You can add a remote queue manager to the IBM® MQ Console by using the setmqweb remote
command on the command line. A remote queue manager can be either a queue manager that is running in
a different installation on the same system as the IBM MQ Console, or a queue manager that is running on a different
system.
Before you begin
Note: The steps in this task require you to run MQSC commands:
On AIX®, Linux®, and Windows, you issue MQSC commands from a runmqsc command prompt. See Running MQSC commands interactively under runmqsc and Running MQSC commands from text files under runmqsc.
For this task, if you are running on AIX, Linux, and Windows, open a runmqsc
command prompt that uses QM1:runmqsc QM1
On IBM i, you create a list of commands in a Script file, then run the file by using the STRMQMMQSC command. See Administration using MQSC commands on IBM i.
On z/OS®, MQSC commands can be issued from a number of sources, depending on the command. See Sources from which you can issue MQSC and PCF commands on IBM MQ for z/OS.
Ensure that the mqweb server is configured to allow remote queue manager connections to the
IBM MQ Console. For more information, see Configuring remote queue manager connections behavior.
Procedure
-
On the remote queue manager, create a server-connection channel to allow remote administration
of the queue manager by using the DEFINE CHANNEL MQSC command.
For
example, to create a server-connection channel
QM1.SVRCONN
for queue manager QM1,
enter the following MQSC
command:
DEFINE CHANNEL(QM1.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP)
For more information about
DEFINE CHANNEL and the options available,
see
DEFINE CHANNEL.
-
Ensure that an appropriate user is authorized to administer the queue manager and MQ objects
that are associated with the queue manager.
On AIX, Linux, and Windows use the
setmqaut control command on a standard command line.
On z/OS, define RACF profiles to
give the authorized user access to the queue manager.
For example on
AIX, Linux, and Windows, to authorize user
exampleUser
to access the queue manager QM1, enter the following control
command:
setmqaut -m QM1 -t qmgr -p exampleUser +connect +inq +setall +dsp
This authorized user might be one of the following users:
- A user ID that is the same as the user ID that starts the mqweb server that runs the
IBM MQ Console on the system from which you want to
remotely administer this queue manager.
- A user ID that matches a user ID and password that is then included in the setmqweb
remote command in step 7. By including the
user ID and password in the setmqweb remote command, this user ID and password is
used for authentication when the IBM MQ Console connects
to the queue manager.
- A user ID that is determined by channel security rules. For example, you might set a channel
authentication rule on the server-connection channel to allow connections from the IP address from
which you use the IBM MQ Console for remote
administration, and map all these connections to a specific user ID that is authorized to use the
queue manager. For more information, see Creating
new CHLAUTH rules for channels.
If there is no listener running on the remote queue
manager, create a listener to accept incoming network connections by using the DEFINE LISTENER MQSC
command. For example, to create a listener
REMOTE.LISTENER
on port
1414 for remote queue manager QM1, enter the following MQSC command:
runmqsc QM1
DEFINE LISTENER(REMOTE.LISTENER) TRPTYPE(TCP) PORT(1414)
end
- Ensure that the listener is running by using the START LISTENER MQSC
command.
![[AIX, Linux, Windows]](ngalw.gif)
For example, on
AIX, Linux, and Windows to start
the listener
REMOTE.LISTENER
for queue manager QM1, enter the following MQSC
command:
runmqsc QM1
START LISTENER(REMOTE.LISTENER)
end
![[z/OS]](ngzos.gif)
For example, on
z/OS, to start the
listener, enter the following MQSC command:
/cpf START LISTENER TRPTYPE(TCP) PORT(1414)
Note that the channel initiator
address space must be started before you can start a listener on
z/OS.
-
Create a JSON CCDT file that contains the remote queue manager connection information:
- Generate a CCDT file by using the IBM MQ Console
that is associated with the same installation as the queue manager that you want to connect to
remotely.
From the Home panel, click the Download connection
file tile.
- Create a JSON format CCDT file that defines the connection. For more information about
creating a JSON format CCDT, see Configuring a
JSON format CCDT.
The CCDT file must include the name
,
clientConnection
, and type
information. You can optionally include
additional information such as transmissionSecurity
information. For more
information about all the CCDT channel attribute definitions, see Complete list of CCDT channel
attribute definitions.
The following example shows a basic JSON CCDT file for a remote
queue manager connection. It sets the name of the channel to the same name as the example
server-connection channel created in step 1, and
the connection port to the same value as the port that is used by the listener. The connection host
is set to the host name of the system on which the example remote queue manager, QM1, is
running:
{
"channel": [{
"name": "QM1.SVRCONN",
"clientConnection": {
"connection": [{
"host": "example.com",
"port": 1414
}],
"queueManager": "QM1"
},
"type": "clientConnection"
}]
}
- Copy the JSON CCDT file to the system where the IBM MQ Console is running.
- From the installation that is running the IBM MQ Console, use the setmqweb remote command
to add the remote queue manager information to the IBM MQ Console configuration.
As a minimum, to add a remote queue manager to the IBM MQ Console you must provide the queue manager name, a unique
name for the queue manager (to differentiate between other remote queue managers that might have the
same queue manager name), and the CCDT URL for the queue manager. The unique name is the display
name in the IBM MQ Console, so specify a name that makes
it clear that this is a remote queue manager, for example, "remote-QM2"
. There are
several additional options that you can specify, such as the username and password to use for the
remote queue manager connection, or details of the trust store and key store. For a full list of
parameters than can be specified with the setmqweb remote command, see setmqweb remote.
For example, to add the example remote queue manager QM1, using the example CCDT file, enter the
following
command:
setmqweb remote add -uniqueName "MACHINEAQM1" -qmgrName "QM1" -ccdtURL "c:\myccdts\ccdt.json"
Results
The remote queue manager appears in the remote queue manager list in the IBM MQ Console when the remote connection list is next refreshed.
Provided that the connection is successful, you can administer the objects of the remote queue
manager in the same way that you work with the objects of a local queue manager.
Example
The following example sets up the remote queue manager connection for a queue manager QM1.
The IBM MQ Console is authorized to administer the queue
manager based on the authorization given to the user exampleUser
. The credentials
of this user are provided to the IBM MQ Console when the
setmqweb remote command is used to configure the remote queue manager connection information.
- On the system where the remote queue manager QM1 is, a server-connection channel and a listener
are created. The listener is started, and authorization is given for user
exampleUser
to administer the queue manager. For example, on AIX, Linux, and Windows, run the following commands:
runmqsc QM1
#Define the server connection channel that will accept connections from the Console
DEFINE CHANNEL(QM1.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP)
# Define the listener to use for the connection from the Console
DEFINE LISTENER(REMOTE.LISTENER) TRPTYPE(TCP) PORT(1414)
# Start the listener
START LISTENER(REMOTE.LISTENER)
end
#Set mq authorization for exampleUser to access the queue manager
setmqaut -m QM1 -t qmgr -p exampleUser +connect +inq +setall +dsp
- On the system where the IBM MQ Console is running, a
QM1_ccdt.json file is created with the following connection
information:
{
"channel": [{
"name": "QM1.SVRCONN",
"clientConnection": {
"connection": [{
"host": "example.com",
"port": 1414
}],
"queueManager": "QM1"
},
"type": "clientConnection"
}]
}
- On the system where the IBM MQ Console is running, the
remote queue manager connection information for queue manager QM1 is added to the mqweb server. The
credentials for
exampleUser
are included in the connection
information:setmqweb remote add -uniqueName "remote-QM1" -qmgrName "QM1" -ccdtURL "c:\myccdts\QM1_ccdt.json" -username "exampleUser" -password "password"
- The IBM MQ Console shows the remote queue manager
QM1.