- 5 minutes to read

Prerequisites for the IBM MQ Monitoring Agent

This page describes the prerequisites to successfully install and run the Nodinite IBM MQ Monitoring Agent.

graph LR subgraph "Nodinite" roNI(fal:fa-code-commit IBM MQ Monitoring agent) end subgraph "IBM MQ" ro3(fal:fa-list Queue Manager) roNI --- |TCP| ro3 end

Instances of the agent can be installed On-Premise using TCP/IP for local network access and/or in the cloud/off-site using Microsoft Service Bus Relaying, read more about configuration in the Nodinite Service Bus Relaying user guide.

Verified Topic
Software Requirements
What Firewall settings are required for the IBM MQ Monitoring Agent?
What Windows User Rights does the IBM MQ Monitoring Agent require?
What IBM MQ User Rights does the IBM MQ Monitoring Agent require?

Software Requirements

Product
Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
.NET Framework .NET Framework 4.8 or later New 6.0
IBM MQ Client V9.2
V9.1

v9.0
v8.05+
v7.5+
Matching the highest version of queue manager to be monitored
MSDTC Windows roles and features Configure MSDTC as documented with additional demand on 'XA transactions' being allowed

If you need IBM MQ Client 9.3 or later, please contact our support.
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.

Note

Version 8.0.4 is NOT recommended due to IBM MQ related bugs with temporary queues not being removed by the queue manager. Please upgrade if you are on this version

What firewall settings are required for the IBM MQ Monitoring Agent?

Depending on where you install the Nodinite IBM MQ Monitoring Agent with respect to Nodinite Monitoring Service and your IBM MQ Queue managers you may need different firewall configurations on different servers. The following illustration shows the agent installed on its own server.

The IBM MQ Monitoring Agent has both inbound and outbound communication:

  1. Between the IBM MQ Monitoring Agent and the queue managers.
  2. Between the Monitoring Service and the IBM MQ Monitoring Agent
graph LR subgraph "Nodinite Core Services Server" roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph "Nodinite Monitoring Agents Server" roNI(fal:fa-monitor-waveform IBM MQ Monitoring agent) end subgraph "IBM MQ" roMonitoringService --> |8000| roNI ro3(fal:fa-list Queue Manager) roNI --> |1414| ro3 end

1. Default channel and listener port (may be overridden by configuration)

Port Name Inbound Outbound TCP UDP Comment
1414 MQ Broker remote connection port Default

If you use SSL then additional ports needs to be opened, read Configuring TLS security for IBM MQ

2. Between the Monitoring Service and the Nodinite IBM MQ Monitoring Agent

The following ports must be allowed on the Windows server where the agent is installed and running :

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1 (Local network)

Port Name Inbound Outbound TCP UDP Comment
8000 RPC Communication is initiated by the Monitoring Service

Option 2 (Cloud/Hybrid)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic
5671, 5672 Secure AMQP
9350 - 9354 Net.TCP

What Windows User Rights does the IBM MQ Monitoring Agent require?

The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.

What IBM MQ User Rights does the IBM MQ Monitoring Agent require?

For each IBM MQ Queue Manager to Monitor, the configured account must have at least read rights. Since some of the operations include changing state, consuming messages and even purging queues additional rights are required.

You can configure which user account to use for each IBM MQ Queue Manager. Read the Configuration user guide for additional information.

  • Member of the MQM user group (local or domain group where IBM MQ Queue manager is installed) OR
  • Least privileges (Replace QM1, mqadmin to match your environment)
 
setmqaut -m QM1 -t qmgr -p "mqadmin" +connect +inq +dsp
setmqaut -m QM1 -n "**" -t q -p "mqadmin" +dsp +inq
setmqaut -m QM1 -n "**" -t topic -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t channel -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t process -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t namelist -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t authinfo -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t clntconn -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t listener -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t service -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t comminfo -p "mqadmin" +dsp
 
setmqaut -m QM1 -n SYSTEM.ADMIN.COMMAND.QUEUE -t q -p "mqadmin" +dsp +inq +put
 
setmqaut -m QM1 -n "SYSTEM.DEFAULT.MODEL.QUEUE" -t q -p "mqadmin" +dsp +get +inq

If you encounter a MQRC_NOT_AUTHORIZED, please review the Troubleshooting user guide.


Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite IBM MQ Monitoring agent exist in the Troubleshooting user guide.

Next Step

Add or manage a Monitoring Agent Configuration
Installing the IBM MQ Monitoring Agent

Administration
IBM MQ Monitoring Agent
Monitoring Agents