Monitoring JVM's running parameters with JMX

Translated from http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html

using JMX to manage your JVM
JMX is the acronym for Java Management Extensions and a central part of current Java technology, and JMX makes it easier to build extensible, manageable, scalable Java frameworks. More importantly, JMX is part of the J2SE, which means that using JMX can also achieve good compatibility because it is part of standard Java
Having said that, you may not have a very intuitive idea of the importance of JMX, so when you know that the most popular servlet container tomcat, the well-known Open-source server JBoss, is completely based on JMX, even most commercial application servers such as WebLogic, When using JMX as the implementation of its management platform, do you still doubt the importance of JMX? is still doubtful. OK, even with you, the JVM is based on the JMX architecture. This article is about how to manage your JVM with JMX
1. Setting Environment variables
You can set the environment variable as java-dproperty=value on the command line, but it will only work on the current command-line window, or modify the operating system's environment variables
In previous Java, to use JMX to manage a JVM application, you had to add com.sun.management.jmxremote to the system variable to tell the JVM to open specific ports and protocols for management. But JAVA6 has supported JMX by default, which means:
In the past Java version, suppose you want to run the Notepad program, you have to do this:
% CD Jdk_home/demo/jfc/notepad
% Java-dcom.sun.management.jmxremote-jar Notepad.jar
In Java6, you can simply tap the% Java-jar Notepad.jar, and then any JMX-compliant client will be able to connect to the application to manage the so-called Out-of-the-box management. (in Windows systems, for security reasons, if local monitoring and management is required, your temporary folder directory must be NTFS formatted, otherwise you cannot provide sufficient access control)
2. Run Jconsole
This is a default JMX management client implementation that can be typed jconsole directly at the command line. Jconsole used for related debugging is convenient, but not suitable for commercial use, because this thing itself is relatively a resource
3. In the jconsole can see just run the Notepad, double-click the connection can be connected to see the program to run the performance parameters

OK, that's all. Non-Also, the above is only for local monitoring and management, that is, running a monitor on a machine and monitored procedures, if it is remote, jconsole not this machine. That's a bit of a hassle.
1. Remotely, you must first run a Java program with some variable parameters: Com.sun.management.jmxremote.port=portnum
Portnum The port number that refers to the RMI connection. At the same time, remote connections must provide security, so by default, SSL and TLS based password Authentication
2. Set Password (single user)
will jre_home/lib/ Management directory jmxremote.password.template file renamed Jmxremote.password, modify file access rights, only administrators can read and write. Then set the password for the different roles, by default there are already two roles monitorrole and Controlrole
3. Setting a password (multiple users)
will jre_home/lib/ Copy the Jmxremote.password.template file from the management directory to the JRE root directory and rename it to Jmxremote.password; same permissions, set password , and then start Jvm:com.sun.management.jmxremote.password.file=pwfilepath
where Pwfilepath is the path to the password file
4. Connect with Jconsole
If SSL is not used, enter directly: Jconsole hostname:portnum
If you use SSL, you must add a parameter:% Java-djavax.net.ssl.keystore=keystore- Djavax.net.ssl.keystorepassword=password Server
This only validates the server side, and if you also want to verify the SSL client, set a similar value, detailed settings can refer to: http:// Java.sun.com/javase/6/docs/technotes/guides/security/jsse/jsserefguide.html#customizingstores

Let's go into the deep discussion of the password verification we just talked about. JMX provides two files for password and access control, one is the Jmxremote.password file just mentioned, for setting the role password, and the other jmxremote.access is the access control file that defines the read and write permissions for each role
Password File Example:
# the "monitorrole" role has password "QED".
# the "controlrole" role has password "r&d".
Monitorrole QED
Controlrole r&d

Examples of Access files:
# o the ' monitorrole ' role has readonly access.
# o the ' controlrole ' role has readwrite access.
Monitorrole readonly
Controlrole ReadWrite

Monitoring and managing related system properties
Some attributes and meanings have been mentioned before, but we set them at the command line, and in order not to do this every time, JMX provides a property file, the jre_home/lib/management/ Management.properties, the document provides the meaning and usage of all attributes in an annotation form