Using MQIPT For Simplifying MQ Operation Across The Internet
We have seen a lot of usage of MQ Internet Pass-Thru gateway, MQIPT. MQIPT was originally released as a support pack (MS81) and is delivered as a standard feature of MQ (MQ 9.1.4). The support pack will no longer be supported after September 2020.
Note, that it is possible to use MQIPT from 9.1.4 and later with earlier versions of MQ. This makes it possible to download and install the latest without having to upgrade all MQ server and client applications.
A key consideration is that MQIPT does not require making changes to the IBM MQ application code, and only requires changes to the hostname/port setting in MQ channel definitions.
MQIPT serves a number of different use cases, the key element is converting the standard MQ protocols into HTTP/S requests.
These are some of the possible use cases
A very common usage is as a proxy, where MQIPT is placed in the DMZ. MQIPT relays the external connection to a destination queue manager inside the firewall. Since the inbound connection is from an address that is in the secure DMZ, this simplifies the firewall configuration.
Internet –> MQIPT (DMZ) –> MQ Server
Another option is placing a pair of MQIPT servers between the MQ Managers, This enables HTTP/S wrappers to be added to the protocol flow and the IBM MQ connection to pass inbound through the firewall as an HTTP application, possibly with the use of an HTTP proxy. This provides the ability to encrypt the traffic with TLS, even though neither MQ Server is configured to do this.
MQ Server –> MQIPT –> MQIPT –> MQ Server
Less common, but another option is using MQIPT as a concentrator for IBM MQ channel connections. This simplifies firewall configuration.
Client1 – \
Client2 –-> MQIPT –> MQ Server
Client3 – /
The key benefits of MQIPT is to provide greater flexibility to the connection of IBM MQ channels when used with firewalls and various network topologies and facilitate many application models; Particularly in the B2B environment.