MQEndpoint policy

Use an MQEndpoint policy to control the values of MQ node connection properties at run time, or to specify an MQ broker for event publication.

An MQEndpoint policy can be attached to a set of specific MQ nodes in a message flow to control the values of connection properties at run time. These values override any equivalent properties that were specified on the MQ Connection tab when the message flow was developed. The following MQ node types can use an MQEndpoint policy:

MQEndpoint policy documents can be used interchangeably on any of the listed MQ node types. Policies are only validated at run time, so you must check that you set the correct properties for your solution. For example, you might define a connection to a remote queue manager in an MQEndpoint policy document, but this configuration is not supported for integration nodes that are running on z/OS®. For more information about which connection properties can be controlled by MQEndpoint policies, see the appropriate MQ message flow node reference topic in the previous list.

All MQ nodes that do not have either MQ Connection properties set or an MQEndpoint policy specified will use the connection details of the queue manager that is associated with the integration node at run time. If no queue manager was specified for the integration node, the message flow cannot deploy. You can configure the connection properties by either defining an MQEndpoint policy, or set the properties on the MQ Connection tab. If an MQEndpoint policy is specified, then the values of properties that are set in the MQEndpoint policy are used at run time instead of any corresponding values that are set on the MQ Connection tab.

If you set the ccdt property in an MQEndpoint policy document to use a CCDT file, you must also run the mqsichangeproperties command to specify the CCDT file path. Use the following form, where IBNODE and file_path represent the integration node name, and the path to the CCDT file:

mqsichangeproperties IBNODE -o BrokerRegistry -n mqCCDT -v file_path

You can use an MQEndpoint policy to set security properties for connections to secured IBM MQ queue managers. You can connect to a secured local or remote IBM MQ queue manager, by passing a user name and password to the queue manager when the connection is made. You can also choose whether to use the SSL protocol when a client connection is made to a remote queue manager.

If you set the Use SSL property in an MQEndpoint policy to provide confidentiality on the client connection, you must also specify the location of the key repository by running the mqsichangeproperties command. If you set the Security identity property, to specify an identity that is used to provide user name and password credentials, you must also define the identity by running the mqsisetdbparms command. For more information about the security properties that can be controlled by an MQEndpoint policy, see the MQInput node, MQOutput node, MQReply node, or MQGet node reference topics. For more information about connecting to a secured queue manager, see Connecting to a secured IBM MQ queue manager.

For publish/subscribe applications, you can use an MQEndpoint policy to control the connection details for the MQ pub/sub broker. For more information, see Parameter values for the pubsub component.

You can use the following tools to create, attach, and manage MQEndpoint policies:

IBM Integration Toolkit

Use the IBM Integration Toolkit to generate a policy document from an existing message flow node. The initial policy document contains the node's operational properties and the current values of those properties, as defined in the Properties view of the Message Flow editor. The operational property values can be edited as required, and the generated policy document can be saved in the Integration Registry. You can also use the IBM Integration Toolkit to attach and detach policies on the node. For more information, see Configuring MQEndpoint, MQTTSubscribe, or MQTTPublish policies with the IBM Integration Toolkit.

Web user interface (UI)

Use the web UI to create, retrieve, update, and delete policy documents that are stored in the Integration Registry. In the navigation tree, expand Operational Policy followed by the policy type; for example, expand MQEndpoint to see the list of saved policies that relate to MQ nodes. Select a policy name to view the contents of the policy document, and edit the property values as required. The Save As function enables you to save an existing policy with a new name.

You can also use the message flow view to retrieve and update a policy that is attached to a message flow node. In the navigation tree, expand Servers > server_name > resource, where server_name is the name of your integration server, and resource is where you stored your message flow. Then, expand Message Flows, and select the name of the message flow, or subflow, you want to view. Select the Operational Policy tab from the top of the message flow pane, and the message flow, or subflow, is displayed in the Node Policies section. If the message flow, or subflow, includes a node that has an operational policy attached, the following policy icon is displayed on the upper-right corner of the node icon: Image of policy icon. . Click the policy icon to retrieve and update the policy document.

For information about accessing the web UI, see Accessing the web user interface.

Representational State Transfer (REST) application programming interface (API)

Use the REST API to create, retrieve, update, and delete policy documents in the Integration Registry. For more information, see Representational State Transfer (REST) API.

Command line

Use the following commands to create, retrieve, update, and delete policy documents:

To create a policy, use the mqsicreatepolicy command. For more information, see Creating and importing policies.
To retrieve details of a policy, use the mqsireportpolicy command.
To update a policy, use mqsichangepolicy command.
To delete a policy, use the mqsideletepolicy command.

If you create an MQ Service, an MQEndpoint policy document can be generated by default from the connection details. When the MQ Service is applied to an MQ message flow node, the MQEndpoint policy document is automatically attached. For more information, see MQ Service.

The following XML is an example of an MQEndpoint policy document:

<policy type="MQEndpoint">
    <policyProperties>
       <mqConnectionDetailsPolicy>
           <connection>CLIENT</connection>
           <destinationQueueManagerName>QMGR1</destinationQueueManagerName>
           <queueManagerHostname>localhost</queueManagerHostname>
           <listenerPortNumber>1414</listenerPortNumber>
           <channelName>SYSTEM.DEF.SVRCONN</channelName>
           <securityIdentity>SecId</securityIdentity>
           <useSSL>true</useSSL>
           <SSLPeerName>CN=IIB10*</SSLPeerName>
           <SSLCipherSpec>TLS_RSA_WITH_AES_128_CBC_SHA</SSLCipherSpec>
       </mqConnectionDetailsPolicy>
     </policyProperties>
</policy>