by Natalie Miller • @natalieatWIS

Aon Hewitt implements secure, holistic, self-service messaging

Published February 02, 2015


Aon Hewitt, the global talent, retirement, and health solutions business of Aon (NYSE: AON), has been in a “make it work” situation with its MQ monitoring and management for over a decade, an approach that could no longer satisfy the performance and security needs for its rapidly growing environment.

Before digging into the solution, a little history: The company, which at the time was Hewitt Associates before its 2010 merger with Aon, implemented a monitoring product for its IBM WebSphere MQ environment in 2002. However, from the team’s installation of pieces that didn’t work to its inability to get the project past the company’s security audit, management of the chosen solution at the time proved to be a nightmare from the outset and was never fully implemented across the company, according to Raymond Powers, Messaging Architect and Senior Systems Administrator for Middleware at Aon Hewitt.

When all was said and done, the payoff for the project was not enough to outweigh the effort it took to deploy, particularly on the distributed platforms, where it needed to be installed manually on each host, using the super-user account. Security remained an issue, and Aon Hewitt had to run two different versions of the monitoring product for it to work with the disparate groups that needed to be managed: the older version on distributed platforms (such as Unix and Windows) and the newer version on the mainframe.

Company At a Glance >>


  • Company Name: Aon
  • Headquarters: London, England
  • Industry: Risk management and HR solutions
  • Employees: 66,000
  • Founded: 1982; listed on the NYSE in 1987
  • Website:

Company Details: Aon is a leading global provider of risk management, insurance, and reinsurance brokerage, and human resources solutions and outsourcing services.

IBM solutions:

IBM WebSphere MQ

Avada Infrared360 (IBM Premier Partner)

X Close

Meanwhile, Powers wrote scripts and other team members created their own work-arounds for monitoring and dealing with error messages. “Because [the product] wasn’t able to be distributed everywhere, I had written some scripts which ran to do basic monitoring,” he explains. “One of the shortcomings of the scripts for doing monitoring was they weren’t flexible for the new features coming with MQ. They just monitored some basic things. Not terribly robust, but it worked.”

Also, Powers says, “some of the teams had written mini-applications to be able to browse messages in the queue so they could see what was out there.”

It was time to find a new solution. One that could monitor all of Aon Hewitt’s MQ environments and be used for centralized administration of its growing environment—and with much less maintenance required.

“What we wanted was something that could be maintained with a minimal amount of effort. We didn’t want to have to have a fulltime employee administering the monitoring product,” explains Powers. The solution they chose is Avada Software’s flagship product, Infrared360, a holistic MQ monitoring tool.

“The way the Avada product works, we just have a central location where the product is installed, and it uses the MQ facilities for the client channels to communicate to all of our various endpoints, the MQ queue managers. So that means the maintenance is pretty simple.

“It might not be quite as simple as advertised in our environment,” he continues, “because we still have to go through lots of paperwork, but compared to the previous product, it’s an incredible improvement.”

WATCH: Avada Software featured on 21st Century Television to talk about managing complex IT systems.

­That Infrared360 is a web management portal for performance monitoring, testing, auditing, reporting, and administration, and has the ability to be an agentless monitor, were big selling points to Aon Hewitt “because of our previous experience with the difficulty maintaining agents,” says Powers. “We were previously led to believe that agents were easy to maintain. However, they required additional software to do so, and that software had the same drawbacks of being difficult to maintain, or required security configurations that were unacceptable in a production environment.

“Infrared360 was the most secure way for us to be able to monitor everything we wanted.”

Complex security adds to MQ monitoring requirements
Infrared360 is an out-of-the box product that can be up and running in hours; however, with Aon’s security concerns and structured roll-out, implementation took about nine months to complete, from proof-of-concept to implementation in production. Once again, the security audit wasn’t approved the  first time around and Powers had to go back to Avada for some adjustments.

“We went through a few iterations,” he says. “­The [Avada] team was very responsive, very cooperative, and understanding. They worked very hard with us. I wouldn’t be surprised if the developers pulled some all-nighters for us in some cases.”

Because Aon Hewitt is in the business of human resources consulting, a great amount of sensitive personal information flows between applications and must be secure from outside entities as well as internally. It was essential that only those who needed to see certain information were able to see that information.

“Security is one of our key focuses. It’s the reason we couldn’t get the previous product installed for the first three years we had it; because it didn’t pass our security audit,” says Powers. “We needed encryption over the network and other security requirements.”

We now have an MQ monitoring tool that can monitor all of our queue managers across all the platforms. It has also helped analysis of MQ resources across multiple queue managers.

Raymond Powers, Messaging Architect and Senior Systems Administrator for Middleware, Aon Hewitt

Once past the audit process, the installation went quickly and smoothly. The only additional hiccup was recreating some of the custom features in Powers’ scripts. “Some of those scripts had some clever things in them for how to monitor certain applications differently than others,” he says. “We tried to implement those in Infrared360 and found that there were some regular expressions that could be used to filter certain queues, which was great, but they were too short. The strings that were allowed for them weren’t long enough to filter what we wanted.

“Again, the Avada team was very accommodating,” he continues. “They made changes in their code a couple of times, and now the string is plenty long and it will never be a problem again. Those scripts might still be in place, but are not a primary method of monitoring anymore. The Avada product does a substantially better job anyway.”

Visibility and simplicity replaces homegrown scripts and complex monitoring
Today, the technical operations staff for the various line-of-business units—about 50 users—is able to receive and monitor messages quickly and easily. Before, the homegrown scripts offered the ability to do some self-service activities within the queues, but they were very limited.

“Now they also have the visibility through Infrared360 to see [messages in queues]. And they get a more thorough view of it,” says Powers, who adds that visibility is important for debugging purposes. “When something isn’t working right, they want to see it while it’s still in the queue and understand the issue more quickly, before it gets into their application.”

In addition to the ability to view messages, Infrared360 helps manage intrusion detection for MQ and also allows the technical team at Aon Hewitt to more easily move messages. “[The Aon technical teams] use that piece as well,” says Timothy Zielke, CICS/MQ Systems Programmer for Aon Hewitt. “This ability helps them develop better.”

Without the need for customized mini-applications to browse messages, the process for teams to gain access to what they need is also simplified.

“We now have an MQ monitoring tool that can monitor all of our queue managers across all the platforms,” says Powers. “It has also helped analysis of MQ resources across multiple queue managers. [Avada’s] user and group security has also been helpful, as we have been able to give application users the ability to view details of their queues, with the appropriate MQ access in place.”

While there are still challenges that surface, the analytic capabilities and ease of use have been positive features for Aon Hewitt. “Without Infrared360, it’s a much more time-consuming process to move messages during issues,” says Zielke.

For more information on Avada’s Infrared360, visit



No one has commented on this item.