Reading and writing shared data and log files authorized by an alternative global security group

This task shows how to use the -a flag on the crtmqm command. The -a flag gives the queue manager access to its log and data files on a remote file share using the alternative security group.

In a production scale configuration, you might have to tailor the configuration to an existing domain. For example, you might define different domain groups to authorize different shares, and to group the user IDs that run queue managers.

The example configuration consists of three servers:
sun
A Windows Server 2008 domain controller. It owns the wmq.example.com domain that contains Sun, mars, and venus. For the purposes of illustration, it is also used as the file server.
mars
A Windows Server 2008 used as the first IBM® WebSphere® MQ server. It contains one instance of the multi-instance queue manager called QMGR.
venus
A Windows Server 2008 used as the second IBM WebSphere MQ server. It contains the second instance of the multi-instance queue manager called QMGR.

Replace the italicized names in the example, with names of your choosing.

Before you begin

Do the steps in the following tasks. The tasks create the domain controller and domain, install IBM WebSphere MQ for Windows on one server, and create the file share for data and log files. If you are configuring an existing domain controller, you might find it useful to try out the steps on a new Windows Server 2008. You can adapt the steps to your domain.

  1. Creating an Active Directory and DNS domain for IBM WebSphere MQ.
  2. Installing IBM WebSphere MQ on a server or workstation in a Windows domain.
  3. Creating a shared directory for queue manager data and log files.

About this task

This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of your choosing. They accompany the task, Windows domains and multi-instance queue managers.

In this task, you create a queue manager that stores its data and logs in a remote directory on a file server. For the purposes of this example, the file server is the same server as the domain controller. The directory containing the data and log folders is shared with full control permission given to the global group wmqha.

Procedure

  1. Log on to the domain server, mars, as the local administrator, mars\Administrator.
  2. Open a command window.
  3. Restart the IBM IBM WebSphere MQ service.

    You must restart the service so that the user ID it runs under acquires the additional security credentials you configured for it.

    Type the commands:

    endmqsvc
strmqsvc

    The system responses:

    5724-H72 (C) Copyright IBM Corp. 1994, 2024. ALL RIGHTS RESERVED.
    The MQ service for installation 'Installation1' ended successfully.
    And:
    5724-H72 (C) Copyright IBM Corp. 1994, 2024. ALL RIGHTS RESERVED.
    The MQ service for installation 'Installation1' started successfully.

  4. Create the queue manager. 
    crtmqm -a wmq\wmqha -sax -u SYSTEM.DEAD.LETTER.QUEUE -md \\sun\wmq\data -ld \\sun\wmq\logs  QMGR

    You must specify the domain, wmq, of the alternative security group wmqha by specifying full domain name of the global group "wmq\wmqha".

    You must spell out the Universal Naming Convention (UNC) name of the share \\sun\wmq, and not use a mapped drive reference.

    The system response:

    WebSphere MQ queue manager created.
    Directory '\\sun\wmq\data\QMGR' created.
    The queue manager is associated with installation '1'
    Creating or replacing default objects for queue manager 'QMGR'
    Default objects statistics : 74 created. 0 replaced.
    Completing setup.
    Setup completed.

What to do next

Test the queue manager by putting and getting a message to a queue.

  1. Start the queue manager.
    strmqm QMGR
    The system response:
    WebSphere MQ queue manager 'QMGR' starting.
    The queue manager is associated with installation '1'.
    5 log records accessed on queue manager 'QMGR' during the log
    replay phase.
    Log replay for queue manager 'QMGR' complete.
    Transaction manager state recovered for queue manager 'QMGR'.
    WebSphere MQ queue manager 'QMGR' started using V7.1.0.0.
  2. Create a test queue. 
    echo define qlocal(QTEST) | runmqsc QMGR
    The system response:
    5724-H72 (C) Copyright IBM Corp. 1994, 2024. ALL RIGHTS RESERVED.
    Starting MQSC for queue manager QMGR.


         1 : define qlocal(QTEST)
    AMQ8006: WebSphere MQ queue created.
    One MQSC command read.
    No commands have a syntax error.
    All valid MQSC commands were processed.
  3. Put a test message using the sample program amqsput.
    echo 'A test message' | amqsput QTEST QMGR
    The system response:
    Sample AMQSPUT0 start
    target queue is QTEST
    Sample AMQSPUT0 end
  4. Get the test message using the sample program amqsget.
    amqsget QTEST QMGR
    The system response:
    Sample AMQSGET0 start
    message <A test message>
    Wait 15 seconds ...
    no more messages
    Sample AMQSGET0 end
  5. Stop the queue manager.
    endmqm -i QMGR
    The system response:
    WebSphere MQ queue manager 'QMGR' ending.
    WebSphere MQ queue manager 'QMGR' ended.
  6. Delete the queue manager.
    dltmqm QMGR
    The system response:
    WebSphere MQ queue manager 'QMGR' deleted.
  7. Delete the directories you created.
    Tip: Add the /Q option to the commands to prevent the command prompting to delete each file or directory.
    del /F /S C:\wmq\*.*
rmdir /S C:\wmq