Server-to-server message channel interception example configurations

Server-to-server message channel interception requires configuration of channel definitions, as well as Advanced Message Security policies, to ensure that inbound and outbound messages can be correctly protected or unprotected. The configuration varies depending on whether the channel is inbound or outbound.


Inbound channel

The following example shows a typical configuration for an inbound channel of type receiver, and provides details of the AMS policy required to protect unprotected inbound messages:
Figure 1. Inbound configuration
The example shows:

  • Queue manager QMA
  • Channel TO.QMA
  • Local queue DESTQ

Use the following code:

DEFINE CHANNEL(TO.QMA) CHLTYPE(RCVR) SSLCAUTH(REQUIRED) SSLCIPH(ANY_TLS12) TRPTYPE(TCP) SPLPROT(ASPOLICY)

DEFINE QLOCAL(DESTQ) DESCR(‘AMS PROTECTED QUEUE')

setmqspl -m QMA -p DESTQ -e AES256 -r CN=TEST,O=ORG,C=US
Note: The policy described in the preceding text encrypts messages only; that is, AMS Confidentiality.

See setmqspl and the message security policy (CSQ0UTIL) for information on using setmqspl on z/OS .


Outbound channel

The following example shows a typical configuration for an outbound channel of type sender. The example provides details of the AMS policies required to protect messages put to the remote queue, and to unprotect and send messages got from the transmission queue:
Figure 2. Outbound configuration
The example shows a:

  • Queue manager QMA
  • Channel TO.BP
  • Local transmission queue TO.BP.XMITQ
  • Remote queue REMOTE.BPQ

use the following code:

DEFINE CHANNEL(TO.BP) CHLTYPE(SDR) SSLCAUTH(REQUIRED) SSLCIPH(ANY_TLS12) TRPTYPE(TCP) SPLPROT(REMOVE) CONNAME(‘server(1414)') XMITQ(TO.BP.XMITQ)

DEFINE QLOCAL(TO.BP.XMITQ) DESCR(‘TRANSMISSION QUEUE FOR TO.BP') USAGE(XMITQ)

DEFINE QREMOTE(REMOTE.BPQ) DESCR(‘REMOTE QUEUE TO BP') RNAME(BP.LOCALQ) RQMANME(BPQM) XMITQ(TO.BP.XMITQ)

setmqspl -m QMA -p TO.BP.XMITQ -e AES256 -r CN=TEST,O=ORG,C=US

setmqspl -m QMA -p REMOTE.BPQ -e AES256 -r CN=TEST,O=ORG,C=US
Note: The policy described in the preceding text encrypts messages only; that is, AMS Confidentiality. Parent topic: Security scenarios