| Author |
Message
|
| Ganford |
 Posted: Mon Apr 08, 2013 6:15 am Post subject: |
 |
|
Novice
Joined: 09 Aug 2011
Posts: 22
|
Hello, i have probably little weird question. But i'm kind of lost. I would like to use MQ Remote administration to maintain more QMs on one remote Linux RedHat machine, but the situation is not so simple. When i need connect to QM on the RedHat from my win local machine I need always firstly connect to Linux JUMP machine. Use command to redirect ports 1414 to 10030 ssh -g -L 10030:localhost:1414 user@xx.xx.xx.xx) and then I’m able to open QM on my local workstation by using host name localhost, port number 10030. So i need to connect to JUMP machine and then to RedHat, where QM's are created. My question how to use MQ Remote administration while using Putty Tunnels? ) |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Apr 08, 2013 6:32 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Have a look at the MS81 SupportPac...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Apr 08, 2013 6:39 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
What kind of remote admin (MQSC commands or GUI)?
In this situation I get a firewall rule opened, one option being to connect a QM in the secured zone to a QM in my network zone and then connect MO71 using the via option.
That way MO71 connects to a QM that I can access then forwards commands and responses to/from the other QM. This will work for both GUI screens and MQSC window (in mO71).
The main thing MO71 can't do in this mode is use MQI calls - like browsing messages. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Apr 08, 2013 6:42 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| exerk wrote: |
| Have a look at the MS81 SupportPac... |
That won't help at all.
I'd just configure all the MQ Explorer connections to use a set of fixed ports on localhost.
Then I'd write a linux shell script to do all the port forwarding.
Then I'd log in, run the script, and then launch MQ Explorer. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Apr 08, 2013 6:48 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| mqjeff wrote: |
| exerk wrote: |
| Have a look at the MS81 SupportPac... |
That won't help at all. |
I was under the impression (incorrectly it seems) that IPT was designed to allow just that sort of thing... yet another school day!
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Apr 08, 2013 6:56 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| exerk wrote: |
| mqjeff wrote: |
| exerk wrote: |
| Have a look at the MS81 SupportPac... |
That won't help at all. |
I was under the impression (incorrectly it seems) that IPT was designed to allow just that sort of thing... yet another school day! |
It's designed to act as a gateway between two networks.
It would have to be installed on the JUMP server and used instead of the port forwarding mechanism being mentioned. The port forwarding mechanism being mentioned is obviously intended to ensure that connections can only be opened by specific individuals from a specific direction (i.e. outbound from a secure zone), and can only be opened as part of a specific and auditable request.
Setting up an IPT gateway that avoided that request, and left the door open wouldn't help. And would probably make the security staff cranky.
Setting up an IPT gateway that only lasted while a user was logged in instead of simply using the ssh port forwarding method is more work than necessary. |
|
| Back to top |
|
|
| Ganford |
| Posted: Tue Apr 09, 2013 3:50 am Post subject: |
|
|
Novice
Joined: 09 Aug 2011
Posts: 22
|
Thanks all for reply. Problem is that i'm not able to install WMQE on JUMP server. Looks like that there is currently no option how make it work. I tried it , but i just got new error in message log that's all 
http://www-01.ibm.com/support/docview.wss?uid=swg21413653
Anyway, maybe someone has previous version of MS0P? I would like to have have this pack on WMQE 7.0x. I was not able to install version MS0P for WMQE7.1 on WMQE7.0x. |
|
| Back to top |
|
|
|
|
