IBM MQ Native HA on AWS
Partner Solution Deployment Guide
Martin Evans, Soheel Chughtai, IBM
Senthil Nagaraj, AWS IBM Alliance team
Vinod Shukla, AWS Integration & Automation team
|Refer to the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Partner Solution. To comment on the documentation, refer to Feedback.|
This Partner Solution was created by IBM in collaboration with Amazon Web Services (AWS). Partner Solutions are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices. If you’re unfamiliar with AWS Partner Solutions, refer to the AWS Partner Solution General Information Guide.
This guide covers the information you need to deploy the IBM MQ Native HA Partner Solution in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster.
Costs and licenses
There is no cost to use this Partner Solution, but you will be billed for any AWS services or resources that this Partner Solution deploys. For more information, refer to the AWS Partner Solution General Information Guide.
This solution makes use of Helm charts to deploy IBM MQ Advanced for Developers container images as an IBM MQ Native HA solution on Amazon EKS.
The IBM MQ software license agreement details the licensing terms.
Deploying this Partner Solution with default parameters builds the following IBM MQ Native HA environment in the AWS Cloud.
As shown in Figure 1, this Partner Solution sets up the following:
A highly available architecture that spans three Availability Zones.
A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.
In the public subnets:
Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.
One boot node, an Amazon Elastic Compute Cloud (Amazon EC2) instance, to access the Amazon EKS cluster.
In the private subnets, an Amazon EKS managed node group to automate the provisioning and lifecycle management of the nodes (Amazon EC2 instances) for the Amazon EKS cluster. Each node comprises the following:
An IBM MQ server.
An Amazon Elastic Block Store (Amazon EBS) volume for persistent distributed storage and high availability of the queue manager service and message data.
A Classic Load Balancer that automatically distributes connections to the active IBM MQ server.
Amazon EKS, which provides the Kubernetes control plane for the cluster.
This Partner Solution provides the following deployment option:
Deploy IBM MQ into a new VPC. This option builds a new AWS environment. It then installs a Native HA solution for IBM MQ into the Amazon EKS cluster.
This Partner Solution provides a separate template for this option. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and IBM MQ settings.
Download and configure the Kubernetes command line interface so you can manage deployed applications and resources with
For more information, refer to Installing or updating kubectl.
(Optional) Note the ARNs that need to access the Amazon EKS cluster.
By default, you can access the Amazon EKS cluster from the boot node only. If you want to enable direct access to the Amazon EKS cluster, prepare a list of AWS Identity and Access Management (IAM) entity Amazon Resource Names (ARNs) that need to have this access. When you deploy this solution, you’ll enter those ARNS in a comma-delimited list in the parameter
Sign in to your AWS account, and launch this Partner Solution, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template.
Choose the correct AWS Region, and then choose Next.
On the Create stack page, keep the default setting for the template URL, and then choose Next.
On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.
Unless you’re customizing the Partner Solution templates or are instructed otherwise in this guide’s Predeployment section, don’t change the default settings for the following parameters:
QSS3KeyPrefix. Changing the values of these parameters will modify code references that point to the Amazon Simple Storage Service (Amazon S3) bucket name and key prefix. For more information, refer to the AWS Partner Solutions Contributor’s Guide.
On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.
On the Review page, review and confirm the template settings. Under Capabilities, select all of the check boxes to acknowledge that the template creates AWS Identity and Access Management (IAM) resources that might require the ability to automatically expand macros.
Choose Create stack. The stack takes about 30 minutes to deploy.
Monitor the stack’s status, and when the status is CREATE_COMPLETE, the IBM MQ Native HA deployment is ready.
To view the created resources, choose the Outputs tab.
Determine IBM MQ web console through AWS CloudFormation stack. In CloudFormation service, three high-level stacks are created. The stack with the earliest created time and the description "This template deploys a IBM MQ into a new AWS EKS cluster in a new VPC" is the main stack.
Select to the main CloudFormation stack.
Choose the Outputs tab.
The value of the
MQURLParameterValuekey is the IBM MQ console URL
Determine IBM MQ web console through the AWS EC2 boot node. The MQ Native HA cluster is installed using an AWS EC2 instance that acts as a boot node. You can access the AWS EKS cluster from the AWS EC2 boot node. The boot node will have the suffix
If the boot node status is
stopped, select the boot node, and then restart it.
When the status is
Running, select the boot node, and then choose
Connect using Session Manager.
Run the following commands:
sudo su ec2-user export PATH=$PATH:/usr/local/bin kubectl get all
The output shows a load balancer, for example
afd56b5d7ee7d4bdc827106721c26999-638763888.eu-west-2.elb.amazonaws.com. Access the web console through
Internal only load balancer. If you opted for an internal only load balancer, it won’t be reachable from a public IP. To access the IBM MQ web console, use port forwarding of port 9443 in AWS Systems Manager. For more information, refer to AWS SSM port forwarding, where the
targetis your Amazon EC2 boot node and the host is your load balancer.
For troubleshooting common Partner Solution issues, refer to the AWS Partner Solution General Information Guide and Troubleshooting CloudFormation.
After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.
To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Partner Solution. To submit code, refer to the Partner Solution Contributor’s Guide. To submit feedback on this deployment guide, use the following GitHub links:
This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.
The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. Refer to the License for specific language governing permissions and limitations.