Installing IBM MQ
IBM MQ supports the exchange of information between applications, systems, services, and files by sending and receiving message data via messaging queues. To use IBM MQ, you must configure it before you install IBM RPA.
IBM MQ is the recommended queue provider for IBM RPA.
Before you begin
- You must have a local administrator authority when you are installing. Define this authority through the Windows facilities.
- Make sure that the computer name does not contain any spaces.
- Make sure that you have sufficient disk space to fully install IBM MQ for Windows. For more information, see Disk space requirements on Multiplatforms.
- Determine whether you need to define Windows domain user IDs for any IBM MQ users.
| IBM MQ version | IBM RPA version |
|---|---|
| 9.3.3 | 23.0.11 |
| 9.3.3 | 23.0.12 |
| 9.3.3 | 23.0.13 |
| 9.3.3 | 23.0.14 |
| 9.3.3 | 23.0.15 |
| 9.3.3 | 23.0.16 |
| 9.3.3 | 23.0.17 |
| 9.4.0 | 23.0.18 |
How IBM Robotic Process Automation uses IBM MQ Advanced
IBM Robotic Process Automation includes entitlement to use IBM MQ Advanced as a Supporting Program. Not all features of IBM MQ Advanced are included, the following features are in the restricted list for this program:
- MQ Advanced High Availability features:
- Replicated Data Queue Managers
- Native High Availability
- IPT Cryptographic hardware
- Kafka Connectors
- Telemetry Service
- Managed File Transfer
- Advanced Message Security
- Instana tracing exit
Read the “Restricted components” section in the IBM Robotic Process Automation license document for information on the features of IBM MQ Advanced that are restricted.
IBM Robotic Process Automation" in the IBM Terms page to view license information regarding to
specific versions of the product.IBM Robotic Process Automation uses IBM MQ Advanced features that are necessary or otherwise directly related to a licensed use of IBM Robotic Process Automation. To use IBM MQ Advanced features to connect other applications, systems, and services, or to use any of the restricted components, you must purchase a license of IBM MQ Advanced.
Installing IBM MQ Advanced
IBM Robotic Process Automation on premises
IBM MQ Advanced is an optional setup for IBM Robotic Process Automation on premises. For more information about IBM MQ Advanced versioning reference, see the Table 1 in the Installing IBM MQ Advanced: Before you begin section.
IBM Robotic Process Automation on Red Hat OpenShift Container Platform
IBM Robotic Process Automation installs the IBM MQ Advanced operator as a required dependency. For more information about IBM MQ Advanced operator versioning reference, see the Table 2 in the Versioning reference section.
Usage by component
The following components of IBM Robotic Process Automation use the queue provider that is defined as the default queue provider of the tenant to create queues. If you choose to use IBM MQ Advanced, these components require access to it:
- Bot
- Computers
- Computer groups
- Processes
About this task
The launchpad and subsequent wizards take you through the installation process, and helps you to review the software requirements and IBM MQ settings.
This task assumes that you are installing IBM MQ for the first time on your computer, and that you are using the default locations. By default the location of the IBM MQ program files is C:\Program Files\IBM\MQ, and the data and
log file location is C:\ProgramData\IBM\MQ.
Installing IBM MQ
Follow the instructions in Download and install IBM MQ.
Configure the queue manager
If your queue manager is running on Windows™, you need to manually create a user and set mqm as their primary group.
On a Linux™ environment, this is done by default. The user's name in Linux is mqm with mqm as the primary group.
-
Set the password for the user. Remember the password, you need it in the IBM RPA server installer.
-
Create a queue manager with the following command:
crtmqm RPASYSTEM -
Start the queue manager.
strmqm RPASYSTEM -
Enter the MQSC command mode on the queue manager. You must enter the user password to apply.
runmqsc -u <user> RPASYSTEM -
Create a listener for the queue manager to allow network ingress.
DEFINE LISTENER(LISTENER) TRPTYPE(tcp) CONTROL(qmgr) PORT(1414) -
Start the listener.
START LISTENER(LISTENER) -
Create a channel for IBM RPA to use and map the user to this channel.
DEFINE CHANNEL('RPA') CHLTYPE(SVRCONN) MCAUSER('<user>') -
Define a local queue for IBM RPA to use as the system queue.
DEFINE QLOCAL('RPAQ')Remember:All subsequent queues that you want to use with IBM RPA must be created through the IBM RPA Control Center and not through the command line. -
Remove the default channel authentication rule that blocks all user connections by default.
SET CHLAUTH(*) TYPE(BLOCKUSER) USERLIST(*MQADMIN) ACTION(REMOVE) -
Exit the MQSC console with the following command:
exit
Optional: Enable TLS
Transport Layer Security (TLS) is a cryptographic protocol that is used to provide secure communication between IBM MQ applications. Starting from version 23.0.16, IBM RPA supports a TLS connection with IBM MQ.
For more information about TLS, see Cryptographic security protocols: TLS.
To enable TLS on your IBM RPA server, you must first enable TLS on IBM MQ. The following procedure provides instructions about how to configure TLS in your IBM MQ installation.
TLS requires a valid certificate to encrypt the connection between client and server. You can use IBM MQ's certificate and key management tools to obtain and manage your certificates. For more information, see runmqakm and runmqktool commands on AIX, Linux, and Windows or Key Manager tool.
Follow these steps to configure TLS in your IBM MQ queue manager:
-
Open the Windows PowerShell or the command prompt.
-
Enter your queue manager:
runmqsc -u your_user your_queue_managerWhere:
-
your_queue_manager
The name of your queue manager. -
your_user
The name of the user that has permission to access the keystore file.
-
-
Enter the following commands to configure TLS in your queue manager:
ALTER QMGR SSLKEYR('path\to\key.p12') CERTLABL('your_cert_label') KEYRPWD('your_keystore_pass') ALTER CHANNEL ('your_channel') CHLTYPE(SVRCONN) SSLCIPH('ANY_TLS12_OR_HIGHER') SSLCAUTH(OPTIONAL) SSLPEER('') REFRESH SECURITY TYPE(SSL)Replacing the following values:
-
path\to\key.p12
The path to the keystore file. -
your_cert_label
The certificate label in the keystore file. -
your_keystore_pass
The password of the keystore file. -
your_channel
The name of the channel that you want to use to communicate with the IBM RPA server.
-
-
In the IBM RPA Control Center, go to Platform Settings and configure the System Queue provider TLS settings. For more information, see System queue provider.
Tip:If your Certificate subject name contains many fields, you can use a wildcard to match the certificate CN. For example,CN=your_hostname*
Validating the installation
After you install IBM MQ, you must check whether IBM MQ is working as expected before you install the IBM RPA Control Center server.
To validate, run the sample programs from the Running the Put sample programs🡥 page.
What to do next
You need the following information to install the server:
- Hostname: the fully qualified domain name of the server that your queue manager is running on.
- Port: the port that the listener is running on. By default, the port is 1414.
- Queue Manager name: the name of your queue manager. In this example, the queue manager name is RPASYSTEM.
- Channel: the channel created on the queue manager. In this example, the channel name is RPA.
- User: the user configured to access the queue. The default user is
mqm. - Password: the password of the
mqmuser.
After that, see Install the server to proceed with the installation.
After you install the server, you must validate if IBM RPA is able to connect to IBM MQ.