Connect to Java Management Extensions (JMX) through the Diffusion™ connector server. This connector server is integrated
with the Diffusion server and enables you to use role-based access control to
define how connecting users can use the MBeans.
Diffusion binds to the specified ports to listen for
connections from JMX clients such as JConsole and Java™ VisualVM.
If you are running Diffusion on a Linux™ server, check that the host name is not
You can do this my running the following
If the output to this command is 127.0.1.1, add an entry to
/etc/hosts that defines the host name.
Edit the etc/Management.xml configuration file to enable
and configure the management features:
Set the value of the enabled attribute in the
management element to
Specify the hostname to allow JMX connections on in the
The default value is localhost. If you set the
contents of the host element to a value, connections
are only allowed to that value. For example, a JMX connection to
localhost is allowed, but connecting to the same
system by IP address is not.
To allow JMX connections on any
applicable hostname or IP address, leave the host
Specify the ports to use for the JMX
<!-- The RMI Registry port -->
<!-- The JMX service port -->
two ports can be set to the same value, which can simplify firewall
You can use the default values:
- 1099 The remote method invocation (RMI) registry
- 1100 The JMX service
Configure the principals that are allowed to use the JMX service. You can do this in one of the
Update the system authentication store to assign a role with the
required permissions to the principal and configure the Diffusion server to call the system authentication
For more information, see System authentication handler.
Implement a custom authentication handler that assigns a role with
the required permissions to the principal and configure the Diffusion server to call your custom authentication
For more information, see User-written authentication handlers.
Note: If you are using a firewall that employs network address translation (NAT),
you might still be unable to connect to Diffusion even
when the JMX ports are left open.
To make a secure connection or a connection through a firewall, you can use SSH tunnelling:
Establish an SSH connection to the
fire-walled Diffusion server.
Tunnel the RMI registry port and JMX service port through SSH.
Use JMX to connect to the local ends
of the tunneled ports.
Use the ports you have configured to connect a JMX
management console to the Diffusion server.
This connection cannot be made through Secure Sockets Layer (SSL). However,
you can use SSH tunnelling to secure your
connection. For more information, see step 4.