• Home
• Products
• Services
• Support
• About Us
• WebSphere MQ

Home » Products » MQ Authenticate User Security Exit for z/OS Overview

Content

Home Products  » MQ Batch Toolkit  » MQ Visual Browse  » MQ Visual Edit  » MQ Auditor  » MQAUSX  » MQCACM  » MQCE  » MQESS  » MQME  » MQSSX  » z/ISPFMQ  » z/MQAUSX  » z/MQCACM  » z/MQCE  » z/MQSSX Open Source Services Partners / Resellers About Us

Support

Help Desk Support Info

Information

Roger's Blog News Links Library White Papers WebSphere MQ

Downloads

Java Linux Windows z/OS (OS/390)

 

Recent News

December 21, 2011

Capitalware releases MQ Visual Edit v1.5.5 and MQ Visual Browse v1.5.5.

Read More

November 30, 2011

Capitalware releases MQ Batch Toolkit v2.0.0

Read More

November 16, 2011

Capitalware releases MQ File Mover v4.0.0.

Read More

November 9, 2011

Capitalware releases ISPF MQ Message Editor for z/OS v1.0.0.

Read More

April 25, 2011

Capitalware releases open source products MQRC2-GUI v1.0.1 & MQRC2 v1.1.1.

Read More

April 12, 2011

Capitalware releases open source products MQRC2 v1.1.0, MMX v1.4.0 & MRTR v1.1.0.

Read More

March 10, 2011

Capitalware releases MQ Enterprise Security Suite.

Read More

March 8, 2011

Capitalware releases MQ Message Encryption v1.0.0.

Read More

February 28, 2011

Capitalware releases MQ Channel Encryption v2.0.0 and MQ Channel Encryption for z/OS v2.0.0.

Read More

February 9, 2011

Capitalware releases MQ Auditor v1.2.0.

Read More

January 21, 2010

Capitalware releases MQAUSX for z/OS v1.5.0 and MQSSX for z/OS v1.3.0.

Read More

January 15, 2010

Capitalware releases MQ Authenticate User Security Exit v1.5.0 and MQ Standard Security Exit v1.3.0.

Read More

March 24, 2009

ITJungle article Capitalware Clamps Down on WMQ's 'Big Dirty' Security Secret

Read More

 

z/MQAUSX

Overview Trial Manuals Customers

MQ Authenticate User Security Exit for z/OS Overview

The MQ Authenticate User Security Exit for z/OS v1.5.0 (z/MQAUSX) is a new solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It authenticates the user's UserID and Password against the server's native z/OS system or File Based Authentication.

The security exit will operate with WebSphere MQ v5.3.1, v6.0 and v7.0 in z/OS v1.4 or higher environments. It works with Server Connection, Client Connection, Sender, Receiver, Server, Requestor, Cluster-Sender and Cluster-Receiver channels of WebSphere MQ queue manager.

The MQ Authenticate User Security Exit for z/OS solution is comprised of 2 components: client-side security exit and server-side security exit.

z/MQAUSX is 3 products in 1:
1. If the client application is configured with the client-side security exit then the user credentials are encrypted and sent to the remote queue manager. This is the best level of security.
2. If the client application is not configured with the client-side security exit then the user credentials are sent in plain text to the remote queue manager. This feature is available for Java/JMS, Java and C# DotNet client applications. For native applications (i.e. C/C++), then the application must use and populate the MQCSP structure with the UserID and Password.
• Using z/MQAUSX with No Client-side Security Exit - Part 1 (coding examples)
• Using z/MQAUSX with No Client-side Security Exit - Part 2 (configuring tools like MQ Explorer, SupportPac MO71, etc..)
3. If the MQAdmin sets the z/MQAUSX IniFile parameter NoAuth to Y then it functions just like z/MQSSX. z/MQSSX does not authenticate. It filters the incoming connection based on UserID, IP address and/or SSL DN.

Client-Side Security Exit Summary

The client-side security exit is available in 4 forms:
• Windows DLL
• Windows DLL for managed .NET
• Java JAR
• Non-GUI shared library for AIX, HP-UX, iSeries (OS/400), Linux and Solaris

The client-side security exit has been tested against the following MQ client programs:
• IBM's MQ Explorer
• SupportPac MO71 (MQMon)
• IBM's WBIMB Eclipse Tool Kit
• Mercury's SiteScope
• Capitalware's MQ Visual Edit, MQ Visual Browse & MQ Batch Toolkit
• Any program that uses Client Channel Tables (i.e. SupportPac MS03, WatchQ, etc.)
• J2EE web server (i.e. WebLogic, WebSphere, etc.)

Complete programming examples that utilize the client-side security exit:
• 8 examples for the C programming language
• 8 examples for the C++ programming language
• 8 examples for the C# .NET programming language
• 12 examples for the Java and Java/JMS programming language
• 4 examples for the VB programming language

Server-Side Security Exit Summary

The server-side security exit is available as:
• z/OS load-module

The server-side security exit major features are:
• Authenticate a user against the server's native z/OS or using File Based Authentication
• Support for Proxy UserIDs
• Allow or restrict the incoming IP address against a regular expression pattern
• Allow or restrict the incoming SSL DN against a regular expression pattern
• Allow or restrict the incoming UserID against a regular expression pattern
• Limit the number of incoming channel connections on a SVRCONN channel.
• Allow or restrict the use of the 'CHIN' or CHIN's started-task UserIDs
• Includes a CHAD exit used to secure cluster channels
• Ability to turn off server-side authentication
• Allow or restrict the incoming UserID against a regular expression pattern when authentication is off
• Provides logging capability for all connecting client applications regardless if they were successful or not.
• Provides logging capability via Write To Operator (WTO) facility.

Pricing

• The client-side security exits are included for FREE and can be distributed to an unlimited number of remote servers or PCs with MQ client applications (the user only pays for the server-side licenses).
• The server-side security exits are provided in the format of a native z/OS load-module for z/OS v1.4 or higher. The pricing of Capitalware's MQ Authenticate User Security Exit for z/OS solution is on a 'per queue manager' basis.

Product	Price (USD) *	Ordering
MQ Authenticate User Security Exit for z/OS (per license**)	$3990.00
Yearly maintenance and support fee	15%
Total	$4590.00	Order Now

* Volume discounts available for as low as $2990.00 USD per license plus 15% yearly maintenance and support fee.

** MQ Authenticate User Security Exit for z/OS is licensed on a per z/OS queue manager basis.

Each licensed user will receive:
• Full version of MQ Authenticate User Security Exit for z/OS
• Free updates / upgrades to any version 1.x release.
• Free email/ Help Desk support

Enterprise License for MQ Authenticate User Security Exit for z/OS:
Enterprise License for MQ Authenticate User Security Exit for z/OS sells for $75,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of z/OS queue managers use MQ Authenticate User Security Exit for z/OS at an unlimited number of locations.

 

• Home |
• Products |
• Services |
• Support |
• About Us |
• WebSphere MQ

Copyright © 1996-2012, Capitalware Inc. All Rights Reserved.

Last Updated: 2012/01/17