Features and functions of Advanced Message Security
Advanced Message Security expands IBM® MQ security services to provide data signing and encryption at the message level. The expanded services guarantee that message data has not been modified between when it is originally placed on a queue and when it is retrieved. In addition, AMS verifies that a sender of message data is authorized to place signed messages on a target queue.
AMS provides the following functions:
- Secures sensitive or high-value transactions processed by IBM MQ.
- Detects and removes rogue or unauthorized messages before they are processed by a receiving application.
- Verifies that messages were not modified while in transit from queue to queue.
- Protects the data not only as it flows across the network but also when it is put on a queue.
- Secures existing proprietary and customer-written applications for IBM MQ.
![[z/OS]](ngzos.gif)
![[MQ 9.2.0 Jul 2020]](ng920.gif)
From IBM MQ 9.1.3,
IBM MQ for z/OS® provides the ability to optionally remove and
add AMS protection from, or to, messages that flow across the network, respectively. This is known
as Server to Server Message Channel Agent (MCA) Interception..![[AIX, Linux, Windows]](ngalw.gif)
From IBM MQ 9.1.4 and IBM MQ 9.1.0 Fix Pack 4, a check is added to the IBM MQ library code that runs within the customer's application
program. The check runs early in its initialization to read the value of the environment variable
AMQ_AMS_FIPS_OFF and, if it is set to any value, then the GSKit code is run
in non-FIPS mode in that application.