Configuring Active Directory for MSMQ to WebSphere MQ Communication

Setting Up Sites and MSMQ Routing Support

A clean Active Directory will have knowledge of the machines within ”but will have no concept that the machine running WebSphere MQ ( WMQ1 ) is part of a separate, connected network (known as a CN). In this section, you'll create a new site (known as a foreign site ), which will contain the server and queues represented by the WebSphere MQ installation.

To create this new site, open the Active Directory Sites And Services administration tool on a server whose role is a domain controller. This sample will use the machine installed with Host Integration Server 2000 ( MQBRIDGE1 ). This tool can be found in Program Files/Administrative Tools. In this tool, if you don't see a folder named Services in the left-hand side of the window, highlight the Active Directory Sites And Services tree root and select the Show Services Node option from the View menu.

Under the Services folder, right-click the MsmqServices subfolder and select New Foreign Site. Enter the name for the foreign site that describes the CN where the WebSphere MQ server resides. For this example, the foreign site name that will be used is WMQ_CN , as shown in Figure 10.5.

Figure 10.5: Creating the new foreign site in Active Directory.

Click OK to create this foreign site. Now that you have the site defined, let's define a reference to the WebSphere MQ queue manager that will reside in that site.

Right-click the MsmqServices folder again, and this time select New Foreign Computer. For the computer name, enter the queue manager name of the WebSphere MQ server. If you followed the setup discussed earlier in this chapter, this name will be STQM, as shown in Figure 10.6. In this same dialog box, ensure that the foreign site matches the one you just created (WMQ_CN), and click OK to create the new foreign computer.

Figure 10.6: Creating the new foreign computer ”a reference to the WebSphere queue manager.

Now that you have the foreign site and computer created, you need to set the security accordingly . We'll configure the foreign site so that the bridge process has permission to open the queue.

In the Active Directory Sites And Services tool, expand the Sites folder. Right-click the foreign site (WMQ_CN in our sample) and select the Properties option. Select the Security tab. Select Everyone and give permission to open the connector queue, as shown in Figure 10.7. Then click OK to save the security changes.

Figure 10.7: Correctly setting the security to allow the bridge to open the connector queue.

Now that you have the foreign site and computer configured for the WebSphere MQ server, let's set up an MSMQ Routing Link between the default Active Directory site and this new foreign site. Return to the MsmqServices Service in the administration tool, right-click MsmqServices, and select New/MSMQ Routing Link.

In the dialog box that's presented, set Site 1 to be the foreign site that contains the WebSphere MQ installation (in our example, this is WMQ_CN). Set Site 2 to be the local site, as shown in Figure 10.8. For the routing cost, enter a value of 1 .

Figure 10.8: Configuring the MSMQ routing link in Active Directory.

Your local site (shown in Site 2) might have a different name from the one shown in Figure 10.8. In a production environment, it's good practice to change this default site name to a name that's more meaningful. Once these settings are configured, click OK.

Once the routing link has been created, right-click the new MSMQ Routing Link entry that's been created. This entry will be listed in the right-hand side of the administration tool. Select the Properties option. From here, you'll specify which machine will act as a site gate for this routing link.

Within this dialog box, select the Site Gates tab. Add the local server to the list of site gates, as shown in Figure 10.9. (In our example, the local server is MQBRIDGE1; the name of your server will be displayed in the Available Servers window.) Click OK to close this dialog box.

Figure 10.9: Configuring the site gates in Active Directory.

The configuration of the Active Directory Sites And Services tool is now complete. You may close the administration tool.

The final setup step is to add the bridge server itself to the foreign site that was created ”so that it's a member of both the local site in Active Directory and the site created for the WebSphere MQ installation. This is performed with the Active Directory Users And Computers tool from the Administrative Tools program group .

Open the tool, and from the View menu, select Users, Groups, And Computers As Containers. Also select the Advanced Features option.

Because the bridge ( MQBRIDGE1 ) is a domain controller in our sample, you should open the Domain Controllers folder. If the bridge is not a domain controller, it will be listed under the Computers folder. Locate the server and expand it so that the msmq object underneath is shown. (If you can't expand your computer, you need to select Users, Groups, And Computers as containers from the View menu.) Right-click this msmq object, and select Properties. (If the msmq item isn't visible within your computer's container, select Advanced Features from the View menu.) Click the Sites tab and add the foreign site (WMQ_CN) to the list of sites on the local machine, as shown in Figure 10.10.

Figure 10.10: Adding the foreign site to the MSMQ-MQSeries bridge.

Click OK to save the changes. The Active Directory sites and routing support is now complete. By performing these steps, you've configured a new foreign site and computer, which represent the network and queue manager of the WebSphere MQ installation. You've set up the security and configured some of the local site settings so that the bridge can communicate with the WebSphere MQ queue manager. Now it's time to create some queues.

Configuring the Queues

To enable the bridge to forward messages between MSMQ and WebSphere MQ, you need to create a total of four queues. Two of these queues will be for MSMQ, and two will be for WebSphere MQ. Figure 10.11 shows a logical representation of these queues and how they relate to each other within the setup of the bridge.

Figure 10.11: Logical representation of how the queues will be configured.

As Figure 10.11 illustrates, either MSMQ or WebSphere MQ will be designated as local and used by the bridge as a delivery point for new messages. The other product will be designated as remote and used to represent the queue on the other platform. With MSMQ, the remote queue is configured as part of the foreign site. With WebSphere MQ, the remote queue is created as a remote definition in the queue manager.

Creating the MSMQ Queues

In the Active Directory Users And Computers tool, right-click the msmq object under the MSMQ-MQSeries bridge computer. Select New/MSMQ Queue. Enter the name of the queue. This will be LOCAL.STOCKSALES , as shown in Figure 10.12.

Figure 10.12: Creating the local stock sales sample queue in MSMQ.

For these samples, ensure that the queue isn't marked as transactional, as shown in Figure 10.12.

Click OK to create this queue. You now need to create a reference to the queue that will be local to the WebSphere MQ server. Within the Computers folder, expand the foreign computer that was created (STQM) ”this will have the same name as the queue manager. Again, right-click the msmq object. Create a queue named LOCAL.STOCKPURCHASES .

After the two queues have been created, the Active Directory setup so far should look similar to Figure 10.13.

Figure 10.13: The Active Directory Users And Computers administration tool, showing the foreign site queue.

This concludes the configuration required for Active Directory. From here, you can configure the bridge and the WebSphere MQ server and can start sending some test messages.