New family features
IBM® MQ 9.0.0 delivers a new mode of operation and also support for non-IBM Java runtime environments (JREs) for Advanced Message Security, web addressable access to the Client Channel Definition Table (CCDT), support for the IBM MQ 9.0 resource adapter in WebSphere® Application Server traditional, enhanced Unicode data support across all platforms, and logging enhancements for the Protocol Bridge Agent in Managed File Transfer.
- Additional quality of protection for AMS
- Web addressable access to the client channel definition table (CCDT)
- AMS supported in non-IBM JREs in Java clients
- Updated Resource Adapter for traditional WebSphere Application Server
- Enhanced Unicode data conversion support
- Managed File Transfer Protocol Bridge Agent logging enhancements
Additional quality of protection for AMS
To complement the existing Integrity
and Privacy
privacy
policies, Advanced Message Security (AMS) provides a new, third alternative,
Confidentiality
(Encryption only with optional key reuse), in IBM MQ 9.0.
Significant CPU cost savings can be made with Confidentiality
policies through
symmetric key reuse. This new mode of operation continues to use the PKCS#7 format to share a
symmetric encryption key. However, there is no digital signature, which eliminates some of the per
message asymmetric key operations. The symmetric key still needs to be encrypted with asymmetric key
operations for each recipient, but the symmetric key can be optionally reused over multiple messages
that are destined for the same recipients. If key reuse is permitted by policy, then only the first
message requires asymmetric key operations. Subsequent messages only need to use symmetric key
operations. For more information, see Qualities of protection available with AMS.
Web addressable access to the client channel definition table (CCDT)
- By programming using MQCNO
- By using environment variables
- By using mqclient.ini file stanzas.
For more information, see Web addressable access to the client channel definition table.
AMS supported in non-IBM JREs in Java clients
In earlier releases, the AMS relied on IBM-provided encryption packages that were included in the Java runtime environment (JRE) or Java Secure Socket Extension (JSSE) shipped with IBM MQ and other IBM products.
From IBM MQ 9.0, the AMS has been redesigned to use an alternative crypto library, the open source Bouncy Castle implementation, which is built into the IBM MQ classes for Java and IBM MQ classes for JMS, not the JRE. This means that you can now use alternative JREs without needing to install additional libraries. For more information, see Support for non-IBM JREs.
Updated Resource Adapter for traditional WebSphere Application Server
Enhanced Unicode data conversion support
From IBM MQ 9.0, the product supports all Unicode characters defined in the Unicode 8.0 standard in data conversion, including full support for UTF-16. For more information, see Data conversion.
ccsid_part2.tbl
is provided, which takes precedence over
the ccsid.tbl
file and:- Allows you to add or modify CCSID entries
- Specify default data conversion
- Specify data for different command levels
- Linux® - all versions
- Solaris
- Windows
Managed File Transfer Protocol Bridge Agent logging enhancements
From IBM MQ 9.0, Managed File Transfer provides a new logging feature to capture interactions between the Protocol Bridge Agent and FTP/SFTP/FTPS file servers. The agent log is set to a level that enables the collection of first hand diagnostic information. Logging is enabled and disabled by using the new command fteSetAgentLogLevel or by using the agent.properties file.
For more information, see fteSetAgentLogLevel and The agent.properties file.