JMX SSL Troubleshooting

What is JMX?

When you need to monitor Java applications like Tomcat or CassandraJMX is the gatekeeper to performance metrics.

Supplemental Document:

https://docs.datadoghq.com/integrations/faq/troubleshooting-jmx-integrations/

 

JMX & SSL=true 

Once you have JMX enabled and the Datadog-agent check is successfully sending metrics to the platform there is another step that your client can review. This is securing that remote connection from the world over an SSL Socket.

Note: You cannot secure JMX over ssl without using the jmx remote user/password authentication files. If a client is using system level permissions to run their application they will still need to add these files to be run at startup.

- JMX Explained: It is not possible to enable SSL/TLS security without JMX remote authentication. JMX remote authentication is a prerequisite for enabling SSL/TLS on the JMX port.

This is a setup that requires a bit of work on both sides.For this example I will be explaining the Datadog configuration for the Tomcat integration. First, the client needs to establish a certificate and key to be applied to their Java app keystore. Second, will be the config.yaml file you can find at /etc/datadog/conf.d/tomcat.d/conf.yaml. 

instances:
- host: localhost
port: 9000
user: tomcat
password: tomcat
name: tomcat_webapp

trust_store_path: /path/to/keystore
trust_store_password: mykey_Password

Finally, let us restart the Datadog-agent and check the status of the agent. We should see a successful tomcat_check.

 

References:

  • https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdeng
  • https://access.redhat.com/documentation/en-US/Fuse_ESB/4.4.1/html/ActiveMQ_Security_Guide/files/JMX-PlatConnector-Ssl.html
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.