WebSphere MQ Connection

The connection resource supports these modes:

Local: A local connection uses the C language libraries and JNI to locate and connect to queue managers on the local machine.
- Local connections support local transactions.
- Local connections require a WebSphere MQ server installation on the local machine.
- Local connections use the credentials for the logged on user.
Remote: A remote connection uses TCP/IP to connect to the listening port on any queue manager on the network or the local machine.
- Remote connections support local transactions.
- Remote connections support the use of specific user credentials.
- Remote connections support secure transports (TLS/SSL).
Client Connection Table: This type of connection uses a Client Channel Definition Table (CCDT) exported by the queue manager upon saving a client channel definition. This is the only supported method to connect to a multi-instance queue manager.
- Client connection table connections support local transactions. However, note that transactions are not guaranteed to survive reconnections to the backup server in a failover situation.
- Client connection table connections support the use of specific user credentials.
- Client connection table connections support secure transports (TLS/SSL).

See the IBM documentation for a description of CCDTs and how they are to be used.

General

The General panel contains the following fields.

Field	Module Property?	Description
Name	N	The name to be displayed as the label for the WebSphere MQ Connection shared resource in the process.
Description	N	Description of the resource.

Queue Manager Connection Configuration

The Queue Manager Connection Configuration panel contains the following fields.

Field	Module Property?	Description
Binding	N	The connection resource supports three modes: Local Remote Client Connection Table
Client Connection Table	Y	When using a Client Connection Table, enter the URL of the CCDT file that was exported by the server to which you are trying to connect. This file should be located in the queue manager home directory in the @ipcc/AMQCLCHL.TAB file. You can either reference this file from this location, or copy it to a location where it is accessible to the running BusinessWorks instance. This URL supports the HTTP, FTP and FILE protocols.
Host Name	Y	For remote connections, provide the name of the machine hosting the queue manager. Default: localhost This field is only available for remote bindings.
Port	Y	For remote connections, provide the TCP port number on which the queue manager is listening. Default: 1414 Range: 1 - 65535 This field is only available for remote bindings.
User Name	Y	For secure remote connections, the user name which will be used to create the connection. If a user name is not provided, the credentials of the current security context is used.
Password	Y	For remote connections, the password associated with the specified user name.
Queue Manager Name	Y	For Local and CCT connections, the name of the queue manager to connect to. If not specified, the default queue manager is selected.
Server Channel Name	Y	For remote connections, the server channel to connect to. Queue managers can use multiple server channels if needed, for example to support TLS and plain connections.
Header Compression	N	If RLE is selected, Run Length Encoding compression will be applied to the header portion of messages sent or received over this connection.
Message Compression	N	If RLE is selected, Run Length Encoding will be applied to the body of messages sent over this connection. If ZlibFast is selected, the connection will apply to both RLE and ZlibFast compression. If ZlibHigh is selected, the connection will apply to all three compression techniques.
Test Connection	N	Click to test the queue manager connection. Whether successful or not, a report will be placed in the text area to the right. If the test fails, the report will help you determine what the problem is. In the event that the connection is TLS enabled and you are unsure what cipher to use, Test Connection will search for an acceptable cipher and include it in the report. If this is a local connection, Test Connection may fail because it cannot load the native JNI libraries it needs. If this happens you must add the WebSphere MQ jative libraries (dll's) to the library loading path for your platform. The easiest way to do this is to add a line like this to the TIBCOBusinessStudio.ini file: For Microsoft Windows, `-Djava.library.path=C:\Program Files (x86)\IBM\WebSphere MQ\java\lib64` For Unix/Linux, `-Djava.library.path=/opt/mqm/java/lib64`

Pooling Configuration

The Pooling Configuration panel contains the following fields.

Field	Module Property?	Description
Pooling Enabled	N	When checked, pooling is active for this connection. The primary consideration for choosing pooling parameters is the number of available connections to the queue manager. Choose values which will not create unnecessary resource consumption in the queue manager and leave available connections for other applications (including other pooled connections, should this application be deployed on multiple servers). If pooling is not active, a new non pooled connection is acquired and released for each activity.
Max	Y	Determines the maximum number of connections allowed in the pool. When this limit is reached, subsequent activities wait for a connection to become available before starting.
Max Unused	Y	Determines the maximum number of idle connections allowed in the pool. When the number of unused connections reaches this number, the idle connections are disconnected and closed, freeing resources on the server. Amounts over the Max Connections value are ignored.
Timeout	Y	The length of time an inactive connection is kept in the pool. A connection that has remained unused for this number of milliseconds is closed and removed from the pool, freeing resources on the server.

TLS Configuration

The TLS Configuration panel contains the parameters required to make a secure connection to the queue manager using the Transport Layer Security protocol. Before TLS can be used, the queue manager and server channel used by clients must be configured. For more information, see Creating Secure Connections to the Queue Manager.

In order to ensure TLS can now be switched on or off at runtime depending on a deployment parm. Thus the SSL Configuration fields are always enabled. The TLS Configuration panel contains the following fields.

Field	Module Property?	Description
TLS Configuration	N	Create an SSL Client Configuration resource. See Creating Secure Connections to the Queue Manager for more information about this field.
TLS Cipher Spec	Y	The queue manager requires that a particular cipher is specified on the connection. Normally ciphers are negotiated during the handshake, but this is not true of WebSphere MQ connections. The cipher must match the one selected on the queue managers secure channel configuration. However, please note the names do not match because the queue manager refers to the cipher suite and the plug-in refers to a cipher spec. To find out the correct cipher, simply leave the field blank and press Test Connection to see if any cipher available in Java is acceptable to the queue manager. If not you may have to adjust the queue manager's cipher specification.

The following table shows the values in the TLS Cipher Spec field which are known to work:

BW Configuration	Channel Configuration
SSL_RSA_WITH_DES_CBC_SHA	DES_SHA_EXPORT
SSL_RSA_WITH_NULL_MD5	NULL_MD5
SSL_RSA_WITH_NULL_SHA	NULL_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5	RC4_MD5_EXPORT
SSL_RSA_WITH_RC4_128_MD5	RC4_MD5_US
SSL_RSA_WITH_RC4_128_SHA	RC4_SHA_US
SSL_RSA_WITH_3DES_EDE_CBC_SHA	TRIPLE_DES_SHA_US

Note: Configure TLS using these fields and ensure:

That a Java Key Store is configured for the SSLClient.
That the SSLClient protocol is TLSv1 and that the cipher is explicitly specified and matches the cipher used by the server channel.
See TIBCO ActiveMatrix BusinessWorks for more details about the TLS Configuration panel.