During a recent project, the team faced an issue where a web application was deployed using Tomcat 7 on a cloud environment.
To enable JMX monitoriing for Tomcat 7, the following system properties were configured via setenv.sh:
|Tomcat JMX configuration|
For more information about configuring JMX see the Oracle documentation in the references section.
The firewall on the VPN between the cloud environment and local network was configured to allow connections on port 7099. However this still didn't prove successful.
After reading numerous online resources, the problem was identified. Basically, when the JMX server starts up, it opens two ports, one for the JMX registry and another dynamically generated port for the RMI server. The above configuration only specifies the JMX registry port and there isn't a system property to configure the RMI server port. Both these ports need to be opened in the firewall, but as the RMI server port is dynamically chosen, how can the firewall be configured?
One solution is to develop a custom JMX agent and configure the java runtime to use it. This is outlined in the references below.
For Tomcat there is a more elegant solution for out-of-the-box JMX monitoring.
Tomcat provides a
JMXRemoteLifecycleListenerthat allows specifying both the JMX registry port and the RMI server port.
rmiRegistryPortPlatformreplaces the use of the
JMXRemoteLifecycleListenerrequires the deployment of the catalina-jmx-remote.jar in the
Tomcat can now be remotely monitored and managed using the following JMX service URL: