JMX Tutorial : Managing resources over network : SNMP, CIM, WBEM (web-based enterprise mgmt). JMX is optional pkg extn to J2SE. mainly to start/manage/monitor java enabled resources like EJB's, printers etc JSR-3 gave birth to JMX 1.0 (thru java community process) JDMK (java dynamic mgmt kit) is JMX predecessor and shipping since 1999 JSR-70 - IIOP protocol adapter for JMX (to use with corba) JSR-71 - JMX telecommunication mgmt standards (TMN) JSR-77 - J2EE management JSR-146- WBEM Services- JMX Provider Protocol Adapter JSR-160- Java management extensions 1.5 (Remote management) JSR255 - JMX version 2.0 specification Benefits: - Integrates SNMP, TMN, WBEM - Links on JMX : http://icncweb.france/idd/jmgt/jesmf/instrumTutorial/toc.html -------------------------------------------------------------------------- JMX technology provides a simple, standard way of managing resources such as applications, devices, and services You can also use JMX technology to monitor and manage JVM. JMX technology was developed through the Java Community ProcessSM (JCPSM) as two closely related Java Specification Requests (JSRs): * JSR 3, Java Management Extensions Instrumentation and Agent Specification * JSR 160, Java Management Extensions Remote API specifications and reference implementation for these JSRs are here: http://java.sun.com/products/JavaManagement/download.html - resources are managed by MBeans and these MBeans are registered with MBean server. - JMX agent consists of an MBean server and a set of services for handling MBeans. - JMX connectors allow you to access JMX agents using different communication protocols (such as snmp etc.) - Appserver conforms to JMX technology and can be managed using JMX. - JMX agents could be managed through HTML browser. - To manage resources using JMX, first instrument the resource using MBean: - MBeans must follow design patterns and interfaces in specification. - instrumentation also specifies notification mechanism. To allow MBeans to generate a notification for events. - Create a JMX agent -- usually located on the same machine as resources, but not necessarily. JMX agent is a JVM. The MBeans can be on the same JVM or different JVM located remotely. Core component is MBean server. the agent includes : * set of services to manage MBeans * atleast one communications adaptor or connector to allow access by management application. - jmxremote_optional.jar specifies optional JMX messaging protocol connector available from JSR160 reference implementation download page. This is based on TCP socket, good for more advanced level security. Note: jmxremote_optional.jar contains: javax/management/remote/jmxmp/JMXMPConnector.class javax/management/remote/jmxmp/JMXMPConnectorServer.class jmxremote.jar contains: javax/management/remote/rmi/RMIConnector.class javax/management/remote/rmi/RMIConnectorServer.class JMX implementation must supply jmxremote.jar but jmxremote_optional.jar is just optional. Since jmxremote.jar is part of J2SE5.0, it is not required any more. - The JMX API(jmx.jar) and parts of the JMX Remote API have been included the Java 2 Platform, Standard Edition (J2SE) version 5.0. - management interface of MBean consists of: - attributes that can be get/set - operations that can be invoked - notifications that can be emitted. - Dynamic MBean defines its management interface at runtime. e.g. a config MBean could the names/types of the attributes it exposes by parsing an XML file. - JMX agent consists of : - MBean Server; - Agent Services; - Protocol Adaptors and Connectors - Mbean can be registered with MBean server by: - another MBean - the agent itself - remote management application - Agent Services are available in J2SE 5.0 platform. They are: * Dynamic class loading thru management applet(m-let) service, can download and instantiate objects from network. * Monitors: observe the numerical/string values of MBean attributes and trigger notifications. * Timers : periodically send notifications * Relation service: define associations between MBeans and maintain consistency of the relation. (???) - Protocol adaptors and Connectors. - J2SE includes standard RMI connector only. The connector includes connector server at agent and connector client in the manager. - Protocol adaptor -- An SNMP protocol adaptor is used to translate SNMP requests to JMX operations by making appropriate mapping. The adaptors exist in the client side or agent side or both ??? - RMI Connector supports 2 transports: JRMP (Java remote method protocol) or Internet Inter-ORB protocol(IIOP). To improve security for RMI connector over JRMP, use RMI socket factory to use SSL for client-server connection. - Generic Connector - uses JMX messaging protocol: JMXMP. object wrapping is native java serialization. Security is based on the JSSE(java secure socket extension), JAAS, SASL(simple auth and sec layer). - user defined protocol connectors are possible -- e.g. for HTTP/S. In this case, connector client and connector server jar files must be supplied ?? - Different lookup services can be used to locate the agent i.e. MBean server. e.g. JNDI with LDAP backend, Service Location Protocol, Jini network technology. By lookup, you get connection address/url. With Jini, you can also get a connector stub. - JMX remote API specification defines an LDAP schema for registering addresses and explains how a client can discover a registered agent. - Notes on JDMK : - JDMK (java dynamic management kit) is built on top of JMX. - The Java DMK provides a distributed model that is protocol independent. Management applications rely on the API, not on any one protocol. - Device manufacturers and application vendors can provide the MBeans that plug into their customers' existing agents. - Architecture: Agent JVM ------------------------------------------------- Manager Application |Resource1----| | |Resource2----| ----MBeanServer--ConnectorServer-|----ConnectorClient-JVM |AgentService-| |-ProtocolAdaptor|---+ ------------------------------------------------- | +---HTML/SNMP client -All connectors and adaptors are implemented as MBeans. - Management applications can therefore create/manage communication resources dynamically, according to network conditions or available protocols. - Each protocol can have its own built-in security mechanisms, for example SSL, SASL, or SNMPv3 security. Security aspects linked to each protocol are therefore handled at the connector or adaptor layer, making them transparent to the MBean developer. - includes SNMP Toolkit to do the following: * Develop an SNMP agent with SNMP protocol adaptor * mibgen utility generates MBeans given SNMP MIB (Mgmt Info Base) These templates can be used to develop MBeans. * If needed, develop SNMP manager using SNMP manager API. - SNMP manager API support requests in SNMP v1,v2 or v3 protocols -- including "inform" requests for communicating between SNMP managers. - Java DMK 5.0 also allows you to build a master agent that groups together several SNMP subagents and exports their info in a single point of access. The master agent also converts requests from SNMP v3 client to SNMP v2 subagent, etc. - SNMP RFCs: RFC 2571, RFC 2572, RFC 2574, and RFC 2576. are supported. - The SNMPv3 protocol implementation provides: * A dispatcher, the SNMP adaptor, for sending and receiving messages * The SNMPv3 Message Processing Model (MPM), to prepare messages for sending and to extract data from messages received * A User-based Security Model (USM), to provide authentication and privacy for SNMP operations * A user-based Access Control Model (ACM), to control access to Java management agents * A USM local configuration data file (LCD) that allows configured users persistency - Components of JDMK : - management architecture - communication modules based on RMI and JMXMP protocols. - HTML adaptor, enables access to an agent from a web browser - agent services - library of supplied services inlcudes monitoring, scheduling, dynamic loading, defining relations, dynamic agent discovery, components for implementing security mechanisms. - SNMP APIs SNMP APIs. SNMPv3 compliance. - mibgen utility to generate Java objects from SNMP MIB. - full documentation of APIs, programming examples, JMX specs. Notes on JDMK: - HTML protocol adaptor is implemented as dynamic MBean. (what does it mean?) - mibgen utility generates MBean skeleton code given MIB - proxygen utility generates proxy MBean code to be used at client (manager) side which corresponds to the agent side MBean. Use this only for old legacy connectors. For new, use: RMI, RMI?IIOP, JMXMP connectors and you can generate dynamic proxy at runtime given just its java interface. - To enable tracing you must edit $installdir/etc/conf/template.logging.properties file. - If you are using j2se5.0, you also don't need jmx.jar, sasl.jar, sunsasl.jar and rmissl.jar -- they are all included in j2se5.0. - DynamicMBean should supply getAttribute(), getAttributes(), (also set*), invoke(), functions etc that it's interfaces can be dynamically exposed to the client. - htmladapter itself is an MBean. An agent does the following: server = MBeanServerFactory.createMBeanServer(); .... HtmlAdaptorServer htmlAdaptor = new HtmlAdaptorServer(htmlPort); server.registerMBean(htmlAdaptor, htmlObjName); htmlAdaptor.start(); /* similar things apply for snmpadaptor as well. */ - MBean server delegate is an MBean which represents the MBeanserver. It sends notifications for MBean registration, etc also provides unique id string for it's MBean server etc. More notes on Cacao, CMM mapping, etc : Dynamic MBean and static MBean are different MBeans!!! only dynamic MBeans support getAttribute(), getAttributes() calls!!! Highlights of JMX mbean server/registration : // JMX imports // import javax.management.MBeanServer; import javax.management.MBeanServerFactory; import javax.management.ObjectInstance; import javax.management.ObjectName; import com.sun.jdmk.ServiceName; import com.sun.jdmk.comm.CommunicatorServer; import com.sun.jdmk.comm.HtmlAdaptorServer; public class BaseAgent { private static MBeanServer mbs; public static void main(String[] args) { mbs = javax.management.MBeanServerFactory.ceateMBeanServer(); javax.management.ObjectName objname = new ObjectName(ServiceName.DELEGATE); System.out.println(" objname for " + ServiceName.DELEGATE + " is " + objname); // To ge MBeanServer ID, get this from builtin delegate MBean in MBeanserver. System.out.println(" MBeanServer ID is " + mbs.getAttribute(objname, "MBeanServerId")); // CommunicatorServer htmlAdaptor = new HtmlAdaptorServer(portNo); // default:8082 CommunicatorServer htmlAdaptor = new HtmlAdaptorServer(); // Register HTML Adaptor itself as MBean javax.management.ObjectInstance htmlAdaptorInstance = mbs.registerMBean(htmlAdaptor, null); htmlAdaptor.start(); while (htmlAdaptor.getState() == CommunicatorServer.STARTING) { sleep(1000); System.out.print("."); } System.out.println(); if (htmlAdaptor.getState() != CommunicatorServer.ONLINE) { System.out.println("Cannot start the HTML protocol adaptor."); } } }