activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Smith <psm...@aconex.com>
Subject Re: [Spam: 5.0] JMX Remote Access - Necessary ports
Date Thu, 08 Mar 2007 21:22:34 GMT

On 08/03/2007, at 7:15 PM, Juergen Mayrbaeurl wrote:

>
> What kind of JMX connector do I need for JManage? Can I use the RMI
> connector? Does JManage have to run on the same machine?
>
> Greetings
> Juergen
>


You can specify via a URL syntax exactly what connector to use to  
connect to a given host.  We use the default RMI connector, and have  
a specific host in our production data centre that is used as the  
JManage instance.  Jmanage is then configured with the URL's to talk  
to each of the production java processes inside that network

So, to answer your question, no, JManage doesn't have to run on the  
same machine, and will suffer from the same problem that any other  
RMI based JMX client would have with regards to firewalls.  That's  
why it's useful to have JManage inside production, and then expose a  
single HTTP/S port to connect to it.  We have a setup where we  
configure JManage to listen on localhost:9090.  This means to connect  
to it one needs to use SSH port forwarding to link jmanage and our  
browser together, and I can 'browse' on localhost:9090 on my machine,  
and that browses direct to the jmanage instance on the remote  
system.  This is simply a security measure.  Rather than expose the  
port directly to the firewall, one would need shell access on the  
jmanage host to be able to configure any jmanage-controlled instance.

The other good thing about this setup is that it is much faster than  
a direct client access, say via JConsole one your localhost.  Due to  
latency over a slow network, JConsole is unusable.  We are in  
Australia, and have production systems in Dubai and London which is  
over a loooooooong, and slow link.  JConsole is unusable in this  
scenario, but jmanage inside the production systems accessed via a  
browser is incredibly fast.

JManage also has some useful command-line tools too, so you can  
easily script operational tools that invoke JMX operations.

I couldn't live without it.

Paul
Mime
View raw message