Symantec Access Management

 View Only
Expand all | Collapse all

Troubleshooting CA Solutions under Oracle JDK with Jvisualizer & Jconsole

  • 1.  Troubleshooting CA Solutions under Oracle JDK with Jvisualizer & Jconsole

    Posted Jul 19, 2018 07:36 PM

    Team,

     

    Oracle JDK has two useful embedded GUI tools that you may find of value.

    - Notes:   These tools do NOT have historical trending AND have a performance impact.   

              -  {Recommend careful use for debugging on production systems}

    Ref:  Using JConsole - Java SE Monitoring and ManagementGuide 

    Ref: Java VisualVM 

     

     

     

     

     

    If you are able to run these processes (on MS Windows or Linux/Unix) OS within the same user context as the JVM, then you will easily be able to use these tools.

     

    The below steps are how to use these two (2) if you do not run the JVM under the same user context, as you would execute these two (2) JVM tools.    These steps may use remote JDK or the same JDK as the JVM are using.

     

    As a challenge, we can use the harden CA Identity Suite virtual appliance (vApp), where only the "config" user ID is available as the login user; and that the JVM of four (4) components are managed by a daemon process under the "wildfly" user ID.

     

    Note:  If the server is a Linux/Unix, and you have access to the "root" account, you may ignore the different user context challenge.

     

    To enable use of the two (2) tools, it is necessary to enable a few additional JVM switches.

    -  The first four will assist you with testing with the two (2) tools for local access.

    - If you use MobaTerm, for SSH/X11 access, you will be able to immediate use these processes.

    - The last (fifth) switch is needed if a different user context must be used, or remote access is required.

    -   After restarting the JVM, check with netstat -an | grep port_number  that it is LISTEN on all NICs (0.0.0.0)

     

    -Dcom.sun.management.jmxremote=true

    -Dcom.sun.management.jmxremote.local.only=false

    -Dcom.sun.management.jmxremote.authenticate=false

     -Dcom.sun.management.jmxremote.ssl=false

    -Dcom.sun.management.jmxremote.port=29990                   [Pick a free port not being used by any application]

     

    See example for the CA Identity Manager solution, with the provided custom JVM options for arguments.

     

    For remote access, confirm the new JMX port (29990) is available on all NICs (0.0.0.0)

     

     

     

    Goal/Outcome:

     

     

    Example with Jvisualvm 

    - (Screen on left is run under user context locally;   screen on right is accessed remotely by a different user context)

     

     

     

     

     

     

     

     

     

     

     

    Example with Jconsole:

    - (Screen on left is run under user context locally;   screen on right is accessed remotely by a different user context)

     

     

    Need to add in Remote process to the port 29990.

     

     

     

     

     

    If you find this of value or have additional hints, forward away.

     

     

     

    Cheers, 

     

    Alan

     

     

     

     

    PS.   For X11 use with Linux,  recommend the use of Mobaterm (built-in X11/SSH)  or Putty w/ XMing .



  • 2.  Re: Troubleshooting CA Solutions under Oracle JDK with Jvisualizer & Jconsole

    Posted Jul 19, 2018 07:50 PM