Skip Navigation Links | |
Exit Print View | |
Oracle GlassFish Server Message Queue 4.5 Administration Guide |
Part I Introduction to Message Queue Administration
1. Administrative Tasks and Tools
3. Starting Brokers and Clients
6. Configuring and Managing Connection Services
8. Configuring Persistence Services
9. Configuring and Managing Security Services
10. Configuring and Managing Broker Clusters
11. Managing Administered Objects
12. Configuring and Managing Bridge Services
13. Monitoring Broker Operations
14. Analyzing and Tuning a Message Service
17. Broker Properties Reference
18. Physical Destination Property Reference
19. Administered Object Attribute Reference
20. JMS Resource Adapter Property Reference
21. Metrics Information Reference
22. JES Monitoring Framework Reference
A. Distribution-Specific Locations of Message Queue Data
B. Stability of Message Queue Interfaces
JMX Client Side SSL Configuration
JMX Connections Through a Firewall
Broker configuration properties that support JMX are listed in Table 17-18. These properties can be set in the broker's instance configuration file (config.properties) or at broker startup with the -D option of the Broker utility (imqbrokerd). None of these properties can be set dynamically with the Command utility (imqcmd). In addition, as described below, some of these properties can be set with corresponding imqbrokerd options.
This section discusses several JMX configuration topics:
You can configure the broker to do any of the following:
Start an RMI registry (imq.jmx.rmiregistry.start=true)
If the broker is configured to start an RMI registry, then the broker will do the following:
Start an RMI registry in the broker process. The RMI registry will remain operational during the lifetime of the broker.
Store the JMX connector stub for it's connectors in this RMI registry.
Advertise a static JMX Service URL that points to the relevant JMX connector stub in this registry.
Shut down the RMI registry as part of the broker shutdown process.
Use an existing RMI registry (imq.jmx.rmiregistry.use=true)
If the broker is configured to use an existing RMI registry on the local host, then the broker will do the following:
Expect an RMI registry to be running on the same host (at a port which can also be specified)
Store the JMX connector stub for it's connectors in this externally managed RMI registry.
Advertise a static JMX Service URL that points to the relevant JMX connector stub in this registry. This means the registry must remain operational during the lifetime of the broker.
Not shut down the RMI registry as part of the broker shutdown process.
Not use a registry at all (both imq.jmx.rmiregistry.start and imq.jmx.rmiregistry.use are set to false).
If the broker is configured to not use a registry, then the broker will advertise a dynamic JMX Service URL that contains the JMX connector stub as a serialized object.
The choice of using or not using an RMI registry depends upon whether you want a static or dynamic JMX Service URL, respectively. The advantages and disadvantages of using an RMI registry are shown in the following table.
Table D-1 Advantages and Disadvantages of Using an RMI Registry
|
If a registry is being used, the imq.jmx.rmiregistry.port property specifies the port number for the RMI registry. For convenience, you can also specify these RMI registry related properties by using equivalent Broker utility (imqbrokerd) options at broker startup: -startRmiRegistry, -useRmiRegistry, and -rmiRegistryPort, respectively (see Table 16-1).
When using an RMI Registry to store a JMX connector stub, the urlpath portion of the JMX service URL (see The JMX Service URL) does not change across broker startups and has the following form:
/jndi/rmi://brokerHost[:rmiPort]/brokerHost/portMapperPort/connectorName
This path consists of two segments:
/jndi/rmi://brokerHost[:rmiPort]
Specifies the RMI registry host and port at which the JMX contector stub is obtained by performing a JNDI lookup. The default port is 1099.
/brokerHost/portMapperPort/connectorName
Specifies the location within the RMI registry where the JMX connector stub is stored.
Example D-1 JMX Service URL When Using an RMI Registry
The following example shows the JMX service URL for the default jmxrmi connector in the case where an RMI registry is started on port 1098 on a host called yourhost:
# imqbrokerd -startRmiRegistry -rmiRegistryPort 1098
% imqcmd list jmx -u admin -passfile /myDir/psswds Listing JMX Connectors on the broker specified by: ------------------------- Host Primary Port ------------------------- localhost 7676 Name Active URL jmxrmi true service:jmx:rmi://yourhost/jndi/rmi://yourhost:1098 /yourhost/7676/jmxrmi ssljmxrmi false Successfully listed JMX Connectors.
The JMX service URL could potentially contain a hostname and port three separate times, indicating the location of the JMX connector, the RMI registry, and the broker, respectively.
When not using an RMI Registry to store a JMX connector stub, the urlpath portion of the JMX service URL is dynamically generated at broker startup and has the following form:
/stub/rO0ABdmVyLlJlpIDJyGvQkwAAAARod97VdgAEAeA==
where the string following /stub/ is the is the serialized JMX connector stub encoded in BASE64 (shortened above for legibility)
Example D-2 JMX Service URL When Not Using an RMI Registry
The following example shows the JMX service URL for the default jmxrmi connector when no RMI registry is started by the broker and no existing registry is used.
# imqbrokerd
% imqcmd list jmx -u admin -passfile /myDir/psswds Listing JMX Connectors on the broker specified by: ------------------------- Host Primary Port ------------------------- localhost 7676 Name Active URL jmxrmi true service:jmx:rmi://yourhost/stub/rO0ABdmVyLlJlpIDJy== ssljmxrmi false Successfully listed JMX Connectors.
If you need to have secure, encrypted connections between a JMX client and the broker's MBean server, then you need to configure both sides of the connection accordingly.
As mentioned in JMX Connection Infrastructure, a broker is configured by default for non-secure communication using the preconfigured jmxrmi connector. Applications wishing to use the Secure Socket Layer (SSL) for secure communication must activate the alternate ssljmxrmi connector. The ssljmxrmi connector is preconfigured with imq.jmx.connector.RMIconnectorName.useSSL=true.