This topic describes the key features in version 9.0.00 of the MainView Middleware Administrator (MVMA) product.
New features and changes
The product has been rebranded; 'BMC TrueSight Middleware Administrator' is now "MainView Middleware Administrator".
Note that existing versions (prior to 9.0) are still available under the name TrueSight Middleware Administrator, while some internal BMC resources may still also refer to the product as TrueSight Middleware Administrator (TSMA).
HTTP request header verification
Note that these changes affect other applications integrating with MVMA, such as TrueSight Middleware and Transaction Monitor 8.1 or MainView for MQ (from version 5.4), as well as custom applications using the MVMA REST API with their own web clients (such as curl, or others) which must be adjusted accordingly. See How to implement HTTP Request Header verification for details on how to implement the MVMA 9.0 HTTP request header verification.
In version 9.0, administrators can further secure their MQ middleware environment with individual authentication.
Individual authentication provides a means of overriding the credentials used to connect to WebSphere MQ queue managers, and is configured at the connection level. When 'Override Credentials' is enabled for a WMQ connection, certain functionality (as listed below) will require that the user enter credentials to be authenticated by the queue manager. Once valid credentials are supplied, they will be re-used for actions on that connection for the remainder of the MVMA session.
- All Messaging Operations
- Refresh Queue Manager
- Reset Queue Manager
- Start Channel
- Stop Channel
- Ping Channel
- Reset Channel
- Resolve Channel
Earlier versions of MVMA supported RACF authentication via an optional security exit. In version 9.0 support for this exit has been removed.
Copying / moving messages to another queue manager
In version 9.0, users can now copy or move messages from one queue manager to another (in previous versions, users could only copy or move messages to another queue on the same queue manager). See Copying or moving messages to another queue manager for full details.
MQ Storage Classes
MVMA was enhanced to support MQ Storage Classes on z/OS queue managers. This enables the consistent administration and maintenance of these MQ objects and the support of bulk operations of multiple Storage Classes as part of MVMA's import/export and manage objects functionality.
MQ logging and log status support
MVMA now supports the MQ logging functionality, including the ability to retrieve the log status for an assigned queue manager, set a log (to synch with IBM MQ’s SET LOG command), and reset a queue manager. See Working with MQ logging features for full details.
Support for MQ Cluster Routing in the Dead Letter Replayer
The MVMA MQ Dead Letter Replayer has been enabled to make use of MQ cluster routing capabilities when replaying messages where the destination queue manager name is not specified in the dead letter header.
MongoDB upgrade and using WiredTiger as the storage engine
MongoDB within MVMA has been upgraded to version 3.2.17 and MVMA has been changed to use the WiredTiger storage engine by default. Note that to benefit from MongoDB's WiredTiger storage engine after upgrading an existing TSMA installation to MVMA 9.0.00, it is required to migrate the MongoDB database after the upgrade installation (see Migrating your database to work with the MongoDB WiredTiger storage engine).
Running MVMA with the WiredTiger storage engine enabled may affect recommended settings or requirements in the system environment (such as, for example, using the XFS file system on Linux). Consider MongoDB's system configuration recommendations, especially when running MVMA with WiredTiger in production. For details, see .
Time-based account lockout for the ADMIN_ADMIN security model
The ADMIN_ADMIN security model was enhanced to temporarily lock an MVMA's user account after the user has entered an invalid password multiple times. By default, an MVMA user account will be locked for 20 minutes after the user has entered an invalid password three times in a row. If the user logs in with a valid password after the lockout interval has exceeded the account is unlocked automatically.
New features and changes in Fix Pack A
Migration to OpenJDK 11
MVMA now uses an OpenJDK 11 based JRE (note that this enhancement was added in 9.0.00.A Fix Pack). MVMA no longer supports Oracle Java 8 JRE.
Oracle has enabled hostname verification on LDAPS connections by default in Java 8u181 and this is also applicable to OpenJDK 11.
As a result, there may be situations where some applications that were previously able to successfully connect to an LDAPS server can no longer do so. Such applications can, if they deem appropriate, disable endpoint identification using a new system property: com.sun.jndi.ldap.object.disableEndpointIdentification (refer to ).
Hostname verification for LDAPS can be disabled for MVMA 9.0.00 Fix Pack A by setting this system property to 'true' from within the MVMA configuration/wrapper.conf configuration file, adding the entry
NN in the example with the number following the last active wrapper.java.additional entry number), and then restarting MVMA services.
Ability to stop or start queue managers on i5/OS
This enhancement adds new default command syntax for starting and stopping queue managers on OS/400 systems.
New platform or technology support
- Support for IBM WebSphere MQ versions 9.0.5, 9.1
- Support for IBM MQ Appliance versions 8.0, 9.0
Deprecated features or platforms
The use of Internet Explorer 8, 9, 10 is no longer supported. (See Hardware and software requirements for full details about browser support.)