Pre-Requisites for Monitoring eG Manager

The eG agent should be configured to connect to the JRE used by the eG manager to pull out metrics of interest. To enable the eG agent to connect to the JRE, by default, JMX support has been enabled for the eG manager’s JRE. JMX enables external programs like the eG agent to connect to the JRE of an application and pull out metrics in real-time.

Securing the ‘jmxremote.password’ file

To enable the eG agent to use JMX (that requires authentication only) for monitoring the eG manager on Windows, you need to ensure that the jmxremote.password file in the <JAVA_HOME>\jre\lib\managementfolder used by the eG manager is accessible only by the Owner of that file. To achieve this, do the following:

  1. Login to the eG manager host as a local/domain administrator.
  2. Browse to the location of the jmxremote.password file using Windows Explorer.
  3. Next, right-click on the jmxremote.password file and select the Properties option (see Figure 1).

    Figure 1 : Selecting the Properties option

  4. From Figure 2 that appears next, select the Security tab.

    Figure 2 : The Properties dialog box

    However, if you are on Windows XP and the computer is not part of a domain, then the Security tab may be missing. To reveal the Security tab, do the following:

  5. Open Windows Explorer, and choose Folder Options from the Tools menu.
  6. Select the View tab, scroll to the bottom of the Advanced Settings section, and clear the check box next to Use Simple File Sharing.

    Figure 3 : Deselecting the ‘Use simple file sharing’ option

  7. Click OK to apply the change
  8. When you restart Windows Explorer, the Security tab would be visible.
  9. Next, select the Advanced button in the Security tab of Figure 4.

    Figure 4 : Figure 1.4: Clicking the Advanced button

  10. Select the Owner tab to see who the owner of the file is.

    Figure 5 : Verfying whether the Owner of the file is the same as the application Owner

  11. Then, proceed to select the Permissions tab in Figure 5 to set the permissions. If the jmxremote.password file has inherited its permissions from a parent directory that allows users or groups other than the Owner to access the file, then clear the Inherit from parent the permission entries that apply to child objects check box in Figure 6.

    Figure 6 : Disinheriting permissions borrowed from a parent directory

  12. At this point, you will be prompted to confirm whether the inherited permissions should be copied from the parent or removed. Press the Copy button in Figure 7

    Figure 7 : Copying the inherited permissions

  13. Next, remove all permission entries that allow the jmxremote.password file to be accessed by users or groups other than the file Owner. For this, click the user or group and press the Remove button in Figure 8. At the end of this exercise, only a single permission entry granting Full Control to the owner should remain in Figure 8.

    Figure 8 : Granting full control to the file owner

  14. Finally, click the Apply and OK buttons to register the changes. The password file is now secure, and can only be accessed by the file owner.

Note:

If you are trying to enable JMX for an eG manager on Linux, you might encounter issues with the way hostnames are resolved.

To solve it you might have to set the -Djava.rmi.server.hostname=<hostname or localhost or ip> property in the startup script of the eG manager.

If you are in local, simply try with -Djava.rmi.server.hostname=localhost or -Djava.rmi.server.hostname=127.0.0.1.