ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Clustering » use of SYSTEM.CLUSTER.COMMAND.QUEUE

Post new topic  Reply to topic
 use of SYSTEM.CLUSTER.COMMAND.QUEUE « View previous topic :: View next topic » 
Author Message
ramires
PostPosted: Tue Apr 26, 2005 2:43 am    Post subject: use of SYSTEM.CLUSTER.COMMAND.QUEUE Reply with quote

Knight

Joined: 24 Jun 2001
Posts: 523
Location: Portugal - Lisboa
Hello,
I was reading the forum about MQ Cluster security and found basically 3 options.

1. Preventing PUT access to SYSTEM.CLUSTER.COMMAND.QUEUE
2. use SSL
3. use exit (BlockIP it's great to do that)

As I want to be less disruptive with the system I'm working on (24*7), option 2 and 3 can't be tested. I will go for option 1. But I'm wondering what happens when disabling PUT to SYSTEM.CLUSTER.COMMAND.QUEUE.
What happens to normal cluster functions?
Thanks
Joao Ramires
Back to top
View user's profile Send private message
Nigelg
PostPosted: Tue Apr 26, 2005 2:59 am    Post subject: Reply with quote

Grand Master

Joined: 02 Aug 2004
Posts: 1046
No cluster commands will work if you PUT DISABLE the command queue.

Where did you get the idea that you can do this and the system will continue to work?
Back to top
View user's profile Send private message
ramires
PostPosted: Tue Apr 26, 2005 3:21 am    Post subject: Reply with quote

Knight

Joined: 24 Jun 2001
Posts: 523
Location: Portugal - Lisboa
Thanks, that make sense. I found it here:

http://www.mqseries.net/phpBB2/viewtopic.php?t=10802

Quote:
Preventing queue managers joining a cluster
If you want to ensure that only certain authorized queue managers attempt to join a cluster, you must either use a security exit program on the cluster-receiver channel, or write an exit program to prevent unauthorized queue managers from writing to SYSTEM.CLUSTER.COMMAND.QUEUE. Do not restrict access to SYSTEM.CLUSTER.COMMAND.QUEUE such that no queue manager can write to it, or you would prevent any queue manager from joining the cluster.


Writing an exit I can specify the authorized queue managers. Restricting access to all queue managers, will stop other queue managers joining the cluster. But it will stop other cluster functions, not a good idea.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Clustering » use of SYSTEM.CLUSTER.COMMAND.QUEUE
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.