IBM United States
Software Announcement 203-146
June 3, 2003

Procurement of Security for IBM WebSphere MQ Simplified

 ENUS203-146.PDF (28KB)

At a Glance

Advanced security services extend the base security features available in WebSphere MQ with:

  • Application-level, end-to-end data protection
  • Remote administration of security policies
    • Queue put/get permissions
    • Data protection options (none, sign, sign and encrypt)
    • Message-level security audit records

Advanced security services are essential for high-value message transactions where you need:

  • Integrity and confidentiality of data while resident on a queue
  • Individual message encapsulation and auditability
  • Tracking of message origination to a specific application on a system instead of a channel
  • Security for only a subset of the message traffic on a single channel

These advanced security services are compatible with:

  • WebSphere Business Integration Message Broker
  • WebSphere Business Integration Message Broker with Rules and Formatter Extension
  • WebSphere Business Integration Event Broker
  • WebSphere MQ Workflow

For ordering, contact:

Your IBM representative or the Americas Call Centers at 800-IBM-CALL (Reference: LE001).


Security is increasingly critical to the way we do business. The WebSphere® MQ family can address your advanced security needs.

In response to your feedback, WebSphere MQ Extended Security Edition V5.3 can make securing your business end-to-end, even simpler.

Available immediately, this new offering consolidates the current releases of two existing products into a single, value-add package:

    WebSphere MQ V5.3 and Tivoli® Access Manager for Business Integration (TAMBI) V4.1 are combined to become WebSphere MQ Extended Security Edition V5.3

Many WebSphere MQ customers are already familiar with the ability of TAMBI to upgrade the base security function of WebSphere MQ. It adds end-to-end, application-level data protection and enterprise-wide, remote management of security policies. Quickly deploy these advanced features to secure many of your current production environments without changing or modifying your existing WebSphere MQ applications.

To make procurement efforts even easier, these two products have been consolidated under a single ordering number and pricing model.

WebSphere MQ Extended Security Edition is offered under a per-processor license model just as WebSphere MQ is today.

Business integration across many applications is a common element of successful e-business implementation. Other WebSphere MQ family members, such as WebSphere Business Integration Message Broker and WebSphere MQ Workflow, give you the tools to add value to the basic message queuing paradigm. WebSphere MQ Extended Security Edition supports the other WebSphere MQ family members.

Key Prerequisites

Hardware capable of running the appropriate operating system.

Advanced security functions included in WebSphere MQ Extended Security Edition V5.3 are available only on AIX® V4.3.3 and V5.1, Solaris 7 and 8, Microsoft™ Windows NT® 4.0, and Microsoft Windows® 2000.

Planned Availability Date

June 6, 2003


WebSphere MQ Family

Speed to market and quality of service are critical for success. You need to be agile to survive. The WebSphere MQ family offers a versatile platform for e-business with these success factors in mind.

Business Integration

The WebSphere platform for e-business includes business integration products and solutions that can help integrate just two applications, a single department, or the entire enterprise. The reach can encompass business channels, trading partners, and Web customers. And the scope includes information connectivity and integration products, which can be combined selectively or built up, one upon the other, for more powerful and efficient integration.

WebSphere MQ, the core of the MQ family, integrates over 35 platforms. Providing the base messaging functions for servers and clients, and assuring once-only message delivery, it can be used alone or with other members of the family.

WebSphere MQ Extended Security Edition adds TAMBI to WebSphere MQ for advanced security functions like application-level data protection.

WebSphere MQ Everyplace™ brings the benefits of assured message delivery and rock-solid security to the failure-prone mobile environment.

WebSphere Business Integration Message Broker and WebSphere Business Integration Event Broker (formerly WebSphere MQ Integrator® Broker and WebSphere MQ Event Broker) are powerful information brokers that include a one-to-many connectivity model plus transformation, intelligent routing, and information flow modelling across multiple, disparate business systems. They support publications and subscriptions, including mobile clients and remote telemetry devices.

WebSphere MQ Workflow, a business process management system, enables the definition, execution, and swift change of complete business processes that span systems, applications, and people.

WebSphere MQ Extended Security Edition

WebSphere MQ is the backbone of IBM messaging and Java™ Message Service (JMS) support. Large and small businesses worldwide rely on it to process their critical line-of-business transactions, involving everything from monetary transfers to HR record processing to inventory management. To address environments where application-level data protection is a critical need, IBM offers WebSphere MQ Extended Security Edition. It includes 100% of the function offered in WebSphere MQ V5.3 plus the extended security services of TAMBI.

With WebSphere MQ Extended Security Edition, you gain the flexibility to add application-level data protection and remote security policy administration to the broad set of security services previously available in WebSphere MQ. The application-level data protection services in WebSphere MQ Extended Security Edition add another dimension to the link-level data protection services available in WebSphere MQ. For example, application-level data protection captures message data and secures it before the message is placed onto a queue.

For even greater flexibility, messages can be individually digitally signed or signed and encrypted based on the policy you set. If you want, you can define your security policy so that only a subset of the messages passing over a single channel are secured. Further, when using the application-level data protection, each message is signed with a unique private key associated with the sending application. Message origination can be traced to the originating application instead of only to the originating channel. Individual messages are encrypted under unique keys, helping to remove the threat of compromising the encryption key through repetitive use.

WebSphere MQ Extended Security Edition can save you development expense and time. It helps remove the need for you to reengineer and modify your applications to secure message data from within each application. Reengineering existing production applications is a very expensive process, the costs of which only begin with the application recoding expenses.

Licensing cryptography routines, training your staff, designing and implementing a real-time key exchange process, and your ongoing maintenance cost of custom security code make this approach to solving your security problems impractical. With WebSphere MQ Extended Security Edition, you can see an immediate return on investment upon deploying it.

For processing sensitive data like financial transactions, HR records, medical records, or any other type of personally identifiable information (PII), application-level data protection yields a true end-to-end security model.

WebSphere MQ Extended Security also enables remote administration of security policies on queue managers and on individual queues. These include:

  • Put and get access control permissions, including time of day and day of week restriction.
  • Data protection options (none, integrity, and privacy).
  • Audit options that allow generation of a specific security audit record for each open, put, get, and close operation showing the security policy in place and whether it was successfully enforced. This can be critical in demonstrating compliance with legislation like the United States Health Insurance Portability and Accountability Act (HIPAA) or similar mandates in other countries.

Remote administration is performed via a Web-based utility with an easy-to-use GUI for setting, viewing, and updating security policies. A delegation capability allows IT organizations to maintain control over the enterprise security infrastructure for WebSphere MQ Extended Security Edition and still grant a specific department or line-of-business the ability to manage its subset of resources. Administration can also be done via scripting using a command line interface.

An enterprise-wide view of these security policies, with the ability for authorized administrators to remotely update them, can greatly improve efficiencies and reduce administrative costs.

In this release of WebSphere MQ Extended Security Edition, the advanced security services are provided on a subset of the operating systems on which WebSphere MQ is available. This subset includes AIX V4.3.3 and V5.1, Sun Solaris 7 and 8, Windows NT 4.0, and Microsoft Windows 2000.

Refer to Software Announcement 202-253 , dated October 8, 2002, for additional details on TAMBI, which provides the advanced security services in WebSphere MQ Extended Security Edition.

Refer to Software Announcement 202-074 , dated April 9, 2002, for more details on the base-level security functions available in WebSphere MQ.

Section 508 of the U.S. Rehabilitation Act

  • Operation by keyboard alone
  • Optional font enlargement and high-contrast display settings
  • Screen readers and screen magnifiers tested for use by people with visual impairment
  • Speech recognition products tested for use by people with mobility impairment
  • Optional display of audio alerts for people with hearing impairment

Product Positioning

WebSphere MQ Extended Security Edition is a new offering that consolidates the current releases of two existing products into a single, value-add package.

Statement of General Direction

IBM currently intends to extend the platform coverage of WebSphere MQ Extended Security Edition to support more of the platforms currently supported by WebSphere MQ V5.3.

The first such platform enhancement is planned to address support for both S/390® and IBM eServer zSeries® servers. The current target for availability of this enhancement is before year-end 2003.


The e-business logo and Everyplace are trademarks of International Business Machines Corporation in the United States or other countries or both.
WebSphere, Tivoli, AIX, MQ Integrator, S/390, and zSeries are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
Microsoft is a trademark of Microsoft Corporation.
Windows and Windows NT are registered trademarks of Microsoft Corporation.
Java is a trademark of Sun Microsystems, Inc.
Other company, product, and service names may be trademarks or service marks of others.

Ordering Information

WebSphere® MQ Extended Security Edition V5.3

Upgrades and Transferability: There are no entitlements for upgrades from WebSphere MQ (WMQ) or TAMBI to WebSphere MQ Security Edition (WMQESE).

Passport Advantage®

Description                                       Number
WebSphere MQ Sec Edition Media Pack               BA0AXML
WebSphere MQ Sec Edition per processor            D52D0LL
WebSphere MQ Sec Edition per processor            E00R5LL
WebSphere MQ Sec Edition per processor            D52D1LL

Orders for new licenses can be placed now. Shipment will not occur before availability date.

Terms and Conditions

This product is available only via Passport Advantage. It is not available as shrinkwrap.

Licensing: IBM International Program License Agreement. Proofs of Entitlement are required for all authorized use. Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

Limited Warranty Applies: Yes

Money-Back Guarantee: If for any reason you are dissatisfied with the program, return it within 30 days from the invoice date, to the party (either IBM or its reseller) from whom you acquired it, for a refund. This applies only to your first acquisition of the program.

Copy and Use on Home/Portable Computer: No

Volume Orders (IVO): No

Passport Advantage Applies: Yes, and through the Passport Advantage Web site at:

Software Maintenance Applies: Yes

Software Maintenance, previously referred to as Subscription and Technical Support, is now included in the Passport Advantage Agreement. Installation and technical support for the product announced in this letter is provided by the Software Maintenance offering of the IBM International Passport Advantage Agreement. This fee service enhances customer productivity by providing voice and/or electronic access into the IBM support organizations.

IBM includes Software Maintenance with each program acquired for a 12-month coverage period.

While your Software Maintenance is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions and code-related questions. IBM provides assistance via telephone and, if available, electronic access, only to your IS technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. This assistance is not available to your end users. IBM provides Severity 1 assistance 24 hours a day, every day of the year. For additional details, visit:

Software Maintenance does not include assistance for:

  • The design and development of applications
  • Your use of programs in other than their specified operating environment
  • Failures caused by products for which IBM is not responsible under this agreement
For more information about the Passport Advantage Agreement, refer to Software Announcement 201-202 , dated July 10, 2001, or visit:

IBM Operational Support Services — Support Line: No

AIX®/UNIX® Upgrade Protection Applies: No

Entitled Upgrade for Current AIX/UNIX Upgrade Protection Licensees: No

iSeries™ Software Subscription Applies: No

Variable Charges Apply: No


For local charges, contact your IBM representative.

Global Financing

IBM Global Financing offers competitive financing to credit-qualified customers to assist them in acquiring IT solutions. Offerings include financing for IT acquisition, including hardware, software, and services, both from IBM and other manufacturers or vendors. Offerings (for all customer segments: small, medium, and large enterprise), rates, terms, and availability can vary by country. Contact your local IBM Global Financing organization or visit:

Use the "Select a Country" menu, to find a contact in your location, or country.

Order Now

To order, contact the Americas Call Centers or your local IBM representative.

To identify your local IBM representative, call 800-IBM-4YOU (426-4968).

 Phone:     800-IBM-CALL (426-2255)
 Fax:       800-2IBM-FAX (242-6329)
 Mail:      The Americas Call Centers
            Dept. LE001
            P.O. Box 2690
            Atlanta, GA  30301-2690
 Reference: LE001

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.


iSeries is a trademark of International Business Machines Corporation in the United States or other countries or both.
WebSphere, Passport Advantage, and AIX are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
UNIX is a registered trademark of the Open Company in the United States and other countries.
Other company, product, and service names may be trademarks or service marks of others.

Share this page

Digg Linked In

Contact IBM

Considering a purchase?