+

Search Tips | Advanced Search

Configure IBM MQ Internet Pass-Thru

This section describes the various features that IBM MQ Internet Pass-Thru (MQIPT) supports, and how to configure them.

Configure MQIPT by making changes to the configuration file mqipt.conf. The structure of the MQIPT configuration file and the properties that can be specified are described in IBM MQ Internet Pass-Thru configuration reference.Note: We should set secure file permissions on the directory where the mqipt.conf file is located to prevent unauthorized users seeing any stored passwords or changing the configuration. Protect all passwords specified in the configuration file by following the procedure in Encrypting stored passwords. Changes to the configuration file take effect when MQIPT is started or refreshed. Refreshing an active instance of MQIPT brings configuration changes into effect without restarting MQIPT. When MQIPT is refreshed, the mqipt.conf configuration file is re-read and MQIPT takes the following actions:

  • Any active routes that are marked as inactive, or are no longer specified in the configuration file, are closed and no longer accept incoming connections.
  • Any routes that are marked as active in the configuration file, and are not currently running, are started.
  • Any changes to the configuration parameters of active routes are applied. Where possible, these changes take effect without any disruption to active connections. For some parameter changes, such as a change to the route destination, all connections are closed before the change is applied and the route is restarted.

To refresh MQIPT, use the mqiptAdmin command. For more information on administering MQIPT using the mqiptAdmin command, see Administer MQIPT by using the command line.

  • HTTP support
    MQIPT supports HTTP tunneling. MQIPT can be configured so that the data packets it forwards are encoded as HTTP requests.
  • SOCKS support
  • SSL/TLS support
    Secure sockets can be used to ensure communication privacy, communication integrity, and authentication.
  • Java Security Manager
    The Java Security Manager can be used with any MQIPT feature to provide a further level of security.
  • Security exits
    Use a security exit to control access to a target destination, as defined by the Destination route property. The security exit is called at the point when MQIPT receives a connection request from a client, but before it makes the connection to the target destination.
  • Port number control
    When using MQIPT, it is possible to restrict the range of local port number that are used when making an outgoing connection.
  • Encrypting stored passwords
    The MQIPT configuration might include passwords to access various resources, as well as the password to access MQIPT using the command port. From IBM MQ Version 9.2.0, all these passwords should be protected by being encrypted.
  • Other security considerations
    MQIPT has several additional functions that help a designer build a secure solution.
  • Connection logs
    MQIPT provides a connection log facility that contains lists of all successful and unsuccessful connection attempts.
  • Configure IBM MQ Internet Pass-Thru using containers
    We can run IBM MQ Internet Pass-Thru (MQIPT) in a container. The base image used by the container image must use a Linux operating system that is supported.

Parent topic: Configure IBM MQ

Last updated: 2020-10-04