IBM WebSphere Message
Broker V7.0 System
Administration Workshop
(Course code WM643 / VM643)
Instructor Exercises Guide
ERC 1.0
WebSphere Education
cover
Trademarks
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United States, or other countries, or both:
VMware® and the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the “Marks”) of VMware, Inc. in the United States and/or other jurisdictions.
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States, and/or other countries.
Intel, Intel Core, Itanium and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT and Windows Vista are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.
AIX® CICS® DataPower®
DB2® developerWorks® Everyplace®
HACMP™ IMS™ Informix®
Language Environment® MQSeries® Notes®
POWER® Rational® Redbooks®
System z® Tivoli® VisualAge®
TOC
Contents
Trademarks . . . v
Instructor exercises overview . . . vii
Exercises configuration . . . ix
Exercises description . . . xi Exercise 1. WebSphere Message Broker setup and customization . . . 1-1 Exercise 2. Using the WebSphere Message Broker Toolkit . . . 2-1 Exercise 3. Administering the broker runtime components . . . 3-1 Exercise 4. Administering broker security . . . 4-1 Exercise 5. Using trace facilities . . . 5-1 Exercise 6. Identifying runtime problems . . . 6-1 Exercise 7. Accessing broker statistics . . . 7-1 Exercise 8. Implementing web services and web services security . . . 8-1 Exercise 9. Implementing a user-defined extension . . . 9-1 Appendix A. Exercise solutions. . . A-1
TMK
Trademarks
The reader should recognize that the following terms, which appear in the content of this training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United States, or other countries, or both:
VMware® and the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the “Marks”) of VMware, Inc. in the United States and/or other jurisdictions.
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States, and/or other countries.
Intel, Intel Core, Itanium and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Linux® is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT and Windows Vista are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.
AIX® CICS® DataPower®
DB2® developerWorks® Everyplace®
HACMP™ IMS™ Informix®
Language Environment® MQSeries® Notes®
POWER® Rational® Redbooks®
System z® Tivoli® VisualAge®
pref
Instructor exercises overview
The objectives of the exercises are for the students to successfully: • Configure and customize a broker
• Perform the following functions:
- Use various administrative commands - Back up and recover broker components
- Establish a publish/subscribe environment to collect statistics - Use various problem determination tools and aids
- Set up SSL to use with web services - Implement a user-defined extension
Many of the exercises depend on the previous exercises being successfully completed.
The objectives of these exercises are to have the students successfully configure the broker and run the administrative commands to successfully operate the broker.
pref
Exercises configuration
In the exercise environment, individual students typically have their own systems and work independently.
pref
Exercises description
This course includes the following exercises: • Broker setup and customization
• Using the WebSphere Message Broker Toolkit • Administering the broker runtime components • Administering broker security
• Using trace facilities
• Identifying runtime problems • Accessing broker statistics
• Implementing web services and web services security • Implementing a user-defined extension
In the exercise instructions, each step is prefixed by a line. Check off each step as you complete it to track your progress.
Most exercises include required sections which should always be completed as they might be required before performing later
exercises. Some exercises might also include optional sections that you might want to perform if you have sufficient time and want an additional challenge.
EXempty
Exercise 1. WebSphere Message Broker setup
and customization
Estimated time
01:00
What this exercise is about
This exercise takes you through some of the installation and related setup procedures for WebSphere Message Broker V7.0.
What you should be able to do
At the end of the exercise, you should be able to:
• Configure a Windows XP system for use with IBM WebSphere Message Broker V7
• Get build and version information on all WebSphere Message Broker components
• Set up basic security
• Create a broker and execution group • Navigate the workbench help function
Introduction
In this exercise, you set up a system to run WebSphere Message Broker V7.0. As a final step, you start a WebSphere Message Broker Toolkit (workbench) instance and examine the help function. Additional setup tasks are performed in Exercise 2.
Instructor hint
Sometimes, students make typographical errors with queue manager names during the creation of WebSphere Message Broker components. There are commands that you can use to review the current settings of the component services:
•mqsilist
Mismatched parameters can sometimes be corrected with the mqsichange command. Otherwise, it might be necessary to delete the component (mqsidelete command) and recreate it (mqsicreate command).
Instructor note: Installed software versions
The base image for WM643 ERC 1.0 (September 2010) was created with the following product versions:
• WebSphere Message Broker V7.0.0.1
• WebSphere Message Broker Toolkit V7.0.0.1 • WebSphere MQ V7.0.1.
EXempty
Exercise instructions
A number of required programs, already installed on your system, include:
• WebSphere Message Broker
• WebSphere Message Broker Explorer • WebSphere Message Broker Toolkit • WebSphere MQ
Your user ID has been registered with the Windows system as a member of the Administrators group.
The development default configuration with a broker named MB7BROKER and queue manager of MB7QMGR are already installed.
Important
Before you start any lab exercise, log in to your VMware Windows session with your
Administrator user ID. The password is web1sphere
For all exercises in this course, use the names listed in the following table. All names are case-sensitive.
In addition, a directory (C:\Labs) has been set up that contains test tools, test files, and similar material.
Part 1: Getting build and version information
It is important to know the current software version and build level for all your software. In this part of the exercise, you verify the maintenance (fix pack) levels of the WebSphere Message Broker environment software.
User ID Administrator
Password web1sphere
WebSphere Message Broker installation directory c:\Program Files \IBM\MQSI\7.0\ WebSphere MQ installation directory c:\Program Files \IBM\Websphere MQ
WebSphere Message Broker name DEVBROKER
WebSphere Message Broker queue manager name and listener port number
__ 1. Get the software version information for the WebSphere Message Broker Toolkit. __ a. Click Start > Programs > IBM WebSphere Message Broker Toolkit >
WebSphere Message Broker Toolkit 7.0 > IBM WebSphere Message Broker Toolkit.
Note
You can also start the WebSphere Message Broker Toolkit from a command line as follows: a. Start a Command Console session and change to the WebSphere Message
Broker Toolkit directory
C:\Program Files\IBM\WMBT700
b. Enter the following command:
eclipse -product com.ibm.etools.msgbroker.tooling.ide
__ c. In the Workspace Launcher window, enter C:\Workspace\WMBAdmin for the workspace name, and then click OK.
__ d. After the toolkit starts, select Help > About WebSphere Message Brokers
EXempty __ e. Click Configuration Details to display a text file containing WebSphere
Message Broker Toolkit installation and version information. This file can be copied to a clipboard and archived.
Click Close to close the configuration details.
__ f. Click OK to close the About WebSphere Message Broker Toolkit window. __ g. Leave the toolkit open (minimize it if you want), since you use it later in this
exercise.
__ 2. Get the software version information for the WebSphere Message Broker.
__ a. Start a WebSphere Message Broker command console session by selecting
Start > Programs > IBM WebSphere Message Broker > Command Console. Important
When WebSphere Message Broker is installed, a special command console is also installed from which you run WebSphere Message Broker commands. It is a Windows command shell, but it sets a number of environment variables when it is started.
When the exercise instructions direct you to start a command console session, you cannot use a standard Windows Command Prompt window in its place.
__ b. Run the command: mqsiservice -v
The response message should contain the version, product, level, and build type.
The “Version” and “CMVC Level” fields identify the latest fix pack that has been applied. In the example, the version is 7001; that is, Version 7.0.0.1. The fix pack is FixPack1 (FP01)
__ 3. Get the software version information for WebSphere MQ Explorer (and WebSphere Message Broker Explorer).
__ a. Select Start > Programs > IBM WebSphere MQ > IBM WebSphere MQ
Explorer.
__ b. Select Help > About IBM WebSphere MQ Explorer. The version information window is displayed.
Version indicates the product version number. In this example, the version is
7.0.
__ c. Click Configuration Details to open a text file containing detailed version and installation information that can be copied to a clipboard and archived.
Click Close to close the Configuration Details window.
__ d. Click OK to close the About IBM WebSphere MQ Explorer window.
__ e. Leave the WebSphere Message Broker Explorer open (minimize it if you want), since you use it in the next step.
__ 4. Get the software version information for WebSphere MQ.
EXempty
The MQ Version parameter shows the latest fix pack that has been applied. In the example, the version is 7.0.1.0.
Part 2: Set up authorizations
__ 1. To administer the broker component, the broker service ID must be a member of the mqbrkrs security group. In this part of the exercise, you will verify that the mqbrkrs security group exists on your system and that your Administrator account is a member. If the mqbrkrs group cannot be found, you will create it and add your
Administrator account as a member of that group.
__ a. Open Windows Computer Management by selecting Start > Settings > Control
Panel > Administrative Tools > Computer Management.
__ b. Expand Local Users and Groups under the System Tools folder and select
Groups.
__ c. If you are using the VMware image for this course, the mqbrkrs group exists. Double-click the mqbrkrs group and verify that Administrator is listed as a member of the group.
Information
If you are not using the VMWare image for this course, and the mqbrks group does not exist, you can add it and then add your user ID to the Members list.
1. Right-click Groups and select New Group from the menu. 2. Enter mqbrkrs in the Group name field.
3. Click Add
4. Enter your account ID as the object name. 5. Click OK,
6. Click Create.
__ d. Click Cancel to close the mqbrkrs Properties window, but leave the Computer
Management window open.
__ 2. The broker service ID must be a member of the Windows administration group mqm (which is created automatically during WebSphere MQ installation).
EXempty __ 3. The service ID used to create the WebSphere Message Broker components must
be authorized by the operating system to create services. To set (or verify) your user ID authorization:
__ a. Select Start > Settings > Control Panel > Administrative Tools > Local
Security Policy
__ b. Expand Local Policies.
__ c. Select User Rights Assignment.
__ d. Double-click Act as part of operating system. __ e. Verify that your user ID (Administrator) is in the list.
If it is not, click Add User or Group, enter your user ID (Administrator) as the object name, and then click OK.
__ f. Click OK to close the Act as part of operating system properties window. __ g. Close the Local Security Settings window.
__ h. Close the Administrative Tools window.
Note
The mqsisetsecurity command can be used instead to create the Windows groups that WebSphere Message Broker requires for secure access to its runtime libraries and data.
Part 3: Create and set up WebSphere MQ queue managers
Developers can create a default broker (MB7BROKER) and queue manager (MB7QMGR) using the Default Configuration wizard. The default configuration has already been created on the VMware image for this course.
In this part and the next part of the exercise, you manually create a development broker and a queue manger named DEVQMGR, with a dead-letter queue and a listener on port 1416. __ 1. Click Start > Programs > IBM WebSphere MQ > WebSphere MQ Explorer.
__ 2. When the WebSphere MQ Explorer window opens, right-click Queue Managers and then select New > Queue Manager.
__ 3. For the Queue manager Name, enter: DEVQMGR __ 4. For the Dead-letter queue, enter: DEVQMGR.DLQ __ 5. Click Next.
__ 6. For pages 2 and 3, make no entries; click Next.
__ 7. On page 4 of the Create Queue Manager wizard, check Create Listener
__ 8. Click Finish.
Note
If you do not explicitly create the queue manager, the first mqsicreatebroker command that is issued automatically creates the queue manager that you specify in the command. However, many pertinent queue manager parameters are missing, for instance:
• A dead-letter queue is not assigned. • A listener is not activated.
• The queue manager does not start automatically. • The queue manager is not the default.
To add the missing parameters, open the IBM WebSphere MQ Explorer (if not already open) and perform the following steps:
__ a. Right-click the top-level element in the Navigator view (that is, IBM WebSphere
MQ) and select Properties. To make your queue manager the default, on the General page, type the name of your newly created queue manager in the space
labeled Default queue manager name. Click Apply and then click OK. __ b. From the Navigator view, right-click your new queue manager and select
Properties.
__ c. On the General page, select Automatic from the Startup pull-down menu. Set the Type to Automatic
__ d. On the TCP page, set the TCP Port to 1416 __ e. Exit the Properties pages by clicking OK.
__ f. From the Navigator view, expand the Advanced options for your queue manager and select Listeners. Right-click and select New > TCP Listener. __ g. A wizard starts, first asking you to name your listener; supply the name
DEVQMGR.LISTENER and click Next.
__ h. On the General page, type over the zero for Port with 1416 and click Finish.
__ 9. Verify the results by examining the state of the queue manager in the WebSphere Message Broker Explorer.
EXempty
Part 4: Create a broker
NoteFor the following steps, use a WebSphere Message Broker command console session. Remember that command arguments are case-sensitive.
__ 1. Enter the following command to create a broker named DEVBROKER on queue manager DEVQMGR using service ID Administrator. and password web1sphere:
mqsicreatebroker DEVBROKER -i Administrator -a web1sphere -q DEVQMGR
__ 2. Enter the following command to modify (reduce) the broker configuration timeout (-g) and configuration delay timeout (-k). The default values (300 seconds and 60 seconds) are too large for a local development environment.
mqsichangebroker DEVBROKER -g 60 -k 15
Part 5: Verify setup and start components
__ 1. Using the WebSphere Message Broker command console, list the local components and check the broker name, queue manager name, configuration timeout, and delay timeout by entering the following commands:
mqsilist
mqsiservice DEVBROKER
__ 2. Start the broker service by entering the following command:
mqsistart DEVBROKER
It is also possible to start the components from the Windows Services application. The Windows Services application also permits the startup property to be set to
Automatic so that the services start automatically when Windows starts.
__ a. Click Start > Settings > Control Panel > Administrative Tools > Services. __ b. Right-click IBM WebSphere Message Broker component DEVBROKER and
select Properties > Startup type. __ c. Set the Startup type to Automatic __ d. Click OK.
__ e. Close the Services Control Panel window.
__ 3. From a WebSphere Message Broker command console, enter the following command to verify the broker and components.
You should see a number of successful verification messages for the broker and the broker queues.
__ 4. Verify that the services started correctly by examining the local error log using the Windows Event Viewer.
__ a. From Windows, select Start > Settings > Control Panel > Administrative
Tools > Event Viewer.
__ b. Select the Application log view and examine the most recent entries. Entries from the WebSphere Message Broker are identified in the Source column with the string WebSphere Broker V7nnn.
EXempty
Part 6: Create an execution group
__ 1. Enter the following command to create an execution group named EXGRP1 on the broker DEVBROKER:
mqsicreateexecutiongroup DEVBROKER -e EXGRP1 Note
As an option, you can create the execution group in WebSphere Message Broker Explorer by right-clicking the broker under the Brokers folder, selecting New > Execution group, and then entering the execution group name.
__ 2. Open WebSphere Message Broker Explorer, if it is not already running, and verify that the execution group has been created and is running.
__ 3. Check the messages in the Application log in the Event Viewer for the messages that indicate the execution group has been created and started.
Part 7: Explore the help system
__ 1. Take the quick tour of WebSphere Message Broker.
__ a. In the WebSphere Message Broker Toolkit Welcome page, select the Get
Started (globe) icon. You are offered the option to Take the Quick Tour. Note
If the Welcome window is not open already, select Help > Welcome.
__ b. Click Take the Quick Tour and follow the instructions to take the animated tour. __ 2. Familiarize yourself with the WebSphere Message Broker Help system.
__ a. From the menu bar, select Help > Help Contents.
This method for accessing the Help System opens a separate window for the Information Center.
__ b. Close the Welcome window.
__ c. In the WebSphere Message Broker Toolkit, change the focus (either hover the mouse pointer or left-click) to an object or view in the workbench (such as a view title) and press F1 on the keyboard.
This method opens topics related to the current location of your cursor. You can double-click the tab to expand the view within the WebSphere Message Broker
Toolkit window. Double-clicking the tab a second time returns the window to its original size and location in the toolkit.
EXempty
Exercise review and wrap-up
This exercise provided an opportunity to set up the various WebSphere Message Broker components. It might take you some time to really grasp what each component does. Additionally, the exercise provided the chance to set up the workspace and start the WebSphere Message Broker Toolkit. You will be using the WebSphere Message Broker Toolkit in later exercises, which are intended to familiarize you with the features and functions it provides.
EXempty
Exercise 2. Using the WebSphere Message Broker
Toolkit
Estimated time
01:00
What this exercise is about
The WebSphere Message Broker Toolkit provides the developer with a number of administrative functions for the development environment. In this exercise, you will become familiar with the basic administrative tasks that can be performed in the WebSphere Message Broker Toolkit.
What you should be able to do
At the end of the exercise, using only the WebSphere Message Broker Toolkit, you should be able to:
• Establish a connection to a broker • Import, deploy, and test a message flow
Introduction
WebSphere Message Broker V7 administration is performed through the WebSphere Message Broker Explorer, and command-line
interface. Some basic administration functions are available in the WebSphere Message Broker Toolkit.
In this exercise, you use the WebSphere Message Broker Toolkit to perform some basic post-installation configuration tasks. You also import, deploy, and test a message flow so that you have a good understanding of the administration tasks that are usually performed by a developer.
The message flow you use in this exercise matches the message flow seen in the lecture material. The message flow is already written. The message flow is shown in the following figure.
The intent of this simple message flow is to accept a basic XML message from a WebSphere MQ queue of the form:
<InMsg><Version>2</Version></InMsg>
The message flow then validates the value of <Version> in a filter node as follows:
• If <Version> equals 2, send the message out the True terminal, add a current time stamp, and return the augmented message to the caller through a reply-to queue (EX2_REPLY queue)).
• If <Version> equals 1 or 3, send the message out the False terminal to the FALSEQ node (FALSE queue).
• If <Version> does not equal 1, 2, or 3, send the message out the
Unknown terminal to the UNKNOWNQ node (UNKNOWN queue).
You complete the exercise by deploying and testing with a provided message flow. You deploy and test using the WebSphere Message Broker Toolkit; first by importing a broker archive (.bar) file and then testing the message flow.
If the incoming message contains the string <Version>2<Version>, the resulting transformed message should contain the addition of a time stamp, that is:
EXempty
Required materials
The exercise requires the fully configured workstation from Exercise 1. Exercise 1 must be completed successfully before this exercise can be attempted.
Instructor exercise overview
Introduce this exercise as one intended to do nothing more than to give the student an exposure to a message flow and the administration options available to the developer. The exercise is structured in four parts. Since Unit 3 is a rather large lecture unit, you can begin this exercise after completing Topic 2. The sections on post-install activity and message flow familiarization (Parts 1 and 2) can be assigned independently of the later two sections on deployment and testing (Parts 3 and 4). In this manner, students are offered a break between lecture and exercise and have the opportunity to work on the exercise while the corresponding lecture material is still fresh in their minds.
Encourage the students to work through the exercise with their Student Notebooks open to the lecture page that corresponds to the step they are working on. By comparing the images on their workstation with the screen captures included in the Student Notebook, they can obtain immediate feedback that they are progressing through the exercise in a positive manner. If they make a mistake, their error should become immediately obvious, giving them a chance to make corrections before the error cascades into a disaster.
The optional portion of the exercise is for those students that complete the exercise ahead of schedule. Time has not been allotted in the agenda for the optional portion of the
Exercise instructions
Notes
• This exercise presumes successful completion of Exercise 1. Consult with your
instructor if you have doubts about your success with Exercise 1.
• Having completed Exercise 1, an instance of the WebSphere Message Broker Toolkit
should be running.
• This exercise maps directly to the order of the lecture material as it appears in Unit 3 of
your Student Notebook.
Part 1: Work with a simple message flow
Hint
See topic 2 of Unit 3 in your Student Notebook.
__ 1. Import a message flow project into your workspace.
__ a. Switch to the WebSphere Message Broker Toolkit, and, if not already open, open the Broker Application Development perspective. One way is to click Window >
Open Perspective > Other > Broker Application Development.
__ b. From the menu bar, select File > Import. __ c. In the Import window, expand Other.
__ d. Click Project Interchange from the list and then click Next.
__ e. Click Browse next to From zip file and go to the C:\Labs\Lab2\resources directory.
__ f. Click EX2_PROJECT.zip and then click Open. __ g. Check EX2_PROJECT.
__ h. Click Finish.
WebSphere Message Broker imports the project and constructs the workspace. The EX2_PROJECT should now appear in your Broker Development navigator view.
EXempty __ b. Open the Message Flow editor by double-clicking Ex2Flow.msgflow. The
Message Flow editor initializes in the Editor pane.
__ 3. Examine the message flow. Verify that it agrees with the figure that appears at the beginning of the exercise.
__ 4. The properties of each node in the message flow have been preset to perform the transformation described in the beginning of the exercise. Node properties should agree with the following table.
__ a. You can verify (or change) a property by right-clicking a node and selecting the
Properties view.
__ b. Node properties are grouped in pages. The Basic page is initially visible.
Part 2: Deploy a message flow with a broker archive file
Hint
See topic 3 of Unit 3 in your Student Notebook.
__ 1. The project you imported does not contain a Broker Archive file (.bar).
Import the broker archive file, Ex2.bar, that contains the Ex2Flow.msgflow in a form suitable to be delivered to a broker.
__ a. From the menu bar, select File > Import.
Node name Node type Properties
EX2_IN MQInput (Basic) Queue name = EX2_IN
(Input Message Parsing) Message Domain = XMLNSC
(Advanced) Transaction mode = Yes TraceExList Trace (Basic) Destination = User Trace REPLYQ MQReply no changes
FAILUREQ MQOutput (Basic) Queue name = FAILURE Test_Version=2 Filter ESQL (see node properties) Add_Date_Time Compute ESQL (see node properties) CATCHQ MQOutput (Basic) Queue name =CATCH UNKNOWNQ MQOutput (Basic) Queue name =UNKNOWN FALSEQ MQOutput (Basic) Queue name =FALSE
__ b. In the Import Select window, expand General. __ c. Click File System from the list and then click Next.
__ d. Click Browse for the From directory and go to the C:\Labs\Lab2\resources directory.
__ e. Click OK.
__ f. Check the box next to Ex2.bar. Use the second Browse button (beside the Into
Folder text entry box) to go to your workspace, select the EX2_PROJECT, and
then click OK.
__ g. On the Import File System window, click Finish.
WebSphere Message Broker imports the broker archive file into the project under the Broker Archives subtree.
__ 2. Examine the BAR file, Ex2.bar, that contains the Ex2Flow.msgflow in a form suitable to be delivered to a broker:
__ a. In the Navigator, fully expand the Broker Archives subtree.
__ b. Open the Broker Archive editor by double-clicking the file Ex2.bar.
__ c. The Broker Archive editor should open on the Manage tab; if not, click the
Manage tab to show the BAR file contents.
The top-level component in the BAR file is the compiled message flow (.cmf). __ d. View the contents of message flow file by clicking the plus (+) sign. The BAR file
should contain one message flow named Ex2Flow.
__ e. View the contents of message flow by clicking the plus (+) sign next to Ex2Flow. You should see an entry for each node in the message flow. The nodes are listed in alphabetic order.
__ f. Look at the contents of the Properties tab as you click each node in the Broker Archive editor. These are the node properties that can be overridden in the BAR file.
__ 3. Deploy the broker archive file (.bar) from the Broker Development Navigator view. __ a. In the Broker Development Navigator view, right-click Ex2.bar and then select
Deploy from the context menu.
EXempty __ b. Expand the Brokers tree in the Brokers view until you see the message flow,
Ex2Flow, as a child element of the EXGRP1 execution group for broker
DEVBROKER.
If the icon next to message flow is a green, up arrow, the flow has been successfully deployed and is running.
If the icon is a yellow triangle, examine the Problems view (to the right) for additional status information. It might be that the message flow is deployed but not yet running. The icon might disappear on its own (it might take several seconds) or the flow might require a manual start (right-click Ex2Flow and select
Start).
__ c. Click the Deployment log tab. The Deployment log shows whether the BAR file has been deployed successfully.
__ d. Expand the message in the Deployment log by clicking the plus sign (+).
BIPnnnns messages preceded with a blue icon imply success; a yellow icon serves as a warning, and a red icon indicates a failure.
Part 3: Test the message flow
There are two main test tools available for testing message flows: the WebSphere
Message Broker Toolkit Integrated Test Client and RfhUtil. For this exercise, you will use WebSphere Message Broker Explorer and the RfhUtil program contained in SupportPac IH03.
Hint
See topic 4 of Unit 4 in your Student Notebook.
__ 1. Use the WebSphere MQ runmqsc command to define the queues required for this exercise. A script has been prepared for this purpose.
__ a. Start a WebSphere Message Broker command console. __ b. Change to the C:\Labs\Tools directory: cd C:\Labs\Tools __ c. Enter the command: runmqsc DEVQMGR < Ex2_Q_Defs.txt
__ d. Examine the screen and verify success. The following queues required by the message flow should have been created: EX2_IN, EX2_REPLY, FAILURE, UNKNOWN, FALSE, and CATCH. A seventh queue, EX6_IN, used in a later exercise is also created.
__ 2. The message flow is waiting for a message to appear on the EX2_IN queue. After it does, the message flow dequeues the message and sends it through the message
flow. You use RfhUtil to read a message from a file and put the message on the queue to start the process.
__ a. In the WebSphere MQ Explorer navigator pane, under the DEVQMGR queue manager, click Queues.
__ b. Examine the EX2_IN queue. The Open input count value is 1. This means that an application (message flow) is waiting for a message to be put on that queue.
__ 3. Start RfhUtil by double-clicking rfhutil.exe in the C:\Labs\Tools directory or the shortcut icon on the Windows desktop.
__ 4. Enter the following parameters on the Main tab in RfhUtil:
• Queue Manager Name: use the drop-down list to select DEVQMGR • Queue Name: use the drop-down list to select EX2_IN
__ 5. Click Open File. A file selection window is displayed.
__ 6. Go to C:\Labs\Lab2\data, select the file Test_V2_msg.xml, and then click
EXempty __ 7. The RfhUtil Main tab should now be displayed.
The message reports that 35 bytes were read from the file.
__ 8. Examine the data that was read into RfhUtil by switching to the Data tab.
The input file name and byte count are displayed in the message above the data display window. Based on the format, the data appears to be XML. To the right of
the data window is a set of radio buttons labeled Data Format. Select XML and note how the data format changes. Try some of the other formats to see the other formats that are available.
__ 9. In the message flow, the REPLYQ message flow node is an MQReply node. A message routed to an MQReply node must have an MQ queue name included in the message (as part of the MQMD) so that the MQReply node knows where to send the message.
You can specify that value (and any other MQMD values) in RfhUtil in the MQMD tab. Switch to the MQMD tab.
For Reply To Queue, enter: EX2_REPLY.
__ 10. You are ready to send the test message to the queue for processing by the message flow. Before you do, re-examine the message flow diagram. Given the test data that you are about to send to the queue, what do you think the message flow will do with the message? Where will the message end up?
________________________________________________________________ _______________________________________________________________ __ 11. To send the test data:
__ a. Switch to the Main tab.
__ b. Since you want to write the test data to the queue you have specified, click
Write Q. Note the message that reports the number of bytes written and to which
queue.
__ 12. Based on your answer to step 10, where did the message go? The possible destination queues are EX2_IN, EX2_REPLY, UNKNOWN, FALSE, CATCH, and FAILURE.
Use WebSphere MQ Explorer to determine the location of your test message. One way to determine which queue was the destination is to examine the Current queue
depth column. A queue depth greater than zero indicates a message is waiting on
EXempty Select Refresh Interval. Enter the wanted refresh frequency in seconds and click OK.)
__ 13. You can browse the data in the queue using either WebSphere MQ Explorer or RfhUtil:
__ a. To browse using WebSphere MQ Explorer:
• Right-click the queue to be browsed • Click Browse messages
__ b. To browse using RfhUtil:
• Click the desktop shortcut icon to start a second instance of RfhUtil (you can use
the instance you already have open, but when you are testing and working with several queues at one time, it can be more efficient to have a separate instance of RfhUtil open for each queue you are working with).
• Enter the queue manager and queue name you want to browse.
• Click Browse Q. Note the message that appears to report the size of the
message you are browsing.
You can instead click Read Q instead of Browse Q. What is the difference between the two operations?
______________________________________________________________ _____________________________________________________________ • Switch to the Data tab to view the data. Again, click the appropriate Data Format
radio button to display the data in the wanted format.
Using this test data, the resulting message should appear as follows: <OutMsg>
<Version>2</Version>
<TimeIs>current time stamp</TimeIs> <DateIs>current date stamp</DateIs> </OutMsg>
__ 14. The message should have appeared on the EX2_REPLY queue. If your message is not on EX2_REPLY, perform the following checks:
- Is the message still on the EX2_IN queue?
YES
NO
• Is there a message flow running that
consumes messages from EX2_IN (Open Input Count= 1)?
• The message flow might be deployed, but
in a stopped state. Check the Brokers view in the WebSphere Message Broker Toolkit or WebSphere MQ Explorer. Examine the icon next to the message flow. If necessary, start the message flow.
- Is the message on the CATCH queue? If so, check the Windows Event Log to
determine the cause of the runtime error.
- Is the message on the FALSE or UNKNOWN queue? If so, check your test
message. Is the <Version> field present? Does <Version> = 2? __ 15. Test your message flow with the other test files that exist in the
C:\Labs\Lab2\Data directory.
Given the data in the message you submit for each test, you should be able to predict how the message flow will process the message and where the message ends up.
__ 16. As a further test, use WebSphere MQ Explorer to set the Put Message property of the EX2_REPLY queue to Inhibited; then repeat the test using the original
(<Version> =2) test message. To what queue will your message be routed? Where else might your message end up? Can you explain why? The upcoming unit on Problem determination will help with the answer.
__ 17. After you have completed testing, stop the message flow by right-clicking the message flow in the Brokers view and selecting Stop from the menu.
__ 18. Remove the message flow from the execution group by right-clicking the message flow in the Brokers view and selecting Delete from the menu.
END OF EXERCISE
• Is the message backout counter > 0 and
increasing?
• If Open Input Count for EX2_IN = 0, but
the deployment was successful, then you might have a typographical error in the input queue name of the MQInput node. This should also be visible in the
Windows Event Log.
• Is the message backout counter > 0 and
increasing?
• If Open Input Count for EX2_IN > 1, there
are multiple message flows consuming messages from EX2_IN. In this case, input messages are randomly processed by different flows (this is more likely to happen in later exercises, should you duplicate one flow to serve as a starting point for another).
EXempty
Optional exercise
Instructions for optional exercises are intentionally brief in this exercise. Refer to the Student Notes, previous exercises, and the Information Center for additional information. __ 1. Redeploy the Ex2.bar file to EXGRP1 on DEVBROKER.
__ 2. Use the WebSphere Message Broker Toolkit to create an additional execution group named Ex2TestGrp.
__ 3. Use the WebSphere Message Broker Toolkit to deploy the .bar file to the
Ex2TestGrp and verify that the deployment succeeded.
__ 4. Use RfhUtil to retest with the <Version> = 2 test message. Change the MQMD
Reply To Queue name to EX2_OUT (and create that queue using WebSphere MQ
Explorer).
Will the transformed message end up on EX2_OUT rather than EX2_REPLY? Retest a number of times and observe results. It is likely that the test messages do not consistently reach only one of the two output queues. If that is the case, what must you do to correct the situation?
__ 5. Override the input queue name in the EX2.bar file in the Broker Archive editor. __ a. Open the .bar file and click the Manage tab.
__ b. Expand the .cmf file until the nodes are listed. __ c. Select the input node EX2_IN.
__ d. On the Properties tab, change Queue name to IN_QUEUE (remember to create the queue using WebSphere MQ Explorer).
__ e. Save the .bar file.
__ 6. Start a command console session, change directory as needed, and deploy the .bar file using the mqsideploy command (shown here with a subset of parameters and options):
mqsideploy <broker_name> -e <ExGrp_Name> -bar <BAR_file_name>
See the online help for details about the mqsideploy command.
Ensure the .bar file is in the directory from which the mqsideploy command is issued. A suggestion is to work from \<install_directory>\bin\.
__ 7. Retest with the <Version>=2 message. Be sure to change RfhUtil to submit the test message to IN_QUEUE rather than EX2_IN. Verify that the output goes to EX2_OUT. __ 8. After you have completed testing, stop the message flows in the EXGRP1 and
Ex2TestGrp execution groups and then remove the message flows from the
execution groups.
EXempty
Exercise review and wrap-up
In the first part of this exercise, you performed the required post-installation tasks so that the WebSphere Message Broker Toolkit instance can interact with a broker. This
post-installation task is a fundamental requirement for administrators.
You then performed some developer tasks in the WebSphere Message Broker Toolkit such as developing a message flow and testing a message flow. However, when you stop and think about the isolated environment in which developers operate and the more global environment of the administrator, it is obvious that tasks that seem to have a development significance, such as creating queues and queue managers, might also be important to the administrator.
EXempty
Exercise 3. Administering the broker runtime
components
Estimated time
01:30
What this exercise is about
This exercise is designed to give you an opportunity to work with the command-line interface and WebSphere Message Broker Explorer to manage and manipulate WebSphere Message Broker components. Although it is not an explicit objective of this exercise, you will also use the CMP API Exerciser that is provided with WebSphere Message Broker to perform some basic administration and create scripts. Finally, you are guided through creating a backup of the broker and configuration data.
What you should be able to do
At the end of the exercise, you should be able to:
• Administer WebSphere Message Broker components using WebSphere Message Broker Explorer and commands • Back up and restore the broker and its configuration data
Introduction
WebSphere Message Broker administrators can manage and manipulate the WebSphere Message Broker components using WebSphere Message Broker Explorer. However, it is also possible to use a command-line interface to perform the same tasks. While WebSphere Message Broker Explorer is easier to use and more intuitive, the command-line implementation offers the ability to fully automate the management tasks using command scripts. Using the Application API, it is also possible to further extend those capabilities.
Required materials
The fully configured workstation used in the previous exercise is required to successfully complete this exercise.
Instructor exercise overview
The first part of this exercise has students start the command console and use various commands to operate and manage various WebSphere Message Broker components. The second part of the exercise has students use WebSphere Message Broker Explorer to perform similar administration tasks as with the command line. Then, students briefly work with the supplied CMP API Exerciser. There is no programming using the API itself; just the use of the Exerciser.
EXempty
Exercise instructions
Notes
All exercises depend on the availability of specific equipment in your classroom. This exercise assumes that Exercises 1 and 2 have been successfully completed. It depends on having existing, running resources that can be manipulated. Recall that you have used several of the command-line functions in Exercise 1 when you set up your broker environment.
Part 1: Getting started
__ 1. Record the following information in the space provided: __ a. Your user ID: ________________________________ __ b. Your broker name: ____________________________
__ c. Your broker queue manager name: ____________________ __ d. Your broker queue manager listener port number: 1416 __ 2. Create two new local queues called ADMIN_IN and ADMIN_OUT:
__ a. In WebSphere Message Broker Explorer, expand the DEVQMGR queue manager.
__ b. Right-click Queues and then click New > Local queue.
__ c. In the New Local Queue dialog, enter ADMIN_IN for the queue name, and click
Finish. The new queue is created.
__ d. Repeat process in steps c and d to create a local queue named ADMIN_OUT. __ 3. In the WebSphere Message Broker Toolkit, create a project named EX3_PROJECT
into which you import an existing broker archive file: __ a. From the toolbar, select File > New > Project.
__ b. In the New Project wizard selection window, expand General, click Project, and then click Next.
__ c. In the New Project dialog, enter EX3_PROJECT as the project name. Leave the
Use default location box checked, and click Finish.
__ 4. Import the Admin1.bar file from the C:\Labs\Lab3\resources folder to the
EX3_PROJECT project It will be used for later deployment. __ a. From the toolbar, select File > Import.
__ b. In the Import selection window, expand General, click File System, and then click Next.
__ c. In the File system import window, for the From directory field, browse to
A resources folder is displayed in the left pane, and the Admin1.bar is displayed in the right pane.
__ d. Check the box by the resources folder which should also cause the box beside the Admin1.bar file to be checked.
__ e. If the Into folder is not EX3_PROJECT, click Browse and select EX3_PROJECT and then click OK.
__ f. Click Finish to import the .bar file.
Part 2: Use the command console
In this part of the exercise, you use the WebSphere Message Broker command console to check the status and configuration of the broker, execution groups, and message flows. __ 1. The WebSphere Message Broker environment supplies a special command console
from which you run WebSphere Message Broker commands. To show what
happens if you try to work outside of the command console, open a standard DOS command prompt window.
__ a. From Windows, select Start > Run
__ b. Enter CMD in the Open field and then click OK. __ 2. Enter the command: mqsilist DEVBROKER
__ 3. You know that your broker is deployed and running, so what might be causing this problem?
In the lesson, you learned that there is an mqsiprofile.cmd that must be run to set up the environment for the various components. Do not run that now.
__ 4. Look at the mqsiprofile.cmd file in the C:\<Broker Install Path>\bin directory.
By using the command console in a Windows environment, the environment is automatically set up and it is not necessary to run the mqsiprofile.cmd.
__ 5. Start the WebSphere Message Broker command console: Start > All programs >
IBM WebSphere Message Brokers 7.0 > Command Console.
__ 6. Get a list of running execution groups and message flows by entering the command:
EXempty __ 7. Now, create an execution group for your broker using the command console. Name
it DEVEX3, as shown:
mqsicreateexecutiongroup -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3
Note
The syntax for the commands in this part of the exercise specify a host ID (-i) and port (-p). These options are not required if you are referencing a local broker. They are provided here to give you an understanding of the syntax required to work with remote components.
__ 8. Deploy the Admin1.bar file to the new DEVEX3 execution group.
__ a. When deploying a BAR file, the mqsideploy command looks for it in the current directory (the one from which the command is run) by default. If the BAR file is not located in that directory, you must specify the full path.
Change directories to the directory containing the BAR file (C:\Labs\Lab3) before entering the command:
cd C:\Labs\Lab3
__ b. Enter the command to deploy the Admin1.bar file:
mqsideploy -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3 -a Admin1.bar
__ c. Enter the command to view the contents of the BAR file:
mqsireadbar -b Admin1.bar
__ 9. Verify that the flow was successfully deployed.
mqsilist DEVBROKER -e DEVEX3
__ 10. Remove the deployed message flow from the DEV3EX3 execution group.
mqsideploy -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3 -d Admin1
Hint
To save on typing, press the up arrow key on your keyboard in the Command Console window to retrieve a previous command, edit the portion of command that has changed (if necessary), and then press Enter.
For example, the command you enter in the next step is identical to the command you entered in step 7b. Press the up arrow key until the mqsideploy command is displayed and then press Enter to reissue the command.
__ 11. Redeploy the Admin1.bar file to the DEVEX3 execution group.
mqsideploy -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3 -a Admin1.bar
__ 12. Now, stop the message flow that you have deployed from the command console:
mqsistopmsgflow -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3 -m Admin1
__ 13. Restart the message flow:
mqsistartmsgflow -i localhost -p 1416 -q DEVQMGR -b DEVBROKER -e DEVEX3 -m Admin1
__ 14. Answer the following questions:
__ a. What happens if you leave out the -m flag on the mqsistartmsgflow and mqsistopmsgflow commands?______________________________________ __ b. What does the -w flag mean on the mqsistartmsgflow and
mqsistopmsgflow commands?______________________________________
Part 3: Use WebSphere Message Broker Explorer
In this part of the exercise, you use WebSphere Message Broker Explorer to complete many of the same tasks that you completed in Parts 1 and 2 of this exercise. In addition, you use WebSphere Message Broker to examine the BAR file contents and message flow properties.
__ 1. If it is not already running, start WebSphere Message Broker Explorer by selecting
EXempty __ 4. Create an execution group named MBX3 for the broker MB7BROKER using WebSphere
Message Broker Explorer.
__ a. Right-click the broker named MB7BROKER in the Brokers subtree. __ b. Select New > Execution Group.
__ c. Enter the name of the new execution group.
After a brief pause, the new execution group is created and started.
__ 5. Import the Admin1.bar file into WebSphere Message Broker Explorer and BAR file contents and message flow properties.
__ a. Right-click the Broker Archive Files folder in the WebSphere Message Broker Explorer Navigator.
__ b. Select New > Broker Archive Folder from the menu. __ c. Enter MyBars as the folder name and then click Finish. __ d. Open Windows Explorer.
__ e. Go to the C:\Labs\Lab3\resources folder.
__ f. Drag the file Admin1.bar from Windows Explorer to the MyBars folder in WebSphere Message Broker Explorer.
__ g. Expand the MyBars folder and verify that Admin1.bar had been added. __ h. Right-click Admin1.bar and select Open with > Broker Archive Editor. __ i. On the Manage view expand the Admin1.cmf compiled message file.
__ j. Right-click the ADMIN_IN node and select Configure. The Properties view should open displaying the properties that can be overridden.
__ 6. Deploy the message flow to the newly created execution group named MBX3 by dragging the file Admin1.bar from the MyBars folder to the execution group in the Navigator.
__ 7. Check the Administration Log in WebSphere Message Broker Explorer for a message indicating the message flow was deployed successfully.
__ 8. Select the execution group and examine the execution group Properties
QuickView and Deployed Flows and Flow Resources QuickView.
The QuickView shows the message flow properties such as queues used, user trace status, and node names.
__ 9. Select the message flow and examine the flow properties in the Properties
QuickView.
The QuickView shows the message flow properties such as queues used, user trace status, and node names.
__ 10. Remove the deployed message flow from the MBX3 execution group.
__ a. Stop the message flow by right-clicking the message flow and selecting Stop from the menu.
__ b. Delete the message flow by right-clicking the message flow and selecting Delete from the menu.
__ c. Select Yes on the confirmation message.
__ 11. Stop the MBX3 execution group by right-clicking the execution group in the Navigator and selecting Stop from the menu.
Part 4: Creating broker sets
In this part of the exercise, you create a broker set that automatically contains all brokers that are stopped.
__ 1. In the WebSphere Message Broker Explorer, right-click the Brokers folder and select Broker Sets > New Broker Set.
__ 2. Enter Stopped for broker set name.
__ 3. Click the Automatic radio button so that any broker in the ‘stopped’ state is automatically displayed in this broker set.
__ 4. Click Next.
__ 5. Select brokerStatus:Stopped in the Available filters column and then click Add---> to move it the Selected filters column.
__ 6. Click Finish.
__ 7. Two new categories are displayed under the Brokers folder:
• All contains all the brokers.
• Stopped contains only the brokers in the ‘stopped’ state.
__ 8. To test the broker set, stop the broker MB7BROKER by right-clicking the broker and selecting Stop > Broker.
EXempty
Part 5: Using the CMP API Exerciser
__ 1. Start the CMP API Exercise by selecting Start > Programs > IBM WebSphere
Message Broker 7.0 > Java Programming APIs > CMP API Exerciser.
__ 2. Connect to your local broker by right-clicking and selecting the Connect to Local
Broker.
__ 3. Select the broker DEVBROKER from the drop-down list and then select Submit. __ 4. After a connection is established, note the status information displayed in the lower
part of the Exerciser screen.
__ 5. In the upper part of the screen is information about the broker. Highlight the message flow (Admin1.cmf) you deployed to the new execution group DEVEX3.
__ 6. By right-clicking the flow, you can see that it is possible to turn on tracing, start and stop, delete, and find some additional information.
For now, try stopping and then starting the flow. Verify that the flow is stopped and restarted by looking in the WebSphere Message Broker Explorer Navigator.
EXempty __ 7. Assume that you want a new execution group with a different name. First, delete the
execution group called DEVEX3.
Deleting the execution group can be done on the command line or in WebSphere Message Broker Explorer; in this exercise you will use the CMP API Exerciser. Right-click the execution group and select Delete.
The delete is performed without confirmation.
__ 8. Next, you record a script of an operation, which captures it for reuse. The script can then be run against other broker environments. From the Scripting pull-down list, select Record New Script...
__ 9. Give the script a useful name: CreateNewEG.xml Store it in your root directory (C:).
Scripting is now active.
__ 10. Highlight the broker name (DEVBROKER), right-click it, and select Create
execution group.
__ 11. Name the new execution group EX3B and then click Submit.
__ 12. After you see the new execution group (you can verify its presence in the WebSphere Message Broker Explorer), stop the script recording by selecting
Scripting > Stop Recording.
__ 13. Now, either from the CMP API Exerciser or from the WebSphere Message Broker Explorer, delete the execution group.
__ 14. Select Scripting > Play Back Recorded Script to watch the recreation of the execution group. You must browse to the root directory (C:\), find the XML file used for the recording, and then click OK.
__ 15. Right-click the new execution group and select Deploy BAR to deploy the broker archive called Admin1.bar.
__ 16. Go to C:\Labs\Lab3\resources and select the Admin1.bar file. Click Open and wait for the deployment to complete.
__ 17. You can confirm the deployment of the flow by looking at the log entries in the API Exerciser or the Administration Log in the WebSphere Message Broker Toolkit. __ 18. After you have confirmed that the message flow has been successfully deployed,
stop the Admin1 message flow and delete the EX3B execution group. __ 19. Close the CMP API Exerciser.
Part 6: Back up and restore the broker
EXempty __ 2. Open a WebSphere Message Broker command console and back up the broker to
the new folder. (There is a -a flag to name the archive, but do not use it here, so that you can see what the default file name is.)
mqsibackupbroker DEVBROKER -d C:\MQSIBackup
The command should return a message like the following example: BIP125I: Creating backup file
‘C:\MQSIbackup\DEBVROKER_ccmmdd_hhmmss.zip’ for broker ‘DEVBROKER’. BIP8071I: Successful command completion.
Where ccyydd is the year, month, and day and hhmmss the hour, minute, and second of the backup file creation time.
__ 3. Open a Windows Explorer window and browse to the MQSIBackup folder.
You now have all the necessary information to restore your broker. This folder can be compressed and stored elsewhere (on some type of external media) or, at a minimum, on a separate drive from where the domain exists.
Next, you simulate a system failure by deleting the broker and broker components. After you have completed the system failure simulation, you will restore the broker and
components using the backup file you created in Step 2. __ 4. Disconnect from the broker:
__ a. In the WebSphere Message Broker Explorer, right-click the broker DEVBROKER.
__ b. Select Disconnect from the menu.
__ 5. Close any applications that might be connected to the broker or broker queue manager including WebSphere Message Broker Explorer, WebSphere Message Broker Toolkit, and RfhUtil.
__ 6. From a WebSphere Message Broker command console, stop the broker if it is still running:
mqsistop DEVBROKER Note
You can also stop the broker services using the Windows Services control panel. Click
Start > Settings> Control Panel > Administrative Tools > Services
__ 7. Simulate a failure of the broker by completely removing the broker and queue manager.
From a command console session, enter the following command:
mqsideletebroker DEVBROKER Important
The broker backup and restore commands do not back up resources required by message flows to function correctly such as WebSphere MQ queues and data stored in user
databases, transient information for inflight aggregations or collections, and executable code, including resources that are associated with user-defined extensions (nodes, parsers, and exits).
__ 8. Attempt to start the broker from a command console.
mqsistart DEVBROKER
You should receive a message saying that the component does not exist. __ 9. From WebSphere Message Broker Explorer recreate the broker DEVBROKER
__ a. Right-click Brokers in the Navigator and select New > Local broker. __ b. For the New Broker name, enter DEVBROKER and then click Next. __ c. For the Queue manager, enter DEVQMGR and then click Finish. __ 10. Using the command console, restore the broker with the same name.
mqsirestorebroker DEVBROKER -d C:\MQSIbackup -a <archive_file>
where <archive_file> is the name of the archive file that was created by mqsibrokerbackup command you entered in Step 2.
After the restore completes, you will receive a message indicating that the broker has been restored.
__ 11. Finally, attempt to start the broker using the WebSphere Message Broker Explorer or command line.
EXempty
Exercise review and wrap-up
This exercise provided you with an opportunity to use the command-line interface to issue commands using the command console. It also exposed you to the CMP API Exerciser. This CMP API allows customization of administrative functions, but that is a programming task, not covered in this exercise.
Backing up the broker is an important exercise for administrators. In the exercise, you learned how to back up and restore all necessary broker components.
EXempty
Exercise 4. Administering broker security
Estimated time
01:00
What this exercise is about
This lab exercise is designed to give students the opportunity to set and test WebSphere Message Broker access control for the brokers, execution groups, and message flows.
What you should be able to do
At the end of the exercise, you should be able to: • Activate administration authority
• Assign security permissions for brokers, execution groups, and message flows using WebSphere Message Broker Explorer and MQSI commands.
• Test the secured environment using the Configuration Manager Proxy (CMP) API Exerciser
Introduction
WebSphere Message Broker uses a special set of queues on the broker queue manager to control access to each entity that must be secured in terms of administrative access. Each administrative action, such as creating an execution group, and deploying or stopping a message flow, is mapped to one of three categories; read, write, or execute. These categories are mapped to WebSphere MQ security properties as follows:
Inquire ----> Read Put ----> Write Set ----> Execute
One or more of the WebSphere MQ security permissions are set on a particular queue to control access to the object that queue represents; a broker or an execution group. This design uses a familiar, already present mechanism (queue security) and provides excellent
Administrative security is turned off by default when a broker is
created. It must be turned on using the mqsichangebroker command. A flag is also provided on the mqsicreatebroker command that turns on security as part of the creation process.
Requirements
You use the fully configured workstation from Exercises 1 and 2. Exercises 1 and 2 must have been successfully completed before this exercise can be attempted.
• Admin_Security_Test1.bar and Admin_Security_Test2.bar A copy of the Project interchange file and a BAR file are located in the C:\Labs\Lab4\resources folder.
• Runas_No_Auth_ID_For_CMP.bat
Windows batch script, located in the C:\Labs\Lab4\resources folder. This batch script starts a session as user No_Auth_ID. • Microsoft Windows user named No_Auth_ID and group named
Test_1 with WebSphere Message Broker permissions as shown in part 1 of the exercise.
EXempty
Exercise instructions
Preface
To effectively test administrative security you must have some way to run under a different user ID other than the administrator ID because the administrator ID has full access to the broker environment by default. Logging out of Administrator and logging in as another user is not a good solution on Windows as that starts a different or unique configuration of installed software. The solution is to use a Windows facility called runas
withwhich you can open a command window and launch programs under a different user ID.
You will use the runas tool in this lab to run under an alternate user ID. The broker tool that you start from the command window that is using an alternate ID, is the CMP API Exerciser. One feature of the CMP API Exerciser is that it provides a window at the bottom of the interface that shows frequent and detailed status. The window shows the results from a test, including error messages, without having to use another tool.
A script has been provided that starts runas using an alternate ID and then starts the CMP API Exerciser for you.
While this lab uses the CMP API Exerciser, it is important that you understand that in WebSphere Message Broker V7, all tools, such as WebSphere Message Broker
Explorer, and the WebSphere Message Broker Toolkit, are subject to security checking when administrative security is active.
Instructor exercise overview
The first part of this exercise has students set up user and group authorities of a specific non-privileged Windows user. That same user ID is used in testing the next parts of this lab.
Part 1: Setting user and group security
A new user, No_Auth_ID, has been added to a new group, Test_1. In this part of the exercise, you grant the Test_1 group-specific WebSphere MQ privileges.
This exercise also uses the default broker (MB7BROKER) and queue manager (MB7QMGR) created by the Default Configuration wizard.
__ 1. Start the Windows Computer Management application by selecting Start > Settings
> Control Panel > Administrative Tools > Computer Management.
__ 2. Expand Local Users and Groups and click Users.
A list of all users is displayed in the right pane. You will be using the No_Auth_ID as user ID which has no prior authorization.
