|
|
| JMX/RMI connection to Fiorano Servers across firewall |
|
| Problem: Cannot create JMX/RMI connection to Fiorano servers across firewall even after RMI connection port is unblocked. |
| Reason: While creating a connection JMX RMI connector opens two ports: one is for the RMI registry, which is fixed and known and other port is used to export JMX RMI connection objects. This second port is usually dynamically allocated at random. So problem occurs if server is behind a firewall as one of the connection ports is random it cannot be unblocked.
|
Solution:
This problem can be solved using a custom JVM agent which uses fixed and known ports for creating RMI connection.
newagent.jar: JAR for custom JVM agent.
Firewall.zip: Sources for custom JVM agent.
JMXAttributes.java: sample client code
This custom agent uses only one port for RMI connection so at firewall only one port needs to be unblocked to allow
connections.
The changes needed in server.conf to use custom agent are as follows
- Copy newagent.jar on to your machine
Say to ./extlib/jmx-rmi-firewall
- Add it to the classpath under <java.classpath>
Say ../../../extlib/jmx-rmi-firewall/newagent.jar
- Add the port number to connect to the server through the firewall under <java.system.props>
Say: example.rmi.agent.port=3024
- Add -javaagent:../../../extlib/jmx-rmi-firewall/newagent.jar below Enable RemoteDebugging options under <jvm.args>
- In the JMX client, the URL should be as follows
JMXServiceURL address = new JMXServiceURL("service:jmx:rmi://"+serverIP+":"+rmiPort+"/jndi/rmi://"+serverIP+":"+rmiPort+"/jmxrmi");
References:
http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
|
If there are Attachments: 
World Wide Support