MQ Channel Encryption Overview
The MQ Channel Encryption v3.1.1 (MQCE) is a solution that provides encryption for IBM MQ (WMQ) message data over WMQ channels. In cryptography, encryption is the process of transforming information into an unreadable form (encrypted data). Decryption is the reverse process. It makes the encrypted information readable again. Only those with the key (PassPhrase) can successfully decrypt the encrypted data.
MQCE provides encryption for message data, which flows between WMQ resources. MQCE operates with WMQ v6.0, v7.0, v7.1, v7.5 and v8.0 in Windows, IBM i (OS/400), Unix and Linux environments. It operates with Sender, Receiver, Server, Requester, Cluster-Sender, Cluster-Receiver, Server Connection and Client Connection channels of the WMQ queue managers.
MQCE is a simple drop-in solution that provides cryptographic protection for WMQ queue managers. The protection can be queue manager to queue manager or client application to queue manager.
- Queue manager to queue manager protection means all messages flowing over a channel between 2 queue managers will be encrypted.
- Client application to queue manager protection means application-level message data flowing between a WMQ client application and queue manager will be encrypted.
The MQCE can be configured as a queue manager channel message exit or as a channel sender/receive exit pair.
MQCE uses Advanced Encryption Standard (AES) to encrypt the data. AES is a data encryption scheme, adopted by the US government, that uses three different key sizes (128-bit, 192-bit, and 256-bit). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.
MQCE uses the SHA-2 to create a cryptographic hash function (digital signature) for the message data.
On IBM i, Linux, Unix and Windows, MQCE can be configured and used with a non-default installation of WMQ in a multi-install MQ environment.
Encryption Exit Summary
- The encryption exit is available in 5 forms:
- Windows DLL (32-bit & 64-bit)
- Windows DLL for managed .NET (32-bit & 64-bit)
- Shared library for AIX, HP-UX, Linux and Solaris
- IBM i (OS/400) exit module
- Java JAR
- The encryption exit major features are:
- Can be configured as either queue manager to queue manager or client application to queue manager solution
- For both modes, all message data flowing over a channel will be encrypted (nothing missed or forgotten)
- Secure encryption/decryption methodology using AES with 128, 192 or 256-bit keys
- Easy to set up and configure (unlike SSL)
- No application changes required
- Uses the SHA-2 to create a cryptographic hash function (digital signature)
- Standard MQ feature, GET-with-Convert, is supported
- Provides high-level logging capability for encryption / decryption processing
- Complete programming examples that utilize the client-side encryption (send/receive) exit:
- 4 examples for the C programming language
- 4 examples for the C++ programming language
- 6 examples for the C# .NET programming language
- 10 examples for the Java and Java/JMS programming language
- 4 examples for the VB programming language
- The client-side exits are included for FREE and can be distributed to an unlimited number of remote servers or PCs with MQ client applications (the user only pays for the server-side licenses).
- The server-side exits are provided in the format of a native DLL / shared library and are currently available for AIX, HP-UX, IBM i (OS/400), Linux, Solaris and Windows. The pricing of Capitalware's MQ Channel Encryption solution is on a 'per queue manager' basis.
|Operating System||WMQ v6.0, v7.0, v7.1, v7.5 & v8.0|
|AIX v5.3, v6.1, v7.1 or higher||64-bit|
|HP-UX IA64 v11.23 or higher||64-bit|
|HP-UX RISC v11.00 & v11.11||64-bit|
|IBM i 5.4, 6.1 & 7.1, i5/OS V5R4 & OS/400||64-bit|
|Linux on POWER||64-bit|
|Linux on System z (zSeries)||64-bit|
|Solaris SPARC v8, v9, v10 & v11||64-bit|
|Solaris x86_64 v10 & v11||64-bit|
|Windows NT, 2000, 2003, 2008, 2012, XP Pro, 7, 8 & 8.1||32-bit & 64-bit|
|Product||Price (USD) *||Ordering|
|MQ Channel Encryption (per license**)||$299.00|
|Yearly maintenance and support fee||15%|
* Volume discounts available for as low as $199.00 USD per license plus 15% yearly maintenance and support fee.
** MQ Channel Encryption is licensed on a per queue manager basis.
- Each licensed user will receive:
- Full version of MQ Channel Encryption
- Free updates / upgrades to any version 3.x release.
- Email/ Help Desk support
|Enterprise License for MQ Channel Encryption:|
|Enterprise License for MQ Channel Encryption sells for $55,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of queue managers use MQ Channel Encryption at an unlimited number of locations.|