How to connect to a remote JMX node hiding behind a firewall.
JAVA has a really nice tool called jvisualvm to view critical statistics of any java program. This becomes real handy for situations where you need to debug live systems.
To enable any java program to expose a jmx interface you need to pass the following to the command arguments
-Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=127.0.0.1
-Dcom.sun.management.jmxremote.rmi.port=1099
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.local.only=false -jar
A couple of gotchas
Before java version 7u25 it was not possible to specify rmi port and jmx selected a random available port. Which became an issue to access JMX over a firewall. You can't keep on opening random ports for every module restart.
Hostname is important to set if you are accessing remotely. By default the hostname is chosen what your OS shows by 'hostname -i'. If the remote port can be opened on the firewall we can set the host to the actual IP address. However in my case, that was not possible.
The workaround is to have a port forwarded via a ssh client or OS if you are using linux. In secure crt its very simple to do this, its straight forward in putty as well.
Next step is to fire up jvisualvm in your jdk\bin directory from your computer and add a new jmx connection in your local tab. Enter 127.0.0.0:1099 in connection and hopefully you will be connected to your module. Make sure the port is forwarded and the module has 127.0.0.1 set as host name for rmi.
Comments