Summary of contents of MQ V8.0.0.4. See https://youtu.be/FGb_XMmdLB0 for video version.

1. © 2015 IBM Corporation
IBM Software Group WebSphere Software
IBM Confidential
IBM MQ Version 8.0.0.4
for Distributed platforms
Summary
Mark Taylor

2. Overview – "Continuous Delivery"
 V8.0.0.3 FixPack released June 18 for all distributed platforms
– New function alongside the usual APARs
 Some function automatically enabled, some needs specific configuration
– Often gated by CMDLEVEL (similar to NEWFUNC on z/OS)
– Use of all V8.0.0.3 function requires setting CMDLEVEL to 802
 V8.0.0.4 FixPack released October 2015
– More new function
– Various RFEs satisfied
– No new CMDLEVEL needed to use new function

3. Message Expiry Cap
 An attribute that enforces an expiry limit for messages
 Allows administrators to override application behaviour
– If app asks for too large (or unlimited) expiry value, it is set to the cap
 Initial implementation using CUSTOM on queues and topics
– ALTER QL(X) CUSTOM('CAPEXPRY(nnn)')
– ALTER TOPIC(X) CUSTOM('CAPEXPRY(ASPARENT)')
 "CUSTOM" is another mechanism for new features in service stream
– Any future MQ version would migrate the function to a real attribute
– May change spellings, details when made first-class attribute
RFE 21984,
37837

4. Event formatting sample program
 No sample ever shipped to format "standard" events
– Authorisation, queue full, service interval, command/config etc
– Other samples are available for acct/stats, activity reports
– Several SupportPacs but product only has out-of-date source code in the KC
 New sample amqsevt formats events into readable English-ish text
– Option to stay with full MQI constant name instead of making it look nice
– Uses MQCB to read from multiple event queues. No polling required
– Can connect as client to any remote queue manager including z/OS
– Source code included

5. Examples
**** Message #1 (320 Bytes) on Queue SYSTEM.ADMIN.QMGR.EVENT ****
Event Type : Queue Mgr Event [44]
Reason : Unknown Alias Base Queue [2082]
Event created : 2015/07/07 10:54:51.17 GMT
Queue Mgr Name : V8003_A
Queue Name : EVT.NO.BASE.QUEUE
Base Object Name : EVT.NOT.DEFINED
Appl Type : Unix
Appl Name : amqsput
Base Type : Queue
**** Message #4 (300 Bytes) on Queue SYSTEM.ADMIN.QMGR.EVENT ****
Event Type : Queue Mgr Event[44]
Reason : Not Authorized [2035]
Event created : 2015/07/07 10:54:51.30 GMT
Queue Mgr Name : V8003_A
Reason Qualifier : Open Not Authorized
Queue Name : EVT.NO.PUT
Open Options : 0x00002010 [ fiq out ]
User Identifier : db2inst1
Appl Type : Unix
Appl Name : amqsput

6. MQI string formatting assistance
 C header file now included to help convert MQI numbers to strings
 Many developers have MQI strerror-like functions
– The hard work is now done for you
– The new cmqstrc .h is automatically updated (300+ new verbs!)
 Similar to Java MQConstants.lookup() capability for all sets of constants
printf("Error is %sn",MQRC_STR(2035));
printf("Completion Code is %sn",MQCC_STR(CompCode));
printf("%s is %sn",
MQIA_STR(MQIA_PLATFORM),MQPL_STR(MQPL_UNIX));
will show
MQRC_NOT_AUTHORIZED
MQCC_OK
MQIA_PLATFORM is MQPL_UNIX

7. Command/Configuration Events for security changes
 Configuration events give an audit trail of object changes
• Reports complete set of object attributes
 Command events are "who did what, how"
– Show which parameters were used in the command
 Existing command events for MQSC SET AUTHREC and PCF
equivalent
– Not for setmqaut
 No config events for any of these operations
 V8.0.0.4 adds command events for setmqaut
 Also adds configuration events for all mechanisms
RFE 53559

8. Example
**** Message #1 (324 Bytes) on Queue SYSTEM.ADMIN.COMMAND.EVENT ****
Event Type : Command Event
Reason : Command MQSC
Event created : 2015/07/07 10:26:47.82 GMT
Correlation Id : 414D5120563830335F41202020202CC001F03
COMMAND CONTEXT
Event User Id : metaylor
Event Origin : Console
Event Queue Mgr : V8003_A
Command : Set Auth Rec
COMMAND DATA
Auth Profile Name : self
Object Type : Queue Mgr
Principal Entity Names : db2inst1
Auth Add Auths : Connect
$ setmqaut -m V8003_A -t qmgr -p db2inst1 +connect
The setmqaut command completed successfully.

9. **** Message #2 (316 Bytes) on Queue SYSTEM.ADMIN.CONFIG.EVENT ****
Event Type : Config Event
Reason : Config Change Object
Object state : Before Change
Correlation Id : 414D5120563830335F41202020202CC001F03
Event created : 2015/07/07 10:26:47.82 GMT
Event User Id : metaylor
Event Origin : Console
Event Queue Mgr : V8003_A
Object Type : Auth Rec
Auth Profile Name : self
Auth Rec Type : Queue Mgr
Entity Name : db2inst1
Entity Type : Principal
Authorization List : None
**** Message #3 (316 Bytes) on Queue SYSTEM.ADMIN.CONFIG.EVENT ****
Event Type : Config Event
Reason : Config Change Object
Object state : After Change
Correlation Id : 414D5120563830335F41202020202CC001F03
Event created : 2015/07/07 10:26:47.82 GMT
Event User Id : metaylor
Event Origin : Console
Event Queue Mgr : V8003_A
Object Type : Auth Rec
Auth Profile Name : self
Auth Rec Type : Queue Mgr
Entity Name : db2inst1
Entity Type : Principal
Authorization List : Connect

10. Certificate expiry made easier to parse
 New option for runmqakm to print dates in a standard format
$ ./runmqakm -cert -list -db ./key.kdb –pw passw0rd –expiry –rfc3339
Certificates found
* default, - personal, ! trusted, # secret key
! "Entrust.net Certification Authority (2048)"
Not After : 2019-12-24T18:20:51Z
! "Entrust.net Client Certification Authority"
Not After : 2019-10-12T19:54:30Z
! "Entrust.net Global Client Certification Authority"
Not After : 2020-02-07T16:46:40Z
RFE 65496
$ ./runmqakm -cert -list -db ./key.kdb -pw passw0rd –expiry
Certificates found
* default, - personal, ! trusted, # secret key
! "Entrust.net Certification Authority (2048)"
Not After : 24 December 2019 18:20:51 GMT
! "Entrust.net Client Certification Authority"
Not After : 12 October 2019 20:54:30 GMT+01:00
! "Entrust.net Global Client Certification Authority"
Not After : 7 February 2020 16:46:40 GMT

11. MQLight integration
 Next delivery phase of support for MQLight client connections to an MQ
queue manager
– V8.0.0.2 and V8.0.0.3 provided changes in MQ (eg to define AMQP channels)
– Had separate Tech Preview download for the channel "listener" service
 V8.0.0.4 removes need for the Tech Preview download
 MQLight integration becomes part of standard MQ installation
– "AMQP Service" is selectable component during install
– All Unix/Linux platforms and Windows
– Change to fileset component list forces a manufacturing refresh
– PPA downloads then give an install image already at V8.0.0.4
– This will not be available in V8.0.0.4 fixpack from FixCentral
– But V8.0.0.5 will go on top of earlier versions, no matter how you got there (will
not update a non-existent AMQP component)

12. XA Configuration
 When MQ is a transaction manager, XAOpenString in qm.ini defines
how to connect to a resource manager (database)
– String can contain connection credentials
 Long-lived requirement not to have plain-text passwords in the file
– Most people have used OS authentication (ie which id is running the program)
with no need to provide additional credentials
– Sample exits have shown how to solve this but you had to write some code
 V8.0.0.4 includes an official solution
 New command setmqxacred to define id/password for DB connection
– XAOpenString now can refer to ++USERID++, ++PASSWORD++ and have
variables replaced
– Separate file contains obfuscated password similar to mqccred channel exit
RFE 53133

13. SSL/TLS Configuration verification
 SupportPac MH03 provides a tool to validate SSL/TLS configurations
 Checks include
– Missing files
– Incorrect SSLKEYR queue manager attribute
– Password settings
– Certificate labels, expiry dates and trust chains
– Validate queue manager and client certificates against each other
– Verifies SSLCAUTH/SSLPEER settings with queue manager
 MH03 does not work with current MQ versions – built on old toolkits
 Now part of MQ product
– Renamed to mqcertck
– Updated to work with current MQ versions and recognise new features such
as per-channel certificates

14. Relocatable/redistributable client
 Shipping client as a simple tar/zip image removing need to install
– Application users do not need OS admin privileges to install MQ code
– Developers will still need a properly-installed SDK for header files
 Windows and Linux x64 for now
– Additional platforms would be considered based on demand
 License changes make it legal to embed client image with applications
 Includes C, C++, COBOL, Java and .Net libraries
 Client images still also available in traditional format
RFE 26670,
38765, 26671,
30697 etc

15. And for the future
 Continue to plan for more frequent delivery of new function
 Incremental changes instead of releases containing large amounts