Sun Java System Message Queue 3 2005Q1 Administration Guide |
Chapter 1
Administration Tasks and ToolsSun Java System Message Queue administration consists of a number of tasks and a number of tools for performing those tasks.
This chapter first provides an overview of administrative tasks and then describes the administration tools, focusing on common features of the command line administration utilities. The chapter contains the following sections:
Administrative Tasks in a Development EnvironmentIn a development environment, the work focuses on programming Message Queue client applications and programmers often administer their own systems. The Message Queue message server is needed principally for testing. In a development environment, the emphasis is on flexibility, and administration typically includes the following practices:
- Minimal administration, consisting mostly of starting up a broker for developers to use in testing.
- Use of built-in file-based persistence, a file-based user repository, and a file-system store. These simple configurations are usually adequate for development testing.
- In multi-broker testing, no use of a Master Broker.
- Use of auto-created destinations rather than administrator-created destinations.
- Instantiation of administered objects in client code rather than by an administrator.
Administrative Tasks in a Production EnvironmentIn a production environment, in which applications must be reliably deployed and run, administration is more important. The administration tasks you perform depend on the complexity of your messaging system and the complexity of the applications it must support. In general, these tasks can be grouped into setup operations and maintenance operations.
Setup Operations
Typically you must perform at least some, if not all, of the following setup operations:
- Administrator security (protected use of administration tools):
- Authorization: Allow a specific individual or group to access the administrative connection service and consume messages from the dead message queue (see Access Control for Connection Services and Access Control for Physical Destinations).
- If you are using the default administrative user (admin) and a file-based user repository, change the user password (see Changing the Default Administrator Password).
- If you are authorizing a group, make sure each administrator belongs to the group.
- File-based user repository
The file-based user repository has a single group for administrators (admin). If you create a new administrative user, make sure that the new user is in the admin group.
- LDAP user repository
Create a group in the LDAP server, or use an existing group. Be sure that the user to whom you want to grant administrative privileges is a member of that group, and then authorize administrative connections for the members of that group.
For more information, see Using an LDAP Server for a User Repository).
- General security (see Chapter 7, "Managing Security"):
- Authorization: Modify access settings in the access control properties file.
- Encryption: Set up SSL-based connection services (see Working With an SSL-Based Service).
- Administered objects (see Chapter 8, "Managing Administered Objects"):
- Broker clusters (see Chapter 9, "Working With Broker Clusters"):
- Persistence: Decide whether you want the broker to use plugged-in persistence or built-in persistence, and set up the desired store (see Setting Up a Persistent Store).
- Memory management: Set destination attributes so that the number of messages and the amount of memory allocated for messages fit within available broker memory resources (see Table 15-1).
Maintenance Operations
In a production environment, Message Queue message server resources need to be tightly monitored and controlled. Application performance, reliability, and security are at a premium, and you must perform a number of ongoing tasks, described below, using Message Queue administration tools:
- Application management
- Disable the broker’s auto-create capability by setting the values for the imq.autocreate.queue and imq.autocreate.topic properties (see Message Router Properties).
- Create physical destinations on behalf of applications (see Chapter 6, "Managing Physical Destinations").
- Set user access to destinations (see Authorizing Users: the Access Control Properties File).
- Monitor and manage destinations (see Managing Durable Subscriptions).
- Monitor and manage durable subscriptions (see Managing Durable Subscriptions).
- Monitor and manage transactions (see Managing Transactions).
- Broker administration and tuning
- Use broker metrics to tune and reconfigure the broker (see Chapter 11, "Analyzing and Tuning a Message Service").
- Manage broker memory resources (see Chapter 11, "Analyzing and Tuning a Message Service").
- Add brokers to clusters to balance loads (see Chapter 9, "Working With Broker Clusters").
- Recover failed brokers (see Starting Brokers Interactively).
- Managing applications
- Create additional ConnectionFactory and destination administered objects as needed (see Adding and Deleting Administered Objects).
- Adjust ConnectionFactory attribute values to ensure the correct behavior of Java client applications (see Chapter 8, "Managing Administered Objects").
Administrative ToolsMessage Queue administration tools fall into two categories:
Command Line Utilities
This section introduces the command line utilities you use to perform Message Queue administration tasks. You use the Message Queue utilities to start up and manage a broker and to perform other, more specialized administrative tasks.
Figure 1-1 Local and Remote Administration Utilities
All Message Queue utilities are accessible from a command line interface (CLI). Utility commands share common formats, syntax conventions, and options, as described later in this chapter. You can find reference information on the use of the command line utilities in Chapter 13, "Command Reference."
Broker (imqbrokerd) You use the Broker utility to start the broker. You use options to the imqbrokerd command to specify whether brokers should be connected in a cluster and to specify additional configuration information that the broker uses at startup.
Command (imqcmd) After starting a broker, you use the Command utility to create, update, and delete physical destinations; control the broker and its connection services; and manage the broker’s resources.
Object Manager (imqobjmgr) You use the Object Manager utility to add, list, update, and delete administered objects in an object store accessible via JNDI. Administered objects allow JMS clients to be provider-independent by insulating them from JMS provider-specific naming and configuration formats.
User Manager (imqusermgr) You use the User Manager utility to populate a file-based user repository used to authenticate and authorize users.
Key Tool (imqkeytool) You use the Key Tool utility to generate self-signed certificates used for SSL authentication.
Database Manager (imqdbmgr) You use the Database Manager utility to create and manage a JDBC-compliant database used for persistent storage.
Service Administrator (imqsvcadmin) You use the Service Administrator utility to install, query, and remove the broker as a Windows service.
Administration Console
The Administration Console combines some of the capabilities of two command line utilities: the Command utility (imqcmd) and the Object Manager utility (imqobjmgr).
You can use the Administration Console and these two command line utilities to manage a broker remotely and to manage Message Queue administered objects. Other command line utilities (imqusermgr, imqdbmgr, and imqkeytool) must be run on the same host as their associated broker, as shown in Figure 1-1.
Information on the Administration Console is available in its online help. The command line utilities, which are generally used to perform specialized tasks, are described in Command Line Utilities.
You can use the administration console to do the following:
There are some tasks that you cannot use the Administration Console to perform, including starting up a broker, creating broker clusters, configuring more specialized properties of a broker and physical destinations, and managing a user database.
Chapter 2, "Administration Quick Start" provides a brief, hands-on exercise to familiarize you with the Administration Console and to illustrate how you use it to accomplish basic tasks.