View
3.908
Download
5
Category
Tags:
Preview:
Citation preview
MonitoringIdentity Manager by JMXTakayuki OkazakiSolutions Architect, Software Practicehttp://blogs.sun.com/okazaki
Copyright © 2007 Sun Microsystems K.K. 2
GOAL
Understanding JMX monitoring featurewhich introduced from Identity Manager7.0
Copyright © 2007 Sun Microsystems K.K. 3
NOTICE
• This is NOT officially verified documentof Identity Manager. All information in thisdocument are based upon personalresearch.
Copyright © 2007 Sun Microsystems K.K. 4
Agenda• About JMX• Identity Manager and JMX• Configuration instruction• Demo• TIPS
Copyright © 2007 Sun Microsystems K.K. 5
About JMX• Standard API for monitoring and managing JVM,
services, and applications.> JSR 3: Java Management Extensions (JMX)
• Monitoring and Managing from remote client> JSR 160: JMX Remote API
• Target use case of JMX> Referring and modifying application configuration> Gathering statistics about the application> Notify error or status change
Copyright © 2007 Sun Microsystems K.K. 6
Benefit of JMX• Lightweight• Secure• Scalable monitoring & management architecture• Easy to engage existing management solutions (like
SNMP, WBEM)
Copyright © 2007 Sun Microsystems K.K. 7
Scopeof JMX Specifications
Copyright © 2007 Sun Microsystems K.K. 8
What canmonitor by JMX?• Java VM> OS and environment, JVM options, Memory and
Garbage collection, Threads
• Web Container> Performance statistics, Cache, status of a connections,
Connection pool, Thread pool
• Application> All exposed MBeans(Managed bean)
Copyright © 2007 Sun Microsystems K.K. 9
Example
Memory
Class
Thread
CPU
Copyright © 2007 Sun Microsystems K.K. 10
More use case• Notify events to JMX clients> Errors and warnings> Status change
• Invoking operations> Garbage collection> Test connection> State change
• Advanced use case> Self tuning and self management (like GlassFish v2)
Copyright © 2007 Sun Microsystems K.K. 11
JMXRemote and Security• Authentication> UserId/Password authentication by MBean server
• Protecting connection> TLS and SSL
Authentication through userid/pwd
Copyright © 2007 Sun Microsystems K.K. 12
SNMPand JMX• Several MBeans are monitored through SNMP> http://java.sun.com/javase/6/docs/technotes/guides/man
agement/snmp.html
• JVM related info can be monitored by SNMP> OS and environment, classpath and JMV options, JIT,
classloader, threads, GC, memory, memory pool andlogging
Copyright © 2007 Sun Microsystems K.K. 13
JMX tools• JConsole> Bundled with JDK 5 or later
• MC4J (http://mc4j.org)> Open source monitoring tool
• Sun Java System Management Framework> Bundled with Java ES 5> Opensourced: http://proctor.dev.java.net
• More..> HP Openview, AdventNet ManagemeEngine Applications
Manager, ...
Copyright © 2007 Sun Microsystems K.K. 14
JConsole• Graphical management tool• You can develop additional plugin for JConsole
Copyright © 2007 Sun Microsystems K.K. 15
Identity Manager and JMX• Support starts from Identity Manager 7.0• Status of cluster/server, Scheduler, information
about Resources, status of ActiveSync
Copyright © 2007 Sun Microsystems K.K. 16
Cluster
Attribute name Description
List of active IDM servers
List of known IDM servers
Most recent list of failed IDM servers
Alive Is polling thread alive?
ActiveServers
KnownServers
NewlyFailedServers
PollingInterval Polling interval (in milli-seconds)
ObjectName=IDM:type=Cluster
Copyright © 2007 Sun Microsystems K.K. 17
Example: ClusterObjectName=IDM:type=Cluster
Copyright © 2007 Sun Microsystems K.K. 18
Servers
Attribute name Description
Date of server created
Creator Name of user who create this server
Deleted Is this object deleted?
Most recent heart beat time
Status of this server
CreateDate
Heartbeat・HeartbeatDate
State・StateString
ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”
ObjectName=IDM:type=Server
Attribute name Description
Name Name of the server
Status of this serverStatus・StatusDisplay
Copyright © 2007 Sun Microsystems K.K. 19
Example: Servers
All servers arelisted
Same server to JMXserver
ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”
ObjectName=IDM:type=Server
Copyright © 2007 Sun Microsystems K.K. 20
Resources
Attribute name Description
Date of resource creation
Creator Creator user name
Deleted Is this object deleted?
Last modified date
Most recent activity
Most recent activity date
CreateDate
LastModificationDate
MostRecentActivity
MostRecentActivityDateMostRecentActivityDateMS
ObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”
Test connection to each resource feature availble.
Copyright © 2007 Sun Microsystems K.K. 21
Example: ResourcesObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”
All resource type/resources are listed
Copyright © 2007 Sun Microsystems K.K. 22
Connection test (IDM->Resource)Success case Invoke test connection
Failure case
Copyright © 2007 Sun Microsystems K.K. 23
ActiveSync
Attribute name Description
Progress string
Error string
Last modification number
Last modification date
Last start time
Status of this active sync
ProgressString
ErrorStatusString
LastPollAttempt Last ActiveSync date
NextPollAttempt Next ActiveSync date
LastModNum
LastModDate
LastKnownServer Last server name which starts this ActiveSync
LastStartTime
State, StateString
ObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<resource name>”
Copyright © 2007 Sun Microsystems K.K. 24
Example: ActiveSyncObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<Resource name>”
All ActiveSyncs which is:- currently running- failure or scheduled
Copyright © 2007 Sun Microsystems K.K. 25
SPE SyncObjectName=IDM:type=Cluster,service=Synchronization,component=SPE SyncresType=”<Resource type>”,name=”<Resource Name>”
Attribute name Description
Progress string
Error string
Last SPE Sync date
Next SPE Sync date
Last modification number
Last modification date
Last server name which starts this SPE Sync
Last start time
Status of this SPE sync
ProgressString
ErrorStatusString
LastPollAttempt
NextPollAttempt
LastModNum
LastModDate
LastKnownServer
LastStartTime
State, StateString
Copyright © 2007 Sun Microsystems K.K. 26
Scheduler 1 of 2
Attributes Description
Cycles ?
?
?
?
?
?
?
?
?
ErrorCount
ExpiredCount
FinishedCycleCounter
FinishedCycleTIme
LaunchedCount
ReadyCount
ReadyCycleCounter
ReadyCycleTime
ObjectName=IDM:type=Scheduler
Copyright © 2007 Sun Microsystems K.K. 27
Scheduler 2 of 2
Attribute name Description
Most recent heart beat time
?
?
Status of scheduler
MostRecentHeartbeat
ScheduledCycleCounter
ScheduledCycleTime
Status・StatusDisplay
ObjectName=IDM:type=Scheduler
Copyright © 2007 Sun Microsystems K.K. 28
Example: SchedulerObjectName=IDM:type=Scheduler
Copyright © 2007 Sun Microsystems K.K. 29
Event notification
Heart beat events are notified ifyou subscribe to Scheduler event
Copyright © 2007 Sun Microsystems K.K. 30
Configuration• Identity Manager• Application Server• JConsole
Copyright © 2007 Sun Microsystems K.K. 31
Identity Manager 1 of 2(1) Settings
(2) Servers
(3) Click your server
Copyright © 2007 Sun Microsystems K.K. 32
Identity Manager 2 of 2
(1) JMX
(2) Turn off default setting
(3)Turn on JMX
Copyright © 2007 Sun Microsystems K.K. 33
Application Server
Turn off if you want touse JConsole
Admin Service
Authentication realm
Memorize Port number
Copyright © 2007 Sun Microsystems K.K. 34
JConsole 1 of 2
JConsole bundled with JDK 5
JConsole bundled with JDK 6
Remote process
Copyright © 2007 Sun Microsystems K.K. 35
JConsole 2 of 2
JMX URLservice:jmx:rmi:///jndi/rmi://<hostname>:<port>/management/rmi-jmx-connector
User name and password
Default setting of Sun Java System App Serveris “admin-realm”, which is same user of appserver administrator (default user name:“admin”)
Copyright © 2007 Sun Microsystems K.K. 36
Demo environment
idm1
idmdb
idm2resource1
resource2
Solaris Container
JConsole
Copyright © 2007 Sun Microsystems K.K. 37
Monitoring fromcommand line• Most customers already have corporate standard
monitoring tool, but it may not supports JMX• Most monitoring tools have a capability to invoking
monitoring command• Using scripting languages which running on Java> JRuby, JavaScript, Groovy, Pnuts, (JavaFX!)... etc> Easy to customize
Copyright © 2007 Sun Microsystems K.K. 38
Example: JRuby#!/usr/bin/env jruby
include Javainclude_class 'javax.management.ObjectName'include_class 'javax.management.remote.JMXConnectorFactory'include_class 'javax.management.remote.JMXServiceURL'
jmxurl = 'service:jmx:rmi:///jndi/rmi://idm1:8686/jmxrmi'username, password = 'admin', 'adminadmin'
svcurl = JMXServiceURL.new(jmxurl)cred = java.lang.String[2].newcred[0], cred[1] = username, passwordenv = {'jmx.remote.credentials' => cred}conn = JMXConnectorFactory.connect(svcurl, env).getMBeanServerConnectionnames = conn.query_names(ObjectName.new('IDM:type=Cluster,service=Synchronization,component=ActiveSync,*'), nil)
names.each do |name|cname = name.get_canonical_nameif /name="(.+?)",resType="(.+?)"/ =~ cnameputs "Resource Type: #{$2}, Name: #{$1}, ”+ “Status: #{conn.get_attribute(name, 'StateString')}"
endend
Resource Type: FlatFileActiveSync, Name: My FlatFile, Status: downResource Type: LDAP, Name: SPE End-User Directory, Status: down
Gathering ActiveSync Status
Copyright © 2007 Sun Microsystems K.K. 39
Information• Custom JMX clinet using JRuby (Japanese)> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_
using_jruby> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_
using_jruby1
Takayuki Okazakitakayuki.okazaki@sun.comhttp://blogs.sun.com/okazaki
JMXによるIdentity Managerシステムの監視
Recommended