In this blog post we'll talk about 2 features of the latest version WebSphere MQ and how it can used in conjunction with WebSphere Message Broker.
WebSphere Message Broker(WMB) V8001 now supports WebSphere MQ (WMQ) v7.1 and WebSphere MQ v7.5. This article briefly explains the functionality changes introduced in WMB V8001 to support WMQ v7.1 and WMQ v7.5.
Some of the new features of WMQ 7.1 and WMQ 7.5 affecting WMB are:
WMQ v7.1 and WMQ v7.5 can be installed at multiple levels at any user chosen locations.
Only one WMQ installation can be selected as a Primary installation where symbolic links, or global environment variables are available to the system so that the WMQ commands and libraries used by applications are automatically available with minimum system setup required.
WMQ installations can be made non-primary installation where external library path needs to be configured to point to that installation to work with that WMQ installation. Also, the WMQ environment of non-primary installation can be set up by using setmqenv command of that installation.
Channel Access Control
Allows or blocks access by users to channels. The queue manager is secure by default i.e., all clients are blocked from accessing it. SET CHLAUTH definitions can be used to control the access. By default CHLAUTH is ENABLED
WMB functionality changes discussed:
1. Multi-Version Installation of WMQ at user chosen location:
The runtime console of WMB by default does not inherit any WMQ environment if WMQ is a “non-primary” installation. Hence "mqsicreatebroker" on new queue manager in this case will fail. However a broker can be created on an existing queue manager. All other commands like mqsicreateexecutiongroup, mqsideletebroker etc work fine.
To setup WMQ environment on the command console, run "setmqenv -s" from desired MQ installation.
If WMQ is installed as “primary” installation, then the runtime console has WMQ environment set for it.
With multiple installations of WMQ on a machine, only one installation can be set as primary installation. In such a case, runtime console of WMB will inherit the primary installation of WMQ.
The WebSphere Message Broker Explorer (MBExplorer) installation creates shortcuts for each of the WMQ installation on the machine.
For example, the below image shows two installation shortcuts for MQ 7.1 and MQ 7.5.
Channel authentication on queue manager can be disabled using the runmqsc command:
alter qmgr chlauth(disabled)
Example - Remote administration of a broker with queue manager CHLAUTH as ENABLED:
While we try to connect to a broker whose queue manager has security enabled, "not authorised" error with mqrc 2035 (MQRC_NOT_AUTHORIZED) is thrown. Below are the steps to setup remote administration in such a case.
Enable remote administration on Queue Manager
On the MBExplorer,
Right click on the queue manager -> Remote Administration
Select on "create" for SYSTEM.ADMIN.SVRCONN channel and LISTENER.TCP listener is not present already. Select "start" for LISTENER.TCP status. You may need to select appropriate port for use.
2. Run the following commands against the queue manager:
setmqaut -m <qmgrname> -n SYSTEM.MQEXPLORER.REPLY.MODEL -t q -p <User-on-remote-machine-who-can-access> +dsp +inq +put +get
SET CHLAUTH('SYSTEM.BKR.CONFIG') TYPE(ADDRESSMAP) ADDRESS('address-of-remote-machine') USERSRC(MAP) MCAUSER('User-on-remote-machine-who-can-access') ACTION(ADD)
This enables remote administration on the queue manager.
In summary we saw how to use multi-version installation and channel authentication of WebSphere MQ in WebSphere Message Broker. There are several other features which would interest you with the latest version of WebSphere MQ and WebSphere Message Broker.
Here are some useful links:
- Websphere Message Broker Infocenter: http://publib.boulder.ibm.com/infocenter/wmbhelp/v8r0m0/index.jsp
Disclaimer: Each posting on this site is the view of its author and does not necessarily represent IBM’s positions, strategies or opinions. I do not guarantee correctness of the opinions or content or sample code presented here. Use it at your own risk.