Use an MQEndpoint policy to control the values of MQ node connection properties at run time, or to specify an MQ broker for event publication.
MQEndpoint policy documents can be used interchangeably on any of the listed MQ node types. Policies are only validated at run time, so you must check that you set the correct properties for your solution. For example, you might define a connection to a remote queue manager in an MQEndpoint policy document, but this configuration is not supported for integration nodes that are running on z/OS®. For more information about which connection properties can be controlled by MQEndpoint policies, see the appropriate MQ message flow node reference topic in the previous list.
All MQ nodes that do not have either MQ Connection properties set or an MQEndpoint policy specified will use the connection details of the queue manager that is associated with the integration node at run time. If no queue manager was specified for the integration node, the message flow cannot deploy. You can configure the connection properties by either defining an MQEndpoint policy, or set the properties on the MQ Connection tab. If an MQEndpoint policy is specified, then the values of properties that are set in the MQEndpoint policy are used at run time instead of any corresponding values that are set on the MQ Connection tab.
mqsichangeproperties IBNODE -o BrokerRegistry -n mqCCDT -v file_path
You can use an MQEndpoint policy to set security properties for connections to secured IBM MQ queue managers. You can connect to a secured local or remote IBM MQ queue manager, by passing a user name and password to the queue manager when the connection is made. You can also choose whether to use the SSL protocol when a client connection is made to a remote queue manager.
If you set the Use SSL property in an MQEndpoint policy to provide confidentiality on the client connection, you must also specify the location of the key repository by running the mqsichangeproperties command. If you set the Security identity property, to specify an identity that is used to provide user name and password credentials, you must also define the identity by running the mqsisetdbparms command. For more information about the security properties that can be controlled by an MQEndpoint policy, see the MQInput node, MQOutput node, MQReply node, or MQGet node reference topics. For more information about connecting to a secured queue manager, see Connecting to a secured IBM MQ queue manager.
For publish/subscribe applications, you can use an MQEndpoint policy to control the connection details for the MQ pub/sub broker. For more information, see Parameter values for the pubsub component.
- IBM Integration Toolkit
- Use the IBM Integration Toolkit to generate a policy document from an existing message flow node. The initial policy document contains the node's operational properties and the current values of those properties, as defined in the Properties view of the Message Flow editor. The operational property values can be edited as required, and the generated policy document can be saved in the Integration Registry. You can also use the IBM Integration Toolkit to attach and detach policies on the node. For more information, see Configuring MQEndpoint, MQTTSubscribe, or MQTTPublish policies with the IBM Integration Toolkit.
- Web user interface (UI)
- Use the web UI to create, retrieve, update, and delete policy
documents that are stored in the Integration Registry. In the navigation
tree, expand Save As function enables you
to save an existing policy with a new name.
You can also use the message flow view to retrieve and update a policy that is attached to a message flow node. In the navigation tree, expand Message Flows, and select the name of the message flow, or subflow, you want to view. Select the Operational Policy tab from the top of the message flow pane, and the message flow, or subflow, is displayed in the Node Policies section. If the message flow, or subflow, includes a node that has an operational policy attached, the following policy icon is displayed on the upper-right corner of the node icon: . Click the policy icon to retrieve and update the policy document., where server_name is the name of your integration server, and resource is where you stored your message flow. Then, expand
For information about accessing the web UI, see Accessing the web user interface.
followed by the policy type; for example, expand to see the list of
saved policies that relate to MQ nodes. Select a policy name to view
the contents of the policy document, and edit the property values
as required. The
- Representational State Transfer (REST) application programming interface (API)
- Use the REST API to create, retrieve, update, and delete policy documents in the Integration Registry. For more information, see Representational State Transfer (REST) API.
- Command line
- Use the following commands to create, retrieve, update, and delete policy documents:
If you create an MQ Service, an MQEndpoint policy document can be generated by default from the connection details. When the MQ Service is applied to an MQ message flow node, the MQEndpoint policy document is automatically attached. For more information, see MQ Service.
<policy type="MQEndpoint"> <policyProperties> <mqConnectionDetailsPolicy> <connection>CLIENT</connection> <destinationQueueManagerName>QMGR1</destinationQueueManagerName> <queueManagerHostname>localhost</queueManagerHostname> <listenerPortNumber>1414</listenerPortNumber> <channelName>SYSTEM.DEF.SVRCONN</channelName> <securityIdentity>SecId</securityIdentity> <useSSL>true</useSSL> <SSLPeerName>CN=IIB10*</SSLPeerName> <SSLCipherSpec>TLS_RSA_WITH_AES_128_CBC_SHA</SSLCipherSpec> </mqConnectionDetailsPolicy> </policyProperties> </policy>