Installation tasks
The following installation tasks must be performed to
implement MQ intercommunication:
Planning the installation
Before you install and configure the Remote Agent, you
should address a number of planning considerations, including the
following:
- Who will be responsible for establishing the configurations
at the spoke sites?
Because the implementer at the hub site typically has primary
responsibility for planning the overall process, this chapter describes
the necessary installation tasks for both the hub and spoke sites.
- What are the security needs of the hub site? The spoke site?
Your security requirements may differ from those of your trading
partners, and there may be different requirements among your trading
partners. See Security for some
of the choices that you can make in setting the configuration properties
that define your levels of security.
- What configuration properties need to be coordinated between
the hub and spoke sites?
Certain configuration properties, port numbers, and some security
settings, need to be coordinated between the hub and spoke sites.
Configuring
the Remote Agent
The Remote Agent can be configured for use with either
Native WebSphere MQ or HTTP/HTTPS protocols for communication over
the internet. The Native WebSphere MQ option is configured using
only the software delivered with the product. The HTTP option requires
WebSphere MQ Internet pass-thru, which is not delivered and must
be acquired separately. This section describes both configurations.
Note:
JMS is the only supported transport for both configurations.
Native WebSphere MQ
This configuration option uses the WebSphere MQ protocol,
along with Secure Sockets Layer (SSL) to ensure secure
communication over the internet. This configuration provides better
performance; however, it requires that a port be opened on the firewall
to allow WebSphere MQ across through the firewall. Figure 2. illustrates this configuration.
You must configure the WebSphere MQ channels for bidirectional
communication between the broker and the adapter. Two channels are
required--one for each direction.
Note:
The following steps assume that MQ1 and MQ2 are
listening on port 1414.
To configure channels for Native WebSphere MQ
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Configure firewall 1 to forward traffic on port 1414 to MQ1
and configure firewall 2 to forward traffic on port 1414 to MQ2.
Note:
Assume that MQ1 and MQ2 are listening on port 1414
and that the firewall allows network traffic based on port forwarding.
The actual configuration may change, depending on the type of firewall
being used.
- Set the IpAddress of sender Channel 1 to the connection name
of firewall 2.
- Set the IpAddress of sender Channel 2 to the connection name
of firewall 1.
To configure queues for Native WebSphere MQ
- MQ1 (Q1 is used for communication from the hub site to the spoke
site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the
hub site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue manager.
Refer the RemoteAgentSample.mqsc and RemoteServerSample.mqsc sample scripts, located in ProductDir\mqseries to configure the queue managers.
Figure 2. Native WebSphere MQ Configuration
HTTP/HTTPS
This configuration option uses WebSphere MQ Internet pass-thru
to pass information over the internet using HTTP. Figure 3 illustrates this configuration.
You must define routes to specify the port, IP address, and SSL
details. Two routes must be configured for bidirectional communication
between the hub and the spoke site. Two routes at each site are
required--one for each direction.
Channels must be configured for bidirectional communication between
the hub site and the spoke site. Two channels are required--one
for each direction.
Note:
The following steps assume that MQ1 and MQ2 are
listening on port 1414.
To configure channels for HTTP/HTTPS
- Channel 1 (MQ1 is the sender and MQ2 is the receiver):
- Create the CHANNEL1 sender channel on MQ1.
- Create the CHANNEL1 receiver channel on MQ2.
- Channel 2 (MQ2 is the sender and MQ1 is the receiver):
- Create the CHANNEL2 sender channel on MQ2.
- Create the CHANNEL2 receiver channel on MQ1.
- Set the ConnectionName of CHANNEL1 to the IpAddress and ListenerPort
of MQIPT1.
- Set the ConnectionName of CHANNEL2 to the IpAddress and ListenerPort
of MQIPT2.
- Set firewall 1 to forward all traffic on the ListenerPort to
MQIPT1.
- Set firewall 2 to forward all traffic on the ListenerPort to
MQIPT2.
To configure queues for HTTP/HTTPS
- MQ1 (Q1 is used for communication from the hub site to the spoke
site):
- Set Q1 as the remote queue and Q2 as the local queue.
- Set MQ2 as the remote queue manager for Q1.
- MQ2 (Q2 is used for communication from the spoke site to the
hub site):
- Set Q2 as the remote queue and Q1 as the local queue.
- Set MQ1 as the remote queue manager for Q2.
- Set up a transmission queue on each queue manager.
- Set up a dead letter queue on each queue manager.
- Confirm that the fault queue is local to each queue manager.
Refer the RemoteAgentSample.mqsc and RemoteServerSample.mqsc sample scripts, located in ProductDir\mqseries to configure the queue managers.
To configure routes for MQIPT1
- Route1 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages
from queue manager MQ1
- Destination = Domain name or IP address of MQIPT2
- DestinationPort = Port on which MQIPT2 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy = IpAddress of firewall2 (or a proxy server if there
is one in the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT1
certificate
- SSLClientKeyRingPW = Path to the file that contains the password
for the ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLClientCAKeyRingPW = path to the file that contains the password
for the CAKeyRing file
- Route2 -- Set the following parameters:
- ListenerPort = Port on which MQIPT1 is listening for messages
from MQIPT2
- Destination = Domain name or IPaddress for queue manager MQ1
- DestinationPort = Port on which MQ1 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that contains the MQIPT1
certificate
- SSLServerKeyRingPW = Path to the file that contains the password
for the ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLServerCAKeyRingPW = Path to the file that contains the password
for the CAKeyRing file
To configure routes for MQIPT2
- Route1 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for MQIPT1
- Destination = Domain name of IPaddress of queue manager MQ2
- DestinationPort = Port on which MQ2 is listening
- SSLServer = true
- SSLServerKeyRing = Path to the file that has MQIPT2s certificate
- SSLServerKeyRingPW = Path to the file that has the password
for the ServerKeyRing file
- SSLServerCAKeyRing = Path to the file that contains the trusted
CA certificates
- SSLServerCAKeyRingPW = Path to the file that contains the password
for the CAKeyRing file
- Route2 - Set the following parameters:
- ListenerPort = Port on which MQIPT2 is listening for messages
from MQ2
- Destination = Domain name or IP address of MQIPT1
- DestinationPort = Port on which MQIPT1 is listening
- HTTP = true
- HTTPS = true
- HTTPProxy= IpAddress of firewall1 (or a proxy server if there
is one in the DMZ)
- SSLClient = true
- SSLClientKeyRing = Path to the file that contains the MQIPT2
certificate
- SSLClientKeyRingPW = Path to the file that contains the password
for the ClientKeyRing file
- SSLClientCAKeyRing = Path to the file that has trusted CA certificates
- SSLClientCAKeyRingPW = Path to the file that contains the password
for the CAKeyRing file
Figure 3. HTTP/HTTPS Configuration
Enabling the application to interact with the connector
You may have to perform configuration tasks in some applications
for the connectors to be able to perform the necessary operations
with this particular communication model. Refer to the guide for
your adapter to determine if any such configuration tasks are necessary.
Starting the Remote
Agent components
Remote Agent requires that the following be running:
- The integration broker
For information on how to start the WebSphere InterChange Server
broker, see the System Installation Guide for Windows or
the System Installation Guide for UNIX.
See the WebSphere Application Server documentation for information
on how to start that broker.
See the documentation on a supported message broker for information
on how to start that broker.
- Connector agent
For information on how to start connectors if your broker is
WebSphere InterChange Server, see the System Administration Guide.
For information on how to start connectors if your broker is
WebSphere Application Server, see Implementating Adapters with WebSphere Application Server.
For information on how to start connectors if your broker is
one of the supported message brokers, see Implementing Adapters with WebSphere MQ Integrator Broker.
- Queue managers at both the hub and spoke sites
For information on how to start WebSphere MQ services, see the
WebSphere MQ documentation.
- WebSphere MQ internet pass-thru (if HTTP/HTTPS is the configured
transport)
For information on how to start WebSphere MQ Internet pass-thru,
see the WebSphere MQ Internet pass-thru documentation.
