What's new in IBM MQ 9.3.0 for Multiplatforms - base and Advanced entitlement
For Multiplatforms, IBM® MQ 9.3.0 delivers a number of new features that are available with base product entitlement, and also with Advanced entitlement.
- License entitlement, installation, and upgrade
- The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
- Streaming queues
- The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
- Administration
- The following capabilities first appeared in IBM MQ 9.2.x
Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
- IBM MQ Console Application quick start
- Remote queue manager support for the IBM MQ Console
- Configurable IBM MQ Console message browsing controls
- Dead-letter queue handler included in client package
- New IGNSTATE parameter for using MQSC DELETE commands idempotently
- Support for zlibNX compression library
- Security
- The following capabilities first appeared in IBM MQ 9.2.x
Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
- Permitting non-operating system users in the Object Authority Manager
- TLS 1.3 support from IBM MQ Java applications
- Support for Transport Layer Security (TLS) 1.3 in MQIPT
- Encryption of passphrases for MQTT channels
- SecureCommsOnly setting available on the queue manager
- More flexible configuration for SNI support
- OutboundSNI property for NMQI and XMS .NET clients
- Support for multiple queue manager certificates in MQIPT
- TLS support for the IBM MQ .NET XA Monitor application
- Additional configuration option to control TLS environment in C clients
- Improved password protection for IBM MQ clients using cryptographic hardware
- Scalability
- The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
- Application development
- The following capabilities first appeared in IBM MQ 9.2.x Continuous Delivery releases and are new for Long Term Support at IBM MQ 9.3.0:
License entitlement, installation, and upgrade
- New Confirm License Entitlement panel
- From IBM MQ 9.3.0, the new Confirm License Entitlement panel in the Windows interactive installer is presented after feature selection if you have chosen to install any IBM MQ Advanced features (MQ Telemetry Service, Advanced Message Security, or Managed File Transfer Service), or if you are upgrading from an installation that already has these features.
- Support for upgrading IBM MQ for Linux® without uninstalling the earlier version
- From IBM MQ 9.3.0, you can choose to upgrade IBM MQ on Linux
platforms without uninstalling the earlier version of IBM MQ. The version that you are upgrading from must be at
IBM MQ 9.2.0, or later, and no fix packs can be installed
for the earlier version. That is, the fix pack number in the version.release.modification.fixpack
(
V.R.M.F
) release identifier must be 0. - IBM MQ code signing support
- IBM MQ deliverables that you can download from IBM are signed with a digital signature. From IBM MQ 9.3.0, to aid with verifying the deliverables, IBM MQ provides an additional package that you can download from Fix Central. This package contains signatures and the public keys to verify them. For more information, see IBM MQ code signatures.
- Support for dspmqinst and setmqinst on IBM MQ for IBM i
- From IBM MQ 9.3.0, support has been added to display the IBM MQ entitlement and set or unset the High Availability Replica and non-production IBM License Metric Tool. For more information, see dspmqinst and setmqinst.
Streaming queues
- Streaming queues to realize additional value from data already flowing through IBM MQ
- IBM MQ 9.3.0 adds the streaming queues feature, which
allows you to configure a queue to put a near-identical copy of every message to a second queue.
Streaming queues can be useful in certain scenarios, where you need to create a copy of your
messages. For example:
- Streaming messages to Apache Kafka using the Kafka Connect source connector for IBM MQ. For more information, see kafka_connect_mq_source.
- Performing analysis on the data going through the system.
- Storing messages for recovery at a later time.
- Capturing a set of messages to use in development and test systems.
- Consuming IBM MQ event messages from the system event queues, and sending additional copies to other queues or topics.
Administration
- IBM MQ Console Application quick start
- Enhancements to the IBM MQ Console can help new users to get started more easily than ever before, following simple steps to create a messaging configuration with an application. For more information, see Quick tour of the IBM MQ Console.
- Remote queue manager support for the IBM MQ Console
- IBM MQ 9.3.0 adds support for managing remote queue managers in the IBM MQ Console. Adding remote queue managers to the IBM MQ Console enables you to administer all your queue managers in a single IBM MQ Console instance. The remote queue managers can be queue managers that are running in a different installation on the same system as the IBM MQ Console, or queue managers that are running on a different system. For more information, see Adding a remote queue manager to the IBM MQ Console.
- Configurable IBM MQ Console message browsing controls
- At IBM MQ 9.3.0, general updates have been made to improve the usability of the IBM MQ Console for a better user experience. These include the capability to download and view complete message contents from the IBM MQ Console, enhancing the prior previewing capability. You can configure these capabilities with three new parameters, mqConsoleMaxMsgCharsToDisplay, mqConsoleMaxMsgRequestSize and mqConsoleMaxMsgsPerRequest, that have been added to the setmqweb command. For more information, see setmqweb (set mqweb server configuration).
- Dead-letter queue handler included in client package
- The dead-letter queue (DLQ) handler can connect to a remote queue manager and is included in the client package, in addition to the server package in which it is already available. This means that the DLQ handler can now connect to either a local or remote queue manager, including an IBM MQ Appliance or cloud environment.
- New IGNSTATE parameter for using MQSC DELETE commands idempotently
- IBM MQ 9.3.0 introduces the IGNSTATE parameter for DELETE commands. This parameter allows you to specify whether you want the command to return an error return code if the object is already in the state the command would move it to. For more information about the IGNSTATE parameter and its options, see, for example, DELETE queues.
- Support for zlibNX compression library
- From IBM MQ 9.3.0, channel compression of message data that uses ZLIBFAST or ZLIBHIGH compression techniques can opt to use hardware-acceleration in IBM MQ for AIX®.
Security
- Permitting non-operating system users in the Object Authority Manager
- From IBM MQ 9.3.0, the authority model has been simplified for IBM MQ running in a container environment, where usernames cannot be managed in the traditional way. The additional UserExternal option enables you to define permissions for users without the users having to exist in a Lightweight Directory Access Protocol (LDAP) server by allowing you to specify a non-operating system user name with a maximum of 12 characters to be used both for checking and setting authorizations.
- TLS 1.3 support from IBM MQ Java applications
- From IBM MQ 9.3.0, using the Java runtime environment (JRE) provided by IBM MQ permits the use of the TLS 1.3 CipherSpecs as described in
TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS.Note: In the Java runtime environment shipped as part of IBM MQ, the Java Security Provider for FIPS has been updated from IBMJCEFIPS to IBMJCEPlusFIPS.
- Support for Transport Layer Security (TLS) 1.3 in MQIPT
- From IBM MQ 9.3.0, IBM MQ Internet Pass-Thru (MQIPT) supports Transport Layer Security (TLS) 1.3. Three new CipherSuites are provided for use with TLS 1.3.
- Encryption of passphrases for MQTT channels
- IBM MQ 9.3.0 adds support for encryption of passphrases for MQTT channels. For more information, see Encrypting passphrases for MQTT TLS channels and Migration of plain text passphrases to encrypted passphrases.
- SecureCommsOnly setting available on the queue manager
- From IBM MQ 9.3.0, a security enhancement has been deployed to allow queue managers to be configured to only allow secure communications. A warning message is issued on startup if plain text communications are enabled. For more information, see SecureCommsOnly.
- More flexible configuration for SNI support
- The Server Name Indication (SNI) extension of TLS enables a client to indicate the hostname to
which it is attempting to connect at the start of the handshaking process. From IBM MQ 9.3.0, an improvement has been made to allow the SNI to store
either the IBM MQ channel name or the hostname.
The OutboundSNI property of the SSL stanza allows you to select whether the SNI should be set to the target IBM MQ channel name to the remote system when initiating a TLS connection, or to the hostname. For more information about the OutboundSNI property, see SSL stanza of the qm.ini file and SSL stanza of the client configuration file.
- OutboundSNI property for NMQI and XMS .NET clients
- From IBM MQ 9.3.0, NMQI and XMS .NET client applications can use either a property or an environment variable to set the OutboundSNI property. In addition, the default value for this property has been changed to channel. Before IBM MQ 9.3.0 the OutboundSNI property was always set to * for the .NET clients.
- Support for multiple queue manager certificates in MQIPT
- From IBM MQ 9.3.0, per-channel certificates can be used on a queue manager for TLS connections received from IBM MQ Internet Pass-Thru (MQIPT), where the MQIPT route is configured as a TLS client.
- TLS support for the IBM MQ .NET XA Monitor application
- The IBM MQ .NET client provides an XA Monitor application, WmqDotnetXAMonitor, that you can use to recover any incomplete distributed transactions. From IBM MQ 9.3.0, the WmqdotnetXAMonitor application includes the option to establish a secure connection to the queue manager. For more information, see Using the WMQDotnetXAMonitor application and WmqDotNETXAMonitor application configuration file settings.
- Additional configuration option to control TLS environment in C clients
- A new configuration option has been added to C clients to allow a different mode of operating when creating TLS connections. For more information, see the EnvironmentScope attribute of the SSL stanza of the client configuration file.
- Improved password protection for IBM MQ clients using cryptographic hardware
- IBM MQ 9.3.0 deploys an improvement to IBM MQ clients that allows them to parse cryptographic hardware
configuration strings that contain encrypted passwords. This allows for the protection of PKCS #11
token pins inside the SSLCryptoHardware attribute in the SSL stanza of the
mqclient.ini file, and the MQSSLCRYP environment variable.Important: This is not applicable for cryptographic hardware settings provided to the queue manager using the queue manager SSLCRYP setting, or provided to client applications using the MQSCO.CryptoHardware structure field.
- User data traced by MQIPT can be configured
- From IBM MQ 9.3.0, the amount of user data in network transmissions received and sent by MQIPT routes that is traced can be configured using the TraceUserData property. If this property is not specified, only the first 64 bytes of data in network transmissions is traced.
- Support for PKCS#12 key repositories
- From IBM MQ 9.3.0 you can configure queue managers and
client applications to use PKCS#12 key repositories for TLS communications. To facilitate key
repositories with different extensions, the mechanism to provide key repositories to queue managers
or client applications has been updated to support a full file path.
For more information, see Changing the key repository location for a queue manager on AIX, Linux, and Windows and Specifying the key repository location for an IBM MQ MQI client on AIX, Linux, and Windows.
- Support for key repository passwords
- From IBM MQ 9.3.0 you can provide key repository
passwords directly to queue managers and clients, instead of requiring a stash file. To ensure the
secure storage of key repository passwords, the queue manager and client applications have been
extended to support the storage of key repository passwords encrypted using the IBM MQ Password Protection system.
For more information, see Supplying the key repository password for a queue manager on AIX, Linux, and Windows and Supplying the key repository password for an IBM MQ MQI client on AIX, Linux, and Windows.
Scalability
- Application re-balancing support
- IBM MQ 9.3.0 adds support for controlling or influencing the re-balancing behavior between uniform clusters to suit the needs of specific types of application; for example, minimizing interruptions to in flight transactions, or ensuring requester applications receive their responses before being moved.
- Support for dynamic balancing of Java Platform, Enterprise Edition inbound connections in a uniform cluster
- From IBM MQ 9.3.0, a new property dynamicallyBalanced is available when configuring ActivationSpecs. For more information, see Configuring the resource adapter for inbound communication.
- IBM MQ scaler for KEDA
- From IBM MQ 9.3.0, auto-scaling of client applications is possible based on queue depth. This feature uses the Kubernetes-based Event Driven Autoscaler (KEDA), which is a lightweight, open source solution designed to provide better scaling options for event-driven client applications on Kubernetes. You can use KEDA to scale client applications running on IBM MQ queue managers, including queue managers in containers.
Application development
- Support for the Apache Qpid JMS client library
- IBM MQ 9.3.0 adds two additional channel attributes for AMQP channels, TMPMODEL and TMPQPRFX, enabling you to set the model queue and queue prefix that you use, while creating a temporary queue using Qpid JMS. For more information, see Developing AMQP client applications and DEFINE CHANNEL.
- Point-to-point messaging on AMQP channels
- IBM MQ 9.3.0 adds point-to-point messaging support to IBM MQ AMQP channels, so that AMQP clients such as Apache Qpid™ JMS applications can connect to IBM MQ and send messages to queues or temporary queues, or receive messages from queues and temporary queues. For more information, see Developing AMQP client applications.
- Java 17 support for IBM MQ clients
- IBM MQ 9.3.0 adds Java 17 support for IBM MQ classes for Java and IBM MQ classes for JMS for Oracle and Adoptium.
- REST Messaging API: greater access to message properties when sending and receiving messages using the REST API
- The following new features provide increased access to message properties when sending or
receiving messages by using the REST API:
- A new REST API V3 has been introduced. New features are available by using the v3 version of the resource URL.
- Support for a message priority request header has been added.
- Application-specific correlation IDs can now be used (bringing the use of Correlation and Message IDs more in line with JMS).
- Support for setting and reading multiple user-defined message properties has been added.
- Support for Jakarta Messaging 3.0
- The JMS specification defines a set of named Java interfaces that software conforming to the specification must implement. From IBM MQ 9.3.0, Jakarta Messaging 3.0 is supported. This extends the set of environments in which IBM MQ can be used.