What is FFST?
First Failure Support Technology For MQSeries for UNIX systems, FFST information is recorded in a file in the /var/mqm/errors directory. These errors are normally severe, unrecoverable errors, and indicate either a configuration problem with the system or an MQSeries internal error. The files are named AMQnnnnn.mm.FDC, where: nnnnn Is the ID of the process reporting the error mm Is a sequence number, normally 0 When a process creates an FFST record, it also sends a record to syslog. The record contains the name of the FFST file to assist in automatic problem tracking
Creating Damaged Objects Using Log files?
1.Rcdmqimg: Use this command to write an image of an object, or group of objects, to the log for use in media recovery. This command can only be used when using linear logging.
Use the associated command rcrmqobj to recreate the object from the image.
2.Rcrmqobj: Use this command to recreate an object, or group of objects, from their images contained in the log. This command can only be used when using linear logging
Use the associated command, rcdmqimg, to record the object images to the log.
Types of recovery:
Restart recovery: When you stop WebSphere MQ in a planned way.
Crash recovery: When a failure stops WebSphere MQ.
Media recovery: To restore damaged objects.
What are the locations and files of the Error Logging?
MQ Series Level Errors
C:\ProgramFiles\IBM\WebSphere MQ\errorsà AMQERR01.LOG, AMQERR02.LOG, AMQERR03.LOG
Qmanager Level errors
C:\ProgramFiles\IBM\WebSphere MQ\Qmgrs\errorsà AMQERR01.LOG, AMQERR02.LOG, AMQERR03.LOG
\errors
What are the different types of security services available in MQ Series?
Identification & Authentication
Access control à The access control service protects critical resources in a system by limiting access only to authorized users and their applications.
Confidentiality à The confidentiality service protects sensitive information from unauthorized disclosure
Data integrity à The data integrity service detects whether there has been unauthorized modification of data. There are two ways in which data might be altered: accidentally, through hardware and transmission errors, or because of a deliberate attack, Non-repudiation.
Commands For Authorization:
1.setmqaut: Command used to change the authorizations to a profile, object or class of objects. Authorizations can be granted to, or revoked from, any number of principals or groups.
2.dspmqaut: Command to display the current authorizations to a specified object. If a user ID is a member of more than one group, this command displays the combined authorizations of all the groups.
Only one group or principal can be specified.
3.dmpmqaut: Command to dump the current authorizations to a specified object.
What are the different methods handled by MQ Series for securing a message?
Cryptography Message digests
Digital signatures Digital certificates
Public Key Infrastructure (PKI)
What is Cryptography, Why and where it is used in MQ Series?
Cryptography is the process of converting between readable text, called plaintext, and an unreadable form, called cipher text.
The sender converts the plaintext message to cipher text. This part of the process is called encryption (sometimes encipherment).The cipher text is transmitted to the receiver. The receiver converts the cipher text message back to its plaintext form. This part of the process is called decryption (sometimes decipherment).
The conversion involves a sequence of mathematical operations that change the appearance of the message during transmission but do not affect the content. Cryptographic techniques can ensure confidentiality and protect messages against unauthorized viewing (eavesdropping), because an encrypted message is not understandable. Digital signatures, which provide an assurance of message integrity, use encryption techniques.
What is a Message Digest, Digital Signature and Digital Certificate?
Message digest: Is also known as a Message Authentication Code (MAC), because it can provide assurance that the message has not been modified. The message digest is sent with the message itself. The receiver can generate a digest for the message and compare it with the sender’s digest. If the two digests are the same, this verifies the integrity of the message. Any tampering with the message during transmission almost certainly results in a different message digest.
Digital signature: Is formed by encrypting a particular representation of a message the encryption uses the private key of the signatory and, for efficiency, usually operates on a message digest rather than the message itself. Digital signatures vary with the data being signed, unlike handwritten signatures, which do not depend on the content of the document being signed. If two different messages are signed digitally by the same entity, the two signatures differ, but both signatures can be verified with the same public key, that is, the public key of the entity that signed the messages.
Digital certificates: Provide protection against impersonation, because a digital certificate binds a public key to its owner, whether that owner is an individual, a queue manager, or some other entity. Digital certificates are also known as public key certificates, because they give you assurances about the ownership of a public key when you use an asymmetric key scheme.
What is a Secure Sockets Layer (SSL), where it is used?
The Secure Sockets Layer (SSL) provides an industry standard protocol for transmitting data in a secure manner over an insecure network. The SSL protocol is widely deployed in both Internet and Intranet applications. SSL defines methods for authentication, data encryption, and message integrity for a reliable transport protocol, usually TCP/IP.
What are Cipher Suites and Cipher Specs in SSL?
Cipher Suite: Is a suite of cryptographic algorithms used by an SSL connection. A suite comprises three distinct algorithms. The key exchange and authentication algorithm, used during the SSL handshake. The encryption algorithm, used to encipher the data.The MAC (Message Authentication Code) algorithm, used to generate the message digest.
Cipher Spec: Identifies the combination of the encryption algorithm and MAC algorithm. Both ends of an SSL connection must agree the same CipherSpec to be able to communicate.
What are the steps to be followed in working with SSL on an UNIX environment?
1.Setting up a key repository 2.Working with a key repository
3.Obtaining personal certificates 4.Managing digital certificates
5.Configuring for cryptographic hardware 6.Mapping DNs to user IDs
7.Adding personal certificates to a key repository
Websphere MQ installation naming consideration?
Ensure that the machine name does not contain any spaces. If you insatall in such a machine you cannot create and Queue managers. Names for userId and group must no longer that 20 characters
What is CCSID?
This defines the character set of character data in the message. If you want to set this character set to that of the queue manager, you can set this field to the constant MQCCSI_Q_MGR or MQCCSI_INHERIT. When you get a message from a queue, compare the value of the CodedCharSetId field with the value that your application is expecting. If the two values differ, you might need to convert any character data in the message or use a data-conversion message exit if one is available
Channel: Communication Paths between Queue Managers.
Tell Some Default objects: (43 objects)
Queues: SYSTEM.DEFAULT.LOCAL QUEUE SYSTEM.DEFAULT.MODEL.QUEUE
SYSTEM.DEFAULT.REMOTE.QUEUE SYSTEM.DEFAULT.ALIAS.QUEUE
SYSTEM.DEFAULT.INITIATION.QUEUE SYSTEM.DEAD.LETTER.QUEUE
Channel Queues: SYSTEM.CHANNEL.INITQ SYSTEM.CHANNEL.SYNCQ
Admin Queues: SYSTEM.ADMIN.ACCOUNTING.QUEUE
SYSTEM.ADMIN.ACTIVITY.QUEUE
SYSTEM.ADMIN.COMMAND.QUEUE
SYSTEM.ADMIN.STATISTICS.QUEUE
SYSTEM.ADMIN.TRACE.ROUTE.QUEUE
Channels: SYSTEM.AUTO.RECEIVER SYSTEM.AUTO.SVRCONN
SYSTEM.DEF.CLUSRCVR SYSTEM.DEF.CLUSSDR
SYSTEM.DEF.RECEIVER SYSTEM.DEF.REQUESTER
SYSTEM.DEF.SENDER SYSTEM.DEF.SERVER
SYSTEM.DEF.SVRCONN
Listeners: SYSTEM.DEFAULT.LISTENER.TCP
SYSTEM.DEFAULT.LISTENER.SPX
SYSTEM.DEFAULT.LISTENER.NETBIOS
SYSTEM.DEFAULT.LISTENER.LU62
Process Def: SYSTEM.DEFAULT.PROCESS
Services: SYSTEM.DEFAULT.SERVICE SYSTEM.BROKER
Name Lists: SYSTEM.DEFAULT.NAMELIS
Event Queues: SYSTEM.ADMIN.CHANNEL.EVENT
SYSTEM.ADMIN.LOGGER.EVENT
SYSTEM.ADMIN.PERFM.EVENT
SYSTEM.ADMIN.QMGR.EVENT
What are advantages of creating Aliases? Why do we create Alias?
When sending messages: Re mapping the queue-manager name when sending messages, Altering or specifying the transmission queue when sending messages, Determining the destination when receiving messages, Using a queue manager as a gateway into the cluster. Gives different application different levels of access authority to the target Queue Allows different applications to work with the same queue in different way Simplifies maintenance, migration and workload balance
What are the parameters required to put a message on a queue (or) putting a message on queue parameters?
Requires a Connection handler (Hconn), a Queue handler (Hobj), a description of the message that you want to put on the queue (MQMD), Control information, message length, the message data itself
Getting messages for a queue?
You can remove a message from the queue so that other programs can no longer see the message, you can copy a message, leaving the original message on the queue. This is known as browsing. You can remove the message once you have browsed it. In both cases, you use the MQGET call, but first your application must be connected to the queue manager, and you must use the MQOPEN call to open the queue
What happens when a message is put in a PUT-INHIBITED Queue?
The messages are put in the dead letter queue. If a channel is unable to put a message to the target queue because that queue is full or put inhibited, the channel can retry the operation a number of times (specified in the message-retry count attribute) at a given time interval (specified in the message-retry interval attribute). Alternatively, you can write your own message-retry exit that determines which circumstances cause a retry, and the number of attempts made. The channel goes to PAUSED state while waiting for the message-retry interval to finish
What is syncpoints?
Syncpoint coordination is the process by which units of work are either committed or backed out with data integrity. The decision to commit or back out the changes is taken, in the simplest case, at the end of a transaction. However, it can be more useful for an application to synchronize data changes at other logical points within a transaction.
These logical points are called syncpoints (or synchronization points) and the period of processing a set of updates between two syncpoints is called a unit of work
In-doubt Channels? How will you resolve this ?
An in-doubt channel is a channel that is indoubt with the remote channel about which messages has been sent and received
Solution: We can do Commit or Rollback the messages which are in doubt.
Scenarios:
Queue open failed?
*Reason: On an MQCONN or MQCONNX call, the value specified for the QMgrName parameter is not valid or not known
*Resolution: we must correct the configuration information
Queue not found?
*Reason Code 2085 MQRC_UNKNOWN_OBJECT_NAME
*Resolution: check for the Queue name in the QManager if not found define it.
Messages sent to DLQ?
*Reason code: 2218 Message too big for Channel
*Investigation: Examine the contents of the dead-letter queue. Each message is contained in a structure that describes why the message was put to the queue, and to where it was originally addressed. Also look at previous error messages to see if the attempt to put messages to a dead-letter queue failed.
*Resolution: change the channel size as required, if the channel is a cluster channel then do a REFRESH cluster so that it will reflect to the other QM’s, then reprocess the message
Message piling(FULL) up in a Queue?
*Investigation: Check for the log files (/var/mqm/qmgrs/
*Resolution: SSL
*Authentication failure:
The SSL client does not have a certificate
A certificate has expired or is not yet active
A certificate is not supported
A certificate is corrupted
May be ssl version upgradation
Channel refuses to run or channel retry?
*Reason: A mismatch of name between a sending and receiving channels, Incorrect channel type specified, A receiver channel might be in stopped state, the connection might not be defined Correctly, there might be a problem with communication software.
*Resolution: Alter the Queue and REFRESH the cluster to reflect the change in the information stored in the partial repository
Handling messages more than 4 MB?
Increase the Queue and Queue manager MaxMsgLength attributes, Use segmented messages (Messages can be segmented by either the application or the Queue manager), use reference message.
DQM: DISTRIBUTED QUEUEING MANAGEMENT
Setuping & Controlling of Message Channel in Message Queuing for Q Managers on Distributed Systems.
What is the SSL Version used in WMQ5.3?
Version 3.0
NPMSPEED FAST. What happens if the channel goes down?
Nonpersistent message speed (NPMSPEED) It is used to specify the speed at which nonpersistent messages are to be sent. It can take on two values either ‘normal’ or ‘fast’. The default is ‘fast’, which means that nonpersistent messages on a channel are not transferred within transactions. Non persistent messages are lost if there is a transmission failure or if the channel stops when the messages are in transit.
What is SSL?
Secure Sockets Layer (SSL) is a protocol designed to allow the transmission of secure data over an insecure network. SSL makes use of digital certificates to enable authentication of the partner. It also uses encryption to prevent eavesdropping and hash functions to enable detection of tampering. It can be used with both MCA channels for queue manager to queue manager communication and MQI channels for client applications connecting to a queue manager
What are the algorithms in SSL?
A CipherSuite is a suite of cryptographic algorithms used by an SSL connection. A suite comprises three distinct algorithms:
The key exchange and authentication algorithm, used during the SSL handshake
The encryption algorithm, used to encipher the data
The MAC (Message Authentication Code) algorithm, used to generate the message digest
What is Triggering?
Ans: Web Sphere MQ enables you to start an application automatically when certain conditions on a queue are met. For example, you might want to start an application when the number of messages on a queue reaches a specified number. This facility is called triggering
How many ways of Triggering?
EVERY: A trigger event occurs every time that a message arrives on the application queue. Use this type of trigger if you want a serving program to process only one message, then end.
FIRST: A trigger event occurs only when the number of messages on the application queue changes from zero to one. Use this type of trigger if you want a serving program to start when the first message arrives on a queue, continue until there are no more messages to process, then end.
DEPTH: A trigger event occurs only when the number of messages on the application queue reaches the value of the TriggerDepth attribute.
What are the Trigger types available Explain?
a. Application triggering b. Channel Triggering
a) In the case of application triggering the components are Application queue: This is the message queue associated with an application Process: A process definition defines the application to be used to process messages from the application queue. Initiation queue: The queue manager moitors the application queue. If the trigger type of the application queue is set to Every then whenever a message is put to the application queue, the q manager looks into the process definition and puts a message having the application name and other details to the initiation queue Trigger monitor: The trigger monitor gets the trigger message from the initiation queue and starts the program specified.
b) For channel triggering the transmission queue is monitored and when messages are put in the transmission queue, the q manager puts a message in the channel initiation queue. The channel initiator is the program which monitors the initiation queue and starts the sender MCA. For the message to reach the target queue, the channel listener has to be running in the target queue manager
Channel Triggering Conditions:
· Trigger ON
· Trigger type(first every depth)
· Trigger data(channel name which is to be fired)
· Initiation queue(SYSTEM.CHANNEL.INITQ)
Channel Triggering Background process:
1. The local queue manager places a message from an application or from a message channel agent (MCA) on the transmission queue.
2. When the triggering conditions are fulfilled, the local queue manager places a trigger message on the initiation queue.
3. The long-running channel initiator program monitors the initiation queue, and retrieves messages as they appear.
4. The channel initiator processes the trigger messages according to information contained in them. This information may include the channel name, in which case the corresponding MCA is started.
5. The channel listener running in the target q mgr starts the receiving MCA
Application Triggering Conditions:
* Trigger ON
* Trigger type (first every depth)
* Initiation queue (SYSTEM.DEFAULT.INITIATION.QUEUE our own defined local queue)
* Process (NOTEPAD)
DEFINE QLOCAL (LQ) TRIGGER TRIGTYPE (EVERY) INITQ (IQ) PROCESS (NOTEPAD).
DEFINE PROCESS (NOTEPAD) APPLICID (NOTEPAD.EXE) APPLTYPE (WINDOWS)
Runmqtrm –m QM1 –q IQ
BACKGROUND PROCESS:-
1. When ever the message comes to triggered local queue, queue manager will fire trigger message with information called trigger type and the process definition (application which is to be triggered) in to the initiation queue (IQ) (our own queue).
2. At the initiation queue a long running time program called trigger monitor will be watching (monitoring) the initiation queue.
3. Whenever the trigger message occurs in the initiation the trigger monitor will pick the information and starts the application which is defined in the process.
What is a Trigger monitor?
A trigger monitor is a continuously – running program that serves one or more initiation queues. When a trigger message arrives on an initiation queue, the trigger monitor retrieves the message. The trigger monitor uses the information in the trigger message. It issues a command to start the corresponding application/channel
What is the command used for the running trigger monitor?
Ans: On Server side: runmqtrm -m QMName -q Initiation QueueName
On Client side: runmqtmc -m QMName -q Initiation QueueName
Comments
Post a Comment