| Author |
Message
|
| mqjava |
 Posted: Wed Oct 20, 2010 11:07 am Post subject: mq cluster between two organizantion |
 |
|
Voyager
Joined: 25 May 2009
Posts: 80
Location: New Jersey
|
Hi All,
I am trying to implement a MQ cluster - "MQ_CLUSTER" between our company COMPA and other company COMPB. Full repo for this MQ_CLUSTER is on our side, COMPB will define a cluster sender and receiver and join our cluster MQ_CLUSTER as partial repository. But my question is - our side qmgr is running on user id - "usera" and COMPB side queue manager is running on user id - "userb", when COMPB try to create the cluster sender and receiver and try to add their queue manager to our cluster MQ_CLUSTER i think definitely we will get 2035 as the user id's in which the QM's are running are not same and we dont have the COMPB's user id defined in our side, how can we handle this situation?
Thanks in advance |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Oct 20, 2010 11:18 am Post subject: Re: mq cluster between two organizantion |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjava wrote: |
| i think definitely we will get 2035 as the user id's in which the QM's are running are not same and we dont have the COMPB's user id defined in our side |
Why do you think that? How can you be so definite? Have you tried it? Did it result in a 2035? If so, which element reported it? What was the missing authorization?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjava |
| Posted: Wed Oct 20, 2010 11:25 am Post subject: Re: mq cluster between two organizantion |
|
|
Voyager
Joined: 25 May 2009
Posts: 80
Location: New Jersey
|
| Vitor wrote: |
| mqjava wrote: |
| i think definitely we will get 2035 as the user id's in which the QM's are running are not same and we dont have the COMPB's user id defined in our side |
Why do you think that? How can you be so definite? Have you tried it? Did it result in a 2035? If so, which element reported it? What was the missing authorization? |
I didnt try it as we have to implement in prod, but when the queue manager in COMPB is running in a different user id and that user id doesnt exist in our servers definitely when the queue manager in COMPB tries to communicate with queue manager in COMPA it will get 2035 error as the user id from COMPB's queue manager doesnt exist (i dont know what happens behid the scenes when we add a queue manager to cluster). |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Oct 20, 2010 11:33 am Post subject: Re: mq cluster between two organizantion |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjava wrote: |
| I didnt try it as we have to implement in prod |
So straight into prod, no point setting up a little proof of concept anywhere else eh? 
| mqjava wrote: |
| (i dont know what happens behid the scenes when we add a queue manager to cluster). |
Then how can you be so sure it's going to fail with a 2035?
I bow to your greater knowledge of WMQ clusters. 
Given that any queue manager should be running as mqm (or equivalent) then you're in a trap of your own making.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Oct 20, 2010 11:36 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Here's a fish - if it's so hard to join unequal queue managers together, why is there this section in the Clusters manual (which you might want to try reading at some point) devoted to stopping any Tom, Dick or Harry queue manager casually joining a cluster and sending messages?
You'll get 2035 errors soon enough in your scenario. Don't look for them here.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Oct 20, 2010 1:21 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Spanning a cluster between 2 companies is rarely a good idea.
The likely lack of security and network issues related to DNS names resolving will be problematic for you.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 20, 2010 4:07 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Why are you implementing a cluster? What benefits do you see with a cluster solution? Do you have an existing cluster that you are extending to include the other company?
As Mr. Potkay suggests, you will likely be better off with a qmgr-to-qmgr connection, with sender-receiver channels.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 20, 2010 9:14 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
And I do hope that (god forbid) you are going to go ahead with this, that you have more than one Full Repository.
To echo the comments of my peers, what's wrong with putting in a gateway queue manager in each organisation?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjava |
| Posted: Thu Oct 21, 2010 7:20 am Post subject: |
|
|
Voyager
Joined: 25 May 2009
Posts: 80
Location: New Jersey
|
Hi All,
Thanks for the reply, i have to implement the cluster as it was requested by higher management, i know sender receiver channels between the organizantions is a good idea when compared with clusters, but management needs cluster.
This is a new cluster (MQ_CLUSTER) which has only one queue QUEUEA in cluster, QUEUEA is local queue in COMPA's QMA and its shared in cluster MQ_CLUSTER, when QMB of COMPB joins the MQ_CLUSTER they will be able to open the QUEUEA and put messages. My question is how do i get this QMB in COMPB join the cluster MQ_CLUSTER as both the QMA and QMB are running in different user id's - usera and userb. and userb is not defined in QMA's server. Any help would be greatly appreciated.
Vitor:
I gone through the doc's u mentioned in your previuos post, have some questions. If i mention a user - myuser in MCAUSER in the clusrcvr and give access to the user such that he can put messages to QUEUEA, COMPB will be able to put messsages to QUEUEA but to get the QMB in COMPB added to this cluster to which queues should i give the myuser access to put messages? and is this a good idea? your help is greatly appreciated. Thanks.
Thanks. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Oct 21, 2010 7:45 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Are you sure that your qmgrs are executing with a non-mqadmin userid?
WMQ security is at the qmgr level, and not at the cluster level.
Appropriate access to the local queue definition is required at the qmgr where the application creates the message. This is access is usually granted to a userid.
At the receiving end, appropriate access to the destination queue by the mca is required. The MCA takes the message off the network, and put the message to the destination queue.
At the receiving end, appropriate access to the destination queue by consuming app is required.
[edit]
One more thing: does management at your shop understand the concept of WMQ clusters? Why did they mandate a cluster?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjava |
| Posted: Thu Oct 21, 2010 7:53 am Post subject: |
|
|
Voyager
Joined: 25 May 2009
Posts: 80
Location: New Jersey
|
Hi Bruce2359,
No, the user id usera is a part of mqm group, and QMA is running under usera and in COMPB QMB is running under userb which is part of mqm group, usera doest exist in COMPB server and userb doesnt exist on COMPA server. How do i get this working?
yes they know abt clusters and they want to implement it.
Thanks. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Oct 21, 2010 7:55 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
The ID on the remote queue manager has nothing to do with this question.
Stop thinking that it does. |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Oct 21, 2010 8:19 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| mqjava wrote: |
| ...management needs cluster... |
No they don't, and if they were technical management, or trusted their techies, they'd know they don't.
| mqjava wrote: |
| ...the user id usera is a part of mqm group... |
This is worse than useless as any member of that group has 'god' rights to the queue manager and will ignore any OAM commands you pipe in - you'll be locking down precisely nothing. Get the user out of the group, into one of its own, and apply the relevant authorities.
Finally, send an email to your management with a link to this thread...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Oct 21, 2010 8:26 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Did you ask management why they believe they need a cluster?
Did management also direct that you use userids usera and userb? Did they also direct that you include these userids in the mqadmin group?
Has management read the WMQ Security manual? Do they understand the risk of having end-userids in the mqadmin group?
Have you read the WMQ Security manual?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Oct 21, 2010 8:31 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjava wrote: |
| My question is how do i get this QMB in COMPB join the cluster MQ_CLUSTER as both the QMA and QMB are running in different user id's - usera and userb. and userb is not defined in QMA's server. Any help would be greatly appreciated. |
You've already had a lot of help from me and others, and the fact you just keep asking the same question is breathtaking.
| mqjava wrote: |
| is this a good idea? |
No.
Stop randomly picking WMQ concepts and methodologies out of a hat, stringing them together and crossing your fingers that you hit one that will work. Try to think.
Mind you, if you believe running queue managers as non-mqm users is a good idea it's probably too late for that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
