Angel's Masterpiece

Passionate ideas on software development

Connecting VisualVM by tunneling through AWS Firewall

with one comment

If you have ever tried to monitor java applications, deployed at EC2 instances, with VisualVM, most probably you have faced one big problem – it does not work. The problem is that normally you don’t want to open monitoring port – you tunnel it. But it’s not enough to tunnel only JMX RMI Registry port. During connection second port would be automatically opened, and unfortunately, you cannot control this second port.

There exist several solutions to this problem. You can use SOCKS, as described here:

http://labs.skiinfo.com/?p=77

I tried follow this article, but unfortunately without success.

The second possibility – write Java agent and start RMI registry manually in agent. When you making it manually – you have full control over the ports. This solution works for me perfectly. It is described in this post:

http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx

In order to make this task easier I put agent (described in the post) in the separate project. You can find it here:

http://github.com/OlegIlyenko/jmx-firewall-friendly-agent

or just follow direct downloads link:

http://github.com/OlegIlyenko/jmx-firewall-friendly-agent/downloads

Now that you have this agent JAR file, setup VisualVM connection through AWS firewall is very simple task. Just follow these steps:

1) Run your java process with following additional arguments:

java \
-Dorg.am.rmi.port=[DESIRED_PORT] \
-javaagent:[PATH_TO_AGENT_JAR] \
...

For example (please notice java.rmi.server.hostname – it’s vital if you are tunneling):

java -Djava.rmi.server.hostname=localhost -javaagent:jmx-firewall-friendly-agent-1.0-SNAPSHOT.jar

Default port is 62277.

2) Now during JVM startup you should see:

Firewall Friendly Agent: Create RMI registry on port 62277
Firewall Friendly Agent: Get the platform's MBean server
Firewall Friendly Agent: Initialize the environment map
Firewall Friendly Agent: Create an RMI connector server. Url for access: ...
Firewall Friendly Agent: Start the RMI connector server on port 62277

3) Now tunnel correspondent port with your SSH client and add following JMX connection to the VisualVM:

service:jmx:rmi://localhost:62277/jndi/rmi://localhost:62277/jmxrmi

4) Enjoy

Advertisements

Written by tenshi

May 25, 2010 at 2:05 pm

Posted in AWS, Java

Tagged with , ,

One Response

Subscribe to comments with RSS.

  1. Thanks, really useful.

    Ramesh Pidikiti

    December 7, 2011 at 8:52 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: