This course will teach delegates the requirements for providing a secure WebSphere MQ infrastructure and the techniques for its implementation.

General concepts in security will be explained including authentication, non-repudiation, data integrity, encryption and decryption.  How these are applied to WebSphere MQ will be covered in detail.

Particular issues relevant to client security will be highlighted.

Delegates will learn the concepts of Secure Sockets Layer (SSL) and how to configure WebSphere MQ to use this technology on various platforms. This will be contrasted with the use of channel exits.

Defining security on MQ objects using the OAM and the use of groups to facilitate this will be detailed.

Note: This course is primarily aimed at delegates who currently (or intend to) work with WebSphere MQ v5.3 or later. SSL is not supported in earlier versions, though the MQSeries Internet Pass Thru support pac does provide similar functionality and this will be covered briefly in the course.

Course Strategy

The strategy for this course is to provide delegates with a clear understanding of the importance of defining an appropriately secured WebSphere MQ environment and how to achieve this on various platforms using the facilities provided within the product.  Lectures will cover the concepts and techniques on a range of platforms which will be supplemented with a series of practical exercises. The exercises will be carried out using WebSphere MQ on a Windows platform.  It is not intended to perform practical exercises on UNIX or zOS.

Audience

The intended audience are architects and administrators from both customer and business partner organisations.  Security personnel may also benefit from this course if they are to be involved with the administration of WebSphere MQ security but they should already be familiar with the concepts of messaging and in particular as it applies to WebSphere MQ.

It is NOT suitable for a novice to attend this course.

Delegates should be experienced WebSphere MQ or security personnel who have been identified as requiring the ability to set up and customise the MQ security infrastructure.

Pre-requisites

The major pre-requisite skill is in-depth knowledge of WebSphere MQ administration.

To do the practical exercises knowledge of the Windows environment is necessary.

The following additional skills will be very helpful:

• Knowledge of security concepts 
• RACF administration (optional)

Objectives

After completing this course, delegates should be able to:

• Describe how Secure Sockets Layer (SSL) works 
• Implement SSL in WebSphere MQ 
• Identify key issues associated with WebSphere MQ client security 
• Configure WebSphere MQ for use with firewalls 
• Secure WebSphere MQ objects using the OAM 
• Understand context security and the use of alternate user authority 
• Detail the additional considerations for using WebSphere MQ with RACF on zOS

Delegates should also be able to define the following security concepts:

• Authentication 
• Non-repudiation 
• Encryption and decryption 
• Data integrity

Agenda

• Welcome 
• Overview of security concepts and facilities in WebSphere MQ 
• Firewalls 
• Secure Sockets Layer (SSL) explained 
• Implementing SSL in WebSphere MQ 
• MQSeries Internet Pass Thru 
• Certificate Revocation Lists (CRL) 
• Object Authority Manager (OAM) 
• Context security and alternate user authority 
• Client and cluster security issues 
• Implementing WebSphere MQ security with RACF 
• Security packages 
• WebSphere MQ security review and recommendations