Advanced Configuration & Best Practices
Master JMX console with expert configuration techniques, security strategies, and performance optimization patterns.
Custom MBean Implementations
Implementation Strategy
Extend JVM monitoring capabilities by implementing custom JMX interfaces for application-specific metrics like transaction rates, cache hit ratios, and latency baselines.
Code Example
public class TransactionMonitor implements DynamicMBean {
private ObjectName name;
private HashMap metrics = new HashMap<>();
public Object getAttribute(String name) throws Exception {
if ("TransactionCount".equals(name)) return getTotalTransactions();
// additional metrics...
}
public MBeanInfo getMBeanInfo() {
MBeanAttributeInfo[] attr = new MBeanAttributeInfo[] {
new MBeanAttributeInfo("TransactionCount", "int", "Total transactions", true, false, null),
new MBeanAttributeInfo("AverageLatency", "double", "Average call duration", true, false, null)
};
return new MBeanInfo(this.class, "Transaction Metrics", attr, new MBeanOperationInfo[0]);
}
}
Security Hardening
SSL/TLS Configuration
-Dcom.sun.management.jmxremote.ssl=true
-Djavax.net.ssl.keyStore=/opt/jmx/keystore.jks
-Djavax.net.ssl.trustStore=/opt/jmx/truststore.jks
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
Enable strong encryption and client certificate authentication
Access Control
readwrite=MonitorUser,Developer
query=ReadOnlyUser,QA
readonly=ReadOnlyUser
Use role-based access control in jmxremote.access file
Performance Tuning
GC Optimization
G1 Parameters
-XX:+UseG1GC
-XX:MaxGCPauseMillis=200
-XX:ParallelGCThreads=8
-XX:ConcGCThreads=4
Pause Analysis
Recent GC pauses:
Full GC: 234ms (26 mins ago)
Young GC: 89ms (9 mins ago)
Common Issues
Connection Refused
Verify Rmi registry is running and port 3700 is open
netstat -an | grep 12345
telnet localhost 12345
Authentication Failures
Check file permissions for jmxremote.password and verify credentials match:
chmod 600 jmxremote.password
chown java:java jmxremote.*