Features and functions of Advanced Message Security
Advanced Message Security expands IBM MQ security services to provide data signing and encryption at the message level. The expanded services guarantee that message data has not been modified between when it is originally placed on a queue and when it is retrieved. In addition, AMS verifies that a sender of message data is authorized to place signed messages on a target queue.
AMS provides the following functions:
- Secures sensitive or high-value transactions processed by IBM MQ.
- Detects and removes rogue or unauthorized messages before they are processed by a receiving application.
- Verifies that messages were not modified while in transit from queue to queue.
- Protects the data not only as it flows across the network but also when it is put on a queue.
- Secures existing proprietary and customer-written applications for IBM MQ.
- From IBM MQ Version 9.1.3, IBM MQ for z/OS provides the ability to optionally remove and add AMS protection from, or to, messages that flow across the network, respectively. This is known as Server to Server Message Channel Agent (MCA) Interception..
- From IBM MQ Version 9.1.4 and IBM MQ Version 9.1.0, Fix Pack 4, a check is added to the IBM MQ library code that runs within the customer's application program. The check runs early in its initialization to read the value of the environment variable AMQ_AMS_FIPS_OFF and, if it is set to any value, then the GSKit code is run in non-FIPS mode in that application.
Parent topic: Overview of Advanced Message Security