Sun Microsystems 820433510 Server User Manual


 
To view all the MBeans, Enterprise Server provides a conguration of the Standard JMX
Connector Server called System JMX Connector Server. As part of Enterprise Server startup, an
instance of this JMX Connector Server is started. Any compliant JMX connector client can
connect to the server using this Connector Server.
Java SE also provides tools to connect to an MBean Server and view MBeans registered with it.
JConsole is one such popular JMX Connector Client and is available as part of the standard Java
SE distribution. For more information on JConsole, see
http://java.sun.com/javase/6/docs/technotes/guides/management/jconsole.html
When you congure JConsole with Enterprise Server, Enterprise Server becomes the JMX
Connector's server end and JConsole becomes the JMX Connector's preferred client end.
“Connecting JConsole to Application Server” on page 211shows how to make a successful
connection .
Securing JConsole to Application Server Connection
There are subtle dierences in how to connect to Enterprise Server, or any JMX Connector
Server end, based on the transport layer security of the connection. If the server end is secure
(guarantees transport layer security), there is a little more conguration to be performed on the
client end.
By default, the developer prole of Enterprise Server is congured with a non-secure System
JMX Connector Server.
By default, cluster and enterprise proles of Enterprise Server are congured with a secure
System JMX Connector Server.
The protocol used for communication is RMI/JRMP. If security is enabled for the JMX
Connector, the protocol used is RMI/JRMP over SSL.
Note RMI over SSL does not provide additional checks to ensure that the client is talking to
the intended server. Thus, there is always a possibility, while using JConsole, that you are
sending the user name and password to a malicious host. It is completely up to the
administrator to make sure that security is not compromised.
When you install a developer prole domain on a machine such as appserver.sun.com , you
will see the following in the Domain Administration Server (DAS) domain.xml le:
<!- The JSR 160 "system-jmx-connector" ––>
<jmx-connector accept-all="false" address="0.0.0.0"
auth-realm-name="admin-realm" enabled="true" name="system" port="8686"
protocol="rmi_jrmp" security-enabled="false"/>
<!- The JSR 160 "system-jmx-connector" ––>
UsingJConsole
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008210