Appendix D: Message Queuing and Internet Communication in Windows Server 2008
Applies To: Windows Server 2008
In This Appendix
Purposes of Message Queuing 4.0
Overview: Using Message Queuing in a Managed Environment
Examples of Security-Related Features in Message Queuing
Procedures for Installing, Uninstalling, or Viewing Help for Message Queuing
Additional References
Purposes of Message Queuing 4.0
Message Queuing (MSMQ) 4.0 is one of the optional features in Windows Server 2008. Message Queuing enables applications on different systems to communicate with each other across the Internet and other heterogeneous networks, and with computers that might be temporarily offline. For a more complete description of Message Queuing, see the MSDN Web site at:
https://go.microsoft.com/fwlink/?LinkId=106096
This section provides overview information as well as suggestions for other sources of information about balancing your organization’s requirements for running Internet applications with your organization’s requirements for protection of networked assets. However, it is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization running applications that communicate across the Internet.
Overview: Using Message Queuing in a Managed Environment
Applications can use Message Queuing to send messages and to continue running regardless of whether the receiving application is running or reachable over the network. Applications use Message Queuing application programming interface (API) calls to send or receive messages. When messages are in transit between senders and receivers, Message Queuing keeps them in holding areas called queues. These queues protect messages from being lost in transit and provide a place to retrieve messages when the receivers are ready to receive them.
Message Queuing 4.0 provides support for sending messages over the Internet. In addition to support included with previous versions of Message Queuing, Message Queuing 4.0 offers support for subqueues, the handling of poison messages, and transactional remove receive. For more information, see https://go.microsoft.com/fwlink/?LinkId=106097. Also see Additional References, later in this section.
Examples of Security-Related Features in Message Queuing
In any application involving Message Queuing, security is an important consideration. Message Queuing has multiple security features that are relevant from both the administrative perspective and the application design perspective. The following list provides some examples:
Message authentication: Message authentication provides a way to ensure message integrity and a way to verify who sent the message. Authenticating for message integrity ensures that no one has tampered with the message or changed its content.
Security descriptors: Security descriptors provide a way to regulate access to queues using the access control model that governs access to all securable objects in Windows.
Encryption services: Encryption services provides a secured channel for sending private, 40-bit or 128-bit encrypted messages throughout your enterprise. When private messages are sent, Message Queuing ensures that the body of the messages are kept encrypted from the moment they leave the source queue manager to the moment they reach their destination queue manager.
Auditing services: Auditing services provides a way to audit access operations for the queues in your Message Queuing enterprise. The operations that you can audit include creating a queue, opening a queue, setting or retrieving queue properties, and deleting a queue.
Hardened mode: Hardened mode enhances the security of Message Queuing 3.0 computers running on the Internet by supporting scenarios that employ only HTTP (SRMP) messages.
For more information about these features, see the MSDN Web site at:
https://go.microsoft.com/fwlink/?LinkId=107277
Procedures for Installing, Uninstalling, or Viewing Help for Message Queuing
Message Queuing is not installed by default. If your organization has determined that Message Queuing is an essential part of the business process, it can be installed as described in this subsection. Message Queuing is highly configurable, and it is beyond the scope of this white paper to describe all the configuration options available to you. For more detailed information about Message Queuing, see the links in Additional References.
To Install Message Queuing
If you recently installed Windows Server 2008, and the Initial Configuration Tasks interface is displayed, under Customize This Server, click Add features. Then skip to step 3.
If the Initial Configuration Tasks interface is not displayed and Server Manager is not running, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)
Then, in Server Manager, under Features Summary, click Add Features.
In the Add Features Wizard, expand MSMQ, expand MSMQ Services, and then select the check boxes for the Message Queuing features that you want to install.
Click Next, and then click Install.
If you are prompted to restart the computer, click OK to complete the installation.
To Uninstall Message Queuing
If Server Manager is not already open, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)
In Server Manager, under Features Summary, click Remove Features.
In the Remove Features Wizard, expand MSMQ, expand MSMQ Services, and then clear the check boxes for the Message Queuing features that you want to uninstall.
In this wizard, you remove a feature by clearing a check box (not checking a check box).
Click Next, and then click Remove.
When prompted, click OK to restart the computer.
Viewing the Operating System Help Documentation for Message Queuing
The operating system has Help documentation describing the use of Message Queuing. You can view this documentation from any computer that has Internet access (regardless of the operating system running on that computer), or from any server running Windows Server 2008. The Help for Message Queuing is on the Microsoft Web site at:
https://go.microsoft.com/fwlink/?LinkId=107278
To View Help for Message Queuing on a Server on Which Message Queuing is Installed
On a server running Windows Server 2008, with Message Queuing already installed, click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
Press F1.
Make sure that in Help, the Contents tab is selected. In Contents, expand Message Queuing.
Additional References
Topics in the Message Queuing section of the MSDN Web site at:
Information about what's new in Message Queuing on the MSDN Web site at:
Information about security-related features in Message Queuing on the MSDN Web site. From this topic, you can click links for information about message authentication, security descriptors, and other security-related features:
Application Server and Message Queuing documentation on the Microsoft Web site at:
Help for Message Queuing on the Microsoft Web site at:
Information about developing applications for Message Queuing 4.0 on the Microsoft Message Queuing blog:
Information about Message Queuing and encryption:
Information about Message Queuing and authentication:
Recent blog entries for Message Queuing: