MQ Channel Encryption (MQCE) is priced at $299 USD (volume discounts available) per queue manager plus 15% yearly maintenance and support fee. SSL costs roughly $400 per certificate per year from a 3rd party CA (Certificate Authority). Hence, MQCE’s initial cost is cheaper than SSL and the ongoing yearly cost of MQCE is substantially cheaper than the yearly SSL certificate cost (i.e. $45 vs $400).
When a user purchases MQCE licenses, they receive permanent MQCE license keys (i.e. do not expire). SSL certificates expire yearly. If the MQAdmin forgets to update a queue manager’s SSL certificate and it expires, then the channels using SSL stop working.
If the MQAdmin has 50, 100 or more queue managers, how much time is wasted each year by the MQAdmin, just to update each queue manager’s SSL certificate?
- Other Disadvantages of SSL:
- There is no logging capability to see who accessed which queue manager (MQCE has logging capability).
- This form of security is only as secure as the integrity of the client side certificates. Anyone who possesses a copy of the certificate will have full access.
- SSL is dangerous on a Windows PC because a user can copy the ‘keystore’ file to another PC and use the use the ‘keystore’ to successfully connect to the queue manager from the other PC! (i.e. The user can boot the PC from floppy and copy the ‘keystore’ file to diskette.)
For more information about MQCE, please go to:
https://www.capitalware.com/mqce_overview.html
Food for thought.
Regards,
Roger Lacroix
Capitalware Inc.
