New family features
IBM MQ Version 9.0.0 delivers a new mode of operation and also support for non-IBM Java runtime environments (JREs) for Advanced Message Security, web addressable access to the Client Channel Definition Table (CCDT), support for the IBM MQ Version 9.0 resource adapter in WebSphere Application Server traditional, enhanced Unicode data support across all platforms, and logging enhancements for the Protocol Bridge Agent in Managed File Transfer.
- Additional quality of protection for AMS
- Web addressable access to the client channel definition table (CCDT)
- AMS supported in non-IBM JREs in Java clients
- Updated Resource Adapter for traditional WebSphere Application Server
- Enhanced Unicode data conversion support
- Managed File Transfer Protocol Bridge Agent logging enhancements
Additional quality of protection for AMS
To complement the existing Integrity and Privacy privacy policies, Advanced Message Security (AMS) provides a new, third alternative, Confidentiality (Encryption only with optional key reuse), in IBM MQ Version 9.0.
Significant CPU cost savings can be made with Confidentiality policies through symmetric key reuse. This new mode of operation continues to use the PKCS#7 format to share a symmetric encryption key. However, there is no digital signature, which eliminates some of the per message asymmetric key operations. The symmetric key still needs to be encrypted with asymmetric key operations for each recipient, but the symmetric key can be optionally reused over multiple messages that are destined for the same recipients. If key reuse is permitted by policy, then only the first message requires asymmetric key operations. Subsequent messages only need to use symmetric key operations. For more information, see Qualities of protection available with AMS.
Web addressable access to the client channel definition table (CCDT)
IBM MQ Version 9.0 improves the ability for clients to remain connected to IBM MQ queue managers by hosting the CCDT in a central location that is accessible through a URI, removing the need to individually update the CCDT for each deployed client. A client channel definition table can be located through a URL in any of the following ways:Note: We can use the environment variable option only for native programs connecting as clients, that is C, COBOL, or C++ applications. The environment variables have no effect for Java, JMS or managed .NET applications.
- By programming using MQCNO
- By using environment variables
- By using mqclient.ini file stanzas.
For more information, see Web addressable access to the client channel definition table.
AMS supported in non-IBM JREs in Java clients
In earlier releases, the AMS relied on IBM-provided encryption packages that were included in the Java runtime environment (JRE) or Java Secure Socket Extension (JSSE) shipped with IBM MQ and other IBM products.
From Version 9.0, the AMS has been redesigned to use an alternative crypto library, the open source Bouncy Castle implementation, which is built into the IBM MQ classes for Java and IBM MQ classes for JMS, not the JRE. This means that we can now use alternative JREs without needing to install additional libraries. For more information, see Support for non-IBM JREs.
Updated Resource Adapter for traditional WebSphere Application Server
The IBM MQ Version 9.0 resource adapter is pre-installed within WebSphere Application Server traditional Version 9.0. Therefore, there is no requirement to install a new resource adapter.Note: An IBM MQ Version 9.0 resource adapter can connect in CLIENT or BINDINGS transport mode to any in-service IBM MQ queue manager.
Enhanced Unicode data conversion support
From Version 9.0, IBM MQ supports all Unicode characters defined in the Unicode 8.0 standard in data conversion, including full support for UTF-16. For more information, see Data conversion.
In addition, a new file ccsid_part2.tbl is provided, which takes precedence over the ccsid.tbl file and:The ccsid_part2.tbl file is applicable to the following platforms only:
- Allows you to add or modify CCSID entries
- Specify default data conversion
- Specify data for different command levels
For more information, see The ccsid_part2.tbl file.
- Linux - all versions
- Solaris
- Windows
Managed File Transfer Protocol Bridge Agent logging enhancements
From Version 9.0, Managed File Transfer provides a new logging feature to capture interactions between the Protocol Bridge Agent and FTP/SFTP/FTPS file servers. The agent log is set to a level that enables the collection of first hand diagnostic information. Logging is enabled and disabled by using the new command fteSetAgentLogLevel or by using the agent.properties file.
For more information, see fteSetAgentLogLevel and The agent.properties file.