Appendix D: Message Queuing and Internet Communication in Windows Server 2008

Applies To: Windows Server 2008

In This Appendix

Purposes of Message Queuing 4.0

Overview: Using Message Queuing in a Managed Environment

Examples of Security-Related Features in Message Queuing

Procedures for Installing, Uninstalling, or Viewing Help for Message Queuing

Additional References

Purposes of Message Queuing 4.0

Message Queuing (MSMQ) 4.0 is one of the optional features in Windows Server 2008. Message Queuing enables applications on different systems to communicate with each other across the Internet and other heterogeneous networks, and with computers that might be temporarily offline. For a more complete description of Message Queuing, see the MSDN Web site at:

https://go.microsoft.com/fwlink/?LinkId=106096

This section provides overview information as well as suggestions for other sources of information about balancing your organization’s requirements for running Internet applications with your organization’s requirements for protection of networked assets. However, it is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization running applications that communicate across the Internet.

Overview: Using Message Queuing in a Managed Environment

Applications can use Message Queuing to send messages and to continue running regardless of whether the receiving application is running or reachable over the network. Applications use Message Queuing application programming interface (API) calls to send or receive messages. When messages are in transit between senders and receivers, Message Queuing keeps them in holding areas called queues. These queues protect messages from being lost in transit and provide a place to retrieve messages when the receivers are ready to receive them.

Message Queuing 4.0 provides support for sending messages over the Internet. In addition to support included with previous versions of Message Queuing, Message Queuing 4.0 offers support for subqueues, the handling of poison messages, and transactional remove receive. For more information, see https://go.microsoft.com/fwlink/?LinkId=106097. Also see Additional References, later in this section.

In any application involving Message Queuing, security is an important consideration. Message Queuing has multiple security features that are relevant from both the administrative perspective and the application design perspective. The following list provides some examples:

  • Message authentication: Message authentication provides a way to ensure message integrity and a way to verify who sent the message. Authenticating for message integrity ensures that no one has tampered with the message or changed its content.

  • Security descriptors: Security descriptors provide a way to regulate access to queues using the access control model that governs access to all securable objects in Windows.

  • Encryption services: Encryption services provides a secured channel for sending private, 40-bit or 128-bit encrypted messages throughout your enterprise. When private messages are sent, Message Queuing ensures that the body of the messages are kept encrypted from the moment they leave the source queue manager to the moment they reach their destination queue manager.

  • Auditing services: Auditing services provides a way to audit access operations for the queues in your Message Queuing enterprise. The operations that you can audit include creating a queue, opening a queue, setting or retrieving queue properties, and deleting a queue.

  • Hardened mode: Hardened mode enhances the security of Message Queuing 3.0 computers running on the Internet by supporting scenarios that employ only HTTP (SRMP) messages.

For more information about these features, see the MSDN Web site at:

https://go.microsoft.com/fwlink/?LinkId=107277

Procedures for Installing, Uninstalling, or Viewing Help for Message Queuing

Message Queuing is not installed by default. If your organization has determined that Message Queuing is an essential part of the business process, it can be installed as described in this subsection. Message Queuing is highly configurable, and it is beyond the scope of this white paper to describe all the configuration options available to you. For more detailed information about Message Queuing, see the links in Additional References.

To Install Message Queuing

  1. If you recently installed Windows Server 2008, and the Initial Configuration Tasks interface is displayed, under Customize This Server, click Add features. Then skip to step 3.

  2. If the Initial Configuration Tasks interface is not displayed and Server Manager is not running, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)

    Then, in Server Manager, under Features Summary, click Add Features.

  3. In the Add Features Wizard, expand MSMQ, expand MSMQ Services, and then select the check boxes for the Message Queuing features that you want to install.

  4. Click Next, and then click Install.

  5. If you are prompted to restart the computer, click OK to complete the installation.

To Uninstall Message Queuing

  1. If Server Manager is not already open, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)

  2. In Server Manager, under Features Summary, click Remove Features.

  3. In the Remove Features Wizard, expand MSMQ, expand MSMQ Services, and then clear the check boxes for the Message Queuing features that you want to uninstall.

    In this wizard, you remove a feature by clearing a check box (not checking a check box).

  4. Click Next, and then click Remove.

  5. When prompted, click OK to restart the computer.

Viewing the Operating System Help Documentation for Message Queuing

The operating system has Help documentation describing the use of Message Queuing. You can view this documentation from any computer that has Internet access (regardless of the operating system running on that computer), or from any server running Windows Server 2008. The Help for Message Queuing is on the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=107278

To View Help for Message Queuing on a Server on Which Message Queuing is Installed

  1. On a server running Windows Server 2008, with Message Queuing already installed, click Start, point to Programs, point to Administrative Tools, and then click Computer Management.

  2. Press F1.

  3. Make sure that in Help, the Contents tab is selected. In Contents, expand Message Queuing.

Additional References