What is the JVM SNMP Agent?
By daniel on Jan 31, 2006
The JVM SNMP Agent is a built-in SNMPv2c agent that exposes the Management and Monitoring API of the JVM through SNMP. The JVM SNMP agent exposes a single MIB, which is the JVM-MANAGEMENT-MIB. It can be started through system properties when launching the JVM. It can be configured through Java properties as explained here.
The built-in SNMP agent of the JVM is not extensible. You will not be able to use it in order to expose your own MIB. If you want to expose your own MIB through SNMP, you will need to use a Java SNMP toolkit such as the Java Dynamic Management Kit. Examples of using the Java Dynamic Management Kit to implement SNMP MIBs can be found here.
Note: In a future blog - I will explain how you could use a toolkit such as the Java DMK to expose the JVM-MANAGEMENT-MIB, alongside with your own custom MIB, through SNMPv3. But this is a story for another day.
The JVM built-in SNMP agent is an SNMPv2c agent, which means that it only
has basic SNMPv2 security - based on a host Access Control List (ACL) file.
Since it is relatively easy to forge UDP packets, this means that if
you enable the JVM SNMP agent, the only way to keep it secure is to make
sure that it binds only to the loopback interface (which is the default - but
you can make sure it does by setting com.sun.management.snmp.interface to 127.0.0.1).
When bound to the loopback interface, the SNMP agent can only receive packets that come from the loopback interface itself - and therefore can only answer to managing applications that both:
- run on the same machine
- send request from the loopback interface itself
The main reason that pushed us to expose the SNMP agent only as a black-box agent is compatibility. As I have outlined in a previous blog, simple is not always easy and SNMP is a good example for this. Opening the JVM SNMP agent to expose custom SNMP MIBs would thus have required the addition of a significant amount of new APIs in one of the related JSR 163, or JSR 174 to which they did not precisely belong, or most likely would have required starting a new JSR for these APIs.
As you surely know, adding new APIs to the Java Platform is no small thing: compatibility with previous versions of the Java Platform is one of the main commitment we have. That's why a Java programm written 10 years ago under a different OS, and on a different hardware, can still be run today on Java SE 6 (Mustang)! And we do want to keep it that way. This means that we must be careful of what we put in the Java Platform, because we will be stuck with it forever!
I hope I've been able to answer some of the questions you had about the JVM SNMP Agent!
Cheers to all