Solution

Configuring the MQ server

1. Download apache-activemq-<version>-bin.tar.gz to the server that will host Active MQ.
2. Install the following packages if not already present:
   • curl
   • netcat
3. Add firewall rules for the following ports:
   1. 8161
   2. 8888
   3. 61616
4. Extract the contents of apache-activemq-<version>-bin.tar.gz to /opt
5. Nagivate to /opt/apache-activemq-<version>/
6. Start the ActiveMQ server via `bin/activemq start`
7. Access the ActiveMQ management console via the web browser:
   • http://mqserver.domain.com:8161
8. Provide the default administrative credentials:
   • Username: admin
   • Password: admin
9. Select "Queues."
10. Create a new queue, specifying a unique name.

Configuring the Layer 7 Gateway appliance

1. Copy activemq-all-<version>.jar to the Layer 7 Gateway appliance as the ssgconfig user.
2. Move activemq-all-<version>.jar to /opt/SecureSpan/Gateway/runtime/lib/ext
3. Set ownership to layer7:layer7?for activemq-all-<version>.jar
4. Set permissions to 444?for activemq-all-<version>.jar
5. Restart the Gateway service.

Configuring the Outbound JMS Destination

1. Log into the Layer 7 Policy Manager as an administrative user.
2. Select "Manage JMS Destinations" from the "Tasks" menu.
3. Add a new JMS destination.
4. Specify a uniquely identifiable name.
5. Select the "General" tab.
6. Set the "Direction" as "Outbound."
7. Set the "Provider Type" as "Generic JMS."
8. Select the "JNDI" tab.
9. Set the "Initial Context Factory class name" as "org.apache.activemq.jndi.ActiveMQInitialContextFactory"
10. Set the "JNDI URL" as "tcp://mqserver.domain.com:61616"
11. Select the "Destination" tab.
12. Set the "Connection Factory Name" as "ConnectionFactory".
13. Set the "Destination Name" as "dynamicQueues/<queue name>" where <queue name> is the queue created in the ActiveMQ management console.
14. Select the "Test" button.
15. Save the destination and close the dialog.

Publishing the Outbound JMS service policy

1. Publish a new service policy.
2. Insert the "Route via JMS" assertion.
3. Set the "JMS Destination" as the name of the previously configured destination.
4. Save the assertion properties.
5. Save and activate the policy.

Consuming the Outbound JMS service policy

1. Log into the MQ server as any user.
2. Push a message to the Outbound JMS service policy created previously:
   • curl -H "Content-Type: text/xml" -d "<xml>Test message.</xml>" http://gateway.domain.com:8080/service
3. Log into the ActiveMQ management console via the web browser.
4. View the queue that was created. A message should be visible.

Configuring a simple MQ message recipient

1. Log into the MQ server as any user.
2. Open a TCP port to listen for incoming connections:
   • while true ; do nc -l 8888 <<< "HTTP/1.1 200 OK\r\SUCCESS" ; done
   • NOTE: The above command will open a TCP port on 8888 and respond to TCP connections with the above string. This simulates a web server accepting requests from the Gateway.

Publishing the Inbound JMS service policy

1. Log into the Layer 7 Policy Manager as an administrative user.
2. Publish a new service policy.
3. Insert the "Route via HTTP" assertion.
4. Set the routing URL as "http://mqserver.domain.com:8888"
5. Save and activate the policy.

Configuring the Inbound JMS Destination

1. Select "Manage JMS Destinations" from the "Tasks" menu.
2. Clone the previously created JMS destination.
3. Select the "General" tab.
4. Set the "Direction" as "Inbound."
5. Select the "Inbound Options" tab.
6. Check "Associate destination with published service (bypass resolution)."
7. Set the "Service name" to the newly created inbound JMS service policy.
8. Save the destination and close the dialog.