Looking back on 2015

In this post we look back on the year that was 2015 and what happened in both IBM MQ, and MQGem Software.

New Versions

Both IBM MQ and MQGem Software products had a number of new releases in 2015.

MQGem Software products

Three new versions of our premier product, MO71 – a graphical administrative product for IBM MQ. Version 8.0.2 was released in January, 8.0.3 was released in April, and 8.0.4 was released in November.

A new version of MQSCX – our extended MQSC product, version 8.0.1, was released in May.

A new product, QLOAD V8.0.1 was released in June, with an initial three month free trial period.

IBM MQ Fix Packs and new function

One new Fix Pack on IBM WebSphere MQ V7.0.1. Fix Pack 7.0.1.13 was released in August. Two new Fix Packs on IBM WebSphere MQ V7.1. Fix Pack 7.1.0.7 in November, and 7.1.0.6 in January. One new Fix Pack on IBM WebSphere MQ V7.5. Fix Pack 7.5.0.5 was released in May.

Three new Fix Packs on IBM MQ V8. Fix Pack 8.0.0.2 in February – introducing new Command Level 801, 8.0.0.3 in June – introducing new Command Level 802 and new function, and 8.0.0.4 in October also adding new function.

IBM delivered the new MQ Appliance M2000 in February. Here’s the Announce Letter, Blog Post and Video. An IBM Redbook was released in November: Integrating the IBM MQ Appliance into your IBM MQ Infrastructure. Later in the year, it then delivered on the SoD with the DR capability added to the appliance – read more about it in How the IBM MQ Appliance Brings MQ and High Availability Together.

IBM provided the MQLight function, and AMQP client protocol in IBM MQ, as part of FixPack 8.0.0.4 in October. Read more about it in MQ support for MQ Light and AMQP 1.0 released in 8.0.0.4.

Videos

At your request, dear customers, MQGem Software has created a number of videos of our products. Each product has a playlist.

YouTube

The MO71 playlist contains the following 7 videos.

The MQSCX playlist contains the following two videos.

Conference Events

There have been quite a number of events throughout 2015 that have had IBM MQ content delivered at them. I hope you were able to attend at least one. The presentation material is online for many of these events, and download links are shown below where we are aware of them.

Online articles

There have been some really great blog posts written throughout 2015. Lots of the guys in IBM Hursley have been blogging about the new features they have been releasing throughout the year. The IBM MQ Blogosphere has really grown over 2015. Read more in IBM MQ Blogosphere.

 
2015 has been a great year for all things MQ. MQGem wishes all its customers, readers, and friends a Happy and Prosperous 2016. HAPPY NEW YEAR!

Advertisement

MQGem products support Command Level 802

With the release of the latest Fix Pack on V8, V8.0.0.3, there was the introduction of a new Command Level 802. Read more about Fix Pack 3 and what’s in Command Level 802 in the following posts.

With the newest revisions of MQSCX V8.0.1 and MO71 V8.0.3, both these MQGem Software products now support Command Level 802.

Read more about the other features in these releases of our products:-

MQ V8.0.0.3 is available – What does that mean for you?

On Thursday 18th June, IBM released V8.0.0 Fix Pack 3 for the MQ product.

https://twitter.com/IBM_WMQ/status/611914329986867201

You can obtain this Fix Pack from IBM Fix Central from the above link.

What does this Fix Pack mean to you?

Defect Fixes

First and foremost, this is a Fix Pack and contains fixes to various defects. The list of defects that have been fixed can be found here. Note that MQ Fix Packs are cumulative service, meaning that all the fixes from previous Fix Packs are included, so you’ll get all the fixes from Fix Pack 2, for example, even if you didn’t have that Fix Pack installed before.

Security Fixes

The table of fixes in the above link indicates, in the first two columns, whether the fix is a security APAR or a HIPER APAR. Fix Pack 3 contains 2 security APARs and 1 HIPER APAR.

The security and HIPER APARs from Fix Pack 3
Security
APAR
HIPER
APAR
APAR Description
  IT07224 CVE-2015-1957
  IT08199 CVE-2015-1967
  IV70337 Memory errors with cluster queue managers when putting applications are using queues with the DEFBIND(GROUP) attribute

T.Rob reminds us that where security fixes are concerned, to stay compliant, you have a limited amount of time to get this Fix Pack applied. The time span will vary depending on what your shop has dictated, or your business partners have dictated or whether you are trying to stay compliant with a particular system, for example PCI-DSS.

https://twitter.com/tdotrob/status/611938172008824832

Here are some good articles on the subject:-

New Function

This Fix Pack also releases some new functions.

PAM Authentication

The first delivers RFE 61007 which requested that the Connection Authentication feature introduced in IBM MQ V8 should make use of Pluggable Authentication Module (PAM).

Mark Taylor introduces us to this new function in FixPac 3.

 
To use this new function you need to run a special variant of the strmqm command to set the new command level, as described in an earlier blog post about the 801 Queue Manager.

Due to the introduction of this new function, which contains a new object attribute, there is a new Command Level 802, so the post I originally wrote for the new Command Level 801 has been updated to include the small number of changes for 802 as well.

Extended “Queue Manager Active” Events

The second is some new information in the Queue Manager Active Event which helps when running a multi-instance queue manager by adding both the hostname that the queue manager is running on and indicating whether standby is permitted or not.

Mark Taylor has another video for us on this new function.

 
You can see the details of this extra data in the event reference section of Knowledge Center.

More Deprecated CipherSpecs

Does this count as new function or not? Well, one thing that is new is the way you re-enable these deprecated CipherSpecs if you’re unlucky enough to still have requirements to use these weaker algorithms. Read all about it in another blog post, “Deprecated CipherSpecs”.

Giving channel exits access to details of Remote connection

There are two fields that tell you a lot of information about the remote connection, and those are Remote Product (RPRODUCT) and Remote Version (RVERSION). You can read more about these fields in IBM MQ Little Gem #2: RPRODUCT and RVERSION. These fields were previously only available on the DISPLAY CHSTATUS command. In this Fix Pack they are extended to be available to channel exits by being provided in the channel exits parameter structure (MQCXP). This change delivers RFE 60616 which notes that it will be delivered on z/OS at some future point. Here is a snippet of the end of the structure definition from Fix Pack 3 so that you can see the fields. You can read more details in Knowledge Center: MQCXP fields RemoteProduct and RemoteVersion.

typedef struct tagMQCXP MQCXP;
typedef MQCXP MQPOINTER PMQCXP;

struct tagMQCXP {
:
  MQCHAR4   RemoteProduct;            /* The identifier for the */
                                      /* remote product */
  MQCHAR8   RemoteVersion;            /* The version of the remote */
                                      /* product */
  /* Ver:9 */
};

Next MQLight Beta Phase

The next phase of the MQLight Beta relies upon Fix Pack 8.0.0.3. Among other things it adds CHLAUTH rules and SSL/TLS support to the AMQP channels. You can read more about the changes in this blog post by Matthew Whitehead.


IBM Certified Specialist

Morag Hughson is a Certified IBM MQ Specialist
IBM Certified System Administrator – MQ V8.0
Find her on: LinkedIn: http://uk.linkedin.com/in/moraghughson   Twitter: https://twitter.com/MoragHughson   SlideShare: http://www.slideshare.net/moraghughson

What’s in Command Levels 801 and 802

MQ 801 Goody Bag

IBM MQ V8.0.0 Fix Pack 2 introduces a new Command Level, 801, and Fix Pack 3 introduces Command Level 802. Read What is an 801 Queue Manager? for details on how to enable these new Commmand Levels.

This post captures the changes that are available once you have an 801 or 802 Queue Manager.

LDAP Authorization

The V8.0.0 Connection Authentication feature which checked your user ID and password has been extended in V8.0.0.2 to allow LDAP authorization as well. The new fields that allow you to configure this on an AUTHTYPE(IDPWLDAP) Authentication Information object are protected by the 801 Command Level.

New Attribute MQSC name
See DEF AUTHINFO
Look for KC 8002 indicator
PCF constant and values
See Create Authentication Information
Look for KC 8002 indicator
LDAP Auth Method

AUTHORMD

  • OS
  • SEARCHGRP
  • SEARCHUSR

MQIA_LDAP_AUTHORMD (263)

  • MQLDAP_AUTHORMD_OS (0)
  • MQLDAP_AUTHORMD_SEARCHGRP (1)
  • MQLDAP_AUTHORMD_SEARCHUSR (2)
LDAP Group Object Class CLASSGRP

MQCA_LDAP_GROUP_OBJECT_CLASS (2133)

  • String of length MQ_LDAP_CLASS_LENGTH (128)
LDAP Base DN Group BASEDNG

MQCA_LDAP_BASE_DN_GROUPS (2132)

  • String of length MQ_LDAP_BASE_DN_LENGTH (1024)
LDAP Group Attr Field GRPFIELD

MQCA_LDAP_GROUP_ATTR_FIELD (2134)

  • String of length MQ_LDAP_FIELD_LENGTH (128)
LDAP Find Group FINDGRP

MQCA_LDAP_FIND_GROUP_FIELD (2135)

  • String of length MQ_LDAP_FIELD_LENGTH (128)
LDAP Group Nesting

NESTGRP

  • NO
  • YES

MQIA_LDAP_NESTGRP (264)

  • MQLDAP_NESTGRP_NO (0)
  • MQLDAP_NESTGRP_YES (1)

PAM Authentication

The V8.0.0 Connection Authentication feature which checked your user ID and password has been extended in V8.0.0.3 to allow PAM authentication as a choice. The new field that allows you to configure this on an AUTHTYPE(IDPWOS) Authentication Information object is protected by the 802 Command Level.

New Attribute MQSC name
See DEF AUTHINFO
Look for KC 8003 indicator
PCF constant and values
See Create Authentication Information
Look for KC 8003 indicator
Authentication Method

AUTHENMD

  • OS
  • PAM

MQIA_AUTHENTICATION_METHOD (266)

  • MQAUTHENTICATE_OS (0)
  • MQAUTHENTICATE_PAM (1)

Channel Status

Channels now show the security protocol in use – helping those people who were unsure how to answer the oft-asked question after the POODLE vulnerability, “are you still using an SSL CipherSpec?” Now instead of looking up your CipherSpec in the table in Knowledge Center, you can instead see this information output in the channel status display. Read more about this in Know your protocol.

New Attribute MQSC name
See DIS CHSTATUS
Look for KC 8002 indicator
PCF constant and values
See Inquire Channel Status
Look for KC 8002 indicator
Security Protocol

SECPROT

  • NONE
  • SSLV3
  • TLSV1
  • TLSV12

MQIACH_SECURITY_PROTOCOL (1645)

  • MQSECPROT_NONE (0)
  • MQSECPROT_SSLV30 (1)
  • MQSECPROT_TLSV10 (2)
  • MQSECPROT_TLSV12 (4)

AMQP Channel

In support of the MQLight in IBM MQ Beta, there is a whole new channel type with an associated set of channel attributes added. This is not yet documented in Knowledge Center but is visible when operating a queue manager at Command Level 801, and in the header files for PCF applications. Along with the Beta download that enables some of these attributes, there is a PDF of instructions on how to use the attributes available at the above link for the Beta. Be aware that although you can view and set all these attributes, not all of them are implemented by the current Beta. Get involved with the Beta program and read the PDF file mentioned above to see which attributes are currently usable.

New Attribute MQSC name PCF constant and values
Channel Type

CHLTYPE

  • AMQP

MQIACH_CHANNEL_TYPE (1511)

  • MQCHT_AMQP (11)
Description DESCR

MQCACH_DESC (3502)

  • String of length MQ_CHANNEL_DESC_LENGTH
Port PORT

MQIACH_PORT (1522)

  • Value in the range 1 – 65335
Local Address LOCLADDR

MQCACH_LOCAL_ADDRESS (3520)

  • String of length MQ_LOCAL_ADDRESS_LENGTH
SSL/TLS Certificate Label CERTLABL

MQCA_CERT_LABEL (2121)

  • String of length MQ_CERT_LABEL_LENGTH
SSL/TLS Cipher Spec SSLCIPH

MQCACH_SSL_CIPHER_SPEC (3544)

  • String of length MQ_SSL_CIPHER_SPEC_LENGTH
SSL/TLS Client Auth SSLCAUTH

MQIACH_SSL_CLIENT_AUTH (1568)

  • String of length MQ_SSL_CIPHER_SPEC_LENGTH
SSL/TLS Peer Name SSLPEER

MQCACH_SSL_PEER_NAME (3545)

  • String of length MQ_SSL_PEER_NAME_LENGTH
Alteration Date ALTDATE

MQCA_ALTERATION_DATE (2027)

  • String of length MQ_DATE_LENGTH
Alteration Time ALTTIME

MQCA_ALTERATION_TIME (2028)

  • String of length MQ_TIME_LENGTH
AMQP Keep Alive AMQPKA

MQIACH_AMQP_KEEP_ALIVE (1644)

  • Values in the range 0 – 99 999
  • MQKAI_AUTO
Use Client Identifier

USECLTID

  • YES
  • NO

MQIACH_USE_CLIENT_ID (1629)

  • MQUCI_YES (1)
  • MQUCI_NO (0)
Max Message Length MAXMSGL

MQIACH_MAX_MSG_LENGTH (1510)

  • Values in the range 0 – 100MB
MCA UserId MCAUSER

MQCACH_MCA_USER_ID (3527)

  • String of length MQ_MCA_USER_ID_LENGTH
Max Instances MAXINST

MQIACH_MAX_INSTANCES (1618)

  • Values in the range 0 – 999 999 999

Display Connection

With the introduction of the AMQP channel in CommandLevel 801, there is also a new attribute returned when you display application connections.

New Attribute MQSC name
See DIS CONN
Look for KC 8002 indicator
PCF constant and values
AMQP Client ID CLIENTID

MQCACF_AMQP_CLIENT_ID (3207)

  • String of length MQ_AMQP_CLIENT_ID_LENGTH (256)

Queue Manager Object

With the introduction of the AMQP channel in CommandLevel 801, there is also a new attribute on the queue manager object.

New Attribute MQSC name PCF constant and values
AMQP Capability

AMQPCAP

  • NO
  • YES

MQIA_AMQP_CAPABILITY (265)

  • MQCAP_NOT_SUPPORTED (0)
  • MQCAP_SUPPORTED (1)

You can get the equivalent information for earlier Command Levels from these posts.


IBM Certified Specialist

Morag Hughson is a Certified IBM MQ Specialist
IBM Certified System Administrator – MQ V8.0
Find her on: LinkedIn: http://uk.linkedin.com/in/moraghughson   Twitter: https://twitter.com/MoragHughson   SlideShare: http://www.slideshare.net/moraghughson

What is an 801 Queue Manager?

So you’ve been told you need an 801 queue manager for some new function. But what does that mean exactly?

What is MQ 801?

What is MQ 801?


IBM MQ has two sets of numbers that are important when identifying what queue manager you have. You have the 4-digit version number V.R.M.F – that’s Version, Release, Modification and FixPack. This is the number you will see output by the dspmqver command. Its purpose to identify what level of code you are running, and service will always be interested to know your full V.R.M.F. if you raise a PMR for example.

Name: WebSphere MQ

Version: 7.5.0.2

Level: p750-002-131001_DE

BuildType: IKAP – (Production)

Platform: WebSphere MQ for Windows

Mode: 32-bit

The other number you will encounter is the command level. This is the number you will see output by the DISPLAY QMGR command in the CMDLEVEL field (the VERSION is also part of this command’s output in newer versions of MQ). The purpose of CMDLEVEL is to convey what commands, object types and attributes the command server understands, and is thus used by administration tools to ensure that they send appropriate commands to the command server. It has been available since the very first version of MQ, so you can ask any queue manager for its CMDLEVEL and it will be able to respond. It is also an MQINQ-able field as another way to discover it.

1 : DISPLAY QMGR CMDLEVEL VERSION

AMQ8408: Display Queue Manager details.

QMNAME(QM1) CMDLEVEL(750)

VERSION(07050002)

It is generally the case that the V.R.M part of the 4-digit number matches the Command Level (as in the above V7.5.0 examples), but not always. If new attributes, object types or commands are introduced in a FixPack, then the command level must be increased (to allow administrative tools to discover that the command server will accept these new attributes) but the V.R.M.F only changes in the 4th digit. This happened in FixPack V7.1.0.2 where Command Level 711 was introduced to cover the new attribute CERTVPOL, and it has happened again in FixPack V8.0.0.2 where Command Level 801 has been introduced to cover a number of new attributes.

Since this is new function being shipped through the Service stream, it is not enabled by default. FixPacks can be removed and so the queue manager must be able to revert to running without the code from a FixPack. It cannot revert once a change has been made to the Command Level. So the user wishing to make use of the new features protected by the Command Level has to do a positive action to enable the new Command Level which at the same times confirms that this queue manager will not be able to revert back to previous level.

So what is this action that must be done to choose to use the new Command Level? It’s an extra parameter on the strmqm command. Note that when you issue this command it only alters the Command Level, it doesn’t actually start the queue manager. So once complete, you must then issue a normal strmqm command.

strmqm -e CMDLEVEL=801 QM2

When you issue this command to upgrade the Command Level with the above command, you’ll see a message confirming this at the end of the start-up messages.

WebSphere MQ queue manager ‘QM2’ starting.

The queue manager is associated with installation ‘800FP2’.

5 log records accessed on queue manager ‘QM2’ during the log replay phase.

Log replay for queue manager ‘QM2’ complete.

Transaction manager state recovered for queue manager ‘QM2’.

Migrating objects for queue manager ‘QM2’.

Default objects statistics : 3 created. 0 replaced. 0 failed.

New functions up to command level 801 enabled.

As you can see from the above messages, this also migrates the queue manager. This is always the case the first time a queue manager starts up with a new command level, and is true whether the change to the command level was caused as the result of a version-to-version upgrade, or this method of selecting a command level delivered in a Fix Pack. Remember that migration is never reversible. You can read more in Maintenance, upgrade, and migration.

This post equally applies if you need an 802 queue manager, just change the number accordingly. The 802 Command Level was released with V8.0.0 Fix Pack 3.

Now you have an 801 queue manager! To find out what you can do with it, read What’s in Command Level 801


IBM Certified Specialist

Morag Hughson is a Certified IBM MQ Specialist
IBM Certified System Administrator – MQ V8.0
Find her on: LinkedIn: http://uk.linkedin.com/in/moraghughson   Twitter: https://twitter.com/MoragHughson   SlideShare: http://www.slideshare.net/moraghughson