1 Reply Latest reply on Jul 13, 2010 11:48 AM by 843798

    Jconsole and JMX monitoring of an app. which is behind a firewall

      hello there,
      I am sorry if this question is answered before. I searched but didn't come across any posts related to my question.

      I have a very strange question.
      I have an application which need to be monitored using a remote jconsole instance. The application is behind a firewall. So I have written a custom agent( using the guide ) so that I can provide the required ports ( RMI registry port and RMI server port) when connecting, and the above two ports are allowed through the firewall.
      Following is the code snippet which shows this.
                      if (rmiServerPortString != null) {
                          int rmiServerPort = Integer.parseInt(rmiServerPortString);
                          jmxURL = "service:jmx:rmi://" + NetworkUtils.getLocalHostname() + ":" +
                                  rmiServerPort + "/jndi/rmi://" + NetworkUtils.getLocalHostname() + ":" +
                                  rmiRegistryPort + "/jmxrmi";
                      } else {
                          jmxURL = "service:jmx:rmi:///jndi/rmi://" +
                                  NetworkUtils.getLocalHostname() + ":" + rmiRegistryPort + "/jmxrmi";
                      JMXServiceURL url = new JMXServiceURL(jmxURL);
      Then when connecting the url is looks like below( RMIRegistry port is 1099 and RMIServer port is 15600)
      1. Now I am able to connect to this using a remote Jconsole client with the remote process is given as
      2. But strangely when I try to connect using the URL
      ,I still can connect. ( note the port 1099 and 15600 are allowed through the firewall, no other ports are allowed) Why is this happening? This should not happened since I have provided the two required ports so that no random port generation is required.

      3. When I also try with a different port for RMI server port ( with that port is blocked) I still can connect using JConsole and see the stats. For ex:
      ( note that the port 15601 is not allowed through the firewall).
      This also should not happen. JConsole should only connect using the correct ports that I have provided ( i.e. 15600).
      According to my understanding only 1 should work and 2, 3 should fail.
      I am not sure why this happened and it's very strange for me. I run on JDK 1.6 on linux. Has any body come across this situation? Do you have any idea?

      And to debug the issue further I completely turned off the firewall allowing any port to be accessed. Then I started the application with both ports given(for ex: 1099 for RMI registry port and 15600 for RMI server port). But still I could connect using a different RMIserver port for ex: 15602 for the JConsole server process. This is very strange and I can't understand why that happened.

      Thanks in advnace.
        • 1. Re: Jconsole and JMX monitoring of an app. which is behind a firewall
          I'll answer my own question for your information.

          This is how remote JMX monitoring works. Once we established a connection to the RMIRegistry service it'll return a stub which contains the port to connect for the information of the RMIServer and Connection objects. By using these objects you can access the JMX stats.
          The actual connection url for the client( here JConsole) need to only to provide with the RMIRegistry port connection url and JConsole is capable of interpreting the connection object information and connect to actual RMIServer port. This information also can be found in the guide[1], in the section under "Connecting to the JMX Agent Programmatically".

          I hope some will find this information helpful.

          [1] - http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/technotes/guides/management/agent.html

          Thank you.