IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Connecting to a remote broker

To administer a remote broker by using the IBM® Integration Toolkit or IBM Integration Explorer, you must connect to the broker.

Before you start:
Before you can connect to a remote broker, the broker and its queue manager must be running. You must also complete the following steps:
  • Ensure that a command server is running on the queue manager.
  • Ensure a server-connection channel is defined on the broker queue manager. When you create a broker, a default SVRCONN channel, called SYSTEM.BKR.CONFIG, is created. This channel supports connections from one or more remote clients to the broker.
  • Create a TCP/IP listener on the broker queue manager.
  • Ensure that the listener is running.
  • Create a group and a user ID on the computer where the broker is running by using the local system facilities; for example, the groupadd command on Linux on x86. Add the user ID to the group.
  • Run the setmqaut command on the broker queue manager to grant authority to the group:
    setmqaut -m queueManager -t qmgr -g group +connect

You can create a connection to a remote broker, or you can create a connection to a remote broker by using settings from a .broker file. Right-click the Integration Nodes folder, and click Connect to a Remote Broker Using *.broker File. Select the .broker file, and click Open. The connection to the remote broker is created in your workspace.

To create a connection to a remote broker:

  1. Open the IBM Integration Explorer, or open the Integration Nodes view in the IBM Integration Toolkit.
  2. To create a connection to a remote broker, right-click the Integration Nodes folder, and click Connect to a Remote Broker.
  3. In the Connect to a broker wizard, enter the following values:
    1. The value for the Queue Manager name that your remote broker is using.
    2. The Host name or IP address of the computer on which your broker is running.
    3. The TCP Port on which the WebSphere® MQ queue manager is listening (the default is 1414). This property must be a valid positive number.
    4. Optional: The name of the server-connection channel in the SVRCONN Channel Name field. The channel has a default name of SYSTEM.BKR.CONFIG.

      You can create more than one server-connection channel and define a different SSL certificate on each channel to enforce; for example, users with view access on to one channel and users with deploy access on to a different channel.

      You can then create WebSphere MQ exits on each channel to provide extra authentication of the WebSphere MQ message sent to the broker.

      You must create the server-connection channel manually on the broker queue manager by using one of the following options:
      • The WebSphere MQ runmqsc command to create a channel with options CHLTYPE(SVRCONN) and TRPTYPE(TCP).
      • The WebSphere MQ Explorer to create a server-connection channel with the transmission protocol set to TCP.
      For more information, see your WebSphere MQ documentation.

      If you do not change the name, or attempt to delete it, the default name of SYSTEM.BKR.CONFIG is assumed. The name of the server-connection channel is changed only if you enter another name in place of SYSTEM.BKR.CONFIG.

    5. Optional: The Class of the Security Exit that is required to connect to the WebSphere MQ queue manager. This property must be a valid Java™ class name, but you can leave this field blank if it does not apply to your domain connection.
    6. Optional: The JAR File Location for the Security Exit that is required to connect to the WebSphere MQ queue manager. Click Browse to find the file location. If this field does not apply to your domain connection, you can leave it blank. If you enter a Security Exit Class, you must provide a JAR File Location.
    7. Optional: The Cipher Suite, Distinguished Names, CRL Name List, Key Store, and Trust Store parameters are required to enable SSL. For more information, see Implementing SSL authentication. The Cipher Suite field lists available cipher suites. Click More to configure Custom SSL Cipher Suites in the Broker Administration Preferences window. If a Cipher Suite is not specified, all of the other fields in the SSL section are unavailable.

      If you specify a keystore or truststore when you define the connection information, you are prompted for the keystore or truststore when you connect to the remote broker.

      If you need to enable a stronger cipher suite that is greater than 128-bit key lengths, then complete the following steps:
      1. Go to the following page on the IBM developerWorks® site: https://www.ibm.com/developerworks/java/jdk/security/
      2. Click Java SE 7, and download Unrestricted SDK JCE Policy files.
      3. Extract the local_policy.jar and US_export_policy.jar files from the unrestricted.zip archive to the <InstallationDirectory>\jdk\jre\lib\security.
  4. Click Finish to connect to the remote broker.

You can now view properties and configure your broker using the IBM Integration Toolkit or IBM Integration Explorer.

Related concepts:
IBM Integration Explorer
Security exits
Security for the IBM Integration Toolkit and IBM Integration Explorer
Related tasks:
Creating an integration node using the IBM Integration Explorer
Creating an integration server using the IBM Integration Toolkit or IBM Integration Explorer
Administering brokers and broker resources
be10200_.htm | Last updated Friday, 21 July 2017