Monitoring MemberzPlus
for the Low Level Administrator
By remotely monitoring a running MemberzPlus™, we can find out all kinds of things about the application such as detect memory leaks, identify resource intensive processes, etc. Real-time monitoring of a running Java Virtual Machine (JVM) was not recommended in the past because it was just too instrusive and could occasionally cause the JVM to crash. That is no longer the case. Now there is no reason not to set up the production environment so it can be monitored. That way, if an issue does arise, it's easy enough to fire up a tool like VisualVM to take a look and see what's going on.
The only setup in JBoss is to define the responding port and the security for accessing that port. Basically, the monitoring tools connect to the running JBoss through a TCP port configured at startup. You can also limit that connection to SSL/TLS and/or a username/password authentication. The raw system properties involved are:
com.sun.management.jmxremote.port
Set the JVM listening port which must be unique per IP address. Typically, you can reference an environment variable in the run script and then set it in the FireDaemon configuration.
com.sun.management.jmxremote.ssl
Set to "true" or "false." If "true," the other SSL-related settings are required.
com.sun.management.jmxremote.authenticate
Set to "true" or "false." If "true," then the username and password settings are required. Ross Group highly recommends requiring both SSL and authentication for any production environment. For more information, see http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html
java.rmi.server.hostname
In the event that you can't get DNS resolution to the remote server you are monitoring, you MUST set this on the server so that it refers to itself by IP instead of by hostname. This does have the potential to cause issues with other third party apps; however, we haven't yet had an issue in a MemberzPlus™ environment.
jstatd
Run "jstatd" (located in the Java /bin directory) on the server. It serves as a bridge between VisualVM (or other tools) and the JVM. First, you need to create security policy file, for instance "tools.policy", for jstatd's JVM containing:
grant {
permission java.security.AllPermission;
};
Then, you can jstatd:
jstatd -J-Djava.security.policy=tools.policy
The policy file tells the running jstatd JVM to allow external programs to connect to it for monitoring.
grant {
permission java.security.AllPermission;
};
Then, you can jstatd:
jstatd -J-Djava.security.policy=tools.policy
Alan Moor
VP of Technology
Mr. Moor joined the team in 1996 as an experienced developer in Oracle, PL/SQL, and PowerBuilder. He has been a team lead and project manager of many high visibility projects including lead on the roll-out of our membership management software MemberzPlus to a membership organization over five million members. Mr. Moor is an Air Force Veteran with 8 years of service and served on the board of the Turner Syndrome Society. Mr. Moor has over 25 years experience in software development in a variety of technical disciplines including Oracle and Java.