IBM MQ Connection

The IBM MQ Connection shared resource contains all the parameters necessary to connect to a queue manager.

The connection resource supports these modes:
  • Local: A local connection uses the C language libraries and JNI to locate and connect to queue managers on the local machine.
    • Local connections support local transactions.
    • Local connections require an IBM MQ server installation on the local machine.
    • Local connections use the credentials for the logged on user.
  • Remote: A remote connection uses TCP/IP to connect to the listening port of a queue manager on the network or the local machine.
    • Remote connections support local transactions.
    • Remote connections support the use of specific user credentials.
    • Remote connections support secure transports (TLS/SSL).
  • Client Connection Table: This type of connection uses a Client Channel Definition Table (CCDT) exported by the queue manager upon saving a client channel definition. This is the only supported method to connect to a multi-instance queue manager.
    • Client connection table connections support local transactions. However, note that transactions are not guaranteed to survive reconnections to the backup server in a failover situation.
    • Client connection table connections support the use of specific user credentials.
    • Client connection table connections support secure transports (TLS/SSL).

See the IBM documentation for a description of CCDTs and how to use them.

General

The General panel contains the following fields:

Field Module Property? Description
Package N This field documents the package name to which this resource belongs.
Name N The name to be displayed as the label for the IBM MQ Connection shared resource in the process.
Description N Description of the resource.

Queue Manager Connection Configuration

The Queue Manager Connection Configuration panel contains the following fields:

Field Module Property? Description
Binding N The connection resource supports three modes:
  • Local
  • Remote
  • Client Connection Table
Client Connection Table Y When using a Client Connection Table, enter the URL of the CCDT file that is exported by the server to which you are trying to connect.

This file is located in the queue manager home directory in the @ipcc/AMQCLCHL.TAB file. You can either reference this file from this location, or copy it to a location where it is accessible to the running BusinessWorks instance.

This URL supports the HTTP, FTP, and FILE protocols.

Host Name Y Provide the name of the machine hosting the queue manager.

Default: localhost

This field is only available for remote bindings.

Port Y Provide the TCP port number on which the queue manager is listening.

Default: 1414

Range: 1 - 65535

This field is only available for remote bindings.

User Name Y The name of credential user for secure remote connection. If a user name is not provided, the credentials of the current security context are used.
Password Y For remote connections, the password is associated with the specified user name.
Queue Manager Name Y For Local and CCT connections, the name of the queue manager to connect to. If not specified, the default queue manager is selected.
Server Channel Name Y For remote connections, the server channel to connect to.

Queue managers can use multiple server channels if needed, for example, to support TLS and plain connections.

Header Compression N If RLE is selected, Run Length Encoding compression is applied to the header portion of messages sent or received over this connection.
Note: The server connection channel must be configured for compression for this to work.
Message Compression N If RLE is selected, Run Length Encoding is applied to the body of messages sent over this connection.

If ZlibFast is selected, both RLE and ZlibFast are applied.

If ZlibHigh is selected, all three compression techniques are applied.

Note: The server connection channel must be configured for compression for this to work.
Test Connection N Click it to test the queue manager connection. Whether successful or not, a report is placed in the text area to the right. If the test fails, the report helps you determine what the problem is. In the event that the connection is TLS enabled and you are unsure what cipher to use, Test Connection searches for an acceptable cipher and includes it in the report.
If this is a local connection, Test Connection might fail because it cannot load the native JNI libraries it needs. If this happens, you must add the IBM MQ native libraries (dll's) to the library loading path for your platform. The easiest way to do this is to add a line like this to the TIBCOBusinessStudio.ini file:
  • For Microsoft Windows, -Djava.library.path=C:\Program Files (x86)\IBM\IBM MQ\java\lib64
  • For Unix or Linux, -Djava.library.path=/opt/mqm/java/lib64

Pooling Configuration

The Pooling Configuration panel contains the following fields:

Field Module Property? Description
Pooling Enabled N When you select the checkbox, pooling is active for this connection. The primary consideration for choosing pooling parameters is the number of available connections to the queue manager. Choose values which do not create unnecessary resource consumption in the queue manager, and leave available connections for other applications (including other pooled connections, depending on whether or not this application is deployed on multiple servers).

If you clear this checkbox, pooling is not active, a new non-pooled connection is acquired and released for each activity.

Note: It is good practice to clear this checkbox for the Listen and Subscriber activities, because these activities rarely relinquish their configured connection resources.
Max Y Determines the maximum number of connections in the pool. When this limit is reached, subsequent activities fail with the indication: MQRC_CONNECTION_NOT_AVAILABLE
Max Unused Y Determines the maximum number of idle connections in the pool. When the number of unused connections reaches this number, the idle connections are disconnected and closed, freeing resources on the server. Amounts over the Max Connections value are ignored.
Timeout Y The length of time an inactive connection is kept in the pool. A connection that has remained unused for this number of milliseconds is closed and removed from the pool, freeing resources on the server.
No Verify N Enable this option to disable verification check made on connections as they are removed from the pool. If connections are not verified when removed from the pool, it is possible to use a disconnected connection in the process which will cause the activity to fail.

TLS Configuration

The TLS Configuration panel contains the parameters required to make a secure connection to the queue manager using the Transport Layer Security (TLS) protocol. Before TLS can be used, the queue manager and server channel used by clients must be configured. For more information, see Creating Secure Connections to the Queue Manager.

The TLS Configuration panel contains the following fields:

Field Module Property? Description
Transport Layer Security Y This flag enables or disables transport layer security for the connection. It can be mapped to a module property which you can use to control this configuration option during deployment.
TLS Configuration N Create an SSL Client Configuration resource.

See Creating Secure Connections to the Queue Manager for more information about this field.

TLS Cipher Spec Y The queue manager requires that a particular cipher is specified in the connection field. Normally ciphers are negotiated during the handshake, but this is not true of IBM MQ connections. The cipher must match the one selected in the queue managers secure channel configuration. However, note that the names do not match because the queue manager refers to the cipher spec, and the plug-in refers to a cipher suite. To find out the correct cipher, simply leave the field blank, and press Test Connection to see if any cipher available in Java is acceptable by the queue manager. If not, you might have to adjust the queue managers cipher specification. Many of the cipher specifications supported by IBM MQ are not available in the stock JRE from Oracle.
Note: You have two ways to improve the chances of having a cipher match:
  • Use a platform where the IBM JRE is the standard.
  • Refer to IBM APAR IV66840 which explains how to improve the number of acceptable cipher suites on non IBM JRE's.
Note: Configure TLS using these fields and ensure:
  • That a Java Key Store is configured for the SSL Client.
  • That the SSL Client protocol is TLSv1 and that the cipher is explicitly specified and matches the cipher used by the server channel. It must be noted that any cipher spec where the word "EXPORT" is displayed is unacceptably weak. NULL ciphers are not encrypted at all and the MD5 hash also has weaknesses.

    See the TIBCO ActiveMatrix BusinessWorks documentation for more details about the TLS Configuration panel.