Creating an encrypted file system for an existing queue manager

You can use the back up and restore mechanism to convert an existing queue manager to having an encrypted file system.

About this task

You can back up an existing non-encrypted queue manager, then restore it as an encrypted queue manager.

Procedure

  1. Enter the IBM® MQ administration mode by entering the following command:
    mqcli
  2. If this is the first time you have backed up a queue manager, you must first allocate space on the appliance to write the back up to.
    createbackupfs -s size -e [-p passphrase]
    Where size is the size of the space that is allocated in GB. A directory that is named mqbackup:///QMgrs is created and allocated that storage. If you are going to back up queue managers that have encrypted file systems, you should specify that the allocated space is encrypted too. You can specify a passphrase as part of the command, or be prompted for it when you run the command. The passphrase can be between 1 and 512 characters. You should store a copy of the passphrase somewhere safe.
  3. Type the following command to stop the queue manager:
    
    endmqm QM_name  
    
    Where QM_name is the name of the queue manager that you want to stop. You must stop the queue manager before taking the back up.
  4. Type the following command to back up a queue manager:
    
    mqbackup -m QM_name  
    
    Where QM_name is the name of the queue manager that you want to back up. The backup can take some time to run, during which period you cannot use the CLI.
    By default the archive file is named QM_name.bak, but you can add the -o outfilename argument to the mqbackup command to specify a file name, if required:
    
    mqbackup -m QM_name -o outfilename 
    
  5. Delete the existing queue manager:
    dltmqm QM_name  
    
    Where QM_name is the name of the queue manager that you want to delete. You must delete the original queue manager before you restore, otherwise the restore will fail.
  6. You now restore the back up, specifying that the queue manager file system is encrypted:
    mqrestore -f filename -e [-p passphrase]
    You can specify the passphrase as part of the command, or be prompted for it when you run the command. The passphrase can be between 1 and 512 characters. You should store a copy of the passphrase somewhere safe.