Creating a shared directory for queue manager data and log files
This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of your choosing.
In a production scale configuration, you might have to tailor the configuration to an existing domain. For example, you might define different domain groups to authorize different shares, and to group the user IDs that run queue managers.
- sun
- A Windows Server 2008 domain controller. It owns the wmq.example.com domain that contains Sun, mars, and venus. For the purposes of illustration, it is also used as the file server.
- mars
- A Windows Server 2008 used as the first IBM® WebSphere® MQ server. It contains one instance of the multi-instance queue manager called QMGR.
- venus
- A Windows Server 2008 used as the second IBM WebSphere MQ server. It contains the second instance of the multi-instance queue manager called QMGR.
Replace the italicized names in the example, with names of your choosing.
Before you begin
- To do this task exactly as documented, do the steps in the task, Creating an Active Directory and DNS domain for IBM WebSphere MQ, to create the domain sun.wmq.example.com on the domain controller sun. Change the italicized names to suit your configuration.
About this task
This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of your choosing. They accompany the task, Windows domains and multi-instance queue managers.
In the task,
you create a share containing a data and log directory, and a global
group to authorize access to the share. You pass the name of the global
group that authorizes the share to the crtmqm command
in its -a parameter. The global group gives
you the flexibility of separating the users of this share from users
of other shares. If you do not need this flexibility, authorize the
share with the Domain mqm
group rather than create
a new global group.
The global group used for sharing in this task is called wmqha, and the share is called wmq. They are defined on the domain controller sun in the Windows domain wmq.example.com. The share has full control permissions for the global group wmqha. Replace the italicized names in the task with names of your choosing.
For the purposes of this task the domain controller is the same server as the file server. In practical applications, split the directory and file services between different servers for performance and availability.
You
must configure the user ID that the queue manager is running under
to be a member of two groups. It must be a member of the local mqm
group
on an IBM WebSphere MQ server, and of the wmqha global
group.
In this set of tasks, when the queue manager is running
as a service, it runs under the user ID wmquser1,
so wmquser1 must be a member
of wmqha. When the queue manager
is running interactively, it runs under the user ID wmquser2,
so wmquser2 must be a member
of wmqha. Both wmquser1 and wmquser2 are
members of the global group Domain mqm. Domain
mqm is a member of the local mqm
group
on the mars and venus IBM WebSphere MQ servers. Hence, wmquser1 and wmquser2 are
members of the local mqm
group on bothIBM WebSphere MQ servers.
Procedure
What to do next
Check that you can read and write files to the shared
directories from each of the IBM WebSphere MQ servers.
Check the IBM IBM WebSphere MQ service user ID, wmquser1
and
the interactive user ID, wmquser2
.
- If you are using remote desktop, you must add
wmq\wmquser1
andwmquser2
to the local groupRemote Desktop Users
on mars.- Log on to mars as wmq\Administrator
- Run the lusrmgr.msc command to open the Local Users and Groups window.
- Click Groups. Right-click . Type wmquser1; wmquser2 and click Check Names.
- Type in the user name and password of the domain administrator, wmq\Administrator, and click .
- Close the Local Users and Groups window.
- Log on to mars as
wmq\wmquser1
.Open a Windows Explorer window, and type in \\sun\wmq.
The system responds by opening the wmq share on sun.wmq.example.com, and lists the data and logs directories.
- Check the permissions of wmquser1 by creating a file in data subdirectory, adding some content, reading it, and then deleting it.
- Log on to mars as
wmq\wmquser2
, and repeat the checks. - Do the next task, to create a queue manager to use the shared data and log directories; see Reading and writing shared data and log files authorized by an alternative global security group.