IBM MQ Basics

Deepak Kashyap
6 min readApr 30, 2020

--

My notes for who are starting from scratch

P.S: This post may not be updated on regular basis and is solely based on my understanding of concepts by going through various other learning resources and trying out things. Always refer to official documentation for more details.

IBM MQ

  • IBM MQ is one of the efficient means to transport messages (which can literally enclose any kind of data) between various applications.
  • It is more like one point solution for messaging as this can communicate with any application, very reliable and secure and supports all major kind of transport protocols and APIs
  • IBM MQ is a business leader in messaging as it offers: Reliability, Transactional Integrity, Consistency, Time Independence, Ease and Speed,Flexibility, High Performance, Security, Scalability and Auditability

Message

  • Message is basically the thing which encloses the actual data to be transmitted/exchanged between applications
  • Message contains header (which encloses meta-data like correlation id, routing info etc), properties (for additional customization) and body (actual application relevant data).
  • Actual data to be transmitted can be of any data type

Queue

  • Queue is basically a place which stores/hold messages
  • Access of messages in queues are always FIFO (First In First Out)
  • Messages to the queue are delivered asynchronously

Queue Manager

  • Actual MQ engines, the servers that host the queues
  • Default port for queue manager would be 1414

Channels

  • The way queue managers communicate with each other and with the applications.

MQ networks

  • Loose collections of interconnected queue managers, all working together to deliver messages between applications and locations

MQ clusters

  • Tight couplings of queue managers, enabling higher levels of scaling and availability

Point to Point Messaging

  • This style of messaging is built around the concept of message queues, and around the processing of messages by a single consumer.
  • In point-to-point, message producers are called senders and message consumers are called receivers. Senders produce messages to a queue, and receivers asynchronously consume messages from that queue.
  • For point-to-point to work, connected applications need to know the name of the queue through which they interact.
  • A queue could have a single receiver or be scaled to many, in which case each message is only consumed by one receiver, distributing the workload across them all.

Publish/Subscribe (Pub-Sub) Messaging

  • In this style of messaging, copies of messages will be delivered to all interested consuming applications.
  • The producer of a message is known as a publisher, and message consumers are known as subscribers. The publishing and subscribing applications within the infrastructure agree on the name of a topic. For a consumer to signal that they want to receive messages on that topic, they create a subscription to it.
  • Any message published to a topic will be delivered to all the subscriptions, so every subscriber gets a copy. There could be many publishers and many subscribers to each topic, MQ handles the delivery of messages between all of them.

Hands-On

Perform the below steps using IBM MQ Explorer (sample commands are given below if you are trying from CMD)

  • Create Queue Managers
  • Work with Queues (create, test, browse,delete)
  • Connect queue managers using channels, and explore distributed queuing (Example of how to use remote queue, transmission queues and channel)
  • Create a Queue Manager Group (or Set)
  • Administer a Group of Queue Managers Collectively
  • Use Filters while creating Sets
#To create queue manager and define the port
crtmqm -p 1420 Test_Queue_Manager
#To start the queue manager
strmqm Test_Queue_Manager
#To open MQ Command Prompt
runmqsc Test_Queue_Manager
#To define local queues
DEFINE QLOCAL(Q1) REPLACE
DEFINE QLOCAL(Q2) REPLACE
#Sample program to put messages
amqsput queue_name queue_manager_name
#Sample program to get messages
amqsget queue_name queue_manager_name

Java Messaging Services

  • JMS is a API defined by Java community which provides lot of interfaces to access messaging system in a common manner
  • IBM MQ implements JMS and below pictures depict the same
ImageCourtesy: IBM Corporation
Image Courtesy: IBM Corporation

Hands-On

  • Create Connection factories and destination using IBM MQ Explorer
  • Create a JNDI Directory, Create a context for ‘JMS Adminstered Objects’
  • Create a connection factory and destination based on the context created
  • Define corresponding MQ Definitions using IBM MQ Explorer
  • Use sample program
#JmsJndiProducer Sample program#Ensure classpath is setset CLASSPATH=C:\Program Files\IBM\MQ\java\lib\com.ibm.mqjms.jar;C:\Program Files\IBM\MQ\java\lib\com.ibm.mq.jar;.;java JmsJndiProducer -i path_of_JNDI_directory -c connectionfactory_name -d destination_name

Publish-Subscribe

  • This is a model where Publishers or Subscribes are not tied up and their relationship is entirely based on the ‘topic’
  • Whole model works on the concept of ‘Topic String’
  • Publishers publish messages related to a ‘Topic’ and Subscribers receive messages from the ‘Topic’ they subscribed/registered for
  • A Topic string is basically an unlimited length string and looks very similar to directory structure
/news/sports/football/teams/ManchesterUnited#To define topics using MQ Command Prompt
DEFINE TOPIC(SPORT) TOPICSTR('sport') REPLACE
DEFINE TOPIC(SPORT.FOOTBALL) TOPICSTR('sport/football') REPLACE
  • We can make use of wild characters to make it more robust
  • # is used to return all descendants
  • + is used to return all intermediate children

Topic Tree

  • Internal hierarchy of the topic structure
  • It can be one-to-one or one-to-many

Topic Object

  • This is an IBM MQ Object which can be administered
  • This has the property ‘Topic String’ and other properties

Subscriptions

  • Subscriptions are always associated with topic string
  • These can be durable or not, managed or not

Pub/Sub Topologies

  • Pub Sub Clusters: Where Queue Managers(QM) are connected in a network, publications can happen b/w one QM to any, avoids single point of failure
  • Pub Sub Hierarchy: All QM are in Parent-Child relationship, Each QM can have only one parent and may result in single point of failure

IBM MQ Security

  • Basics areas to be covered in terms of MQ security are Data protection, Authorization and Authentication.
  • MQ Security could be enforced at MQ API (Entry and Exit points), using OAM (Object Authority Manager) to control QM, through secure channels (use of TLS)
  • Basic security issues are Eaves dropping, tampering of messages and impersonation of submitter/receiver applications.
  • Transport Layer Security (TLS) is a protocol to allow transmission of secure data over an insecure network which has encryption techniques, digital signature and digital certificates to address basic security issues
  • Authorization of QM can be done using OAM a functionality of IBM MQ
  • The OAM maintains an access control list (ACL) for each IBM MQ object it is controlling access to. On UNIX systems, only group IDs can appear in an ACL. This means that all members of a group have the same authorities.
  • Entries can be created and managed using MQ Explorer, MQ Console, PCF (Programmable Command Format) commands, or setmqaut utility:
–$ setmqaut-m “MQ9" -t qmgr-n “MQ9” -g "traders" +connect
–$ setmqaut-m “MQ9" -t queue -n “APP.QUEUE” -g "traders" +put
–$ setmqaut-m “MQ9" -t topic -n “SPORT.FOOTBALL.NEWS” -g “fans" -pub +sub
  • For point to point messaging, a check is performed at MQOPEN of the queue they are accessing (either PUT or GET)
  • For Pub/Sub messaging, security is implemented at topic objects. This follows bottom-up approach (If the child doesn’t have access then it looks for parent object till it reaches root)
  • So with IBM MQ, using TLS we can secure the data in transit and with OAM we can authorize the MQ objects access
  • The default configuration for a new IBM MQ queue manager is to utilize the server operating system for authentication, and to use the IBM MQ Object Authority Manager (OAM) for enforcing authorization. You may configure a queue manager to use several alternative options such as an LDAP server etc
  • Configuration of security is specific to a queue manager. It is possible to have different security configurations set up for each queue manager when there are multiple queue managers configured on the same server.
  • Authentication Information (AUTHINFO) object is used for Authorization and Authentication

Recommendations

--

--

Deepak Kashyap
Deepak Kashyap

Responses (1)