First, I want to clarify the requirements I have: 1. use a remote box jconsole to control activemq 2. use ssl for jmx 3. use ldap login authentication for jmx 4. activemq instance is running on a firewall protected machine which restrict ports very careful
All 1-3 is doable when I use SUNJMX to define the following: -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.access.file=jmx.access -Dcom.sun.management.jmxremote.login.config=<file contains ldap info> -Djavax.net.ssl.keyStore=keystore -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=trustword 4 is troublesome because jmx rmi is opening two ports, 1 port where the RMI Registry can be reached which is defined by com.sun.management.jmxremote.port and the 2nd port is where the RMIServer and RMIConnection remote objects are exported which is chosen by the RMI stack--random from 32000-65535. therefore if you only open port 1099 in the firewall, the remote jconsole will not work. you can see on the server, it is listening on 1099 but will not work because of that 2nd port thing unless you open all those ports which seems quite unacceptable. Please refer to this useful post: http://blogs.sun.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole which provides workaround using -javaagent my question is 1. Is activemq already providing any solution for scenario 4? 2. managementContext documentation is not clear. If I use managementContext to define JMX port, how can i define client authentication. it is not using anything defined in SUNJMX, if someone can clarify, please do. cheers, ying -- View this message in context: http://www.nabble.com/JMX-remote-managmentContext-and-firewall-tp21969017p21969017.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
