Expand Collapse
Just a second...

Configuring the Diffusion Cloud JMX connector server

Connect to JMX through the Diffusion™ Cloud connector server. This connector server is integrated with Diffusion Cloud and enables you to use role-based access control to define how connecting users can use the MBeans.

Diffusion Cloud binds to the specified ports to listen for connections from Java Management Extensions (JMX) clients such as JConsole and Java™ VisualVM.
  1. Optional: If you are running Diffusion Cloud on a Linux™ server, check that the host name is not 127.0.1.1.
    You can do this my running the following command:
    hostname -i
    If the output to this command is 127.0.1.1, add an entry to /etc/hosts that defines the host name.
  2. Edit the etc/Management.xml configuration file to enable and configure the management features:
    1. Set the value of the enabled attribute in the management element to true. 
      <management enabled="true">
    2. Specify the hostname to allow JMX connections on in the host element. 
      <host>localhost</host>
      The default value is localhost. If you set the contents of the host element to a value, connections are only allowed to that value. For example, a JMX connection to localhost is allowed, but connecting to the same system by IP address is not.
      To allow JMX connections on any applicable hostname or IP address, leave the host element blank.
    3. Optional: Specify the ports to use for the JMX service. 
          <!-- The RMI Registry port -->
    <registry-port>1099</registry-port>
    <!-- The JMX service port -->
    <connection-port>1100</connection-port>

      These two ports can be set to the same value, which can simplify firewall configuration.

      You can use the default values:
      • 1099 The remote method invocation (RMI) registry port
      • 1100 The JMX service port
  3. Configure the principals that are allowed to use the JMX service. You can do this in one of the following ways.

    • Update the system authentication store to assign a role with the required permissions to the principal and configure Diffusion Cloud to call the system authentication handler.

      For more information, see System authentication handler.

    • Implement a custom authentication handler that assigns a role with the required permissions to the principal and configure Diffusion Cloud to call your custom authentication handler.

      For more information, see User-written authentication handlers.

  4. Optional:
    Note: If you are using a firewall that employs network address translation (NAT) , you might still be unable to connect to Diffusion Cloud even when the JMX ports are left open.
    To make a secure connection or a connection through a firewall, you can use SSH tunnelling:
    1. Establish an SSH connection to the fire-walled Diffusion Cloud server.
    2. Tunnel the RMI registry port and JMX service port through SSH .
    3. Use JMX to connect to the local ends of the tunneled ports.

Use the ports you have configured to connect a JMX management console to Diffusion Cloud .

This connection cannot be made through Secure Sockets Layer (SSL) . However, you can use SSH tunnelling to secure your connection. For more information, see step 4.