| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| VPN(DHCP) and Server(Q-mgr) to Server(Q-mgr) setup. |
« View previous topic :: View next topic » |
| Author |
Message
|
| pichelma |
 Posted: Wed Apr 17, 2002 11:30 am Post subject: |
 |
|
Apprentice
Joined: 11 Mar 2002
Posts: 25
|
Hi all,
I was wondering how I could phrase this w/o babbling on too much!
That won't be easy... 
We have tested two scenarios at a customer site. Client-Server and Server to Server.
We have tested the Server to Server setup w/ VPN.
One machine(A) sends msgs. and one(B) that will receive those msg's.
A sender channel w/ remote queue def and Xmit queue on the one(A) machine and a receiver channel/local queue on the other machine(B).
I had problem w/ the Q-mgr(B) that had a RCVR channel and a local queue defined on the "recieving" end. I had to add a host entry in order to communicate w/ machine A. This was where the VPN caused problems w/ a DHCP assigned IP. It changes on me! I can't give it a FQDN unless this is mapped via the VPN concentrator(mac & ip - tree?) or given a static...can't be done though w/ the current config. of VPN using a DHCP server.
So, I added a simple hosts file(WIN2000) entry while the VPN is up, however when it disconnects, no connection because of the new DHCP assigned ip!
The re-connect is what troubles me.
Does MQS have "initial" connection "state" info? I know it can't interpret all the layers of the TCP/IP stack. Can it poll the entire subnet for a Q-mgr?
Really reaching here...can some form of SNMP-like agent help?
Desperately seeking a "logical" and cost-effective answer, of course!
I know MQseries has software for this that wraps the connection in HTTP or HTTPS. I sthat my only solution?
I just thought we could get this to work w/ VPN?
I really don't want to write up as messy perl or batch script to glue this together. Am I missing somethig simple here?
I know that w/ a client(CLNTCONN or SVRCONN) this is NOT a problem.
However, w/ Server(Q-mgr) to Server(Q-mgr), to my knowledge, I have found out otherwise.
Please let me know your thoughts and if this is truly feasible.
Thanks in advance for any help!
Scott
|
|
| Back to top |
|
 |
| pichelma |
| Posted: Thu Apr 18, 2002 5:44 am Post subject: |
|
|
Apprentice
Joined: 11 Mar 2002
Posts: 25
|
Hi all,
I know this might have been confusing or didn't make sense.
Please ask me questions so I know what I'm not making clear or conveying...
I saw 5 views but no comments!
Any replies are appreciated,
Thanks.
Scott |
|
| Back to top |
|
|
| pichelma |
| Posted: Thu Apr 25, 2002 8:09 am Post subject: |
|
|
Apprentice
Joined: 11 Mar 2002
Posts: 25
|
Hi all,
IBM suggested a user/system exit be coded possibly.
Else, MQS 5.3 will be out in June and encrypts/decrypts the data path.
Still, the TCP/IP connection can be compromised or sniffed.
There is a supportpac called MS81 or IPT(Internet Pass-thru) I researched in the past. It utilizes HTTP or HTTPS(SSL) for encrpyting the data port.(443)
Otherwise, as far as VPN, no "real" answers yet.
DHCP is NOT a good thing w/ MQSeries at all!
Much less wrassling w/ VPN NAT'ing/changing the IP already.
Any other suggestions? Real life scenarios, anyone, Bueller?
Thanks,
Scott
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
