- 0 minutes to read

Release Notes

Prerequisites for the IBM MQ Monitoring Agent

This page describes the prerequisites to successfully install and run the Nodinite IBM MQ Monitoring Agent.

graph LR subgraph "Nodinite" roNI(fal:fa-code-commit IBM MQ Monitoring agent) end subgraph "IBM MQ" ro3(fal:fa-list Queue Manager) roNI --- |TCP| ro3 end

Instances of the agent can be installed On-Premise using TCP/IP for local network access and/or in the cloud/off-site using Microsoft Service Bus Relaying, read more about configuration in the Nodinite Service Bus Relaying user guide.

Verified	Topic
	Software Requirements
	What Firewall settings are required for the IBM MQ Monitoring Agent?
	What Windows User Rights does the IBM MQ Monitoring Agent require?
	What IBM MQ User Rights does the IBM MQ Monitoring Agent require?

Software Requirements

Product
Windows Server	Windows 2022 Windows 2019 Windows 2016 Windows 2012 R2 Windows 2012
.NET Framework	.NET Framework 4.8 or later ^{^{New 6.0}}
IBM MQ Client	V9.2 V9.1 v9.0 v8.05+ v7.5+	Matching the highest version of queue manager to be monitored
MSDTC	Windows roles and features	Configure MSDTC as documented with additional demand on 'XA transactions' being allowed

If you need IBM MQ Client 9.3 or later, please contact our support.
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.

Note
Version 8.0.4 is NOT recommended due to IBM MQ related bugs with temporary queues not being removed by the queue manager. Please upgrade if you are on this version

What firewall settings are required for the IBM MQ Monitoring Agent?

Depending on where you install the Nodinite IBM MQ Monitoring Agent with respect to Nodinite Monitoring Service and your IBM MQ Queue managers you may need different firewall configurations on different servers. The following illustration shows the agent installed on its own server.

The IBM MQ Monitoring Agent has both inbound and outbound communication:

Between the IBM MQ Monitoring Agent and the queue managers.
Between the Monitoring Service and the IBM MQ Monitoring Agent

graph LR subgraph "Nodinite Core Services Server" roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph "Nodinite Monitoring Agents Server" roNI(fal:fa-monitor-waveform IBM MQ Monitoring agent) end subgraph "IBM MQ" roMonitoringService --> |8000| roNI ro3(fal:fa-list Queue Manager) roNI --> |1414| ro3 end

1. Default channel and listener port (may be overridden by configuration)

Port	Name	Inbound	Outbound	TCP	UDP	Comment
1414	MQ Broker remote connection port					Default

If you use SSL then additional ports needs to be opened, read Configuring TLS security for IBM MQ

2. Between the Monitoring Service and the Nodinite IBM MQ Monitoring Agent

The following ports must be allowed on the Windows server where the agent is installed and running :

Port	Name	Inbound	Outbound	TCP	UDP	Comment
53	DNS					The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1 (Local network)

Port	Name	Inbound	Outbound	TCP	UDP	Comment
8000	RPC					Communication is initiated by the Monitoring Service

Option 2 (Cloud/Hybrid)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.

Port	Name	Comment
443	HTTPS	Secure outbound traffic
5671, 5672	Secure AMQP
9350 - 9354	Net.TCP

What Windows User Rights does the IBM MQ Monitoring Agent require?

The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.

Local named account or domain account (preferred).
Access and run-time rights.
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.

What IBM MQ User Rights does the IBM MQ Monitoring Agent require?

For each IBM MQ Queue Manager to Monitor, the configured account must have at least read rights. Since some of the operations include changing state, consuming messages and even purging queues additional rights are required.

You can configure which user account to use for each IBM MQ Queue Manager. Read the Configuration user guide for additional information.

Member of the MQM user group (local or domain group where IBM MQ Queue manager is installed) OR
Least privileges (Replace QM1, mqadmin to match your environment)

 
setmqaut -m QM1 -t qmgr -p "mqadmin" +connect +inq +dsp
setmqaut -m QM1 -n "**" -t q -p "mqadmin" +dsp +inq
setmqaut -m QM1 -n "**" -t topic -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t channel -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t process -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t namelist -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t authinfo -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t clntconn -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t listener -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t service -p "mqadmin" +dsp
setmqaut -m QM1 -n "**" -t comminfo -p "mqadmin" +dsp
 
setmqaut -m QM1 -n SYSTEM.ADMIN.COMMAND.QUEUE -t q -p "mqadmin" +dsp +inq +put
 
setmqaut -m QM1 -n "SYSTEM.DEFAULT.MODEL.QUEUE" -t q -p "mqadmin" +dsp +get +inq

If you encounter a MQRC_NOT_AUTHORIZED, please review the Troubleshooting user guide.

Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite IBM MQ Monitoring agent exist in the Troubleshooting user guide.

Next Step

Add or manage a Monitoring Agent Configuration
Installing the IBM MQ Monitoring Agent

Administration
IBM MQ Monitoring Agent
Monitoring Agents

Explore Nodinite for 30 days – completely free

See how Nodinite resolves your technical issues, in a

LIVE Demo!