XLinkedIn
1 973-826-7406|info@AvadaSoftware.com

Viewing, Supporting, and Securing an IBM MQ Environment On Z/OS

By |Published On: May 26th, 2022|6 min read|
Table of Contents

Viewing, Supporting, and Securing an IBM MQ Environment On Z/OS

Should a Mainframe IBM MQ Administrator be GUI Oriented (or – why is it important to have third party administrative tools)?

The Challenges of Green Screen Interfaces

There are several tools that are used to simplify mainframe research and analysis of that complex environment. Most of them are green screen based and require knowledge of z/OS ISPF panels and arcane command syntax, that once familiar to a z/OS Systems Programmer, can become second nature.

But in today’s integrated IT world, z/OS system programmers aren’t the only people who need access to research, test, and analyze in the z/OS environment. Application and Systems Developers, Integration Engineers, Business Analysts, and a myriad of other IT professionals do too. To these new-to-z/OS IT professionals, the interface into z/OS is just that – arcane and uninviting.

Limitations of Traditional Mainframe Interfaces

Having grown up in a world of mouse clicks and drag-n-drop editing, the emulators used to simulate the 80-column green screen interface are anathema to these younger IT professionals. These emulators are constrained by just the interface itself – a 24 line by 80 column view. There is also a 32-line, 80 column view option that offers one significant advantage – it allows the display of the function keys and what each function key does at all times. For new learners of z/OS that is a very significant advantage. But as always there is a price to pay for those 32 lines and in this case you give up the 132 column view when you are looking at printed output (which includes generated reports as well as system logs etc.)

In the 24-line mode, the switch to 132 column view is automatic when you flip to screens that contain that type of output, but you better know your function keys because their usage is not visible anymore. That switch in and of itself is somewhat annoying, but it does help to see the entire line across the screen (there is no scroll bar to just scroll right/left, or up/down). This does make the copy/paste functions easier.

The lack of the 132-column display in 32 line mode seems to be a joy killer for most seasoned mainframe personnel. Lastly, you cannot easily switch between the 24 line and 32-line views as it requires a separate emulator session to invoke those settings.

IBM MQ and the ISPF Interface

An ISPF Interface as an example from ibmmainframer.com

With all of the above said, this article is going to focus on just one aspect of green screen usage, and that is for managing, viewing and supporting an IBM MQ environment on z/OS. Yes, you get ISPF panels to be able to see the environment on z/OS, but here, without the 32-line view, it becomes very difficult to remember what all of the function keys actually do. And you of course need to know those commands that have nothing to do with IBM MQ itself, just with how to manipulate the green screen interface.

Security and Access Control in IBM MQ

As with all products on z/OS, IBM MQ uses RACF to control user access. No matter how you administer the product itself, you will always need to tie user access into IBM MQ via the tools you use to provide that access. This article will assume that RACF is used for that control. But other security products like Top Secret will have similar usage mechanisms. The issues with security come down to application level access. There are a few distinct types of access required –here are some examples:

  • Real time transactions running in CICS that do not use real person UserIDs but instead use IDs that have been granted authorizations and cannot be used to log into the system
  • Batch jobs running under system level IDs which again cannot be used to log into the system
  • Real person UserIDs that are actual people performing their job functions using the green screen interfaces such that you want to ensure that the transactions they enter are performed under their IDs
  • System administrator IDs
  • Technical development users that need to see the environments and be able to manipulate things without help from an administrator in the test environments, but have limited access in production environments
  • Business analysts that are similar to the technical teams above, but probably only need view capabilities in any environment

With that list of users described above, it becomes obvious that the security rules used to control the environments can get quite complex quite quickly. All of those rules need to be in place, but then you also have a wide variety of users that would all require training on the z/OS systems in use, and that is where things get tougher.

Introducing GUI-Based Administrative Tools

To mitigate the training needs for z/OS as it relates to IBM MQ, assuming you have developers and business analysts that have little to no understanding of z/OS interfaces in the first place, we can introduce a third-party utility that will let you push the security rules into a GUI based system. Avada Software’s Infrared360 product is one such utility tool.

This doesn’t mean the security rules are any less complex, in fact it actually gives you more granular capabilities, which in some ways makes the administration a bit more complex, but the capabilities of that granular control outweigh the disadvantages of administrative tasks when it comes to supporting the needs of the user base described above.

The major benefits of Infrared360 is that you can grant the utility itself very strong authorizations, even administrative capabilities if desired, and then control the user access outside of z/OS. This makes the security rules on that platform less all-encompassing restricting the user groups who don’t ever need to directly access the mainframe green screens from having that access.

Infrared360® feature overview highlighting role-based access control, real-time monitoring, and automation capabilities

Conclusion – Improving Collaboration and Efficiency

With that, you now have a point and click interface into the IBM MQ world that is much more navigable than the ISPF panels, and can very granularly set the limits as to what Queues / Queue Managers any individual or group of individuals can see. It also specifies the capabilities: View only, PUT/Delete messages in and from queues, see details of object attributes, and if desired, set the administrative users to be all powerful and allow object creation deletion, etc.

If the tool becomes known to the z/OS IBM MQ administrators, then they have a common interface to discuss application issues with the various users that are in contact with them to resolve issues in any environment. The ability for each person in the discussion to be able to see the other person’s perspective (and the messages themselves) on the platform they are unfamiliar with is a very powerful capability. This will often lead to quicker problem resolution thereby freeing up resources for other tasks. It may even lead to an app developer not even requiring a z/OS MQ resource to solve an issue – the perfect example of the use of a tool to stop the unnecessary time wasting of expensive resources.

A big thank you to David Corbett for sharing his insights on managing IBM MQ on z/OS and the benefits of using a GUI-based tool.

If you want an easier way to monitor and manage MQ, see how Infrared360® can help.

Want to see it in action?
Sign up for a free demo—we’ll walk you through it and answer any questions. No hassle, no pressure.

Schedule Your Free MQ Consultation

Related Posts

MQ for Developers: Why Access Matters and How to Enable It Securely
MQ for Developers: Why Access Matters and How to Enable It Securely
Gallery

MQ for Developers: Why Access Matters and How to Enable It Securely

April 17th, 2025
IBM MQ Native HA: Enhance Messaging Resilience & Uptime
IBM MQ Native HA: Enhance Messaging Resilience & Uptime
Gallery

IBM MQ Native HA: Enhance Messaging Resilience & Uptime

April 3rd, 2025
Are You Effectively Monitoring Your IBM MQ and Kafka Performance?
Are You Effectively Monitoring Your IBM MQ and Kafka Performance?
Gallery

Are You Effectively Monitoring Your IBM MQ and Kafka Performance?

March 25th, 2025
Advanced Tips for Automating Dead Letter Queue Management in IBM MQ
Advanced Tips for Automating Dead Letter Queue Management in IBM MQ
Gallery

Advanced Tips for Automating Dead Letter Queue Management in IBM MQ

March 5th, 2025
Establishing IBM MQ Metric Baselines: A Practical Guide for Optimizing Your Messaging Infrastructure
Establishing IBM MQ Metric Baselines: A Practical Guide for Optimizing Your Messaging Infrastructure
Gallery

Establishing IBM MQ Metric Baselines: A Practical Guide for Optimizing Your Messaging Infrastructure

February 26th, 2025
IBM MQ 9.4.2 Release: Enhancements and Features for Modern Messaging
IBM MQ 9.4.2 Release: Enhancements and Features for Modern Messaging
Gallery

IBM MQ 9.4.2 Release: Enhancements and Features for Modern Messaging

February 19th, 2025
Automated Self-Healing: The Middleware Architect’s Secret Weapon
Automated Self-Healing: The Middleware Architect’s Secret Weapon
Gallery

Automated Self-Healing: The Middleware Architect’s Secret Weapon

February 4th, 2025
Efficiently Integrating Systems from Mergers & Acquisitions
Efficiently Integrating Systems from Mergers & Acquisitions
Gallery

Efficiently Integrating Systems from Mergers & Acquisitions

January 23rd, 2025
Secure Remote Access to Transactional Middleware Environments
Secure Remote Access to Transactional Middleware Environments
Gallery

Secure Remote Access to Transactional Middleware Environments

January 21st, 2025
4 Middleware Architecture Tips You Didn’t Know About
4 Middleware Architecture Tips You Didn’t Know About
Gallery

4 Middleware Architecture Tips You Didn’t Know About

January 10th, 2025

More Infrared360® Resources

Articles & Papers

Overcome the Challenges of Moving Core Banking and Transaction Processing to the Cloud

Secure the Edge with IBM® DataPower® Gateway Appliance

5 Challenges & Solutions When Modernizing Your Middleware Infrastructure

Proactive vs. Forensic – Middleware – Health Monitoring

Seven Middleware Challenges You Must Overcome Before Your Cloud Migration

Monitoring Widely Distributed Environments Without Losing Focus

eBook: Inside IBM MQ Deployment Choices

Contain Costs and Mitigate Risks of Transactions on the Middleware Superhighway

Case Studies

Parker Hannifin Improves Efficiencies Across Business Units with Infrared360® and Trusted Spaces™

Alight Implements Secure, Holistic Self-Service Messaging

Sompo International Builds Business Platform Optimization with SOAP and REST Monitoring

The power of a healthy network: Visiting Nurse Service of New York harnesses IBM, partner technology to streamline patient care.

Video

The Business Case for Modernizing Your MQ Estate Today

Improving Productivity Through Smart, Safe Self-Service

Managing Middleware in Hybrid Cloud

Integrating Data in the Cloud with IBM App Connect

Transforming Your IBM MQ Estate Using Containers

Integration Modernization Lessons Learned

IBM MQ: Enterprise-wide Integration for Modern Distributed Environments

Understanding External Influences on Your Integration Strategy and Direction

Analyst Reports

Peer Reviews for Infrared360®

Avada Software Named a Most Promising IBM Solution Provider for 2023

Avada Software named one of Most Promising IBM Solutions Providers for 2022

A Systems Integrator and Services Provider Cuts Costs, Creates New Revenue Streams While Improving Service Delivery

Infrared360 named one of CIOReview’s 20 Most Promising APM Solution Providers

Analyst Report: Managing an IBM MQ Environment at USBank

CIO Feedback/Data Sheet

About the Author: David Corbett

Dave Corbett is a seasoned IT professional with 45+ years in the world of technology and business related systems. With over 17 years in Manufacturing, Accounting, Order processing and Logistical systems to start his career, he then added financial systems that heavily relied on messaging to fulfill their customer’s needs for the remainder of his career. Intermixed in all of these years was a strong Data Base design and implementation base of knowledge that allowed him to easily discuss systems interactions with business personnel as well as other technical team members. With the strong background in business process understanding, Dave was able to turn that into the specialty skill of bringing together both ends of the spectrum – that space in between the user and the application – that is commonly referred to as “Middleware”. In that middle space, Dave set standards for communications between systems that are still in use today. Heavily invested in that cross platform application connectivity model, Dave became a recognized expert in the world of messaging, with a specific focus on IBM MQ. As a technical resource, Dave has over 20 years’ experience with IBM MQ, all the way from Architectural Design, through implementation and administration. Dave’s expertise within the IBM MQ space is complete across the spectrum of platforms (Windows/Linux, z/OS, AS/400 and HP-Non-Stop). Dave holds the following certifications from IBM: IBM Certified Solution Designer - WebSphere MQ V7.0 IBM Certified System Administrator - WebSphere MQ V7.0

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM® MQ, IBM® ACE/IIB, ActiveMQ®, WebSphere®, JBoss®, and Tomcat® Application Servers, URLs, SOAP & REST-based web services, IBM® DataPower® and MQ Appliance.

Latest Insight

The Middleware Blog

April 17th, 2025|

Why Developers Need Access to MQ and How to Make It Work Securely

Imagine you’re a developer trying to test a new feature that sends a message through IBM MQ.

You write the code, hit run… and nothing happens. The message disappears. You suspect it’s stuck in a queue somewhere.

But you can’t see it. You can’t confirm it. And you definitely can’t fix it, because you don’t have access.

That’s the daily […]

Read More

April 3rd, 2025|

IBM MQ Native HA: Enhancing Messaging Resilience in Modern Architectures

In today’s digitally connected world, enterprise messaging systems must be both highly available and resilient. IBM MQ—a leader in message-oriented middleware—provides robust messaging capabilities that ensure reliable data exchange between applications. One of the key features that help guarantee uninterrupted messaging is Native High Availability (HA). This article explores IBM MQ Native HA in depth, clarifies common misconceptions by comparing […]

Read More

March 25th, 2025|

Are You Effectively Monitoring Your IBM MQ and Kafka Performance?

In today’s complex data landscapes, many enterprises rely on a combination of IBM MQ and Apache Kafka to handle their messaging needs. While both are powerful technologies, they serve different purposes: IBM MQ excels at ensuring precision and guaranteed message delivery, while Kafka is designed for high-volume data processing and event streaming.

Often, businesses find themselves

Read More

March 5th, 2025|

How to Simplify IBM MQ DLQ Management with Automation Dead Letter Queues (DLQs) are a crucial component of IBM MQ, acting as a safety net for messages that cannot be delivered to their intended destination. However, managing DLQs efficiently—especially in large, complex environments—can quickly become a challenge. Without automation, the task is labor-intensive, prone to errors, and can introduce delays in message processing, impacting business operations.

This article explores advanced techniques […]

Read More

February 26th, 2025|

Optimize IBM MQ Performance: The Essential Guide to Metric Baselines

In today’s complex IT landscapes, establishing IBM MQ metric baselines for performance is crucial to ensure that your messaging system operates at peak efficiency. With increasing demand for real-time data processing and seamless integration across distributed systems, a robust baseline helps you identify anomalies, plan capacity, and proactively resolve issues. Infrared360 provides comprehensive capabilities designed to support and enhance your […]

Read More

February 19th, 2025|

IBM MQ 9.4.2 Release: Enhancements and Features for Modern Messaging

IBM has announced the upcoming IBM MQ 9.4.2 release, the second Continuous Delivery (CD) release of the 9.4 Long Term Support (LTS) line. This update introduces improved resiliency, enhanced administrative tooling, and performance optimizations across IBM MQ, IBM MQ Advanced, IBM MQ for z/OS, IBM MQ Advanced for z/OS, and IBM MQ Appliance.

IBM MQ 9.4.2 is set for release on […]

Read More

We are proud supporters of:

Avada Software. All Rights Reserved |This website may contain logos and trademarks of third parties. These are the property of their respective owners and are used on this site for informational purposes only. Avada Software does not claim any ownership or association with these trademarks or, except where explicitly stated, their respective organizations. | Privacy Policy
Go to Top