activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yinghe0101 <yinghe0...@yahoo.com>
Subject JMX remote managmentContext and firewall
Date Thu, 12 Feb 2009 02:50:49 GMT

First, I want to clarify the requirements I have:
1. use a remote box jconsole to control activemq 
2. use ssl for jmx
3. use ldap login authentication for jmx 
4. activemq instance is running on a firewall protected machine which
restrict ports very careful

All 1-3 is doable when I use SUNJMX to define the following:
-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.access.file=jmx.access
-Dcom.sun.management.jmxremote.login.config=<file contains ldap info>
-Djavax.net.ssl.keyStore=keystore -Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=truststore
-Djavax.net.ssl.trustStorePassword=trustword

4 is troublesome because jmx rmi is opening two ports, 1 port where the RMI
Registry can be reached which is defined by
com.sun.management.jmxremote.port and the 2nd port is where the RMIServer
and RMIConnection remote objects are exported which is chosen by the RMI
stack--random from 32000-65535. therefore if you only open port 1099 in the
firewall, the remote jconsole will not work. you can see on the server, it
is listening on 1099 but will not work because of that 2nd port thing unless
you open all those ports which seems quite unacceptable.

Please refer to this useful post:
http://blogs.sun.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
which provides workaround using -javaagent

my question is 
1. Is activemq already providing any solution for scenario 4?
2. managementContext documentation is not clear. If I use managementContext
to define JMX port, how can i define client authentication. it is not using
anything defined in SUNJMX, if someone can clarify, please do.


cheers,
ying


-- 
View this message in context: http://www.nabble.com/JMX-remote-managmentContext-and-firewall-tp21969017p21969017.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message