​Hi All,

I was looking for some answers to questions regarding AMS implementation in IBM MQ, I do not have any experience setting this up and we are currently evaluating the use case for this feature.

I tried to look for specifics related to my query on the IBM documentation but I might have missed it or not understood the concept correctly. Hoping someone in this forum would be able to help me answer this query or point me to the right documentation.

Question 1: Does AMS encrypt only the payload or also the headers? Can an admin see the message metadata on an AMS encrypted queue?
Question 2: In a multi-queue-manager-chain (client-> qmgr -> qmgr -> qmgr -> client), does the middle qmgr (and its queue) have to explicitly support AMS?

Thanks You

------------------------------
Murtuza Matiwala
------------------------------

Question 1

AMS only encrypts the payload, however this payload can include headers depending on what you mean by "headers". The MQMD is not encrypted, but other headers that might be inside the message body, such as a PCF header, or a CICS header would be encrypted. Message properties are also not encrypted.

The picture on this page of a SlideShare presentation might hep visualise it.

Secure Your Messages with IBM MQ Advanced Message Security

SlideShare		remove preview
Secure Your Messages with IBM MQ Advanced Message Security Slide 34 of 46 of Secure Your Messages with IBM MQ Advanced Message Security View this on SlideShare >

Question 2
In the chain you suggest, the middle queue manager does not have to support AMS. There are no profiles set up on the queues in the middle queue manager, the profiles are all set up on the first and third queue managers, so therefore no applications will connect to the middle queue manager and ask to put to a policy protected queue.

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
------------------------------

Original Message:
Sent: 02-10-2019 11:44 PM
From: Murtuza Matiwala
Subject: Questions on AMS

​Hi All,

I was looking for some answers to questions regarding AMS implementation in IBM MQ, I do not have any experience setting this up and we are currently evaluating the use case for this feature.

I tried to look for specifics related to my query on the IBM documentation but I might have missed it or not understood the concept correctly. Hoping someone in this forum would be able to help me answer this query or point me to the right documentation.

Question 1: Does AMS encrypt only the payload or also the headers? Can an admin see the message metadata on an AMS encrypted queue?
Question 2: In a multi-queue-manager-chain (client-> qmgr -> qmgr -> qmgr -> client), does the middle qmgr (and its queue) have to explicitly support AMS?

Thanks You

------------------------------
Murtuza Matiwala
------------------------------

​Thank you so much for the quick revert.

------------------------------
Murtuza Matiwala
------------------------------

Original Message:
Sent: 02-10-2019 11:57 PM
From: Morag Hughson
Subject: Questions on AMS

Question 1

AMS only encrypts the payload, however this payload can include headers depending on what you mean by "headers". The MQMD is not encrypted, but other headers that might be inside the message body, such as a PCF header, or a CICS header would be encrypted. Message properties are also not encrypted.

The picture on this page of a SlideShare presentation might hep visualise it.

Secure Your Messages with IBM MQ Advanced Message Security

SlideShare		remove preview
Secure Your Messages with IBM MQ Advanced Message Security Slide 34 of 46 of Secure Your Messages with IBM MQ Advanced Message Security View this on SlideShare >

Question 2
In the chain you suggest, the middle queue manager does not have to support AMS. There are no profiles set up on the queues in the middle queue manager, the profiles are all set up on the first and third queue managers, so therefore no applications will connect to the middle queue manager and ask to put to a policy protected queue.

------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited

Original Message:
Sent: 02-10-2019 11:44 PM
From: Murtuza Matiwala
Subject: Questions on AMS

​Hi All,

I was looking for some answers to questions regarding AMS implementation in IBM MQ, I do not have any experience setting this up and we are currently evaluating the use case for this feature.

I tried to look for specifics related to my query on the IBM documentation but I might have missed it or not understood the concept correctly. Hoping someone in this forum would be able to help me answer this query or point me to the right documentation.

Question 1: Does AMS encrypt only the payload or also the headers? Can an admin see the message metadata on an AMS encrypted queue?
Question 2: In a multi-queue-manager-chain (client-> qmgr -> qmgr -> qmgr -> client), does the middle qmgr (and its queue) have to explicitly support AMS?

Thanks You

------------------------------
Murtuza Matiwala
------------------------------