Infrastructure as a Service

 View Only
Expand all | Collapse all

Connectivity with IBM MQ and AWS

  • 1.  Connectivity with IBM MQ and AWS

    Posted Mon November 23, 2020 09:55 AM
    Hello,

    In our project we intent to establish private connectivity between IBM MQ and AWS. We wanted to understand number of options available for this and way to configure it.

    Request you assistance on it at the earliest.

    Thanks

    ------------------------------
    Sumeet Warankar
    ------------------------------


  • 2.  RE: Connectivity with IBM MQ and AWS

    Posted Tue November 24, 2020 03:30 AM

    Hi Sumeet,

    This question is a bit abstract to give a funded response you need to know who you are building it for (just to see it work vs Enterprise payment system or anything in between), the load, the non-functionals, and the design of the application.

    you can have a look at this link.
    https://developer.ibm.com/recipes/tutorials/architecting-messaging-solutions-in-aws-cloud-using-ibm-mq/

     What country are you (or your customer) working in. I will connect you with someone over there for a more detailed discussion if you like.



    ------------------------------
    Sander Booij
    Client Technical Architect FSS Banking NL.
    IBM
    Amsterdam
    ------------------------------



  • 3.  RE: Connectivity with IBM MQ and AWS

    Posted Tue November 24, 2020 05:08 AM
    Hi Sander,

    Thanks for your response and proving the link for our reference.
    There is one question from my side. If we install IBM MQ on AWS EC2 servers then while connecting to IBM queue manager, request will travel via public internet and this is what we are concerned about. Since, we want this connectivity between IBM MQ queue manager and AWS EC2 should be private.

    So, is there any approach where we can achieve this private connectivity. Also, let me give you high level details of our requirement. We will be having IBM DB2 database over IBM Cloud and we want to fetch the data from DB2 to AWS via IBM MQ and hence, we want private connectivity between IBM queue manager and AWS.

    Let me know in case of any further doubts around same.

    Regards,
    Sumeet

    ------------------------------
    Sumeet Warankar
    ------------------------------



  • 4.  RE: Connectivity with IBM MQ and AWS

    Posted Tue November 24, 2020 08:43 AM

    Hi Sumeet,
    Good that you think about privacy.
    With IBM-MQ you can Encript the data.

    This starts and ends at the source agent/client to the target Source agent/client where the data is encrypted again, so the whole MQ data transfer is encrypted. Normally the client / agent's are installed on the VM's.
    To connect between IBM cloud and AWS cloud you should setup an VPN tunnel (= encrypted) and your AWS VPC should also be fully closed from the internet except the part where you want the exposure. Tunnel the encrypted MQ msg via this VPN and you have a secure data transfer between both clouds.
    encrypting mq-data is often used by enterprise organization but provide challenged when a mq msg drops in a deadletter queue and only selected members who have the encryption key and are part of a assigned security group, can read the msg and solve the issue. It mite also help to install queue managers on both IBM and AWS cloud. this will make settingup a secure connection a lot easier, and save time when more queue's are needed.

    Hope that this is of some help.



    ------------------------------
    Sander Booij
    Client Technical Architect FSS Banking NL.
    IBM
    Amsterdam
    ------------------------------



  • 5.  RE: Connectivity with IBM MQ and AWS

    Posted Wed December 02, 2020 05:19 AM
    Hi Sander,

    Thanks for your kind response so far, it really helps. We wanted to go with VPN tunnel between IBM cloud and AWS. Could you please provide any document where the steps are mentioned to establish private connectivity between IBM Cloud and AWS. It would really help us to move forward with the implementation.

    Thanks

    ------------------------------
    Sumeet Warankar
    ------------------------------



  • 6.  RE: Connectivity with IBM MQ and AWS

    Posted Tue November 24, 2020 09:03 AM
    Sumeet,

    At basic network connectivity level there are two main ways to do this:
    1. Setup a IPSec gateway to gateway VPN between IBM Cloud and AWS. When you use this connectivity the VPN connection between the two firewalls is encrypted.
    2. If you have DirectConnect to IBM Cloud and AWS from the same provider you may be able to route the traffic over this connection instead of internet. But this traffic will not be encrypted. Check with your provider.

    At MQ level if you want to encrypt the traffic then setup the listeners as encrypted. This will ensure that the channel is encrypted and therefore all messages going over the channel will be encrypted in flight. Some additional information on securing MQ can be found here
    https://www.redbooks.ibm.com/redbooks/pdfs/sg248069.pdf

    --Sunit

    ------------------------------
    Sunit
    ------------------------------



  • 7.  RE: Connectivity with IBM MQ and AWS

    Posted Tue November 24, 2020 11:12 PM
    In terms of networking, there is also IBM Cloud Direct Link that's similar to DirectConnect of AWS. 

    If your existing IBM Cloud environment consists of VPC IaaS, you'd want to look into Direct Link Connect 2.0. 

    https://cloud.ibm.com/docs/dl?topic=dl-get-started-with-ibm-cloud-dl#get-started-with-direct-link-connect

    If your existing IBM Cloud environment is Classic IaaS, then either Direct Link Connect on Classic or Direct Link Exchange on Classic should work.

    https://cloud.ibm.com/docs/direct-link?topic=direct-link-about-ibm-cloud-direct-link#overview-of-direct-link-offerings

    ------------------------------
    Eri Hattori
    ------------------------------



  • 8.  RE: Connectivity with IBM MQ and AWS

    Posted Thu December 03, 2020 01:18 AM
    Hi All,

    Thanks for all your responses on this thread. There is one more question which I wanted to ask is which one is preferred connectivity between Direct Link and VPN to establish connectivity between IBM Cloud and AWS.

    Thanks,

    ------------------------------
    Sumeet Warankar
    ------------------------------



  • 9.  RE: Connectivity with IBM MQ and AWS

    Posted Thu December 03, 2020 10:26 PM
    Hi Sumeet,

    Generally speaking, VPN is more economical but it all depends on your existing environment and your requirements.  I'm sure it'd be hard to share the detailed information publicly in the community, so I'd encourage you to reach out to IBM Cloud Support by opening a case or via Live Chat from IBM Cloud console.

    [Get IBM Cloud support]

    Open a case via https://cloud.ibm.com/unifiedsupport/supportcenter  > Click "Create a case" > Opens form where user can enter case details.
    OR
    Click on "Live chat with support" > Pops up a virtual agent.  The "Virtual Agent" gives you the user the option of choosing the team by selecting an option for the question/issue you have.  It then routes to an employee on the appropriate team.


    Hope it helps!

    ------------------------------
    Eri Hattori
    ------------------------------



  • 10.  RE: Connectivity with IBM MQ and AWS

    Posted Wed December 09, 2020 08:01 AM
    Hi Eri,

    You talked about IBM Direct Link, so would like to know what other options are available in IBM Direct Link and how to avail it.

    Thanks,

    ------------------------------
    Sumeet Warankar
    ------------------------------



  • 11.  RE: Connectivity with IBM MQ and AWS

    Posted Thu December 17, 2020 01:56 AM
    Edited by G N Thu December 17, 2020 01:56 AM

    Hi Sumeet,

    There are few different IBM Cloud Direct Link offerings.  But because I don't know your existing IBM Cloud environment, I don't want to recommend something that's an overkill or not best fit for your existing environment.  I strongly encourage you to reach out to Sales/Support by opening a case from your IBM Cloud console that way they can better solution for your existing environment on IBM Cloud specifically.

    Hope it helps!



    ------------------------------
    Eri Hattori
    ------------------------------



  • 12.  RE: Connectivity with IBM MQ and AWS

    Posted Thu December 17, 2020 09:31 AM

    Sumeet,

    Here is some information that can get you started.

    https://cloud.ibm.com/docs/dl?topic=dl-get-started-with-ibm-cloud-dl

    --Sunit



    ------------------------------
    Sunit
    ------------------------------



  • 13.  RE: Connectivity with IBM MQ and AWS

    Community Leadership
    Posted Thu December 03, 2020 10:23 AM
    Hi all: Just wanted to say thanks to all who replied to Sumeet's post.  The "citizens" of the Public Cloud community continue to make me proud. Great work all!

    ------------------------------
    Krista Summitt
    ------------------------------