One of the trends we see in talking to our customers is the migration from traditional MQ queue managers running on physical or virtual servers, to the IBM MQ Appliance. While their reasons vary, we come across the following two the most often:
- Increased security benefits
- Cost savings
Security Benefits
When the queue managers are being used as a gateway from the outside world to corporate resources, the IBM MQ Appliance offers the security of being a locked down environment: the pre-optimized security features cannot be altered. The appliance supports secure connectivity over SSL/TLS with the ability to import certificates. Software programs such as agents or API exits cannot be installed on the appliance. When added to the HA capabilities, the IBM MQ Appliance can be used as a robust, secured interface to a company’s external user base.
Cost Savings
There are many cost savings to be gained by choosing an MQ Appliance over running traditional MQ on a standard physical or virtual server.
- The hardware is cheaper than buying an equivalent performing server.
- The MQ license cost is lower than buying MQ for an equivalent server.
- The ease of use due to pre-optimisation and consolidation reduces the human support costs
You can find further information on Reducing Operational Costs with the IBM MQ Appliance
here.
Support Requirements
Whilst supporting the device is far easier than looking after a traditional server, this does mean that the MQ administrator is now exposed to some hardware and operating system related services (processor, memory, filesystem, network) that would previously have been covered by a system support person. However, there are some third-party tools that can extend MQ function to help administrators who want access to this information. Due to the locked down nature of the MQ Appliance, the options that require the installation of agents aren’t suitable, so other alternatives are required.
Nastel’s MQ Appliance Management
The Nastel Platform is an Integration Infrastructure Management (i2M) tool that is used by many leading financial, insurance, and retail companies to monitor solutions such as MQ, Kafka, TIBCO, IIB, and ACE.
Image 2: Nastel Platform showing IBM MQ queue management across various systems
Image 3: IBM MQ Appliance and MQ metrics that can be monitored and alerted on using the Nastel Platform
The platform provides 360-degree situational awareness including secure, self-service configuration management of the i2M environment, and helps its users proactively avoid preventable outages and reduce their Mean-Time-To-Recovery (MTTR) when the unforeseen happens.
The Nastel platform can monitor, manage, and track messages in MQ running on an IBM MQ Appliance, and monitor and alert on the metrics produced by the appliance itself. These metrics (CPU, memory, network, fan speed, and temperature, etc) are similar to those produced by the DataPower appliances – no surprise there – and are critical to the health of queue managers running on the IBM MQ Appliance.
The Nastel Platform provides secured, self-service, agentless monitoring and management for the IBM MQ Appliance including message tracking through the various queues on the appliance. The secured access can be integrated with a company’s existing LDAP or Active Directory security and also offers support for SAML. Access is granted based on a user’s security group and allows the control of what MQ queue managers and their related objects they can see as well as their functional role. There are predefined, highly granular roles granting View-Only, Operator, Message Manager, up to full Administrator rights. The security model also allows administrators to create customized roles.
More information can be found at:
https://customers.nastel.com/hc/en-us/articles/4409828429843-Monitor-MQ-appliance-metrics-
#Automation#IBMMQ#MQ#Security