Using WebSphere MQ trusted applications

Before you start:

You must complete the following tasks:
  • Ensure that your user ID is a member of the mqm group. On HP-UX and Solaris, specify the user ID mqm as the service user ID when you create the broker. On Windows, use any service user ID that is a member of mqm. Refer to Security requirements for administrative tasks.
  • Review the restrictions that WebSphere MQ places on trusted applications that apply to your environment. See the section "Connection to a queue manager using the MQCONNX call" in the WebSphere MQ Application Programming Guide, available on the WebSphere MQ library Web page.

You can configure a broker to run as a trusted (fastpath) application on all supported platforms, with the exception of z/OS where the option is not applicable. If the broker is configured as a trusted application, it runs in the same process as the WebSphere MQ queue manager agent, and all broker processes benefit from an improvement in the overall system performance.

A broker does not run as a trusted application by default; you either create a trusted application using the mqsicreatebroker command, or modify an existing broker using the mqsichangebroker command.

Configuring a broker as a trusted application does not affect the operation of WebSphere MQ channel agents or listeners. For more information about running these as trusted applications, see the section "Running channels and listeners as trusted applications" in WebSphere MQ Intercommunication, available on the WebSphere MQ library Web page.

Take care when deploying user-defined nodes or parsers. Because a trusted application (the broker) runs in the same operating system process as the queue manager, a user-defined node or parser might compromise the integrity of the queue manager. Consider fully the restrictions that apply to your environment and test user-defined nodes and parsers in a non-trusted environment before deploying them in a trusted broker.

You can either configure a new broker to run as a trusted application, or modify an existing broker.

Related concepts
Brokers
Related tasks
Starting and stopping a broker
Creating a broker
Modifying a broker
Related reference
Security requirements for administrative tasks
mqsicreatebroker command
mqsichangebroker command