Friday Sep 11, 2009

GlassFish and JMX through a firewall

Being able to access the GlassFish JMX server through a firewall is essential when you've got big deployments that are secured by firewalls and want to perform remote monitoring and management. Thanks to Steve Esserey and other helpful persons who pointed me to a solution.

In GlassFish v2.1 patch 02 (I've also tested this on GlassFish v2ur2 patch08 and Glassfish v2.1 patch04 for good measure :) a flag has been introduced  that allow you to bind the port for the JMX server's RMI stub to a known port. (Previously this port was dynamic, which, dare I say; caused a few eyebrows to be raised with firewall admins.)

Add this to the JVM options in your domain.xml file:

<jvm-options>-Dcom.sun.aas.jconsole.server.cbport=18687</jvm-options>

Restart the domain, and pending openings in the firewall for the port given in addition to the port the JMX Agent is listening on (default is 8686) you should now be able to connect to GlassFish behind a firewall using JConsole, VisualVM or Sun GlassFish Performance Monitor

The JMX URL to connect on then becomes: service:jmx:rmi:///jndi/rmi://hostname.domain:8686/jmxrmi

VisualVM accessing GlassFish through a Firewall In  the screenshot above VisualVM is shown accessing GlassFish v2.1p2 (Actually GlassFish v2ur2 p08, but they're the same)

Also note that the port is 18686 in the screenshot above, this is just because i set my port to 18686 in the jmx-connector element in domain.xml to avoid a port conflict with a different GlassFish server on the box

<jmx-connector accept-all="false" address="0.0.0.0" auth-realm-name="adm
in-realm" enabled="true" name="system" port="18686" protocol="rmi_jrmp" security-
enabled="false"/>

Note that the MQ broker entry seen in the left hand pane is the VisualVM-MessageQueue plugin set to be released with OpenMQ 4.4. Here I've connected it to OpenMQ 4.3 which happily also works.

Normally testing this when you're not in control of the firewall takes time, the adjustments to GlassFish are done in a minute or so, but the second thing I learned today is perhaps the most important: Eat lunch with the sysadmins and operations guys every now and then! Thanks to Tommy Operations who had the openings in the firewall configured and propagated in minutes (not months which is usual in large organizations)


Thursday Aug 13, 2009

Creating templates for Application configurations

I've been asked repeatedly about how one can create a template for scripting the Application Configurations a Binding Component supports so I thought I'd whip up a little recipe on it.[Read More]
About

This blog will be about software that i work with; Java, OpenESB, GlassFish and perhaps a bit about photography.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today