ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » MQSeries Clustering across Firewalls

Post new topic  Reply to topic
 MQSeries Clustering across Firewalls « View previous topic :: View next topic » 
Author Message
nik_shaw
PostPosted: Mon Jan 21, 2002 3:14 am    Post subject: Reply with quote

Novice

Joined: 17 Jan 2002
Posts: 11
Location: London

As the title suggests my query is regarding running MQ Clusters across firewalls. Is anyone out there locking down individual ports? or do people relax the rules and allow x.x.x.x:* to go across? I'm saying this as although it's straighforward to assign a port number to a Queue manager listener, the sender port is chosen almost at random (there are some rules but not nearly tight enough.) I know you can use the MQTCPSDRPORT environment variable to set a range, but this is used for ALL sending connections including conversations initiated with other machines inside the firewall. Therefore you can't dictate which are to be used for internal connections and which are external.

By external I mean a 3 tier firewall comprised of Web Zone / App Zone / Corp net. MQ Servers would be present in App Zone and Corp net.


I know MQIPT is available but the documentation is sketchy - has anyone tried and got the http tunnelling working? - this may be the way we can allow our MQ traffic to talk over port 80? Also in the current version MQIPT does not acknowledge the existence of MQTCPSDRPORT nor according to the documentation - does it support cluster channels.

I am aware that a new version is due shortly - but this has a pre-req of Java 1.4 which is still in beta itself!

Just wondering how people manage to lock down their MQ environments whilst still maintaining the flexibility that clustering offers?

Regards

Nik
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » MQSeries Clustering across Firewalls
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.