Does Java 6 open a default port for JMX remote connections?

Question

My specific question has to do with JMX as used in JDK 1.6: if I am running a Java process using JRE 1.6 with

com.sun.management.jmxremote

in the command line, does Java pick a default port for remote JMX connections?

Backstory: I am currently trying to develop a procedure to give to a customer that will enable them to connect to one of our processes via JMX from a remote machine. The goal is to facillitate their remote debugging of a situation occurring on a real-time display console. Because of their service level agreement, they are strongly motivated to capture as much data as possible and, if the situation looks too complicated to fix quickly, to restart the display console and allow it to reconnect to the server-side.

I am aware the I could run jconsole on JDK 1.6 processes and jvisualvm on post-JDK 1.6.7 processes given physical access to the console. However, because of the operational requirements and people problems involved, we are strongly motivated to grab the data that we need remotely and get them up and running again.

EDIT: I am aware of the command line port property

com.sun.management.jmxremote.port=portNum

The question that I am trying to answer is, if you do not set that property at the command line, does Java pick another port for remote monitoring? If so, how could you determine what it might be?

Answer 1

The documentation seems to indicate that the JMX agent uses a local ephemeral port, unless you specify the following property:

com.sun.management.jmxremote.port=portNum

Default ports are avoided because you could have many java applications on one system, and if there was a default port, only one application would be able to be managed! The above configuration property is provided for the express purpose of remote management.

If you must insist on using an ephemeral port, then the URL of the JMX agent should be accessible from within the JVM, through the following system property (although this is likely to be a local address):

com.sun.management.jmxremote.localConnectorAddress

Note: I guess you could always open a socket on a remotely-available address and proxy requests on to the local socket, but using the available option seems far more attractive!

Answer 2

The documentation suggests that the JMX agent uses a local port -- something unreachable from outside the machine -- unless you specify the following property:

com.sun.management.jmxremote.port=portNum

This is for security reasons, as well as for the reason given by Mr Potato Head. Thus, it looks like Java 6 does not open a default remotely accessible port for JMX.

EDIT: Added after the OP added an answer with more information.

Another option you have is to somehow create a local proxy that listens to all local JMX connections and exports this information. This way, you don't need to have such magic configuration of each JVM instance on the server. Instead the local proxy can connect to all JVMs via JMX and then somehow expose this information remotely. I am not positive exactly how you would implement this, but something like this may be less work than what you otherwise have to do to expose all of your JVMs remotely via JMX.

Answer 3

So, the short answer to my question is "no."

However, it's interesting to examine why. Look at the netstat output from a valid local connection. Here are the ports that I see opened up as a result of a jconsole making a local connection to itself. As you can see, port 1650 is the local port being used for the JMX information:

Proto  Local Address          Foreign Address        State
TCP    Gandalf:1650           Gandalf:1652           ESTABLISHED
TCP    Gandalf:1650           Gandalf:1653           ESTABLISHED
TCP    Gandalf:1650           Gandalf:1654           ESTABLISHED
TCP    Gandalf:1650           Gandalf:1655           ESTABLISHED
TCP    Gandalf:1650           Gandalf:1656           ESTABLISHED
TCP    Gandalf:1652           Gandalf:1650           ESTABLISHED
TCP    Gandalf:1653           Gandalf:1650           ESTABLISHED
TCP    Gandalf:1654           Gandalf:1650           ESTABLISHED
TCP    Gandalf:1655           Gandalf:1650           ESTABLISHED
TCP    Gandalf:1656           Gandalf:1650           ESTABLISHED

However, it's not sufficient to try to connect jconsole to localhost:1650. Sadly, all that will net you is a "Connection failed: no such object in table" message.

So, the conclusion of my original story is that, if we are going to facilitate remote monitoring using JMX for our customers, we really need to identify unique individual remote access ports for the variety of Java processes that are started in our system. Fortunately, all this requires is the judicious use of the VM argument:

com.sun.management.jmxremote.port=portNum

where we will almost certainly have a sequential pre-specified range of portNum so that the customer can select the correct remote application using the port number.

Answer 4

Hi,

Im using jconsole to monitor my remote application through JMX.

I'm specifying port 2906 (which is open on the server) but get a failed connection when i try to connect from jconsole. the n/w admin has determined that in addition to the port being specified, a second port is being used (41365/tcp). When he opens this port, i am able to connect. However, this second port keeps changing on us.

Why is this second port being used? Why does it keep changing? Is there anything i can do to make it static?

The application and jconsole are both jdk 1.6.

Here are my VM arguments: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=${JMX_PWD_FILE}