Creating a shared directory for queue manager data and log files on Windows
This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of your choosing.
In a production scale configuration, you might have to tailor the configuration to an existing domain. For example, you might define different domain groups to authorize different shares, and to group the user IDs that run queue managers.
- sun
- A Windows Server 2008 domain controller. It owns the wmq.example.com domain that contains Sun, mars, and venus. For the purposes of illustration, it is also used as the file server.
- mars
- A Windows Server 2008 used as the first IBM® MQ server. It contains one instance of the multi-instance queue manager called QMGR.
- venus
- A Windows Server 2008 used as the second IBM MQ server. It contains the second instance of the multi-instance queue manager called QMGR.
Replace the italicized names in the example, with names of your choosing.
Before you begin
- To do this task exactly as documented, do the steps in the task, Creating an Active Directory and DNS domain on Windows, to create the domain sun.wmq.example.com on the domain controller sun. Change the italicized names to suit your configuration.
About this task
This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of your choosing. They accompany the task, Windows domains and multi-instance queue managers.
In the task, you create a share containing a data and log directory, and a global group to
authorize access to the share. You pass the name of the global group that authorizes the share to
the crtmqm command in its -a parameter. The global
group gives you the flexibility of separating the users of this share from users of other shares. If
you do not need this flexibility, authorize the share with the Domain mqm
group
rather than create a new global group.
The global group used for sharing in this task is called wmqha, and the share is called wmq. They are defined on the domain controller sun in the Windows domain wmq.example.com. The share has full control permissions for the global group wmqha. Replace the italicized names in the task with names of your choosing.
For the purposes of this task the domain controller is the same server as the file server. In practical applications, split the directory and file services between different servers for performance and availability.
You must configure the user ID that the queue manager is running under to be a member of two
groups. It must be a member of the local mqm
group on an IBM MQ server, and of the wmqha global group.
In this set of tasks, when the queue manager is running as a service, it runs under the user ID wmquser1, so wmquser1 must be a member of wmqha. When the queue manager is running interactively, it runs under the user ID wmquser2, so wmquser2 must be a member of wmqha. Both wmquser1 and wmquser2 are members of the global group Domain mqm. Domain
mqm is a member of the local mqm
group on the mars and venus
IBM MQ servers. Hence, wmquser1 and wmquser2 are members of the local mqm
group on both IBM MQ servers.
Procedure
What to do next
Check that you can read and write files to the shared directories from each of the IBM MQ servers. Check the IBM MQ service user ID,
wmquser1
and the interactive user ID,
wmquser2
.
-
If you are using remote desktop, you must add
wmq\wmquser1
andwmquser2
to the local groupRemote Desktop Users
on mars.- Log on to mars as wmq\Administrator
- Run the lusrmgr.msc command to open the Local Users and Groups window.
- Click Groups. Right-click . Type wmquser1 ; wmquser2 and click Check Names.
- Type in the user name and password of the domain administrator, wmq\Administrator, and click .
- Close the Local Users and Groups window.
- Log on to mars as
wmq\wmquser1
.-
Open a Windows Explorer window, and type in \\sun\wmq.
The system responds by opening the wmq share on sun.wmq.example.com, and lists the data and logs directories.
- Check the permissions of wmquser1 by creating a file in data subdirectory, adding some content, reading it, and then deleting it.
-
- Log on to mars as
wmq\wmquser2
, and repeat the checks. - Do the next task, to create a queue manager to use the shared data and log directories; see Reading and writing shared data and log files authorized by an alternative global security group.