Friday Mar 19, 2010

Configure Access Control for the Bridge Service in OpenMQ 4.4

In a topology with multiple brokers bridging them to move messages from one messaging domain to another is easy to achieve as I showed in my last post.
One thing I did not show was how to create the bridges when you also want to enforce access management on destinations, in this post I will show accessmanagement and multiple connection factories in the object stores.
[Read More]

Friday Jan 22, 2010

Configuring the new broker Bridge service between an OpenMQ 4.4 HA cluster and a single node.

The new OpenMQ 4.4 release has been eagerly looked forward to by myself and some of my customers for it's ability to bridge brokers without requiring a custom application to consume messages and forward it to a different broker. In this post I'll show how to set up a HA cluster and a single node and how to get the new Bridge service to move messages from destinations in one to the other. Also shown is how to configure JDBC persistence for the brokers and which settings are necessary to set up easier JMX client connectivity for the brokers.
[Read More]

Friday Sep 11, 2009

GlassFish and JMX through a firewall

Being able to access the GlassFish JMX server through a firewall is essential when you've got big deployments that are secured by firewalls and want to perform remote monitoring and management. Thanks to Steve Esserey and other helpful persons who pointed me to a solution.

In GlassFish v2.1 patch 02 (I've also tested this on GlassFish v2ur2 patch08 and Glassfish v2.1 patch04 for good measure :) a flag has been introduced  that allow you to bind the port for the JMX server's RMI stub to a known port. (Previously this port was dynamic, which, dare I say; caused a few eyebrows to be raised with firewall admins.)

Add this to the JVM options in your domain.xml file:

<jvm-options>-Dcom.sun.aas.jconsole.server.cbport=18687</jvm-options>

Restart the domain, and pending openings in the firewall for the port given in addition to the port the JMX Agent is listening on (default is 8686) you should now be able to connect to GlassFish behind a firewall using JConsole, VisualVM or Sun GlassFish Performance Monitor

The JMX URL to connect on then becomes: service:jmx:rmi:///jndi/rmi://hostname.domain:8686/jmxrmi

VisualVM accessing GlassFish through a Firewall In  the screenshot above VisualVM is shown accessing GlassFish v2.1p2 (Actually GlassFish v2ur2 p08, but they're the same)

Also note that the port is 18686 in the screenshot above, this is just because i set my port to 18686 in the jmx-connector element in domain.xml to avoid a port conflict with a different GlassFish server on the box

<jmx-connector accept-all="false" address="0.0.0.0" auth-realm-name="adm
in-realm" enabled="true" name="system" port="18686" protocol="rmi_jrmp" security-
enabled="false"/>

Note that the MQ broker entry seen in the left hand pane is the VisualVM-MessageQueue plugin set to be released with OpenMQ 4.4. Here I've connected it to OpenMQ 4.3 which happily also works.

Normally testing this when you're not in control of the firewall takes time, the adjustments to GlassFish are done in a minute or so, but the second thing I learned today is perhaps the most important: Eat lunch with the sysadmins and operations guys every now and then! Thanks to Tommy Operations who had the openings in the firewall configured and propagated in minutes (not months which is usual in large organizations)


About

This blog will be about software that i work with; Java, OpenESB, GlassFish and perhaps a bit about photography.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today