29 Message Queuing HTTP Deployment Scenarios for Microsoft® Windows Server™ 2003 and Microsoft® Windows® XP Professional
Message Queuing HTTP Deployment Scenarios for Microsoft® Windows Server™ 2003 and Microsoft® Windows® XP Professional
Author: Conrad Chang
Product Team: Microsoft Message Queuing
Microsoft Corporation
March 2004
The information contained in this document is provided as a courtesy and represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2004 Microsoft Corporation. All rights reserved.
Microsoft, Visual Basic, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
This article will show you how to configure your messaging infrastructure with HTTP transport, using Message Queuing version 3.0 on Microsoft® Windows® XP and Microsoft Windows Server™ 2003. The scenarios in this paper cover firewall, store and forward director (SFD) server, Network Load Balancing, and enabling message security with HTTPS. A step-by-step guide will help you configure and test your infrastructure.
This article assumes you are familiar with the following:
u Message Queuing version 3.0 messaging
u Internet firewall technology
u XML
u Network Load Balancing
u HTTPS
Table of Contents
Summary
Background
Introduction
Message Queuing Firewall Configuration with Windows Server 2003 and Windows XP Professional
Scenario 1: External Client Sending Transactional and Nontransactional Messages to a Hidden Message Queuing Computer Behind a Firewall
Scenario 2: Internal Client Sending a Nontransactional Message to the System Outside the Firewall
Scenario 3: Internal Client Sending a Transactional Message to the System Outside the Firewall
Windows Server 2003 Message Queuing Transparent SFD
Windows Server 2003 Message Queuing SFD Feature to Redirect Messages to Another Computer
Sending Message Queuing Messages in a Network Load Balancing Farm Configuration
Sending HTTP Messages with HTTPS
Using SSL Without Requiring Client Certificates
Using SSL with Client Certificates Required
Appendix A: References
With the increased importance of business-to-business communication, Message Queuing version 3.0 (also known as MSMQ) on Microsoft Windows® XP and Microsoft Windows Server™ 2003 provides the HTTP/HTTPS protocol, which allows sending and receiving messages in an intranet or over the Internet. Typically, in a business-to-business environment, the message recipient is in a different domain or organization. Therefore, as shown in Figure 1, the typical corporate environment has a firewall to protect its assets from malicious attacks.
Figure 1. Typical corporate environment with a firewall
A corporation can further protect its assets with the store and forward capability of Message Queuing 3.0 using the HTTP protocol. The network names of the computers within an organization and the names of the queues hosted on them do not need to be disclosed to message senders because when you use Message Queuing 3.0, you can map external and internal names, protecting internal resources. The server that has this capability is referred to as the store and forward director (SFD) server and is usually positioned at the front end of the enterprise, where all incoming HTTP requests are directed.
Mapping is enabled on an SFD server, and if messages meet the mapping criteria, they are forwarded further into the enterprise. For example, messages arriving by means of an HTTPS session, messages whose sender can be authenticated, will be forwarded. This helps to ensure that only authorized messages are ever presented to corporate servers.
The Message Queuing 3.0 store and forward director (SFD) functionality is used for message redirection, which is the ability to redirect SOAP reliable messaging protocol (SOAP-RMP) messages to an address that is different from the original destination address of the message. The scenarios in this section will show the Message Queuing 3.0 computer behind the firewall and a client on the Internet using transactional and nontransactional messages to communicate with each other. The typical system configuration is shown in Figure 2.
Figure 2. An order server (the Message Queuing 3.0 computer) within an enterprise firewall
In this scenario, the task is to configure the Message Queuing 3.0 receiving computer, OrderServer in Figure 2, as an SFD server that accepts incoming messages from the Internet through the firewall server, proxy1 in Figure 2. In the following example, the private queue, named orderq, is used as the message destination. The external name of www.northwindtraders.com is used, and it can be replaced with an Internet Protocol (IP) address.
For OrderServer, which is running the Windows Server 2003 operating system, add the following mapping to the SFD server under %WinDir%\System32\MSMQ\Mapping, and then restart the Message Queuing service.
<redirections xmlns="msmq-queue-redirections.xml">
<redirection>
<from>http://www.northwindtraders.com/msmq/orderq</from>
<to>http://OrderServer/msmq/private$/orderq</to>
</redirection>
</redirections>
The preceding mapping indicates redirection within the same computer.
Note
Message Queuing 3.0 on Windows Server 2003 supports a limited use of regular expressions in the content of the <from> elements. Users can use asterisk-terminated URLs to define a redirection from multiple logical addresses to a single physical address. This is the only type of regular expression supported in <redirection> entries, and it is allowed only in the <from> element.
Redirections>
<from>https://www.northwindtraders.com/*</from>
<to>http://OrderServer/msmq/PRIVATE$/Orderq</to>
</Redirections>
For OrderServer, which is running the Windows XP Professional operating system, add the following mapping under %WinDir%\System32\MSMQ\Mapping, and then restart the Message Queuing service.
<mapping host="localhost" xmlns="msmq-queue-mapping.xml">
<queue>
<name>http://OrderServer/msmq/private$/orderq</name>
<alias>http://www.northwindtraders.com/msmq/orderq</alias>
</queue>
</mapping>
The Windows XP Professional operating system only allows up to 10 concurrent incoming sessions.
You can verify the infrastructure by using the following Microsoft Visual Basic® Scripting Edition (VBScript) sample program to send a message from an external computer to www.northwindtraders.com.
System.Messaging.MessageQueue Queue;
Queue = new MessageQueue("FormatName:DIRECT=http://www.northwindtraders.com/msmq/private$/orderq");
System.Messaging.Message Msg;
Msg = new System.Messaging.Message();
Msg.Formatter = new ActiveXMessageFormatter();
Msg.Body="Testing";
Queue.Send(Msg);
Typically, the firewall server will also act as a proxy server to handle the internal request to the outside world. In this case, you need to configure the proxy setting for the computers within the firewall so that messages are routed through the firewall proxy server to the external systems. For the example in Figure 2, we can allow OrderServer (the Message Queuing 3.0 computer) to send a Message Queuing message to Client outside the firewall. You can use the following proxy setting to configure OrderServer to send a message through proxy1.
proxycfg –p proxysrv:80
If you change the proxy server configuration by using the Proxy Configuration utility and you want an active outgoing queue to use the new settings, you must pause and resume that outgoing queue. Outgoing queues can be paused and resumed programmatically by using the MSMQOutgoingQueueManagement.Pause and MSMQOutgoingQueueManagement.Resume methods.
You can now use the following command to send a message to Client (the external computer).
Queue = new MessageQueue("FormatName:DIRECT=http://172.31.201.101/msmq/private$/httpq");
For a transactional sender, in addition to the proxy configuration, the sender needs to instruct the external system where to send the message acknowledgment so that the order acknowledgment will be delivered back to the sender to complete the delivery. Therefore, it is necessary to create a mapping file to configure the acknowledgment on the sending computer under %WinDir%\System32\MSMQ\Mapping, and then restart the Message Queuing service. As shown in the following examples, the mapping file format for Windows Server 2003 is different from Windows XP.
For Windows Server 2003, you need to create a stream-receipt configuration in the sender computer, OrderServer in Figure 2, under %WinDir%\System32\MSMQ\Mapping, and then restart the Message Queuing service.
<StreamReceiptSetup xmlns="msmq-streamreceipt-mapping.xml">
<setup>
<LogicalAddress>http://172.31.201.101/msmq/private$/httpqt</LogicalAddress>
<StreamRecei...
Amiga789