CCSS Locks Down Message Management Tool
February 14, 2012 Alex Woodie
CCSS has added a new layer of access controls to its real-time message monitoring solution for IBM i, called QMessage Monitor (QMM). Using the new features, organizations can be assured that only authorized personnel are accessing or changing QMM functions, such as security alerts and escalation procedures.
QMM is a powerful tool that automates many aspects of IBM i monitoring. Instead of manually watching the various message queues, such as QAUDJRN, an organization can set up the software to keep an eye out for critical events, such as looping jobs, high DASD utilization, or unauthorized access of DB2/400. When a critical event is detected, QMM will go through escalation procedures and keep sending out alerts to administrators until somebody responds.
The new version 7 release is focused heavily on security. Our first article on QMM 7 covered the new database fraud-detection capabilities that have been added to the product. The new access control features enable QMM customers to further lock down this tool, thereby preventing rouge programmers or other technically sophisticated ne’er-do-wells from seeing how the organization is monitoring its activities.
With QMM 7, CCSS allows administrators to create security lists that control the level of access individual users and groups have to QMM functions. Administrators can control which users will get access to specific functions, including automated responses, events, escalation procedures, and exit programs. For example, the technical support group may have access to escalation procedures, but only administrators will e able to create new records in the QMM database, or to create or modify escalation procedures.
The new features will not only bolster security, but increase auditability and hopefully prevent mistakes from impacting operations, particularly in demanding real-world environments, says CCSS product manager Paul Ratchford.
“In large scale environments–data centers in multiple locations for instance–you might have three or more administrators at each site,” he states in a press release. “So in theory that’s nine people with the ability to make one small change that could impact everyone. These new features focus on four key access areas–option, create, record, auto-reply. All of it is auditable and that’s extremely important in creating and maintaining a transparent and accountable environment.”
CCSS has also streamlined the installation procedures for the Windows-based QMM client. A new feature will make it easier to share specific QMM client settings, rules, and shortcuts among multiple PCs. Every time the QMM client connects to a central IBM i server, the software automatically checks to ensure that it is using the latest version of the QMM client software.