Websphere MQ V7 Client Enhancements: Lauranette Wheeler

IBM Software Group
WebSphere MQ V7 Client Enhancements
Lauranette Wheeler
lauranet@us.ibm.com
WebSphere Support Technical Exchange
IBM Software Group
MQ V7 Client Enhancements
This presentation will cover the new client
enhancements introduced in MQ V7.0 and V7.0.1.
2 of 56
IBM Software Group
Agenda
MQ V7.0 Enhancements
Conversation Sharing
Client Connection Limiting
Connection Groups
Message Properties
New MQ APIs
3 of 56
IBM Software Group
Agenda
MQ V7.0.1 Enhancements
Multi-Instances Queue Manager
Automatic Client Reconnect
Enhanced SSL Security
Enhanced .NET support
4 of 56
IBM Software Group
Agenda
Log Compression
GROUP Units Of Recovery
Generic Application Structure Backup
Admin Structure Recovery
5 of 56
IBM Software Group
Multiple instances of an MQI channel can be made to share a
single TCP/IP connection.
If a channel is defined with the SHARECNV parameter set to a

value greater than 1, then that number of conversations can share
a channel instance.
6 of 56
IBM Software Group
Server
Client
MQCONN
MQOPEN
MQPUT
Q1
MQCONN
MQOPEN
MQPUT
MQCONN
MQOPEN
MQPUT
Q2
Q3
One socket for n conversations
Socket is bi-directional
Heartbeats occur at all times
7 of 56
IBM Software Group
New SHARECNV channel attribute
0 All sharing is off ; channel operates in MQ V6 mode
1 Sharing is off; channel still operates in MQ V7 mode
>1 Channel sharing up to negotiated value.
Value negotiated down. Default 10.
Can be overridden at MQCONNX time:

MQCNO_NO_CONV_SHARING
equivalent to SHARECNV(1)
MQCNO_ALL_CONVS_SHARE (default)
8 of 56
IBM Software Group
Limiting client connections

Two New SVRCONN Channel attributes
Restrict the number of client-connection.
Helps eliminate maximum number of channels.
MAXINST restricts the number of instances in total for the

specific channel name.
MAXINSTC restricts the number of instances from a specific

IP address for that channel name.
9 of 56
IBM Software Group
Limiting client connections

Queue Manager
SVRCONN
MAXINST(4)
MAXINSTC(2)
10 of 56
IBM Software Group
Connection Groups
New Client Channel attributes
Workload Balance selection of client channel definition in the CCDT
CLNTWGHT
Specifies a weighting to influence which client-connection channel

definition is used.
placed in an order of preference based on their weighting.

AFFINITY
Specifies whether client applications that connect multiple times

using the same queue manager name, use the same client channel
PREFERRED - channels selected in the same initial order of
preference
NONE - workload balance channel selection
11 of 56
IBM Software Group
Workload Balancing client connections

40%
mars
40%
venus
20%
MQCONN(*planet)
pluto
Name
CHLTYPE
TRPTYPE
CONNAME
QMNAME
CLNTWGH
T
AFFINITY
chl1
CLNTCONN
TCP
ip.mars
planet
PREFERRED
chl2
CLNTCONN
TCP
ip.venus
planet
PREFERRED
chl3
CLNTCONN
TCP
ip.pluto
planet
PREFERRED
12 of 56
IBM Software Group
Message Properties
The MQ V6 JMS client stores some JMS properties in an
MQRFH2 header in the message payload.
This requires the recipient to be aware of the presence of the

MQRFH2.
MQ V7 applications can add properties to messages using new

MQI calls.
A property is a named piece of data that is not treated as part of

the message payload.
The properties are accessed by means of a message handle

passed in on the MQPMO and MQGMO.
13 of 56
IBM Software Group
Message Properties
A V7 application can choose how to have the properties returned
to the applicaiton :
MQGMO_PROPERTIES_IN_HANDLE return the properties in
a message handle
MQGMO_PROPERTIES_FORCE_MQRFH2 return the
properties in an MQRFH2.
MQGMO_NO_PROPERTIES remove all properties before
giving to the application.
MQGMO_PROPERTIES_COMPATIBILITY if a V6 JMS
property is set then all properties are returned in an MQRFH2
otherwise all properties will be removed.
If none of the above are specified then the PROPCTL queue
attribute determines how the properties should be returned.
Compatibility mode is the default.
14 of 56
IBM Software Group
Message Properties API

MQCRTMH - creates a message handle.
MQDLTMH - deletes a message handle.
MQSETMP - sets or modifies the value of a message
property.
MQINQMP - inquires the value of a message property.
MQDLTMP - deletes a message property.

MQBUFMH - takes properties in an MQRFH2 and converts
them to properties in a message handle.
MQMHBUF - takes a message handle and converts the

properties into an MQRFH2.
15 of 56
IBM Software Group
Message Selectors
An additional advantage is that message properties can be used as
extra criteria when selecting specific messages.
Prior to MQ V7 natively supported selection by Message ID or

Correlation ID.
The JMS implementation of selectors had to browse for messages,

compare them to the selection criteria, then get the ones that match.
Applications can now use message selectors to only receive messages

meeting specific criteria based on message headers and properties.
16 of 56
IBM Software Group
Message Properties Samples

New samples:
amqsstm put a single message with user specified
properties
amqsiqm get a single message and display the
properties
amqsbcg/CSQ4BCG0/CSQ4BCG1 now has a third
parameter to choose how to get the properties
amqsaem sample API exit working with properties
17 of 56
IBM Software Group
New WebSphere MQ API

W ebSphere MQ V7 extends the MQ API in a number of
ways.
Asynchronous Consumption of messages
Asynchronous Put Response
Read-ahead of messages
18 of 56
IBM Software Group
Asynchronous Consumption of Messages

Asynchronous consumer allows the application to register an
interest in messages and identify a callback routine which should be
invoked when a message arrives.
The application can continue without a need to tie up a thread sitting

in an MQGET call.
The application does not need to 'guess' the size of the buffer. The
system will pass the application a message already in a buffer.
The application can register an interest in any number of queues.
19 of 56
IBM Software Group

MQCB defines your message consumers
MQCTL - controls whether message consumption is
currently operable.
Once MQCTL called for a specific hConn you give up control

of that hConn for call-back to use
Errors received if use hconn for any other MQ call except

another MQCTL call (i.e. MQOP_STOP)
MQRC_HCONN_ASYNC_ACTIVE
20 of 56
IBM Software Group

MQCB ties a function (described in the (MQCBD) to an
object handle.
Two types of call-back function you can define.

A message consumer which is tied to an object handle,
and receives messages or errors about a queue
An event handler which is tied to the connection handle
and receives error notifications about the connection such
as MQRC_Q_MGR_QUIESCING.
21 of 56
IBM Software Group
Asynchronous Put Response

Asynchronous Put is a recognition of the fact that a large
proportion of the cost of an MQPUT from a client is the line
turnaround of the network connection.
W hen using Asynchronous Put the application sends the

message to the server but does not wait for a response.
Once the application has competed it's put sequence it will

issue MQCMIT or MQDISC which will flush out any MQPUT
calls which have not yet completed.
MQSTAT can be issued at anything to check the status of

how many message successfully put or failed.
22 of 56
IBM Software Group
Read Ahead is a recognition of the fact that a large proportion of the
cost of an MQGET from a client is the line turnaround of the network

connection.
Read ahead on a client allow non persistent messages to be sent to

a client without the client application having to request the
messages.
The server will send as many non-persistent messages matching the

criteria (such as MsgId) as it can up to the limit set by the client.
If an application requests read ahead but the messages are not
suitable; Read ahead is effectively turned off until a sequence of

non-persistent messages are on the queue again.
The message buffer is an 'in memory' queue of messages. If the
application ends or the machine crashes these messages will be

lost.
23 of 56
IBM Software Group
Use the new CLOSE option MQCO_QUIESCE to gracefully end an
application when messages may be left in the client-side read-ahead

buffer.
The MQCLOSE will return with MQRC_READ_AHEAD_MSGS and

the application can continue to use the object handle to get the
remaining messages.
A subsequent MQGET that reach the end of the messages in the

buffer will return with MQRC_HOBJ_QUIESCED_NO_MSGS
The default value for MQCLOSE is MQCO_IMMEDIATE which will

throw away any unconsumed messages
24 of 56
IBM Software Group
WebSphere MQ
V7.0.1
25 of 56
IBM Software Group
Agenda
Multi-Instances Queue Manager
Enhanced SSL Security
Enhanced .NET support
Log Compression
GROUP Units Of Recovery
26 of 56
IBM Software Group
Multi-instance Queue Managers

Provide basic failover support without an HA coordinator
Queue manager data is held in networked storage
MQ ensures only one instance of the queue manager is active
Can start multiple instances of a queue manager on different
machines (must be same platform)

Active instance
owns the queue managers files
will accept connections from applications
Standby instance
does not own the queue managers files
if the active instance fails, performs queue manager restart
and becomes active
limited to one standby instance
27 of 56
IBM Software Group
Multi-instance queue managers

The IP address is not taken over
Channel config needs all possible addresses CONNAME

(host1(port1),host2(port2))
Support for networked storage over modern network file system

protocols
For example, NFS v4 (not v3)

Tool shipped to validate configuration
New options for crtmqm/strmqm/endmqm to control operations
28 of 56
IBM Software Group
Setting up for multi-instance queue manager

You need to create the queue manager data and logs on networked storage
Use the amqmfsck tool to check out the directories that youre going to use for
the data
amqmfsck /shared/qmdata
Checks basic POSIX file locking behaviour
amqmfsck w /shared/qmdata
Use on two machines at once to ensure that the locks are handed off
correctly when a process ends.
amqmfsck c /shared/qmdata
Use on two machines at once to attempt concurrent writes.
You must run successfully run all three tests on both machines to avoid
problems
This diagnoses when the file system doesnt follow the POSIX specification
If this tool fails, a queue manager created using the directory will NOT work
correctly.
29 of 56
IBM Software Group
Setting up a multi-instance queue manager

Create the queue manager on machineA
crtmqm md /shared/qmdata ld /shared/qmlog QM1

Define the queue manager on machineB (or edit mqs.ini)
addmqinf vName=QM1 vDirectory=QM1 vPrefix=/var/mqm
vDataPath=/shared/qmdata/QM1
Start the active instance of the queue manager on machineA
strmqm x QM1
WebSphere MQ queue manager QM1 started.
Start the standby instance of the queue manager on machineB
strmqm x QM1
WebSphere MQ queue manager QM1 started as a standby
instance.
If the queue manager instance on machineA fails, the standby on machineB
takes over and becomes the active instance
30 of 56
IBM Software Group
Observing a multi-instance queue manager

We have an active instance on machineA and a standby instance on
machineB
On machineA, this is what you see:

dspmq x o standby
QMNAME(QM1) STANDBY(Permitted) STATUS(Running)
INSTANCE(machineA) MODE(Active)
INSTANCE(machineB) MODE(Standby)
On machineB, this is what you see:
dspmq x o standby
QMNAME(QM1) STANDBY(Permitted) STATUS(Running as standby)
If QM1 was also configured on a third machine with no running instances,
this is what you see:
dspmq x o standby
QMNAME(QM1) STANDBY(Permitted) STATUS(Running elsewhere)
31 of 56
IBM Software Group
Stopping a multi-instance queue manager

To completely stop a multi-instance queue manager, issue a normal endmqm
on the active instance on machine A:
endmqm i QM1
WebSphere MQ queue manager QM1 ended.
Both instances end
To stop just the standby instance, on machine B:

endmqm x QM1
WebSphere MQ standby queue manager instance QM1 ended.
To switch over the active to the standby, on machine A:

endmqm is QM1
WebSphere MQ queue manager QM1 ended, permitting
switchover to a standby instance.
Once the active instance has ended, the standby instance will try to become
the active instance.
32 of 56
IBM Software Group

Manual reconnection requires the client application to recreate a
connection using MQCONN or MQCONNX, and reopen objects
after a failure.
W ith Auto-reconnection, the connection is automatically

restored and the handles to open objects are all restored after a
failure.
Tries to hide queue manager failures by restoring current state

automatically
For example, if MQPUT returns error, client reruns
MQCONN/MQOPEN/MQPUT internally
33 of 56
IBM Software Group
Automatic Client Reconnection

Uses the list of addresses in CONNAME to find queue manager
MQSERVER=SYSTEM.DEF.SVRCONN/TCP/host1(1414),host2
(1414)
Re-opens queues and other qmgr objects, re-establishes

subscriptions
Total reconnect timeout is configurable

MQReconnectTimeout
The timeout in seconds for retrying a client reconnection.

The default value is 1800 seconds (30 minutes).
34 of 56
IBM Software Group
Automatic Client Reconnect Requirements

MQ V7.0.1 server and client
MQRC_ENVIRONMENT_ERROR
Threaded client
SHARECNV non-zero
35 of 56
IBM Software Group

New MQCONNX options
MQCNO_RECONNECT
MQCNO_RECONNECT_Q_MGR
MQCNO_RECONNECT_DISABLED
Options not supported

MQPMO_LOGICAL_ORDER
MQGMO_LOGICAL_ORDER
36 of 56
IBM Software Group

DefRecon=NO|YES|QMGR|DISABLED
DefRecon attribute provides administrative option to enable or
disable client automatic reconnect,
NO - Unless overridden by MQCONNX, the client is not

reconnected automatically.
YES - Unless overridden by MQCONNX, the client reconnects

automatically.
QMGR - Unless overridden by MQCONNX, the client reconnects

automatically, to the same queue manager.
DISABLED -Reconnection is disabled, even if requested by the

client program using the MQCONNX MQI call.
37 of 56
IBM Software Group

Should no longer see:
MQRC_CONNECTION_BROKEN
MQRC_RECONNECT_FAILED
MQ failed whilst attempting to reconnect your connection
MQRC_RECONNECT_QMID_MISMATCH
MQ reconnected your connection, but didn't find the queue
manager it was expecting
MQRC_RECONNECT_Q_MGR_REQD
MQ reconnected your connection, but due to the type of objects
you have open it requires RECONNECT_Q_MGR to be specified.
38 of 56
IBM Software Group

Reconnectable Scenario
Communications failure
Queue Manager or Listener failure
STOP CONN
endmqm s or endmqm r
The following will not cause reconnect

STOP CHANNEL
except if the channel is hung then this may kill socket
Any other endmqm
39 of 56
IBM Software Group
Enhanced SSL Security - OCSP

SSL and TLS can provide the following to protect customer data:
Authentication using digital certificates to check the identity of
the remote entity
Confidentiality using encryption to protect the data sent over the
network from snooping
Integrity using digitally signed hashes of data packets to prevent
data being modified in transit
Non-repudiation using the uniqueness of the private key to
prove that some data originated from a specific sender for audit
purposes
Certificate revocation checking is an additional authentication check

that can be made against a digital certificate.
40 of 56
IBM Software Group

MQ already has support for CRL certificate revocation checking
using an LDAP server.
To keep up to date with changing SSL standards an alternative

method of revocation checking was added.
OCSP is the Online Certificate Status Protocol defined by RFC

2560.
OCSP is a request/response protocol specifically designed for
checking certificate revocation status. Typical usage:

Request: W hat is the status of certificate CN=Lauranet, O=IBM
serial #q?
Response: The certificate is revoked
OCSP requests and responses are sent over the HTTP protocol.
HTTP is the only protocol supported in MQ.
41 of 56
IBM Software Group

The location of the OCSP responder can be specified as a URL in
several different ways, including:
The MQAIR structure on a client MQCONNX call.
The Client Channel Definition Table file on a client.
Using AUTHINFO objects named in the queue manager
SSLCRLNL namelist.
Embedded in an AuthorityInfoAccess certificate extension.
42 of 56
IBM Software Group

Configure both LDAP CRL and OCSP revocation checking at the
same time.
Sequence of revocation checking depends on the underlying SSL

socket library.
GSKit for W indows and UNIX platforms checks in this

sequence:
1 OCSP responder which has been explicitly configured
2 OCSP responder from an AuthorityInfoAccess certificate
extension
3 LDAP CRL server which has been explicitly configured
4 LDAP CRL server from a CrlDistributionPoint cert. extension
43 of 56
IBM Software Group

OCSP revocation checking is not currently supported:
i5/OS
z/OS
Java and JMS clients
Newer JREs have the ability to configure OCSP on a JRE-wide

basis using the ocsp.responderURL security property, but this is
not set by the W ebSphere MQ Java or JMS code.
44 of 56
IBM Software Group
Enhanced SSL Security - secret key reset

Java/JMS
Java client
client
Queue
SSL
JSSE
manager
SSL library
Initial SSL handshake establishes a secret key used to encrypt data.
Over time, as more data is encrypted then an attacker can attempt to

guess the secret key.
After a certain number of bytes have flowed then the SSL secret key is
renegotiated.
Both the client and server-side SSL library must support a compatible
version of the secret key reset protocol.
45 of 56
IBM Software Group

JSSE V2 changed the way that SSL secret key resets are done.
To allow the MQ Java/JMS clients to be able to perform SSL
secret key resets to a queue manager using GSKit.
Alternative version known as GSKit 7.5.
MQ can now dynamically load either the existing GSKit 7d or the
new GSKit 7.5 SSL library.
46 of 56
IBM Software Group
1
2
3
To enable JSSE2 secret key reset interoperability, the main steps

are:
Download and install the GSKit 7.5 runtime packages.
http://www.ibm.com/support/docview.wss?rs=0&uid=swg24022896
Add the AltGSKit=y setting to the SSL stanza of your queue
manager qm.ini (or W indows Registry).
Issue a REFRESH SECURITY TYPE(SSL) MQSC command to
refresh the SSL configuration and restart SSL channels using
GSKit 7.5.
Detailed instructions are provided in a readme file supplied with
GSKit 7.5 on IBM Fix Central.
47 of 56
IBM Software Group
Enhanced .NET Support - WCF

The Microsoft Windows Communication Foundation (WCF) is a set of new API
introduced in .NET 3.0 which provides a communications and services framework.
WCF primary focus is for service orientated architectures

Simplifies integration by separating the roles of transporting and encoding data
W MQ is integrated as a transport channel

WCF Client
Application
WCF Service
Application
WCF Services Layer
WCF Services Layer
WCF Channel Stack
WCF Channel Stack
Protocols..
Protocols..
Message
Encoder
Message
Encoder
WMQ
Transport
WMQ
WMQ
Transport
48 of 56
IBM Software Group
Enhanced .NET Support - WCF

WCF architecture
The W ebSphere MQ custom channel
for W CF is integrated on top of the IBM
Message Service Client for .NET
(XMS .NET) API
49 of 56
IBM Software Group
z/OS Log Compression

Help eliminate capacity limits due to Log Data bandwidth constraints
May reduce the size of your logs
Dependent on your message content
Useful if you are DASD constrained.
RLE (run-length encoding) of insert log records for private queue

messages
Will not compress shared queue log records
SMF 115 records updated to show compression rates achieved

Controlled via zPARM option at queue manager level.
COMPLOG(NONE) or COMPLOG(RLE) in CSQ6LOGP

Can also be viewed/controlled via DISPLAY LOG / SET LOG
50 of 56
IBM Software Group
Group-level Units of Recovery for z/OS
Transactional client applications can now be configured to connect

to a z/OS queue-sharing group (QSG) instead of a single queue
manager.
Recovery of 2-phase commit transactions, when in-doubt, can be

performed on other queue managers in the same QSG.
Requires use of the Extended Transactional Client

For example, from W AS
Configure the W AS client connection with the QSG name rather
than the QMGR name
To use Group units of recovery on a queue manager within a QSG,

enable the GROUPUR queue manager attribute.
51 of 56
IBM Software Group

Queue managers prior to V7.0.1 can only rebuild their own admin
structure entries.
Created an issue in a disaster recovery situation as every queue
manager in the QSG has to be started.
MQ Version 7.0.1 the first queue manager started can rebuild the
admin structure for other members of the queue sharing group as
well as its own.
It is no longer necessary to restart each queue manager in the

queue sharing group to recover the admin structure.
52 of 56
IBM Software Group

BACKUP CFSTRUCT
The name of the Coupling Facility (CF) application structure to be
backed up.
An asterisk (*) on its own specifies all recoverable CF
structures.
A trailing asterisk (*) matches all recoverable structure names
with the specified stem followed by zero or more characters.
The value (CSQ*) matches all recoverable CF structures with

the specified stem (CSQ) followed by zero or more
characters.
53 of 56
IBM Software Group
Additional WebSphere Product Resources
Discover the latest trends in WebSphere Technology and implementation, participate in

technically-focused briefings, webcasts and podcasts at: http://www.ibm.com/
developerworks/websphere/community/
Learn about other upcoming webcasts, conferences and events: http://www.ibm.com/

software/websphere/events_1.html
Join the Global WebSphere User Group Community: http://www.websphere.org
Access key product show-me demos and tutorials by visiting IBM Education Assistant:
http://www.ibm.com/software/info/education/assistant
View a webcast replay with step-by-step instructions for using the Service Request (SR)
tool for submitting problems electronically: http://www.ibm.com/software/websphere/
support/d2w.html
Sign up to receive weekly technical My Notifications emails: http://www.ibm.com/software/

support/einfo.html
54 of 56
IBM Software Group
Join WebSphere Support Technical Exchange on Facebook!
Stay up-to-update on
upcoming webcast sessions
Suggest future topics
Network with other product

users
And More
Suggest program
improvements
Become a fan now!

http://www.facebook.com/pages/WebSphere-Support-Technical-Exchange/121293581419
55 of 56
IBM Software Group
Questions and Answers
56 of 56

Websphere MQ V7 Client Enhancements: Lauranette Wheeler

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Websphere MQ V7 Client Enhancements: Lauranette Wheeler

Transféré par

Droits d'auteur :

Formats disponibles

IBM Software Group