Firewall administrators must allow incoming TCP connection requests on port 5010 for an IBM MQ agent.
Workgroup-server-to-IBM MQ agent communication
The IBM MQ agent ("the agent") is started and creates TCP and UDP listeners on the specified port. The default port is 5010 and is configurable.
Connectivity from agent to workgroup server is outlined here and graphically in Figure 1.
- The agent reads the local workgroup server configuration file (mqgroup.ini).
- The agent sends a UDP registration request to the workgroup server. The default port is 4010 and is configurable.
- The workgroup server responds to the registration request and sends a UDP confirmation to the agent.
- The workgroup server sends a command to the agent to inquire queue manager names (EXCMD_INQUIRE_Q_MGR_NAMES).
- The agent responds with a list of the queue manager names found in IBM MQ file mqs.ini.
- The workgroup server sends sequential commands (EXCMD_MQ_OPEN) to connect to each of the queue managers.
- The agent starts a new thread for each queue manager.
- The agent thread attempts to connect to a queue manager and responds, one per queue manager. The TCP/IP service allocates a new local port number for each thread; this is transparent to the user and handled automatically by the firewall.
If the connection between agent and workgroup server is broken, the workgroup server tries to reestablish the connection. If unsuccessful, it sends a TCP request every 10 minutes (default can be changed for each node) to reestablish connection.
The node (agent) can alternatively be manually added to the workgroup server configuration and the workgroup server will establish connection to the agent when the node is managed. The connectivity is outlined in Figure 2.
The workgroup server also sends UDP broadcasts on the preconfigured port (5010) to request registrations from any new agents every 1440 minutes (once per day) by default, but both port and time interval are configurable.
Firewall administrators must allow UDP and TCP connection requests for workgroup server port 4010 and agent port 5010 (i.e., whatever the configured ports are) to be opened bidirectionally.