Qualities of a Highly Effective Architect

Recently I came across an excellent talk from Devoxx 2019: Qualities of a Highly Effective Architect by Venkat Subramaniam.

Link to slides (PDF)

In this talk, Venkat discusses 12 qualities an effective architect should have. Also, he mentions an old article by Martin Fawler called “Who needs an architect“.

Both the talk and the article are great resources to understand what an architect is and what qualities he should possess.

Run IBM MQ in Docker for local development

In a previous blogpost, I described how you can install IBM MQ on your local development machine. This is still a lot of work just to get MQ up and running…

This post describes how to run IBM MQ in Docker and get you up and running in less than 5 minutes! (you should have of course already a working installation of Docker Desktop on your machine)

The official GitHub repository of the MQ Container can be found here: https://github.com/ibm-messaging/mq-container.

Step 1 – Run MQ with default config

These instructions are based on the official usage documentation. In this example, I will not use the default MQ_DEV config.

# get image
docker pull ibmcom/mq

# create volume to sore settings and messages
docker volume create qm1data

# run container without default mq_dev config and attach the new volume
docker run --env LICENSE=accept --env MQ_QMGR_NAME=QM1 --env MQ_DEV=false --publish 1414:1414 --publish 9443:9443 --detach --volume qm1data:/mnt/mqm ibmcom/mq

# login to web console
https://localhost:9443/
u:admin	
p:passw0rd

Step 2 – Disable security

The default configuration has security configured out of the box. And that is a good thing! But it might be a bit annoying for local development.

Connect to your container using the cli. Use runmqsc to disable security and create a new channel that runs under the mqm user.

runmqsc

ALTER QMGR CHLAUTH (DISABLED)
ALTER QMGR CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
define channel(DEMO.ADMIN.SVRCONN) chltype(SVRCONN) trptype(TCP) mcauser('mqm')

At this point, security is disabled and the channel “DEMO.ADMIN.SVRCONN” can be used for messaging (from Java / .NET) and admin purposes (MQ Explorer) without any security.

DISCLAIMER: you should only disable security like this in a development scenario!

Cntlm and a corporate web proxy

When working in a corporate context, you often get confronted with a corporate web proxy. This can become very annoying when working with various command-line tools that have issues with the authentication part of that web proxy.

Luckily, Cntlm can remove that friction by running a local proxy without authentication, that authenticates to the actual proxy for you.

Configuration

  1. Download and install Cntlm: https://sourceforge.net/projects/cntlm/
    It will install itself under”C:\Program Files (x86)\Cntlm”
  2. Edit “Cntlm.ini” and fill in your Username, Domain and Proxy. Remove the plain text password property and save the file.
  3. Use “cntlm -H” to generate a new password hash. Copy the PassNTMLv2 hash to the Cntlm.ini file.
  4. Start the Cntlm service using “net start cntlm”
  5. Now you can use your local proxy (without authentication) at http://localhost:3128/

Conclusion

You only need 4 properties in the Cntlm.ini file to get Cntlm running in a secure way:

Username	testuser
Domain		corp-uk
Proxy		10.0.0.41:8080
PassNTLMv2      <output from cntlm -H>

Links