Configuring the IBM MQ server connection channel on z/OS

To send messages between IBM® MQ and Eclipse Amlen, you must configure a server connection channel. Follow these steps to configure a server connection channel on z/OS®.

This task details the steps that are required to configure the IBM MQ server connection channel on z/OS. For more information about how to configure the server connection channel on distributed platforms, see Configuring the IBM MQ server connection channel.

You can use an existing server connection channel, but a new channel provides the following benefits:
  • Active Eclipse Amlen channels can be easily identified on the IBM MQ queue manager.
  • The connection between Eclipse Amlen and IBM MQ can be explicitly secured.
  • CHLAUTH records can be created to map the user ID of the Eclipse Amlen requests to an appropriate user ID on the IBM MQ system.

These steps take place on the IBM MQ system.

  1. Create a server-connection channel for the queue manager, by using the DEFINE CHANNEL MQSC command.

    Eclipse Amlen uses the server-connection channel to connect to IBM MQ.

    For more information about the DEFINE CHANNEL command and the options available, see DEFINE CHANNEL in the IBM MQ documentation.
  2. Make a note of the server-connection channel name, and which queue manager the channel is associated with. If applicable, make a note of the SSLCIPH value used. Make a note of the port number of the listener.

    The name of the server-connection channel is used when you create a queue manager connection by using either the Amlen WebUI, or the Eclipse Amlen REST Administration APIs. The name is also used when you authorize Eclipse Amlen to connect to IBM MQ.

  3. Configure security on the queue manager:
    • If command security is enabled, then the following access is required:
      • ALTER access is required to the hlq.DEFINE.QUEUE profile in the MQCMDS class
      • ALTER access is required to the hlq.DELETE.QUEUE profile in the MQCMDS class
      • READ access is required to the hlq.DISPLAY.TPSTATUS profile in the MQCMDS class
    • If command resource security is enabled, then the following access is required:
      • ALTER access is required to the hlq.QUEUE.SYSTEM.IMA.** profile in the MQADMIN class
    • If queue security is enabled, then the following access is required:
      • UPDATE access is required to the hlq.SYSTEM.DEFAULT.MODEL.QUEUE profile in the MQQUEUE class
      • UPDATE access is required to the hlq.SYSTEM.ADMIN.COMMAND.QUEUE profile in the MQQUEUE class
      • ALTER access is required to the hlq.SYSTEM.IMA.** profile in the MQQUEUE class
    • If topic security is enabled, then the following access is required:
      • UPDATE access is required to the hlq.PUBLISH.topic profile in the MXTOPIC class
      • ALTER access is required to the hlq.SUBSCRIBE.topic profile in the MXTOPIC class
      Where topic is the name of the topic that you want to publish or subscribe to.
    • If channel authentication is enabled, appropriate rules are required to permit client access:
      • The MCAUSER can be set on either the channel or by using a channel authentication rule.
    Note: hlq can be either qmgr-name (queue manager name) or qsg-name (queue-sharing group name).