Integrate Sterling B2B Integrator/File Gateway with WebSphere MQ FTE (page 2)

Configure WebSphere MQ FTE

The WebSphere MQ FTE and Sterling B2B Integrator will communicate through a Hub and Spoke topology. So I will create a Hub and a Queue Manager on MQ. As well as one Agent. Later there will also be configured one Agent in SB2BI as well. Then these two Agents can communicate with each other. But there are some steps to be done to get there.

Install FTE Functionality

When I installed my MQ Server, I did not install the FTE part. The FTE part is included in the installation from MQ version 7.5 and later, but not installed by default. So I started by installing this feature (I ran setup.exe, and edited the existing installation).

Install MQ FTE

Create Users and Groups on the MQ Server

WebSphere MQ FTE is based on having some users and user groups in Windows. This can be somewhat bypassed by editing the addSpoke script mentioned in next chapter, but to run the addSpoke script as is, the groups FTUSERS, FTAGENTS and mqm has to be created.

In a standard setup of MQ FTE the users ftuser and ftagent also need to be created and added to the previous created groups. The administrator user mqmAdmin needs to be created and added to the group mqm.

Since this is just a Test Solution, and I like to do it simple, I also added my user SI_User (the user I log in on my Windows MQ Server with) to all the User Groups. In that way I don’t need to log in and out as different users all the time. But the reasoning behind the User Groups and different Users is bypassed by doing that, so don’t do it in a Production environment.

My SB2BI Nodes is running on two Linux RedHat Servers, and I run them as root (not very good security-vise either, but this is a test/demo solution and as mentioned, I like it simple and hassle free). Thus I also need to add a user root to the MQ Server, since this is the user SB2BI is using when connecting to MQ FTE.

Below is the Users for MQ created (ftagent, ftuser, mqmAdmin, MUSR_MQADMIN and root).

MQ_Users_001

Below is the Groups for MQ created (FTAGENTS, FTUSERS and mqm)MQ_Users_002

To summarize the Groups and Users in each group:

Group: Users:
FTAGENTS ftagent, root, SI_User
FTUSERS ftuser, root, SI_User
mqm Administrator, mqmAdmin, MUSR_MQADMIN, root, SI_User

NB: There is also one special thing to consider. If using a Standard Windows Server, the user Administrator is often used as default. But WebSphere MQ only has 12 characters for User Name. So the Administrator User is not recommended using since it is 13 characters long.

Create Hub and Spoke

The next thing to do is to create a Hub and Spoke. There are two predefined scripts under <WMQ Installation Folder>\mqft\samples\scripts\ that need to be run.

I have an existing Queue Manager called SB2BIQM listening on Port 1414 (created in this Blog Post), and thus I will use port 1415 for this new Queue Manager to avoid conflicts.

To add a Hub run the following command:
createHub hubQmgr=hubQM hubport=1415

createHub

When the Hub is created, the Spoke can be created. The Spoke is the Agent sending and receiving files. I need to create an Agent that can be used to exchange files with the Agent that is created later in SB2BI.

If MQ is running at the same server as SB2BI, Bindings Mode can be used. If MQ and SB2BI are on different servers (like in my setup), Client Mode has to be used.

Run the following command:
addSpoke agentName=AGENT1 hubQmgr=hubQM connectionMode=CLIENT agentIPAddress=mq.demos.ibm.int hubIPAddress=mq.demos.ibm.int hubPort=1415

addSpoke

When the AddSpoke script is finished, some more commands need to be executed. These commands is posted in the Command Prompt, so they have to be copied and run in a shell.

addSpoke_PostWork

I opened a shell in <WMQ Installation Folder>\bin and executed the following commands:

As Administrator (I use the SI_User I have created since I have added this user to all groups):
fteSetupCoordination -coordinationQMgr hubQM -coordinationQMgrHost mq.demos.ibm.int -coordinationQMgrPort 1415 -coordinationQMgrChannel FTE.USER.SVRCONN -f

fteSetupCommands -p hubQM -connectionQMgr hubQM -connectionQMgrHost mq.demos.ibm.int -connectionQMgrPort 1415 -connectionQMgrChannel FTE.USER.SVRCONN -f

fteCreateAgent -p hubQM -agentName AGENT1 -agentQMgr hubQM -agentQMgrHost mq.demos.ibm.int -agentQMgrPort 1415 -agentQMgrChannel FTE.AGENT.SVRCONN -f

As Agent User (I use the SI_User I have created since I have added this user to all groups):
fteStartAgent -p hubQM AGENT1

The setup in MQ is now finished, and there should be an hubQM created, and an AGENT1 created under Managed File Transfer -> hubQM.

MQExplorer_Agent1

The next step is to Configure Sterling B2B Integrator. Continue to the next page for that…

"Integrate Sterling B2B Integrator/File Gateway with WebSphere MQ FTE" table of contents

  1. Integrate Sterling B2B Integrator/File Gateway with WebSphere MQ FTE
  2. Configure WebSphere MQ FTE
  3. Configure Sterling B2B Integrator
  4. Configure Sterling File Gateway
  5. Test the solution & Summary

4 comments on “Integrate Sterling B2B Integrator/File Gateway with WebSphere MQ FTEAdd yours →

  1. Hello,

    First of all thank you for this guide.
    I am trying to follow it, however the adapter fails to start and I get this in the error log file of the queue manager:

    AMQ9777: Channel was blocked

    EXPLANATION:
    The inbound channel ‘SYSTEM.DEF.SVRCONN’ was blocked from address
    ‘192.168.88.84’ because the active values of the channel matched a record
    configured with USERSRC(NOACCESS). The active values of the channel were
    ‘CLNTUSER(sterling)’.
    ACTION:
    Contact the systems administrator, who should examine the channel
    authentication records to ensure that the correct settings have been
    configured. The ALTER QMGR CHLAUTH switch is used to control whether channel
    authentication records are used. The command DISPLAY CHLAUTH can be used to
    query the channel authentication records.

    The user sterling is the one who runs the integrator and he is also added on the MQ machine and the mqm, FTAGENTS and FTUSERS groups.

    Any ideas on what I might be doing wrong? Thanks in advance.

    1. Hi,

      It is a long time since I did this, and I have just replaced my laptop, and have not yet moved my MQ server to my new Mac, so I am not able to go back and check this. But it has to do with the default authentication in MQ, and that is a field of expertise by itself. I remember that I pretty much disabled all security in my MQ to get rid of the hassle since it is an internal test solution anyway and the fact that MQ is not my field of expertise. I think you could try to run MQSC command ALTER QMGR CHLAUTH(DISABLED) to disable all security. This is of course only if this is a test solution where security isn’t a concern. If not, talk to someone who knows MQ and the security settings in MQ to give the Sterling User the correct access rights.

      1. Thank you for the reply.

        Just for the record, I was able to make it work by:
        – creating a new server-connection channel
        – creating a channel authentication record for the sterling user in that channel
        – using that channel when configuring the adapter in sterling
        – running the addSpoke script again and setting the agentIPAddress to the sterling ip address
        – authorizing the user sterling to put/get/inquire messages in the reply queue

        I’m sure there is a better way to do it, but this worked for me.
        Anyway, again thank you for this great guide.

Leave a Reply

Your email address will not be published. Required fields are marked *