MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Installing and configuring the MQ Console on IBM MQ 9.4

  
In version 9.0.1, IBM introduced a web console feature to IBM MQ, which became known as the "MQ Console".
 
The MQ Console is an interface that can be accessed through a web browser and allows common tasks, such as creating queues, channels, and other MQ objects, to be performed intuitively, without the need for external tools, such as MQ Explorer.
 
In subsequent versions of IBM MQ, the MQ Console underwent several significant improvements. In version 9.2, a new version of the web console was introduced, which brought significant improvements to the user experience, with a more modern interface and enhanced features for managing MQ objects. In versions 9.3.x, important advances were introduced in usability, observability, and integration with modern environments.
 
In this post, we will show the installation and configuration of the MQ Console on a Linux server.

Prerequisites

  • Any Linux distribution supported by IBM MQ
    See: https://www.ibm.com/support/pages/system-requirements-ibm-mq
  • Before you start using MQ Console, you must verify that the correct components (packages) are installed: MQSeriesRuntime, MQSeriesServer and MQSeriesWeb (This is the essential package for MQ Console).
    If necessary, here is an example command to install a package: rpm -ivh MQSeries*.rpm
  • The user running the console (mqm by default) must have read/write permission on “/var/mqm” and read permission on the mqweb configuration directory.
  • Check whether firewall rules need to be applied for console access, since the port configured for the connection is 9443 on each server where the console was started.

Configuring the MQ Console

Using the mqm user, replace the existing configuration file (mqwebuser.xml) with the basic registry sample file that is configured to provide basic security.
 
Copy the basic_registry.xml file from the: MQ_INSTALLATION_PATH/web/mq/samp/configuration
to the directory: var/mqm/web/installations/installationName/servers/mqweb
 
and rename the file to mqwebuser.xml.

cd /var/mqm/web/installations/Installation1/servers/mqweb/

cp /opt/mqm/web/mq/samp/configuration/basic_registry.xml .

cp mqwebuser.xml mqwebuser_old.xml

rm mqwebuser.xml

cp basic_registry.xml mqwebuser.xml

         

Adjust the permissions of the mqwebuser.xml file with the command:

chmod 640 mqwebuser.xml

         

By default, the REST API and IBM MQ Console are only available on the same host as the mqweb server. Enable remote connections to the mqweb server with the following command:

setmqweb properties -k httpHost -v "*"

         

Still in the MQ console configuration examples folder, we can find other files with other examples (templates) of possible configurations:

Analyzing the “ldap_registry.xml” file, we can check the configuration example for using the MQ console with LDAP authentication:

In the example in this post, we use the “basic_registry.xml” file to obtain a basic security pattern. However, to configure MQ console authentication with LDAP, we must use the “ldap_registry.xml” file as a base. The mqwebuser.xml file must be created based on the type of authentication desired for your IBM MQ installation:

Arquivo / Template

Objetivo

basic_registry.xml

Segurança básica, usuários definidos no arquivo xml.

ldap_registry.xml

Segurança com autenticação via LDAP.

local_os_registry.xml

Segurança com autenticação dos usuários locais do sitema operacional.

no_security.xml

Sem segurança / autenticação no MQ Console.

User profiles for the MQ Console

The sample basic_registry.xml file configures four users:

  • mqadmin: An administrative user who is a member of the MQWebAdmin role.
  • mqreader: A read-only administrative user who is a member of the MQWebAdminRO role.
  • mftadmin: An administrative user who is a member of the MFTWebAdmin role.
  • mftreader: A read-only administrative user who is a member of the MFTWebAdminRO role.

All users are also members of the MQWebUser role.

For more information about the available roles, see:

Roles on the IBM MQ Console and REST API
https://www.ibm.com/docs/en/ibm-mq/9.2?topic=roles-mq-console-rest-api

Accessing the MQ Console

In our example, using the root user, we disable the firewall on the Linux server:

systemctl stop firewalld

systemctl disable firewalld

systemctl status firewalld

         

Using the mqm user, start the MQ Console with the strmqweb command.
By running the dspmqweb command, you can check the status of MQ Web and also the address of the web console.

To access the MQ Console, use the user mqadmin (initial password: mqadmin).

Conclusion

This document contains a demonstration of the procedures for installing and configuring the MQ Console on the Linux operating system, and should not be considered as an installation/upgrade manual.

The purpose of this material is to serve as a reference for support and administration professionals of the environments where the solution is executed. It is assumed that the reader is familiar with the Linux operating system.

References

• IBM MQ 9.4
https://www.ibm.com/docs/en/ibm-mq/9.4.x
• Getting started with the IBM MQ Console - Starting and accessing the MQ Console
https://www.ibm.com/docs/en/ibm-mq/9.4?topic=console-getting-started-mq
• IBM MQ Console quick tour
https://www.ibm.com/docs/en/ibm-mq/9.4?topic=console-quick-tour-mq
• Administration using the IBM MQ Console
https://www.ibm.com/docs/en/ibm-mq/9.4?topic=administering-administration-using-mq-console
• IBM MQ configurations Console
https://www.ibm.com/docs/en/ibm-mq/9.4?topic=console-mq-settings
0 comments
31 views

Permalink

https://community.ibm.com/community/user/blogs/carlos-guilherme-do-nascimento-arantes/2025/05/21/installing-and-configuring-the-mq-console-on-ibm-m