About

The Diffusion monitoring console is an optional publisher, provided as console.dar. It is deployed by default and can be undeployed in the same manner as any DAR file. It exists to give you an easy way to monitor your Diffusion solution using a web browser.

Dependencies

The console depends on the Diffusion publisher to mirror Java Management Extensions (JMX) MBeans as topics. The console also makes use of the statistics controlled by etc/Statistics.xml

Most modern web browsers implement the features required by the console. If you are using Microsoft Internet Explorer, version 11 or higher is required.

Logging in

The console is available in a fresh local installation at https://localhost:8080/console.

The console is secured by a principal (username) and password. The principal you use to log in must have permissions to view and act on information on the Diffusion server, for example by having the ADMINISTRATOR role.

This user has the correct permissions to use all of the console's capabilities. For more information, see Pre-defined users.

Features: Overview tab

The Overview tab of the console contains panels providing key information about the server.

Figure 1. The default console layout

Changing the panel layout

You can edit the panels on the Overview screen.

• Grab a panel header and drag it to move a panel.
• Click the X icon to remove a panel.
• Click on the wrench icon to configure a panel.

Sourcing monitoring metrics

While configuring a panel, you can add any topic in the topic tree to the metrics that the panel tracks (including both built-in metrics and topics you have created).

Use the Topics tab to find topics.

You can add topics to a panel using the Add to Overview button in the Topics tab.

Features: Topics tab

The Topics tab brings to the web browser the ability to browse and interact with the Diffusion topic tree.

You can browse the live topic tree and subscribe to topics.

If individual topic statistics are enabled, the table also shows the number of subscribed clients, messages sent and bytes sent. Enable individual topic statistics through etc/Statistics.xml, for example,

<!-- Enable global topic statistics -->

  <topic-statistics enabled="true">

  <!-- Enable individual topic instance statistics -->

  <monitor-instances>true</monitor-instances>

</topic-statistics>

Features: Clients tab

The Client tab shows a live list of the clients connected to the Diffusion server. Additionally it shows the number of messages to and from the server, the client IP address, connection type and connection time.

Configure the Diffusion server to provide live client statistics through etc/Statistics.xml

<!-- Enable global client statistics -->
<client-statistics enabled="true">
		<!-- Definition of the log in Logs.xml -->
		<log-name>stats</log-name>
		<!-- Specifies the output frequency of the log, this is one entry per frequency -->

		<output-frequency>1h</output-frequency>
		<!-- Enable individual client instance statistics -->
		<monitor-instances>true</monitor-instances>
</client-statistics>

Features: Logs tab

The Logs tab shows a live color-coded display of log entries emitted by the server at the levels of INFO, WARN, and ERROR.

You can also perform simple filtering on log entries. Unlike other monitoring metrics the Diffusion server retains up to 250 log entries in memory.

Features: Security tab

The Security tab shows a live list of security principals and roles that are configured on the Diffusion server.

For more information about security, see Security.

Figure 2. Security tables

Create, edit, or delete principals: The Principals table shows a list of the principals that the system authentication handler is configured to allow to connect to the Diffusion server. The table also shows the roles that are assigned to any client session that authenticates with the principal.

Click the New Principal button to add a new principal and define its associated password and roles.

Click the spanner icon next to an existing principal to edit that its password or roles.

Click the trashcan icon next to an existing principal to delete that principal.

Edit authentication policy and roles for anonymous users: The Anonymous Users table shows the authentication decision for client session that connect anonymously to the Diffusion server. You can choose to ALLOW or DENY anonymous connections or to ABSTAIN from the authentication decision, which then passes to the next configured authentication handler.

Click the spanner icon to edit the authentication decision for anonymous connections and, if that decision is ALLOW, edit any roles that are assigned to anonymous sessions.

Create, edit, or delete roles: The Roles table shows a list of roles that have been configured in the security store of the Diffusion server. These are the roles that you can choose to assign to any principals that connect to the Diffusion server.

Click the New Role button to add a new role and define its permissions and any roles it inherits from.

Click the spanner icon next to an existing role to edit its permissions and any roles it inherits from.

Click the trashcan icon next to an existing role to delete that role.

Production deployment notes

Securing the Diffusion/ topics

The topics in the Diffusion/ tree convey a great deal of power and it is highly probable that bringing a Diffusion based solution to production requires limiting their access to suitable users: for example, users with an IP address in a specific range. Solution implementers can achieve this by implementing an authentication handler.