Administrative Tasks and Tools

1 Administrative Tasks and Tools

This chapter provides an overview of Open Message Queue administrative tasks and the tools for performing them, focusing on common features of the command line administration utilities. It consists of the following sections:

Administrative Tasks
Administration Tools

Administrative Tasks

The typical administrative tasks to be performed depend on the nature of the environment in which you are running Message Queue. The demands of a software development environment in which Message Queue applications are being developed and tested are different from those of a production environment in which such applications are deployed to accomplish useful work. The following sections summarize the typical administrative requirements of these two different types of environment.

Administration in a Development Environment

In a development environment, the emphasis is on flexibility. The Message Queue message service is needed principally for testing applications under development. Administration is generally minimal, with programmers often administering their own systems. Such environments are typically distinguished by the following characteristics:

Simple startup of brokers for use in testing
Administered objects instantiated in client code rather than created administratively
Auto-created destinations
File-system object store
File-based persistence
File-based user repository
No master broker in multiple-broker clusters

Administration in a Production Environment

In a production environment in which applications must be reliably deployed and run, administration is more important. Administrative tasks to be performed depend on the complexity of the messaging system and of the applications it must support. Such tasks can be classified into two general categories: setup operations and maintenance operations.

Setup Operations

Administrative setup operations in a production environment typically include some or all of the following:

Administrator security

Setting the password for the default administrative user (admin) (Changing a User’s Password)
Controlling individual or group access to the administrative connection service (Authorization Rules for Connection Services) and the dead message queue (Authorization Rules for Physical Destinations)
Regulating administrative group access to a file-based or Lightweight Directory Access Protocol (LDAP) user repository (User Groups and Status, Using an LDAP User Repository)

General security

Managing the contents of a file-based user repository (Using the User Manager Utility) or configuring the broker to use an existing LDAP user repository (Using an LDAP User Repository)
Controlling the operations that individual users or groups are authorized to perform (User Authorization)
Setting up encryption services using the Secure Socket Layer (SSL) (Message Encryption)

Administered objects

Setting up and configuring an LDAP object store ( LDAP Server Object Stores)
Creating connection factories and destinations ( Adding Administered Objects)

Broker clusters

Creating a cluster configuration file (The Cluster Configuration File)
Designating a master broker (Managing a Conventional Cluster’s Configuration Change Record)

Persistence

Configuring a broker to use a persistent store (Configuring Persistence Services).

Memory management

Setting a destination’s configuration properties to optimize its memory usage (Updating Physical Destination Properties, Physical Destination Property Reference)

Maintenance Operations

Because application performance, reliability, and security are at a premium in production environments, message service resources must be tightly monitored and controlled through ongoing administrative maintenance operations, including the following:

Broker administration and tuning

Using broker metrics to tune and reconfigure a broker ( Analyzing and Tuning a Message Service)
Managing broker memory resources (Managing Broker System-Wide Memory)
Creating and managing broker clusters to balance message load (Configuring and Managing Broker Clusters)
Recovering failed brokers (Starting Brokers).

Administered objects

Adjusting connection factory attributes to ensure the correct behavior of client applications (Connection Factory Attributes)
Monitoring and managing physical destinations ( Configuring and Managing Physical Destinations)
Controlling user access to destinations ( Authorization Rules for Physical Destinations)

Client management

Monitoring and managing durable subscriptions (see Managing Durable Subscriptions).
Monitoring and managing transactions (see Managing Transactions).

Administration Tools

This section describes the tools you use to configure and manageMessage Queue broker services. The tools fall into two categories:

Built-in Administration Tools
JMX-Based Administration

Built-in Administration Tools

Message Queue’s built-in administration tools include both command line and GUI tools:

Command Line Utilities
Administration Console

Command Line Utilities

All Message Queue utilities are accessible via a command line interface. Utility commands share common formats, syntax conventions, and options. These utilities allow you to perform various administrative tasks, as noted below, and therefore can require different administrative permissions:

The Broker utility (imqbrokerd) starts up brokers and specifies their configuration properties, including connecting them together into a cluster. Permissions: User account that initially started the broker.
The Command utility (imqcmd) controls brokers and their resources and manages physical destinations. Permissions: Message Queue admin user account.
The Object Manager utility (imqobjmgr) manages provider-independent administered objects in an object store accessible via the Java Naming and Directory Interface (JNDI). Permissions: Object store (flat-file or LDAP server) access account.
The Database Manager utility (imqdbmgr) creates and manages databases for persistent storage that conform to the Java Database Connectivity (JDBC) standard. Permissions: JDBC database manager account.
The User Manager utility (imqusermgr) populates a file-based user repository for user authentication and authorization. Permissions: user account that initially started the broker.
The Service Administrator utility ( imqsvcadmin) installs and manages a broker as a Windows service. Permissions: Administrator.
The Key Tool utility (imqkeytool) generates self-signed certificates for Secure Socket Layer (SSL) authentication. Permissions: root user (Solaris and Linux platforms) or Administrator (Windows platform).

The executable files for the above command line utilities are in the IMQ_HOME/bin directory.

See Command Line Reference for detailed information on the use of these utilities.

Administration Console

The Message Queue Administration Console combines some of the capabilities of the Command and Object Manager utilities. You can use it to perform the following tasks:

Connect to and control a broker remotely
Create and manage physical destinations
Create and manage administered objects in a JNDI object store

However, you cannot use the Administration Console to perform such tasks as starting up a broker, creating broker clusters, managing a JDBC database or a user repository, installing a broker as a Windows service, or generating SSL certificates. For these, you need the other command line utilities (Broker, Database Manager, User Manager, Service Administrator, and Key Tool), which cannot operate remotely and must be run on the same host as the broker they manage (see Figure 1-1).

Figure 1-1 Local and Remote Administration Utilities

Diagram showing that imqcmd and imqobjmgr reside on remote host, while all other utilities must reside on the broker’s host.

See Quick-Start Tutorial for a brief, hands-on introduction to the Administration Console. More detailed information on its use is available through its own help facility.

JMX-Based Administration

To serve customers who need a standard programmatic means to monitor and access the broker, Message Queue also supports the Java Management Extensions (JMX) architecture, which allows a Java application to manage broker resources programmatically.

Resources include everything that you can manipulate using the Command utility (imqcmd) and the Message Queue Admin Console: the broker, connection services, connections, destinations, durable subscribers, transactions, and so on.
Management includes the ability to dynamically configure and monitor resources, and the ability to obtain notifications about state changes and error conditions.

JMX is the Java standard for building management applications. Message Queue is based on the JMX 1.2 specification, which is part of JDK 1.5.

For information on the broker’s JMX infrastructure and how to configure the broker to support JMX client applications, see JMX Support.

To manage a Message Queue broker using the JMX architecture, see the Open Message Queue Developer’s Guide for JMX Clients.