Enabling JMX (Oracle Waveset 8.1.1 System Administrator's Guide)

Oracle Waveset 8.1.1 System Administrator's Guide

Enabling JMX

The JRE did not provide a JMX MBean server prior to Java 1.5, so using JMX required support from the application server. Starting with the Java 1.5 specification, the JRE must provide a built-in MBean server. Consequently, JMX is available from any application server running JRE version 1.5 or later.

Each application server that provides direct JMX support has a different technique for enabling JMX and providing access to the MBeans. You must consult the application server documentation for those instructions.

The MBean server in the JVM is enabled by default, but requires some additional options to be accessed by JConsole or other MBean viewing tools. In most cases, enabling JMX means the application server allows communication on a separate channel with a security profile that is different from that of the HTTP channel. When deciding to enable this channel, you must consider the need to access the MBean data (without restarting the server) against the additional security exposure. Oracle strongly recommends enabling remote JMX access on development and test servers.

For Local Access to MBeans

To enable local access to JMX, where JConsole running on the same host can access MBeans but JConsole running on other hosts cannot, add the following option to the JVM startup:

-Dcom.sun.management.jmxremote

You must decide whether to use this option on production servers based on your security requirements and the need to access the MBean data without restarting the server.

For Remote Access to MBeans

To enable remote access to JMX, where JConsole running on a remote host can access the MBeans but JConsole running on other hosts cannot, add the following options to the JVM startup:

-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=<port num>

When you enable remote JMX access, you must carefully consider the security ramifications. For a test server, you can add the following option, which allows non-SSL access to the JMX server without providing any authentication data:

-Dcom.sun.management.jmxremote.authenticate=false

Using this option is very insecure. You should never use this option on a production server, but it might be appropriate for a test server. For more information, consult the following web site: http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/guide/management/agent.html#jmxagent.