The following installation tasks must be performed to implement
MQ intercommunication:
Before you install and configure the Remote Agent, you should
address a number of planning considerations, including the
following:
- Who will be responsible for establishing the configurations at
the spoke sites?
Because the implementer at the hub site typically has primary
responsibility for planning the overall process, this appendix
describes the necessary installation tasks for both the hub and
spoke sites.
- What are the security needs of the hub site? The spoke site?
Your security requirements may differ from those of your trading
partners, and there may be different requirements among your
trading partners. See Security for some
of the choices that you can make in setting the configuration
properties that define your levels of security.
- What configuration properties need to be coordinated between
the hub and spoke sites?
Certain configuration properties, port numbers, and some
security settings, need to be coordinated between the hub and spoke
sites.
The Remote Agent can be configured for use with either Native
WebSphere MQ or HTTP/HTTPS protocols for communication over the
internet. The Native WebSphere MQ option is configured using only
the software delivered with the product. The HTTP option requires
WebSphere MQ Internet pass-thru, which is not delivered and must be
acquired separately. This section describes both
configurations.
- Note:
- JMS is the only supported transport for both
configurations.
This configuration option uses the WebSphere MQ protocol, along
with Security Socket Layer (SSL) to ensure secure communication
over the internet. This configuration provides better performance;
however, it requires that a port be opened on the firewall to allow
WebSphere MQ across through the firewall. Figure 2. illustrates this
configuration.
You must configure the WebSphere MQ channels for bidirectional
communication between the broker and the adapter. Two channels are
required--one for each direction.
- Note:
- The following steps assume that MQ1 and MQ2 are listening on
port 1414.
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Configure firewall 1 to forward traffic on port 1414 to MQ1 and
configure firewall 2 to forward traffic on port 1414 to MQ2.
- Note:
- Assume that MQ1 and MQ2 are listening on port 1414 and that the
firewall allows network traffic based on port forwarding. The
actual configuration may change, depending on the type of firewall
being used.
- Set the IpAddress of sender Channel 1 to the connection name of
firewall 2.
- Set the IpAddress of sender Channel 2 to the connection name of
firewall 1.
- MQ1 (Q1 is used for communication from the hub site to the
spoke site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the
hub site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue
manager.
Refer the RemoteAgentSample.mqsc and
RemoteServerSample.mqsc sample scripts, located in
ProductDir\mqseries to configure the queue
managers.
Figure 2. Native WebSphere MQ
Configuration

This configuration option uses WebSphere MQ Internet pass-thru
to pass information over the internet using HTTP. Figure 3 illustrates this
configuration.
You must define routes to specify the port, IP address, and SSL
details. Two routes must be configured for bidirectional
communication between the hub and the spoke site. Two routes at
each site are required--one for each direction.
Channels must be configured for bidirectional communication
between the hub site and the spoke site. Two channels are
required--one for each direction.
- Note:
- The following steps assume that MQ1 and MQ2 are listening on
port 1414.
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Set the ConnectionName of CHANNEL1 to the IpAddress and
ListenerPort of MQIPT1.
- Set the ConnectionName of CHANNEL2 to the IpAddress and
ListenerPort of MQIPT2.
- Set firewall 1 to forward all traffic on the ListenerPort to
MQIPT1.
- Set firewall 2 to forward all traffic on the ListenerPort to
MQIPT2.
- MQ1 (Q1 is used for communication from the hub site to the
spoke site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the
hub site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue
manager.
Refer the RemoteAgentSample.mqsc and
RemoteServerSample.mqsc sample scripts, located in
ProductDir\mqseries to configure the queue
managers.
- Route1 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages
from queue manager MQ1
- Destination = Domain name or IP address of MQIPT2
- DestinationPort = Port on which MQIPT2 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy = IpAddress of firewall2 (or a proxy server if there
is one in the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT1
certificate
- SSLClientKeyRingPW = Path to the file that contains the
password for the ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLClientCAKeyRingPW = path to the file that contains the
password for the CAKeyRing file
- Route2 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages
from MQIPT2
- Destination = Domain name or IPaddress for queue manager
MQ1
- DestinationPort = Port on which MQ1 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that contains the MQIPT1
certificate
- SSLServerKeyRingPW = Path to the file that contains the
password for the ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLServerCAKeyRingPW = Path to the file that contains the
password for the CAKeyRing file
- Route1 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for
MQIPT1
- Destination = Domain name of IPaddress of queue manager
MQ2
- DestinationPort = Port on which MQ2 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that has MQIPT2s
certificate
- SSLServerKeyRingPW = Path to the file that has the password for
the ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLServerCAKeyRingPW = Path to the file that contains the
password for the CAKeyRing file
- Route2 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for messages
from MQ2
- Destination = Domain name or IP address of MQIPT1
- DestinationPort = Port on which MQIPT1 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy= IpAddress of firewall1 (or a proxy server if there
is one in the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT2
certificate
- SSLClientKeyRingPW = Path to the file that contains the
password for the ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that has trusted CA
certificates
- SSLClientCAKeyRingPW = Path to the file that contains the
password for the CAKeyRing file
Figure 3. HTTP/HTTPS
Configuration

You may have to perform configuration tasks in some applications
for the connectors to be able to perform the necessary operations
with this particular communication model. Refer to the guide for
your adapter to determine if any such configuration tasks are
necessary.
Remote Agent requires that the following be running:
- The integration broker
For information on how to start the WebSphere InterChange Server
broker, see the System Installation Guide for Windows or
Unix.
See the WebSphere Application Server documentation for
information on how to start that broker.
See the documentation on a supported message broker for
information on how to start that broker.
- Connector agent
For information on how to start connectors if your broker is
WebSphere InterChange Server, see the System Administration
Guide.
For information on how to start connectors if your broker is
WebSphere Application Server, see Implementing Adapters with
WebSphere Application Server.
For information on how to start connectors if your broker is one
of the supported message brokers, see Implementing Adapters
with WebSphere Message Brokers.
- Queue managers at both the hub and spoke sites
For information on how to start WebSphere MQ services, see the
WebSphere MQ documentation.
- WebSphere MQ internet pass-thru (if HTTP/HTTPS is the
configured transport)
For information on how to start WebSphere MQ Internet pass-thru,
see the WebSphere MQ Internet pass-thru documentation.
