| Author |
Message
|
| PeterPotkay |
 Posted: Wed Oct 28, 2015 7:33 am Post subject: MQ 8.0.0.4 Redistributable Clients |
 |
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
|
| Back to top |
|
 |
| zpat |
| Posted: Wed Oct 28, 2015 7:38 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Might be useful, also risks losing control of what MQ client is installed where (as happens with the MQ jar files when people copy them).
I am currently looking at the RVERSION values of our active client connections to spot downlevel clients which are hiding away - quite a few - but it's hard to catch ones that connect and disconnect instantly.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 28, 2015 7:45 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can ship a new version of the redistributable with a new version (fix, etc.) of your app - and as long as you keep your app releases under good version control and update the app version number appropriately, then you'll know product version X = redistributable client version Y.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 28, 2015 8:10 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| mqjeff wrote: |
| You can ship a new version of the redistributable with a new version (fix, etc.) of your app - and as long as you keep your app releases under good version control and update the app version number appropriately, then you'll know product version X = redistributable client version Y. |
I haven't had the opportunity to test this way of installing clients yet but presumably it's still going to need admin privilege to set an instance as primary?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 28, 2015 8:18 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| exerk wrote: |
| mqjeff wrote: |
| You can ship a new version of the redistributable with a new version (fix, etc.) of your app - and as long as you keep your app releases under good version control and update the app version number appropriately, then you'll know product version X = redistributable client version Y. |
I haven't had the opportunity to test this way of installing clients yet but presumably it's still going to need admin privilege to set an instance as primary? |
... you wouldn't need to set it as a primary? just bind your apps against the libs in the client, or run your program from a shell that had the relevant setmqenv -n applied. (I don't know if setmqenv comes with this or not)
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Oct 28, 2015 8:44 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| mqjeff wrote: |
| You can ship a new version of the redistributable with a new version (fix, etc.) of your app - and as long as you keep your app releases under good version control and update the app version number appropriately, then you'll know product version X = redistributable client version Y. |
We don't release the apps though - developers do and expecting them to keep track of what MQ version is with what app is fairly optimistic - some of them didn't know they had downlevel Jar files in their build until I told them.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 28, 2015 9:10 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| mqjeff wrote: |
| ... you wouldn't need to set it as a primary? just bind your apps against the libs in the client, or run your program from a shell that had the relevant setmqenv -n applied. (I don't know if setmqenv comes with this or not) |
You're making the assumption the apps people know what they're doing, i.e. can set up an environment correctly, and what about third-party apps? Which I have in most cases in general found they expect to find an MQ installation in a 'default' path, irrespective of the fact that on UNIX you can now decide that path...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Last edited by exerk on Fri Nov 06, 2015 12:56 am; edited 1 time in total |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 28, 2015 9:26 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I would expect that anyone who is building an application that is delivered with the Redistributable client would know how to use it from their application...
I wouldn't expect users to know this. Which is kind of the reason behind the redistributable client...
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| jrumsey |
| Posted: Thu Oct 29, 2015 10:40 am Post subject: RVERSION and RPRODUCT in MQCXP v9 |
|
|
Newbie
Joined: 13 Oct 2014
Posts: 1
|
The RVERSION and RPRODUCT were added to the MQCXP structure a few months back now in the 8.0.0.3 fixpack, so it is possible to use a server side channel security exit to log or reject/allow clients (when they connect) based on the client type or maintenance level.
Hopefully the ability to package client applications and the MQ runtime together will give more, rather than less control over what level of clients are connecting.... but if you don't trust your developers then you can still make them use the installed version of MQ  |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Oct 29, 2015 12:39 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
As long as they can't download the redistributable client from the web that is... 
It would be great to be able to block downlevel client connections without having to code an exit (or if IBM provided a sample one to do it).
We're still using BlockIP2 - so I guess it would be possible to modify that.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 30, 2015 6:24 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can use MQV8 (well, mq v7.1) network security measures (CHLAUTH) to block access from a wide variety of sources.
You can use MQv8 user/pw security to block access from even more.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Oct 30, 2015 1:49 pm Post subject: Re: RVERSION and RPRODUCT in MQCXP v9 |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| jrumsey wrote: |
| The RVERSION and RPRODUCT were added to the MQCXP structure a few months back now in the 8.0.0.3 fixpack, so it is possible to use a server side channel security exit to log or reject/allow clients (when they connect) based on the client type or maintenance level. |
Ok. I take that as a hint to update MQAUSX and MQSSX.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| hughson |
| Posted: Thu Nov 05, 2015 6:05 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| exerk wrote: |
| mqjeff wrote: |
| You can ship a new version of the redistributable with a new version (fix, etc.) of your app - and as long as you keep your app releases under good version control and update the app version number appropriately, then you'll know product version X = redistributable client version Y. |
I haven't had the opportunity to test this way of installing clients yet but presumably it's still going to need admin privilege to set an instance as primary? |
You just set the location of the bin directory in your path and off you go. No need to set primary. Of course if you intend to put the redistributable client on a machine that already has a primary installation, you should probably remove it as a primary before you do so. You only want one set of MQ libraries in the path at one time!
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Nov 06, 2015 6:57 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| hughson wrote: |
| Of course if you intend to put the redistributable client on a machine that already has a primary installation, you should probably remove it as a primary before you do so. |
Or otherwise ensure your application uses a path and environment that is specific to it's needs, and does not randomly include system environments.
| hughson wrote: |
| You only want one set of MQ libraries in the path at one time! |
That would indeed be bad...
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
|
|
