View Only

IBM MQ 9.2.3: Support for remote Queue Managers in the Web Console

By CALLUM JACKSON posted Fri July 23, 2021 11:35 AM


One of the most requested features for the IBM MQ Web Console was to be able to federate remote Queue Managers. From IBM MQ 9.2.3 customers can have a single IBM MQ Web Console and federate Queue Managers from different machines and platforms. A single web console can include queue managers across MQ software deployed to public or private cloud, the MQ Appliance, MQ on Cloud, MQ within the Cloud Pak for Integration and MQ on z/OS. This provides a single pane of glass to manage your entire MQ estate.

Let’s see this in action. Once you have logged into the Web Console you will be presented with a Connect remote queue manager tile.

Selecting this tile will launch a wizard to federate a remote queue manager with the Web Console. The Web Console uses a standard MQ Server Connection channel, like any application, therefore a prerequisite is to configure the remote queue manager for remote application access. If you are unfamiliar with this process, please consult here.

On the initial page, you specify the following:

  • Queue Manager name: corresponding to the remote queue manager
  • Unique name: as the web console can connect to multiple queue managers with the same name, you are asked to specify a unique name that can be used for display and navigation purposes.
  • Connection details
    • JSON CCDT: a pre-existing CCDT file that provides the connectivity details of the remote queue manager.
    • Manual: specify the channel name and network location (hostname and port) of the queue manager

The next two steps allow security information to be supplied. The first is to specify the username / password to be used. If the remote queue manager does not require this for access simply skip this step. The second security related step is the TLS configuration. There are two modes:

  • Single TLS: where the server presents a certificate, and the web console verifies.
  • Mutual TLS: where both the server and web console exchange certificates and they both verify.

In both cases it is likely that you will need to import the server public certificate if TLS is being used. This is as straight forward as copying the certificate text. If mutual TLS is required, then also select the mutual TLS check box, and assure the remote queue manager will trust the certificate being used by the web console.

You are now ready to connect to the remote queue manager. Once connected the remote queue manager will be displayed in the list of queue managers, and you can complete the same management as you would a local queue manager, with a few logical exceptions such as deleting, stopping, and starting the entire queue manager.

The remote queue manager web console can be hosted on Linux, Windows, AIX or z/OS, and any queue manager on any platform can be federated into the web console.

The support has focused on the scenario where all your queue managers are geographically located in the same region. In the scenario of a global deployment, it would be recommended to have separate regional deployments. This is to avoid latency in the communication between the web console and the queue manager that could deteriorate the responsiveness and user experience.

Everything I’ve shown and explained can be completed using the command line instead of the web console, allowing DevOps and scripted deployments to be automatically federated into the web console. For more information on the command line options please consult here.

Three different web console topology options are available:

  • Web Console only for local queue managers: this disables the remote queue manager support and is provided for backward compatibility proposes.
  • Web Console supporting local and remote queue managers: this enables management of local queue managers installed on the same machine as the web console, and remote queue managers.
  • Web Console supporting remote queue managers: any local queue managers are not automatically included, and they would need to be added as remote queue managers.

Three new configuration properties have been defined for setmqweb to enable these options:

  • mqConsoleRemoteSupportEnabled: allow remote queue managers to be associated with the web console.
  • mqConsoleRemoteAllowLocal: allow local queue managers within the remote web console
  • mqConsoleRemoteUIAdmin: allow the registration of remote queue managers using the web console. The ability to add remote queue managers from the CLI is always available.

For further information please consult our Knowledge Center here.

Hopefully the above has highlighted how quickly you can get started with the remote queue manager support within the web console. With this capability you no longer need to worry about remembering all the various URLs for each web console, or which one you are in at any point in time, you have a single pane of glass to manage all you MQ resources.