Support User Manuals

Sun Microsystems 820433510 Server User Manual

Open as PDF

of 256

To view all the MBeans, Enterprise Server provides a conguration of the Standard JMX

Connector Server called System JMX Connector Server. As part of Enterprise Server startup, an

instance of this JMX Connector Server is started. Any compliant JMX connector client can

connect to the server using this Connector Server.

Java SE also provides tools to connect to an MBean Server and view MBeans registered with it.

JConsole is one such popular JMX Connector Client and is available as part of the standard Java

SE distribution. For more information on JConsole, see

http://java.sun.com/javase/6/docs/technotes/guides/management/jconsole.html

When you congure JConsole with Enterprise Server, Enterprise Server becomes the JMX

Connector's server end and JConsole becomes the JMX Connector's preferred client end.

“Connecting JConsole to Application Server” on page 211shows how to make a successful

connection .

Securing JConsole to Application Server Connection

There are subtle dierences in how to connect to Enterprise Server, or any JMX Connector

Server end, based on the transport layer security of the connection. If the server end is secure

(guarantees transport layer security), there is a little more conguration to be performed on the

client end.

■

By default, the developer prole of Enterprise Server is congured with a non-secure System

JMX Connector Server.

■

By default, cluster and enterprise proles of Enterprise Server are congured with a secure

System JMX Connector Server.

■

The protocol used for communication is RMI/JRMP. If security is enabled for the JMX

Connector, the protocol used is RMI/JRMP over SSL.

Note – RMI over SSL does not provide additional checks to ensure that the client is talking to

the intended server. Thus, there is always a possibility, while using JConsole, that you are

sending the user name and password to a malicious host. It is completely up to the

administrator to make sure that security is not compromised.

When you install a developer prole domain on a machine such as appserver.sun.com , you

will see the following in the Domain Administration Server (DAS) domain.xml le:

<!- – The JSR 160 "system-jmx-connector" ––>

<jmx-connector accept-all="false" address="0.0.0.0"

auth-realm-name="admin-realm" enabled="true" name="system" port="8686"

protocol="rmi_jrmp" security-enabled="false"/>

<!- – The JSR 160 "system-jmx-connector" ––>

UsingJConsole

SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008210

previous next