One Pager: Allowing unwanted ports in an embedded MQ broker to be switched off

(template version: 1.91)

Table of Contents
1. Introduction

1.1 Project/Component Working Name
1.2 Name(s) and e-mail address of Document Author(s)/Supplier
1.3. Date of This Document
2. Project Summary
2.1 Project Description
2.2 Risks and Assumptions
3. Problem Summary
3.1 Problem Area
3.2 Justification
4. Technical Description

4.1 Details
4.2 Bugs/RFE's
4.3 Scope
4.4 Out-of-scope
4.5 Interfaces
4.6 Documentation Impact
4.7 Configuration/administration Impact
4.8 High Availability Impact
4.9 Internationalization
4.10 Packaging
4.11 Security Impact
4.12 Compatibility
4.13 Dependencies
4.14 Testing Impact

5. References
6. Schedule


1. Introduction

1.1. Project/Component Working Name

Allowing unwanted services in an embedded MQ broker to be switched off

1.2. Name(s) and e-mail address of Document Author(s)/Supplier

Nigel Deakin
nigel.deakin@oracle.com

1.3. Date of This Document

10 May 2010

2. Project Summary


2.1. Project Description

There is a requirement that when a MQ broker is embedded in a Glassfish instance which is itself embedded in the user's application it should be possible to reduce the ports opened by the broker to an absolute minimum. It should even be possible to configure the embedded broker so that it opens no ports at all.

This document reviews the various services that are started by default and the ports that they use, and whether they can be disabled using existing functionality. Where a service cannot be disabled, this document proposes changes to make that possible, and discusses the impact this will have on the operation of the broker.

2.2. Risks and Assumptions

This document will focus on allowing unwanted services (and the ports they use) to be switched off in an embedded MQ broker, though where possible it will also allow this for local or remote MQ brokers. It only covers changes to the MQ server, client or resource adapter. It does not cover any changes needed to Glassfish. These will be the subject of a separate document.

3. Problem Summary

3.1. Problem Area

This is not really a problem in that Glassfish will operate perfectly satisfactorily even if it is running services that are not needed and so is listening on ports that are not being used.

However the Glassfish engineering team has a desire that an embedded Glassfish instance be as lightweight an entity as possible, and only opens ports that are actually needed.

In addition, some MQ users monotor the ports opened by a MQ broker and ask what they are all for. Some users report that they are operating in a high-security environment where every open port needs to be accounted for. It is therefore considered desirable to give the user complete control over what ports are opened.

3.2. Justification

This main justification is that Glassfish engineering has requested it. It is a useful product enhancement, but definitely not an absolute priority.

4. Technical Description

4.1. Details

If a Glassfish V3 instance is started which contains an embedded MQ broker, then by default the following ports are opened:

PurposePort numberCan it be disabled?
Port mapperDefault is 7676
Defined by imq.portmapper.port broker config property or -port broker arg
No (note that in order to support lazy broker startup, this port is actually opened by the Grizzly proxy and connections forwarded to the port mapper)
Cluster discovery serviceDynamically-allocatedNot used. Removed permanently in Glassfish 3.0.1 (Bug 6900776)
JMS serviceDynamically-allocated by default
May define static port using imq.jms.tcp.port
Yes, by configuring imq.service.activelist
Admin serviceDynamically-allocated by default
May define static port using imq.admin.tcp.port
Yes, by configuring imq.service.activelist
JMX RMI connectorDynamically-allocated by default
May define static port using imq.jmx.connector.jmxrmi.port
Yes, by configuring imq.jmx.connector.activelist

This document therefore proposes adding new functionality to MQ to prevent the following services being started:

ServiceHow to disableConsequences
Port mapperSet imq.portmapper.port.enabled=false (default = true) If the port mapper is disabled, the broker will not be able to accept jms or jmsssl connections using URLs of the forms mq://[hostName][:portMapperPortNumber]/jms mq://[hostName][:portMapperPortNumber]/ssl mq://[hostName][:portMapperPortNumber]

The broker will still be able to accept jms (and jmsssl, if that service is explicitly enabled) connections so long as a static jms (and jmsssl) port is defined, and clients connect using URLs of the form
mqtcp://[hostName][:jmsPortNumber]/jms
mqssl://[hostName][:jmsSSLPortNumber]/jmsssl

It will not be possible to connect to the broker using imqcmd.

It will not be possible to use a com.sun.messaging.AdminConnectionFactory to create a JMX connection to the broker.

It will, however, still be possible to create a JMX connection by looking up the RMI stub from the RMI registry, if one is being used. (Note that the URL used to store the RMI stub in the registry includes, for uniqueness, the configured port mapper port number, even though no port mapper is running.)

ServiceHow to disableConsequences
Cluster service Set imq.cluster.enabled=false (default = true) If the cluster service is disabled, the broker will not be able to particpate in a cluster of any kind.

(Note that this document does nor define what circumstances, of any, an embedded broker is permitted to participate in a cluster.)

The work defined in this document will include testing to ensure that all the properties mentioned above, including those what are already supported, can be passed to the embedded broker via the resource adapter (or MQ broker lifecycle code), and that they have the expected effect.

4.2. Bug/RFE Number(s)

Not applicable.

4.3. In Scope

Not applicable.

4.4. Out of Scope

This document covers changes to MQ (including the resource adapter and broker lifecycle code) to offer the configuration options described above. It does not cover changes to the Glassfish JMS module or any other part of Glassfish to allow these configuration to be specified by the user and then passed on to MQ. These will be the subject of a separate specification.

This document describes how an embedded MQ broker can be configured to disable various services that are started by default. This document does not consider the circumstances under which it is appropriate to disable these services. In general, it is strongly recommended that these services not be disabled, except for the cluster service, as they will prevent the normal operation and management of the embedded MQ broker.

4.5. Interfaces

4.5.1 Public Interfaces

This project adds the following new public interfaces.

Interface Comments
New broker property imq.cluster.enabled
(default = true)
Allows the cluster connection service to be disabled.
New broker property imq.portmapper.port.enabled
(default = true)
Allows the port mapper to be disabled.

Note however that although these interfaces are public, Glassfish users will not use them directly but will configure Glassfish (in a manner which is out of scope of this document) to use these interfaces.

4.5.2 Private interfaces

There are none.

4.5.3 Deprecated/Removed Interfaces

There are none.

4.6. Doc Impact

This work will require updates to the Message Queue Administration Guide

4.7. Admin/Config Impact

This work defines new broker configuration properties. These will be configured using Glassfish tools which are out of scope of this document.

Note that if the port mapper, admin service or JMS RMI connector is disabled in a broker, as discussed in this document, then this will have a severe effect on the ability to administer the broker since these services are essential for the normal administration of such a broker.

4.8. HA Impact

The features described in this document are not intended for use in clustered or HA deployments and should not be used in such cases, since disabling key services will prevent clustered or HA operation.

4.9. I18N/L10N Impactinks

This work does not impact internationalization or localization.

4.10. Packaging, Delivery & Upgrade

4.10.1 Packaging

This work does not have any impact in packaging.

4.10.2 Delivery

This work will not have any impact on product installation

4.10.3 Upgrade and Migration

This work will not have any impact on product upgrade and/or migration from prior releases.

4.11. Security Impact

This work does not interact with security-related APIs or interfaces. It does not rely on any Java policy or platform user/permission. The feature does not expose any new ports (quite the contrary!).

4.12. Compatibility Impact

The changes described in this document will not change the default behaviour, and so will have no impact on backwards compatibility.

4.13. Dependencies

4.13.1 Internal Dependencies

The work described in this document is not dependent on any other Glassfish component. However this work does not stand alone; changes to Glassfish are needed to allow the user to configure what services and ports are required using the various properties defined in this document. The changes to Glassfish are covered in a separate document. Those changes will be dependent on the changes described here.

4.13.2 External Dependencies

The work described in this document does not introduce any new dependencies on external components, whether open source or not.

4.14. Testing Impact

Additional automated MQ system tests will be created to test the changes described in this document and to confirm (using new or existing interfaces) some or all of the ports used by an embedded broker can be disabled if desired.

5. Reference Documents

None

6. Schedule

6.1. Projected Availability

See Milestone schedule.

 

Terms of Use; Privacy Policy; Copyright ©2013-2014 (revision 20140418.2d69abc)
 
 
Close
loading
Please Confirm
Close