IBM MQ is the most widely used Enterprise Messaging solution for mission critical workloads. With multiple form-factors, from software, to SaaS and Appliance, customers can create a messaging infrastructure to best support their business applications. More and more our customers are moving to public cloud to take advantage of on-demand scalability, reduced complexity and management of infrastructure, and a reduction in costs. Whether you’re new to IBM MQ or have been using it for years to support applications on premises or on public cloud, here are some answers to frequently asked questions about running MQ on AWS.
General
Q: Is IBM MQ supported on AWS?
A: Yes, MQ is fully supported on AWS, in fact many of our customers have already deployed production MQ workloads to AWS.
Q: Which AWS platforms can I run IBM MQ on?
A: These are some of the platforms you can use for your MQ deployments:
- EC2 - Linux and Windows virtual servers
- Managed Kubernetes – OpenShift (ROSA) (https://aws.amazon.com/rosa/) and Amazon Kubernetes (EKS) (https://aws.amazon.com/eks/)
- Containers - ECS (https://aws.amazon.com/ecs/)
- Stretched Client – an MQ client application deployed in AWS connecting to an on-premises queue manager, for this option you may want to consider introducing a gateway in front of your on-premises queue managers
Detailed support information about running MQ on virtualised platforms can be found here: https://www.ibm.com/support/pages/ibm-mqs-support-position-virtualization-low-level-hardware-file-systems-networks-and-high-availability
Q: Do you have a reference architecture that can be used on AWS?
A: Yes, there is a reference architecture for MQ running in containers on OpenShift, see: https://production-gitops.dev/
Q: I have an existing on-premises deployment, how can I size IBM MQ on AWS?
A: Whilst some AWS deployments may facilitate a more densely packed MQ deployment, ultimately you will have to provision the same number of resources that are being used to run the current MQ workload. However, given the elastic capability of the AWS platform you select it might be possible to reduce the initial or day-to-day resource requirement allowing it to grow at peak times.
Q: Is there an IBM MQ SaaS offering in AWS?
A: Yes, you can deploy to AWS via the IBM Cloud MQ SaaS offering. You can sign up for a fee plan here: https://cloud.ibm.com/catalog/services/mq
Q: How does support work if I am running MQ on AWS via IBM Cloud?
A: IBM host, provision, and manage everything on AWS infrastructure and provide the integration with IBM Cloud IAM, IBM will reach out to AWS if there is an issue in AWS, such as a network or infrastructure issue.
Q: Can I use IBM MQ Advanced features like Managed File Transfer (MFT), Advanced Message Security (AMS), and MQ Clustering (standard and uniform clusters)?
A: Yes, all the MQ Advanced features are available, but some might not be applicable to every platform, for example RDQM is only supported on Linux VMs.
Q: I have deployed ACE in AWS; can I connect it to MQ deployed in AWS?
A: Yes, you can connect to MQ deployed in AWS and any existing on-premises systems and other cloud-based deployments.
Q: How can I monitor my MQ systems running in AWS?
A: You can use the same monitoring tools you use today or, depending on the platform, you can leverage the platform’s built-in logging and monitoring e.g., OpenShift logging and monitoring which is based on Elastic and Grafana.
Availability
Q: Is MQ highly available when deployed to AWS?
A: Yes, you can deploy MQ using one of the following types of installation:
- IBM MQ Native-HA (Containers only, uses IBM MQ Operator on OCP, Helm Charts for other Kubernetes implementations)
- IBM MQ Multi-Instance (containers and VMs)
- IBM MQ RDQM (VMs running RHEL)
- Containerised single resilient queue manager, this relies on the container management platform, such as Kubernetes, to recover failed containers.
Q: Does MQ provide disaster recovery (DR) across regions in AWS?
A: Yes, IBM MQ RDQM DR can be used with VMs to provide DR. For container-based solutions, currently, you must use an AWS data replication technology, something like PortWorx, to provide data replication between regions.
Q: What platforms can I use with IBM MQ RDQM on AWS?
A: You can only use RDQM with a VM you cannot use RDQM in containers.
Q: Do you have an example of running RDQM HA on AWS?
A: Yes, see: https://github.com/ibm-messaging/mq-rdqm/tree/master/cloud/aws
Q: Will my AWS deployed MQ servers be secure?
A: Yes, but as with any MQ deployment you must use good practices such as TLS and strong authentication.
Storage
Q: What are the AWS storage options for MQ?
A: The type of MQ deployment, performance and capacity requirements will influence your storage choices, but the following storage types can be used:
- Elastic Block Storage (EBS) – EBS can be used with standard VMs and container-based deployments.
- Elastic File Storage (EFS) – EFS is only required for multi-instance queue managers running in either containers or VMs and bare metal deployments.
It is also be possible to use an FSx based storage solution for multi-instance deployments, see:
https://aws.amazon.com/fsx/when-to-choose-fsx but as with any storage solution it must meet the IBM MQ requirements for storage, see:
https://www.ibm.com/support/pages/node/6117868 for further details. Amazon FSx for NetApp ONTAP has recently been added to the list of vendor tested storage solutions here,
https://www.ibm.com/support/pages/node/136799
Networking and Connectivity
Q: Can I connect my exiting on-premises MQ queue managers?
A: Yes
Q: I don’t want to expose all my queue managers to the internet, can I have a private endpoint?
A: Yes, your MQ deployments can be provisioned via a private network, this will be determined by your AWS network configuration.
Q: Can I use an Amazon Network Load Balancer (NLB) with MQ?
A: You can use an NLB for certain types of client connections but there are some restrictions, see:
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html
Q: Can I use my AWS firewall?
A: Yes, a firewall is a good mechanism to provide protection against lower layer DoS attacks, but as with most firewalls it may not be able to offer much in the way of L7 protection if it does not understand the MQ wire protocol.
Q: For an RDQM-HA deployment in AWS do I still need a subnet that spans availability zones?
A: Yes, MQ RDQM HA has a floating IP address that will move between the active and standby nodes, but floating IP addresses generally do not work in cloud environments. A load balancer has to be used to provide a single IP address and port for an RDQM HA queue manager, if a single endpoint is required.
Licensing
Q: Do I have to buy new licenses for AWS?
A: If you already have IBM MQ licenses, you can transfer those (Bring Your Own License) to any eligible public cloud, including AWS. If your workload is expanding or you are a new customer, licenses can be purchased which include the first 12 months subscription and support, entitling you to access fix packs, security patches, and new features as well as access our 24/7 Technical Support. Reach out to your IBM sales team today or open a chat at www.ibm.com/products/MQ.
Q: Is a container CPU limit of 1 equal 1 AWS vCPU?
A: Yes, a Kubernetes container limit of 1 CPU will equate to 1 AWS vCPU which equates to 1 VPC or 70 PVU entitlement.
Q: Do I need to run the IBM License Metric Tool (ILMT) or the License Service in containers?
A: You can use the same licenses to deploy MQ in VMs/Bare metal or in containers, or a mix of both.
If you are deploying MQ in VMs or on bare metal, you are required to use ILMT. For more information see: https://www.ibm.com/software/passportadvantage/ibmlicensemetrictool.html
If you choose to deploy IBM MQ in containers, you are required to use the IBM License Service. For more information see: https://www.ibm.com/software/passportadvantage/containerlicenses.html
Installation, Sizing and Performance
Q: Are there certified container images for MQ?
A: Yes, for OpenShift deployments we provide certified container images. For non-OpenShift deployments you must create your own container image, examples are provided. For more information see: https://www.ibm.com/docs/en/ibm-mq/9.3?topic=mq-in-containers-cloud-pak-integration
Q: How do I install on EKS?
A: For non-OpenShift Kubernetes deployments we provide example Helm Charts, see: https://github.com/ibm-messaging/mq-helm
Q: How can I test the performance of the AWS file systems?
A: You can use our log file testing tool with your existing and new file system and then compare the results: https://github.com/ibm-messaging/mqldt
Q: Are there any performance reports for MQ on AWS?
A: Not specifically but we do produce performance reports that are available here: http://ibm-messaging.github.io/mqperf/
Q: If I install on a VM or bare-metal server what operating systems are supported?
A: Windows and Linux servers are available on AWS, see:
https://ibm.ent.box.com/s/t33zejzkx3xicf11in4uh0ouf75ffv0h
Note: Answers to the questions above are subject to change.
Compilation Date: August 2022