| Author |
Message
|
| exerk |
 Posted: Wed May 12, 2010 1:38 am Post subject: |
 |
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fatherjack wrote: |
| exerk wrote: |
| Even I would consider allowing the use of MQCONNX if every client had to have it's own channel |
So I guess you're in Vitor's camp on this one.
Interesting though that almost all application vendors whose products use MQ that I've come across use MQCONNX. I wonder what their thinking is. |
I don't like the thought of (developers especially) non-admins knowing the detail of the infrastructure - I'm supposed to be there to abstract that.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Wed May 12, 2010 6:21 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7716
|
| fatherjack wrote: |
| exerk wrote: |
| Even I would consider allowing the use of MQCONNX if every client had to have it's own channel |
So I guess you're in Vitor's camp on this one.
Interesting though that almost all application vendors whose products use MQ that I've come across use MQCONNX. I wonder what their thinking is. |
MQCONNX is simpler, less moving parts. No channel table file to delete accidentally. Or to be edited directly by well meaning but misinformed individuals.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| fatherjack |
| Posted: Wed May 12, 2010 6:45 am Post subject: |
|
|
Knight
Joined: 14 Apr 2010
Posts: 522
Location: Craggy Island
|
| exerk wrote: |
| I don't like the thought of (developers especially) non-admins knowing the detail of the infrastructure |
Me neither.
| PeterPotkay wrote: |
| MQCONNX is simpler, less moving parts. No channel table file to delete accidentally. Or to be edited directly by well meaning but misinformed individuals. |
But I guess that's their reasoning and it's all under the control of the application vendor rather than some unfortunate MQ admin guys who might just delete the file by accident. I'm obviously excluding exerk from the 'unfortunate MQ admin guys' 
_________________
Never let the facts get in the way of a good theory. |
|
| Back to top |
|
|
| J.D |
| Posted: Wed May 12, 2010 9:00 am Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
| exerk wrote: |
| 5000 clients to 10 servers - no real problem as I see it if you are not using discrete channel names for each client, e.g. blank or wild-carded queue manager name. Even I would consider allowing the use of MQCONNX if every client had to have it's own channel (x10 if 'fail-over' was needed). |
Right now, the channel used by clients to connect to our servers is same and we going to use the same one for SSL. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri May 14, 2010 3:42 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3253
Location: London, ON Canada
|
|
| Back to top |
|
|
| J.D |
| Posted: Fri May 14, 2010 4:04 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
| RogerLacroix wrote: |
Hi J.D.,
If the management of the SSL certificates is too much or cost, may I suggest you have a look at MQ Channel Encryption
Regards,
Roger Lacroix
Capitalware Inc. |
We have our own PKI. So, we don't have to worry about certificates cost. Thanks for letting me know about alternate solution. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri May 14, 2010 4:55 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3253
Location: London, ON Canada
|
Hi,
Actually. with 5000 clients, I think your biggest headache will be the management / deployment of the certs to the clients. I believe you have to deploy it on a yearly basis.
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| J.D |
| Posted: Fri May 14, 2010 6:42 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
| RogerLacroix wrote: |
Hi,
Actually. with 5000 clients, I think your biggest headache will be the management / deployment of the certs to the clients. I believe you have to deploy it on a yearly basis.
Regards,
Roger Lacroix |
Hi Roger,
I want to get some understanding about Channel encryption before i present it to my architects. If possible please send document about it.
Thanks |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri May 14, 2010 9:28 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3253
Location: London, ON Canada
|
| J.D wrote: |
| If possible please send document about it. |
All of the manuals for MQ Channel Encryption (MQCE) can be found at:
http://www.capitalware.biz/mqce_manuals.html
The big difference between MQCE and SSL is that once MQCE is deployed to the client you are done. It never expires. Ever!!
Please let me know if you have any questions or comments.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| J.D |
| Posted: Tue May 18, 2010 8:16 am Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
At present, 5000+ clients are using non-ssl server connection channel to connect to 10 MQ servers. If SSL is used for server connection channel then do we have to have to add extra hardware to maintain current performance levels?
Thank You!! |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue May 18, 2010 7:53 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| J.D wrote: |
At present, 5000+ clients are using non-ssl server connection channel to connect to 10 MQ servers. If SSL is used for server connection channel then do we have to have to add extra hardware to maintain current performance levels?
Thank You!! |
That would probably depend mostly on how often they plan on opening and closing the channel?
Apart from the encryption hit that you cannot forgo, you have another hit being taken while negotiating the SSL protocol. The more often you have to restart the channel, the more often you will encounter that hit.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| J.D |
| Posted: Fri Jun 04, 2010 10:04 am Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
Application Gurus,
We planning to use SSL connection from MQ Clients to Queue Managers. Can i get a sample C++ code which uses AMCLCHL.TAB file and SSLKEYR?
Thank You |
|
| Back to top |
|
|
| fatherjack |
| Posted: Fri Jun 04, 2010 10:16 am Post subject: |
|
|
Knight
Joined: 14 Apr 2010
Posts: 522
Location: Craggy Island
|
| J.D wrote: |
Application Gurus,
We planning to use SSL connection from MQ Clients to Queue Managers. Can i get a sample C++ code which uses AMCLCHL.TAB file and SSLKEYR?
Thank You |
If you are going to use the AMQCLCHL.TAB file there's nothing for your coders to worry about. It's only if you use MQCONNX do they need to worry about the SSL stuff.
_________________
Never let the facts get in the way of a good theory. |
|
| Back to top |
|
|
| J.D |
| Posted: Mon Jun 07, 2010 1:29 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
| fatherjack wrote: |
| J.D wrote: |
Application Gurus,
We planning to use SSL connection from MQ Clients to Queue Managers. Can i get a sample C++ code which uses AMCLCHL.TAB file and SSLKEYR?
Thank You |
If you are going to use the AMQCLCHL.TAB file there's nothing for your coders to worry about. It's only if you use MQCONNX do they need to worry about the SSL stuff. |
We using the C++ code which was developed 8-9 yrs back and no one in app team has complete grip on it. I read about load balancing feature with version 7.0.1 when Client Channel definition table is used. I found few java programs using AMQCLCHL.TAB but nothin related to C++. It would be great if you can send me a link to find this. And, we are not using MQCONNX in existing one. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jun 07, 2010 1:53 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
All I would expect you to have to do is recompile your source with the V7 libraries. You might have to adjust it some as V7 code does not exactly match V6 and older. Then you should get your load balancing with the channel table out of the box.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
