MQ Channel Encryption for z/OS Overview
The MQ Channel Encryption for z/OS v3.4.0 (z/MQCE) is a solution that provides encryption for IBM MQ (MQ) message data over MQ channels. In cryptography, encryption is the process of transforming information into an unreadable form (encrypted data). Decryption is the reverse process. It makes the encrypted information readable again. Only those with the key (PassPhrase) can successfully decrypt the encrypted data.
z/MQCE provides encryption for message data, which flows between MQ resources. z/MQCE operates with IBM MQ for z/OS v5.3.1, v6.0, v7.0, v7.1, v8.0, v9.0, v9.1, v9.2, v9.3 and v9.4 in z/OS v1.4 or higher environments. It operates with Sender, Receiver, Server, Requester, Cluster-Sender, Cluster-Receiver, Server Connection and Client Connection channels of the MQ queue managers.
z/MQCE is a simple drop-in solution that provides cryptographic protection for MQ queue managers. The protection can be queue manager to queue manager or client application to queue manager.
- Queue manager to queue manager protection means all messages flowing over a channel between 2 queue managers will be encrypted.
- Client application to queue manager protection means application-level message data flowing between a MQ client application and queue manager will be encrypted.
The z/MQCE can be configured as a queue manager channel message exit or as a channel sender/receive exit pair.
z/MQCE uses Advanced Encryption Standard (AES) to encrypt the data. AES is a data encryption scheme, adopted by the US government, that uses three different key sizes (128-bit, 192-bit, and 256-bit). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.
z/MQCE uses the SHA-2 to create a cryptographic hash function (digital signature) for the message data.
Encryption Exit Summary
- The encryption exit is available in:
- z/OS load-module
- The encryption exit major features are:
- Can be configured as either queue manager to queue manager or client application to queue manager solution
- For both modes, all message data flowing over a channel will be encrypted (nothing missed or forgotten)
- Secure encryption/decryption methodology using AES with 128, 192 or 256-bit keys
- Easy to set up and configure (unlike SSL)
- No application changes required
- Uses the SHA-2 to create a cryptographic hash function (digital signature)
- Standard MQ feature, GET-with-Convert, is supported
- Provides high-level logging capability for encryption / decryption processing
Pricing
- The client-side exits are included for FREE and can be distributed to an unlimited number of remote servers or PCs with MQ client applications (the user only pays for the server-side licenses).
- The server-side exit is provided in the format of a native z/OS load-module for z/OS v1.4 or higher. The pricing of Capitalware's MQ Channel Encryption for z/OS solution is on a 'per queue manager' basis.
| Product | Price (USD) * | Ordering |
| MQ Channel Encryption for z/OS (per license**) | $2990.00 | |
| Yearly maintenance and support fee | 15% | |
| Total | $3440.00 |
* Volume discounts available for as low as $2490.00 USD per license plus 15% yearly maintenance and support fee.
** MQ Channel Encryption for z/OS is licensed on a per queue manager basis.
- Each licensed user will receive:
- Full version of MQ Channel Encryption for z/OS
- Free updates / upgrades to any version 3.x release.
- Email/ Help Desk support
| Enterprise License for MQ Channel Encryption for z/OS: |
| Enterprise License for MQ Channel Encryption for z/OS sells for $55,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of queue managers use MQ Channel Encryption for z/OS at an unlimited number of locations. |