| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| A better design? |
« View previous topic :: View next topic » |
| Author |
Message
|
| Albator |
 Posted: Thu Jun 21, 2007 6:23 am Post subject: A better design? |
 |
|
Voyager
Joined: 04 Mar 2004
Posts: 75
Location: Toronto, Canada
|
Hello,
I need to configure a QM manager to communicate with our client who has 5 queue managers. I need to send and receive data from each remote queue manager. My first though was to create a Remote queue definition for each remote QM, and one local queue for the receiving data from all QMs. Also create 2 channels for each remote QM (send and receive).
Is there a better way of designing this? Can I reduce the number of remote queue definitions by naming each transmission queue as the same name as the corresponding remote queue manager?
Thank you in advance! |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Jun 21, 2007 6:47 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
What are the security requirements? If you use a default route, by using the transmission queue with the same name as the remote qmgr, then anyone who has PUT authority to the xmitq can put to any queue on the remote qmgr.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Albator |
| Posted: Thu Jun 21, 2007 7:24 am Post subject: |
|
|
Voyager
Joined: 04 Mar 2004
Posts: 75
Location: Toronto, Canada
|
| good point, We need to clarify this. But can't they restrict access at the other end (to which queue we can drop messages in)? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Jun 21, 2007 7:40 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
They can set an MCAUser on the receiver channel, and then authorize that to only certain queues. There aren't a lot of other options.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| jsware |
| Posted: Thu Jun 21, 2007 8:28 am Post subject: |
|
|
Chevalier
Joined: 17 May 2001
Posts: 455
|
| jefflowrey wrote: |
| They can set an MCAUser on the receiver channel, and then authorize that to only certain queues. There aren't a lot of other options. |
How they protect themselves from you is their responsibility.  However I would setup a restricted user on your end and set your channel receiver's MCAUSER attribute to this. Give it access to just the queues they should be using and nothing else.
Even create a separate "security qmgr" for this and setup QREMOTE definitions to deliver to your internal qmgrs. You can also *not* have a dead letter queue so that as soon as they attempt anything dodgy like sending to a non-existent queue, or other queue (e.g. an xmitq) the channel abends and alarms go off. If you allow messages to go to a dead letter queue, then when your handler attempts a retry, it may be able to put the message.
_________________
Regards
John
The pain of low quaility far outlasts the joy of low price. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
