Using WebSphere MQ trusted applications

Before you start:

You must complete the following tasks:
  • Ensure that your user ID is a member of the mqm group. On HP-UX and Solaris, specify the user ID mqm as the service user ID when you create the broker. On Windows, use any service user ID that is a member of mqm. Refer to Security requirements for administrative tasks.
  • Review the restrictions that WebSphere MQ places on trusted applications that apply to your environment. See the section "Connection to a queue manager using the MQCONNX call" in the WebSphere MQ Application Programming Guide, available on the WebSphere MQ library Web page.

You can configure a broker to run as a trusted (fastpath) application. It runs in the same process as the WebSphere MQ queue manager agent, and thereby improves the overall system performance.

A broker does not run as a trusted application by default; you either create a trusted application using the mqsicreatebroker command, or modify an existing broker using the mqsichangebroker command. You cannot configure a broker as a trusted application on AIX and z/OS.

The Configuration Manager is configured to run as a WebSphere MQ trusted application for performance reasons, and you cannot change the configuration.

Configuring a broker as a trusted application does not affect the operation of WebSphere MQ channel agents or listeners. For more information about running these as trusted applications, see the section "Running channels and listeners as trusted applications" in WebSphere MQ Intercommunication, available on the WebSphere MQ library Web page.

Take care when deploying user-defined nodes or parsers. Because a trusted application (the broker) runs in the same operating system process as the queue manager, a user-defined node or parser might compromise the integrity of the queue manager. Consider fully the restrictions that apply to your environment and test user-defined nodes and parsers in a non-trusted environment before deploying them in a trusted broker.

You can either configure a new broker to run as a trusted application, or modify an existing broker.

Related concepts
Broker
Related tasks
Starting and stopping a broker
Creating a broker
Modifying a broker
Related reference
Security requirements for administrative tasks
mqsicreatebroker command
mqsichangebroker command