MainView Middleware Administrator

MainView Middleware Administrator (MVMA) is a product that is installed in a Linux or Microsoft Windows server. It provides the capability to administer and manage distributed queue managers running on UNIX, Windows, and iSeries platforms. MainView Middleware Administrator implements a REST API server, which BMC AMI Ops Monitor for MQ uses to obtain MQ data from the queue managers.

Related topics

Installing

Customizing-after-installation

MainView Middleware Administrator architecture 

This section illustrates the MainView Middleware Administrator architecture, showing the product running on a Linux or Windows server and communicating with queue managers on a Windows, UNIX, or iSeries server. The underlying protocol communicates with MainView Middleware Administrator by using a secured connection, which requires installing a MainView Middleware Administrator certificate. MainView Middleware Administrator becomes an MQ client that communicates administration requests to the distributed queue managers.

image2020-8-4_22-7-52.png

Installing the MainView Middleware Administrator certificate

Communication between BMC AMI Ops Monitor for MQ and MainView Middleware Administrator uses an SSL connection and requires a valid certificate. You must install the certificate to a key store on the mainframe and on the MainView Middleware Administrator server.

MVMA distributes a default certificate, but you can use a user-generated certificate if you prefer. The MVMA certificate is in the key store named keystore.jks in the security folder of the MainView Middleware Administrator installation directory. 

You can use the gskkyman keytool utility to create a key store to host your certificates on the mainframe. For more information about gskkyman, see the cryptographic services documentation from IBM.

To install the MainView Middleware Administrator certificate


Important

(BMC.AMIOPS.SPE2304 ) Fix packs 9.1.00.H and later of MainView Middleware Administrator implements enhanced SSL communication, which uses TLSv12 security. This might require changes to the key store.

  1. Use the keytool command to export the proper certificate alias from keystore.jks.

    keytool -export -keystore keystore.jks -file bmmadminhttps.crt - alias bmmadminhttps -storepass bmcsoftware
  2.  Use FTP to send the certificate in bin format to a USS file on the mainframe.
  3. Use the mainframe gskkyman CLIST to host the certificate.
    1. To create a new key database, select option 1.
    2. Enter a password of your choice.
    3. For the remaining prompts, accept the defaults.
  4. From the Key Management Menu use option 7 to import the certificate bmcadminhttps.crt

  5.  From the Key Management Menu, select option 10 to store the database password. This step creates the password stash file, key.sth.

    For example, use /shrd/etc/bmm/bmcadminhttps.crt for the import file name, and use bmmadmin for the label.

  6. The Key Management Menu is displayed, use option 10 to store the database password. Creates the password stash file (key.sth).


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*