Appendix I: Message Queuing and Internet Communication in Windows Server 2008 R2

Applies To: Windows 7, Windows Server 2008 R2

In this appendix

Purposes of Message Queuing 5.0

Overview: Using Message Queuing in a managed environment

Examples of security-related features in Message Queuing

Procedures for installing, uninstalling, and viewing Help for Message Queuing

Additional references

Purposes of Message Queuing 5.0

Message Queuing (MSMQ) 5.0 is one of the optional features in Windows Server® 2008 R2. Message Queuing enables applications on different systems to communicate with each other across the Internet and other heterogeneous networks. It also enables communication with computers that might be temporarily offline. For a more complete description, see Message Queuing (MSMQ) on the Microsoft® Web site.

This section provides overview information and suggestions for other sources of information about balancing your organization’s requirements for running Internet applications with your organization’s requirements for protection of networked assets. However, it is beyond the scope of this document to describe all aspects of maintaining appropriate levels of security and privacy in an organization running applications that communicate across the Internet.

Overview: Using Message Queuing in a managed environment

Applications can use Message Queuing to send messages and to continue running regardless of whether the receiving application is running or reachable over the network. Applications use Message Queuing application programming interface (API) calls to send or receive messages. When messages are in transit between senders and receivers, Message Queuing keeps them in holding areas called queues. These queues protect messages from being lost in transit and provide a place to retrieve messages when the receivers are ready to receive them.

Message Queuing 5.0 provides support for sending messages over the Internet. In addition to support included with previous versions of Message Queuing, Message Queuing 5.0 offers support for subqueues, the handling of poison messages, and transactional remove receive.

For more information, see What's New in Message Queuing 5.0 on the Microsoft Web site. Also see Additional references later in this section.

In any application involving Message Queuing, security is an important consideration. Message Queuing has multiple security features that are relevant from the administrative perspective and the application design perspective. The following list provides some examples:

  • More secure authentication algorithm: Message Queuing 5.0 supports Secure Hash Algorithm 2.0 (SHA2) and all advanced hash algorithms that are supported in this version of Windows. The default is SHA-2 with 512-bit digest length. Support for algorithms such as SHA1, Message Digest version 2 (MD2), MD4, MD5, and Message Authentication Code (MAC) have been disabled by default in Message Queuing 5.0 because these algorithms are considered less secure. You can, however, enable support for weaker algorithms.

    For more information, see What's New in Message Queuing 5.0.

  • Message authentication: Message authentication provides a way to ensure message integrity and a way to verify who sent the message. Authenticating for message integrity ensures that no one has tampered with the message or changed its content.

  • Security descriptors: Security descriptors provide a way to regulate access to queues by using the access control model that governs access to all securable objects in Windows.

  • Encryption services: Encryption services provides a secured channel for sending private, 40-bit or 128-bit encrypted messages throughout your enterprise. When private messages are sent, Message Queuing ensures that the messages stay encrypted from the moment they leave the source queue manager to the moment they reach their destination queue manager.

  • Auditing services: Auditing services provides a way to audit access operations for the queues in your Message Queuing enterprise. The operations that you can audit include creating a queue, opening a queue, setting or retrieving queue properties, and deleting a queue.

  • Hardened mode: Hardened mode enhances the Internet security of computers that are running Message Queuing 3.0 by supporting scenarios that employ only HTTP (SRMP) messages.

For more information, see Message Queuing Security Services on the Microsoft Web site.

Procedures for installing, uninstalling, and viewing Help for Message Queuing

Message Queuing is not installed by default. If your organization has determined that Message Queuing is an essential part of the business process, it can be installed as described in this subsection. Message Queuing is highly configurable, and it is beyond the scope of this document to describe all the configuration options that are available to you.

For more detailed information about Message Queuing, see the Additional references section later in this section.

To install Message Queuing

  1. If you recently installed Windows Server 2008 R2, and the Initial Configuration Tasks interface is displayed, under Customize This Server, click Add features. Then skip to step 3.

  2. If the Initial Configuration Tasks interface is not displayed and Server Manager is not running, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)

  3. In Server Manager, under Features Summary, click Add Features.

  4. In the Add Features Wizard, expand MSMQ, expand MSMQ Services, and then select the check boxes for the Message Queuing features that you want to install.

  5. Click Next, and then click Install.

  6. If you are prompted to restart the computer, click OK to complete the installation.

To uninstall Message Queuing

  1. If Server Manager is not already open, click Start, click Administrative Tools, and then click Server Manager. (If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.)

  2. In Server Manager, under Features Summary, click Remove Features.

  3. In the Remove Features Wizard, expand MSMQ, expand MSMQ Services, and then clear the check boxes for the Message Queuing features that you want to uninstall.

    In this wizard, you remove a feature by clearing a check box (not by selecting a check box).

  4. Click Next, and then click Remove.

  5. When prompted, click OK to restart the computer.

Viewing the operating system Help documentation for Message Queuing

The operating system has Help documentation that describes the use of Message Queuing. You can view this documentation from any computer that has Internet access (regardless of the operating system running on that computer), or from any server running Windows Server 2008 R2.

For more information, see Message Queuing in the Windows Server TechCenter.

To view Help documentation for Message Queuing

  1. On a server running Windows Server 2008 R2, with Message Queuing already installed, click Start, point to Programs, point to Administrative Tools, and then click Computer Management.

  2. Press F1.

  3. Make sure that in Help, the Contents tab is selected. In Contents, expand Message Queuing.

Additional references

For more information about Message Queuing, see the following resources on the Microsoft Web site: