The following installation tasks must be performed to implement MQ
intercommunication:
Before you install and configure the Remote Agent, you should address a
number of planning considerations, including the following:
- Who will be responsible for establishing the configurations at the spoke
sites?
Because the implementer at the hub site typically has primary
responsibility for planning the overall process, this chapter describes the
necessary installation tasks for both the hub and spoke sites.
- What are the security needs of the hub site? The spoke site?
Your security requirements may differ from those of your trading partners,
and there may be different requirements among your trading partners.
See Security for some of the choices that you can make in setting the
configuration properties that define your levels of security.
- What configuration properties need to be coordinated between the hub and
spoke sites?
Certain configuration properties, port numbers, and some security settings,
need to be coordinated between the hub and spoke sites.
The Remote Agent can be configured for use with either Native WebSphere MQ
or HTTP/HTTPS protocols for communication over the internet. The Native
WebSphere MQ option is configured using only the software delivered with the
product. The HTTP option requires WebSphere MQ Internet pass-thru,
which is not delivered and must be acquired separately. This section
describes both configurations.
- Note:
- JMS is the only supported transport for both configurations.
This configuration option uses the WebSphere MQ protocol, along with Secure
Sockets Layer (SSL) to ensure secure communication over the internet.
This configuration provides better performance; however, it requires that
a port be opened on the firewall to allow WebSphere MQ across through the
firewall. Figure 2. illustrates this configuration.
You must configure the WebSphere MQ channels for bidirectional
communication between the broker and the adapter. Two channels are
required--one for each direction.
- Note:
- The following steps assume that MQ1 and MQ2 are listening on port
1414.
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Configure firewall 1 to forward traffic on port 1414 to MQ1 and configure
firewall 2 to forward traffic on port 1414 to MQ2.
- Note:
- Assume that MQ1 and MQ2 are listening on port 1414 and that the firewall
allows network traffic based on port forwarding. The actual
configuration may change, depending on the type of firewall being used.
- Set the IpAddress of sender Channel 1 to the connection name of firewall
2.
- Set the IpAddress of sender Channel 2 to the connection name of firewall
1.
- MQ1 (Q1 is used for communication from the hub site to the spoke
site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the hub
site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue manager.
Refer the RemoteAgentSample.mqsc and
RemoteServerSample.mqsc sample scripts, located in
ProductDir\mqseries to configure the queue
managers.
Figure 2. Native WebSphere MQ Configuration

This configuration option uses WebSphere MQ Internet pass-thru to pass
information over the internet using HTTP. Figure 3 illustrates this configuration.
You must define routes to specify the port, IP address, and SSL
details. Two routes must be configured for bidirectional communication
between the hub and the spoke site. Two routes at each site are
required--one for each direction.
Channels must be configured for bidirectional communication between the hub
site and the spoke site. Two channels are required--one for each
direction.
- Note:
- The following steps assume that MQ1 and MQ2 are listening on port
1414.
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Set the ConnectionName of CHANNEL1 to the IpAddress and ListenerPort of
MQIPT1.
- Set the ConnectionName of CHANNEL2 to the IpAddress and ListenerPort of
MQIPT2.
- Set firewall 1 to forward all traffic on the ListenerPort to
MQIPT1.
- Set firewall 2 to forward all traffic on the ListenerPort to
MQIPT2.
- MQ1 (Q1 is used for communication from the hub site to the spoke
site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the hub
site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue manager.
Refer the RemoteAgentSample.mqsc and
RemoteServerSample.mqsc sample scripts, located in
ProductDir\mqseries to configure the queue
managers.
- Route1 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages from queue
manager MQ1
- Destination = Domain name or IP address of MQIPT2
- DestinationPort = Port on which MQIPT2 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy = IpAddress of firewall2 (or a proxy server if there is one in
the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT1 certificate
- SSLClientKeyRingPW = Path to the file that contains the password for the
ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that contains the trusted CA
certificates
- SSLClientCAKeyRingPW = path to the file that contains the password for the
CAKeyRing file
- Route2 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages from MQIPT2
- Destination = Domain name or IPaddress for queue manager MQ1
- DestinationPort = Port on which MQ1 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that contains the MQIPT1 certificate
- SSLServerKeyRingPW = Path to the file that contains the password for the
ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted CA
certificates
- SSLServerCAKeyRingPW = Path to the file that contains the password for the
CAKeyRing file
- Route1 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for MQIPT1
- Destination = Domain name of IPaddress of queue manager MQ2
- DestinationPort = Port on which MQ2 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that has MQIPT2s certificate
- SSLServerKeyRingPW = Path to the file that has the password for the
ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted CA
certificates
- SSLServerCAKeyRingPW = Path to the file that contains the password for the
CAKeyRing file
- Route2 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for messages from MQ2
- Destination = Domain name or IP address of MQIPT1
- DestinationPort = Port on which MQIPT1 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy= IpAddress of firewall1 (or a proxy server if there is one in
the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT2 certificate
- SSLClientKeyRingPW = Path to the file that contains the password for the
ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that has trusted CA certificates
- SSLClientCAKeyRingPW = Path to the file that contains the password for the
CAKeyRing file
Figure 3. HTTP/HTTPS Configuration

You may have to perform configuration tasks in some applications for the
connectors to be able to perform the necessary operations with this particular
communication model. Refer to the guide for your adapter to determine
if any such configuration tasks are necessary.
Remote Agent requires that the following be running:
- The integration broker
For information on how to start the WebSphere InterChange Server broker,
see the System Installation Guide for Windows or the System
Installation Guide for UNIX.
See the WebSphere Application Server documentation for information on how
to start that broker.
See the documentation on a supported message broker for information on how
to start that broker.
- Connector agent
For information on how to start connectors if your broker is WebSphere
InterChange Server, see the System Administration Guide.
For information on how to start connectors if your broker is WebSphere
Application Server, see Implementating Adapters with WebSphere Application
Server.
For information on how to start connectors if your broker is one of the
supported message brokers, see Implementing Adapters with WebSphere MQ
Integrator Broker.
- Queue managers at both the hub and spoke sites
For information on how to start WebSphere MQ services, see the WebSphere MQ
documentation.
- WebSphere MQ internet pass-thru (if HTTP/HTTPS is the configured
transport)
For information on how to start WebSphere MQ Internet pass-thru, see the
WebSphere MQ Internet pass-thru documentation.
