Expand Collapse
Just a second...

Configuring the Diffusion JMX connector server

Connect to JMX through the Diffusion™ connector server. This connector server is integrated with the Diffusion server and enables you to use role-based access control to define how connecting users can use the MBeans.

Diffusion binds to the specified ports to listen for connections from Java Management Extensions (JMX) clients such as JConsole and Java™ VisualVM.
  1. Optional: If you are running Diffusion on a Linux™ server, check that the host name is not 127.0.1.1.
    You can do this my running the following command:
    hostname -i
    If the output to this command is 127.0.1.1, add an entry to /etc/hosts that defines the host name.
  2. Edit the etc/Management.xml configuration file to enable and configure the management features:
    1. Set the value of the enabled attribute in the management element to true. 
      <management enabled="true">
    2. Specify the hostname to allow JMX connections on in the host element. 
      <host>localhost</host>
      The default value is localhost. If you set the contents of the host element to a value, connections are only allowed to that value. For example, a JMX connection to localhost is allowed, but connecting to the same system by IP address is not.
      To allow JMX connections on any applicable hostname or IP address, leave the host element blank.
    3. Optional: Specify the ports to use for the JMX service. 
          <!-- The RMI Registry port -->
    <registry-port>1099</registry-port>
    <!-- The JMX service port -->
    <connection-port>1100</connection-port>

      These two ports can be set to the same value, which can simplify firewall configuration.

      You can use the default values:
      • 1099 The remote method invocation (RMI) registry port
      • 1100 The JMX service port
  3. Configure the principals that are allowed to use the JMX service. You can do this in one of the following ways.

    • Update the system authentication store to assign a role with the required permissions to the principal and configure the Diffusion server to call the system authentication handler.

      For more information, see System authentication handler.

    • Implement a custom authentication handler that assigns a role with the required permissions to the principal and configure the Diffusion server to call your custom authentication handler.

      For more information, see User-written authentication handlers.

  4. Optional:
    Note: If you are using a firewall that employs network address translation (NAT) , you might still be unable to connect to Diffusion even when the JMX ports are left open.
    To make a secure connection or a connection through a firewall, you can use SSH tunnelling:
    1. Establish an SSH connection to the fire-walled Diffusion server.
    2. Tunnel the RMI registry port and JMX service port through SSH .
    3. Use JMX to connect to the local ends of the tunneled ports.

Use the ports you have configured to connect a JMX management console to the Diffusion server .

This connection cannot be made through Secure Sockets Layer (SSL) . However, you can use SSH tunnelling to secure your connection. For more information, see step 4.