jakarta Messaging rather than Java Message Service.
    • The package and constant names are prefixed with jakarta rather than javax. For example, in JMS 2.0 the initial connection to a messaging provider is a javax.jms.Connection object, and in Jakarta Messaging 3.0 it is a jakarta.jms.Connection object.
For more information, see Using IBM MQ classes for JMS/Jakarta Messaging.