Migration considerations for MFT

Configuration layout directly after installation in MFT

The diagram shows the configuration layout directly after installation as it is in IBM® MQ.

Default configuration directories:

Information is split over four separate sub-directories: config, installations, ipc, and logs.

Default product root directories (MQ_DATA_PATH) are as follows:

• UNIX systems: /var/mqm
• Linux® systems: /var/mqm
• Windows: the location of the configuration directory depends on the location of your primary IBM MQ installation. The default locations for primary installations are as follows:
  • 32-bit: C:\Program Files (x86)\IBM\WebSphere MQ
  • 64-bit: C:\Program Files\IBM\MQ

Configuration sub-directories are as follows:

• The MQ_DATA_PATH/mqft/config directory contains the parts of the configuration that are read-only for Managed File Transfer processes. For example, agent.properties and command.properties.
• The MQ_DATA_PATH/mqft/installations directory contains configuration information for each installation. The content of this directory is equivalent to the content of the wmqfte.properties file.
• The MQ_DATA_PATH/mqft/ipc directory contains IPC resources used internally to communicate between the Managed File Transfer components. Applicable to UNIX and Linux systems only.
• The MQ_DATA_PATH/mqft/logs directory contains the parts of the configuration that are written by Managed File Transfer processes. For example, trace information and log files.

installation.properties file

On UNIX and Linux systems, the default location is MQ_DATA_PATH/mqft/installations/installation_name

On Windows, the default location is MQ_DATA_PATH\mqft\installations\installation_name

logger.properties file

This file incorporates property information for stand-alone file loggers, stand-alone database loggers, and Java EE database loggers.

The default location is MQ_DATA_PATH/mqft/config/coordination_qmgr_name/loggers/logger_name.

Security changes

For IBM WebSphere® MQ 7.5, or later, only users who are administrators (members of the mqm group) can run the following list of fte commands:

• fteChangeDefaultConfigurationOptions
• fteCreateAgent (create an MFT agent)
• fteCreateBridgeAgent (create and configure an MFT protocol bridge agent)
• fteCreateCDAgent (create a Connect:Direct bridge agent)
• fteCreateLogger (create an MFT file or database logger)
• fteDeleteAgent
• fteDeleteLogger
• fteMigrateAgent: migrate an FTE 7.0 agent to MQ 7.5 or later
• fteMigrateConfigurationOptions: migrate an FTE 7.0 configuration to MQ 7.5 or later
• fteMigrateLogger: migrate an FTE 7.0 database logger to MQ 7.5 or later
• fteModifyAgent (run an MFT agent as a Windows service)
• fteModifyLogger (run an MFT logger as a Windows service)
• fteSetupCommands: create the MFT command.properties file
• fteSetupCoordination

When using IBM WebSphere MQ 7.5 or later on Multiplatforms, only the user that the agent process is running under can run the fteSetAgentTraceLevel command.

For z/OS®, for Continuous Delivery from IBM MQ 9.0.2, the fteSetAgentTraceLevel command can be run by either:

• The same userid that the agent process is running as.
• Members of the group specified by the agent property adminGroup.

This also applies to the Long Term Support release from IBM MQ 9.0.0 Fix Pack 1.

For z/OS, for Continuous Delivery from IBM MQ 9.0.2, if the fteShowAgentDetails command is run to display information about a local agent, then the command can be run by either:

• The same userid that the agent process is running as.
• Members of the group specified by the agent property adminGroup.

This also applies to the Long Term Support release from IBM MQ 9.0.0 Fix Pack 1.

For more information, see the adminGroup property in The MFT agent.properties file.

Security changes in IBM MQ 8.0

If you are running Managed File Transfer on IBM WebSphere MQ 7.0, and migrate to IBM MQ 8.0, the user Id information in the MQMFTCredentials.xml file is passed to the queue manager, but will not be acted upon.

This is because the passing of user Id and password information only is supported in IBM MQ 8.0.

commandPath and agent sandboxes

For IBM MQ 8.0 and later, if an agent has been configured with an agent sandbox and the agent property commandPath has been set, then the directories specified by commandPath are automatically added to the denied paths when the agent starts. If the commandPath property is set on an agent which is not configured with an agent sandbox, then a new sandbox is set up automatically and the directories specified by the commandPath are added to the denied directories when the agent starts.

If the commandPath property is set on an agent which is not configured with an agent sandbox, then a new sandbox is set up automatically and the directories specified by the commandPath are added to the denied directories when the agent starts.

For more information about the commandPath property, see commandPath MFT property and The MFT agent.properties file.

commandPath and user sandboxes

For IBM MQ 8.0 and later, if an agent has been configured with one or more user sandboxes, and has the agent property commandPath set, then the directories specified by commandPath (and all of their subdirectories) are automatically added as <exclude> elements to the <read> and <write> elements for each user sandbox when the agent starts up.

For more information about the commandPath property, see commandPath MFT property and The MFT agent.properties file.

Migrating MFT agents that run as a Windows service from IBM WebSphere MQ 7.5 to IBM MQ 9.0

Between IBM WebSphere MQ 7.5, IBM MQ 8.0, and IBM MQ 9.0, the default IBM MQ installation path has changed on the Windows platform.

If a queue manager is being migrated from IBM WebSphere MQ 7.5 to IBM MQ 8.0 or IBM MQ 9.0, any applications that are running on the same system as the queue manager must be reconfigured to load the IBM MQ libraries from the new installation location. This includes any IBM MQ Managed File Transfer agents that are running as a Windows service.