Administer MQ Telemetry

Administer MQ Telemetry

MQ Telemetry is administered using IBM MQ Explorer or at a command line. Use the explorer to configure telemetry channels, control the telemetry service, and monitor the MQTT clients that are connected to IBM MQ. Configure the security of MQ Telemetry using JAAS, TLS and the IBM MQ object authority manager.

Administer using IBM MQ Explorer
Use the explorer to configure telemetry channels, control the telemetry service, and monitor the MQTT clients that are connected to IBM MQ. Configure the security of MQ Telemetry using JAAS, TLS and the IBM MQ object authority manager.

Administer using the command line
MQ Telemetry can be completely administered at the command line using the IBM MQ MQSC commands.
The MQ Telemetry documentation also has sample scripts that demonstrate the basic usage of the IBM MQ Telemetry Transport v3 Client application.
Read and understand the samples in IBM MQ Telemetry Transport sample programs before using them.

Configure a queue manager for telemetry on Linux and AIX
Follow these manual steps to configure a queue manager to run MQ Telemetry. We can run an automated procedure to set up a simpler configuration using the MQ Telemetry support for IBM MQ Explorer.
Configure a queue manager for telemetry on Windows
Follow these manual steps to configure a queue manager to run MQ Telemetry. We can run an automated procedure to set up a simpler configuration using the MQ Telemetry support for IBM MQ Explorer.
Configure distributed queuing to send messages to MQTT clients
IBM MQ applications can send MQTT v3 clients messages by publishing to subscription created by a client, or by sending a message directly. Whichever method is used, the message is placed on SYSTEM.MQTT.TRANSMIT.QUEUE, and sent to the client by the telemetry (MQXR) service. There are a number of ways to place a message on SYSTEM.MQTT.TRANSMIT.QUEUE.
MQTT client identification, authorization, and authentication
To authorize an MQTT client to access IBM MQ objects, authorize the ClientIdentifier, or Username of the client, or authorize a common client identity. To permit a client to connect to IBM MQ, authenticate the Username, or use a client certificate. Configure JAAS to authenticate the Username, and configure TLS to authenticate a client certificate.
Publication privacy on telemetry channels
MQTT clients that connect to telemetry channels use TLS to secure the privacy of publications transmitted on the channel using symmetric key cryptography. Because the endpoints are not authenticated, we cannot trust channel encryption alone. Combine securing privacy with server or mutual authentication.
TLS configuration of MQTT Java clients and telemetry channels
Configure TLS to authenticate the telemetry channel and the MQTT Java client, and encrypt the transfer of messages between them. MQTT Java clients use Java Secure Socket Extension (JSSE) to connect telemetry channels using TLS. As an alternative to using SSL, some kinds of Virtual Private Network (VPN), such as IPsec, authenticate the endpoints of a TCP/IP connection. VPN encrypts each IP packet that flows over the network. Once such a VPN connection is established, we have established a trusted network. We can connect MQTT clients to telemetry channels using TCP/IP over the VPN network.
Telemetry channel JAAS configuration
Configure JAAS to authenticate the Username sent by the client.
Parent topic: Administer IBM MQ

Related information

MQ Telemetry
MQXR properties