Connect to Java Management Extensions (JMX) through the Diffusion™ connector server. This connector server is integrated
with the Diffusion server and enables you to use role-based access control to
define how connecting users can use the MBeans.
Diffusion binds to the specified ports to listen for
connections from JMX clients such as JConsole and Java™ VisualVM.
- Optional:
If you are running Diffusion on a Linux™ server, check that the host name is not
127.0.1.1.
You can do this my running the following
command:
hostname -i
If the output to this command is 127.0.1.1, add an entry to
/etc/hosts that defines the host name.
-
Edit the etc/Management.xml configuration file to enable
and configure the management features:
-
Set the value of the enabled attribute in the
management element to
true.
<management enabled="true">
-
Specify the hostname to allow JMX connections on in the
host element.
The default value is localhost. If you set the
contents of the host element to a value, connections
are only allowed to that value. For example, a JMX connection to
localhost is allowed, but connecting to the same
system by IP address is not.
To allow JMX connections on any
applicable hostname or IP address, leave the host
element blank.
- Optional:
Specify the ports to use for the JMX
service.
<!-- The RMI Registry port -->
<registry-port>1099</registry-port>
<!-- The JMX service port -->
<connection-port>1100</connection-port>
These
two ports can be set to the same value, which can simplify firewall
configuration.
You can use the default values:
- 1099 The remote method invocation (RMI) registry
port
- 1100 The JMX service
port
-
Configure the principals that are allowed to use the JMX service. You can do this in one of the
following ways.
Update the system authentication store to assign a role with the
required permissions to the principal and configure the Diffusion server to call the system authentication
handler.
For more information, see System authentication handler.
Implement a custom authentication handler that assigns a role with
the required permissions to the principal and configure the Diffusion server to call your custom authentication
handler.
For more information, see User-written authentication handlers.
- Optional:
Note: If you are using a firewall that employs network address translation (NAT),
you might still be unable to connect to Diffusion even
when the JMX ports are left open.
To make a secure connection or a connection through a firewall, you can use SSH tunnelling:
-
Establish an SSH connection to the
fire-walled Diffusion server.
-
Tunnel the RMI registry port and JMX service port through SSH.
-
Use JMX to connect to the local ends
of the tunneled ports.
Use the ports you have configured to connect a JMX
management console to the Diffusion server.
This connection cannot be made through Secure Sockets Layer (SSL). However,
you can use SSH tunnelling to secure your
connection. For more information, see step 4.