Toview all the MBeans, Enterprise Server provides a conguration of the Standard JMX
ConnectorServer called System JMX Connector Server. As part of Enterprise Server startup, an
instanceof this JMX Connector Server is started. Any compliant JMX connector client can
connectto the server using this Connector Server.
JavaSE also provides tools to connect to an MBean Server and view MBeans registered with it.
JConsoleis one such popular JMX Connector Client and is available as part of the standard Java
SEdistribution. For more information on JConsole, see
http://java.sun.com/javase/6/docs/technotes/guides/management/jconsole.html
Whenyou congure JConsole with Enterprise Server, Enterprise Server becomes the JMX
Connector'sserver end and JConsole becomes the JMX Connector's preferred client end.
“ConnectingJConsole to Application Server” on page 211shows how to make a successful
connection.
Securing JConsoleto Application Ser verConnec tion
Thereare subtle dierences in how to connect to Enterprise Server, or any JMX Connector
Serverend, based on the transport layer security of the connection. If the server end is secure
(guaranteestransport layer security), there is a little more conguration to be performed on the
clientend.
Bydefault, the developer prole of Enterprise Server is congured with a non-secure System
JMXConnector Server.
Bydefault, cluster and enterprise proles of Enterprise Server are congured with a secure
SystemJMX Connector Server.
Theprotocol used for communication is RMI/JRMP.If security is enabled for the JMX
Connector,the protocol used is RMI/JRMP over SSL.
Note– RMI over SSL does not provide additional checks to ensure that the client is talking to
theintended server. Thus, there is always a possibility, while using JConsole, that you are
sendingthe user name and password to a malicious host. It is completely up to the
administratorto make sure that security is not compromised.
Whenyou install a developer prole domain on a machine such as appserver.sun.com, you
willsee the following in the Domain Administration Server (DAS) domain.xml le:
<!- – The JSR 160 "system-jmx-connector"––>
<jmx-connector accept-all="false"address="0.0.0.0"
auth-realm-name="admin-realm"enabled="true"name="system"port="8686"
protocol="rmi_jrmp"security-enabled="false"/>
<!- – The JSR 160 "system-jmx-connector"––>
UsingJConsole
SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 2008210