Monitoring Identity Manager by JMX

MonitoringIdentity Manager by JMXTakayuki OkazakiSolutions Architect, Software Practicehttp://blogs.sun.com/okazaki

http://blogs.sun.com/okazaki

Copyright © 2007 Sun Microsystems K.K. 2

GOAL

Understanding JMX monitoring featurewhich introduced from Identity Manager7.0


NOTICE

• This is NOT officially verified documentof Identity Manager. All information in thisdocument are based upon personalresearch.


Agenda• About JMX• Identity Manager and JMX• Configuration instruction• Demo• TIPS


About JMX• Standard API for monitoring and managing JVM,

services, and applications.> JSR 3: Java Management Extensions (JMX)

• Monitoring and Managing from remote client> JSR 160: JMX Remote API

• Target use case of JMX> Referring and modifying application configuration> Gathering statistics about the application> Notify error or status change


Benefit of JMX• Lightweight• Secure• Scalable monitoring & management architecture• Easy to engage existing management solutions (like

SNMP, WBEM)


Scopeof JMX Specifications


What canmonitor by JMX?• Java VM> OS and environment, JVM options, Memory and

Garbage collection, Threads

• Web Container> Performance statistics, Cache, status of a connections,

Connection pool, Thread pool

• Application> All exposed MBeans(Managed bean)


Example

Memory

Class

Thread

CPU


More use case• Notify events to JMX clients> Errors and warnings> Status change

• Invoking operations> Garbage collection> Test connection> State change

• Advanced use case> Self tuning and self management (like GlassFish v2)


JMXRemote and Security• Authentication> UserId/Password authentication by MBean server

• Protecting connection> TLS and SSL

Authentication through userid/pwd


SNMPand JMX• Several MBeans are monitored through SNMP> http://java.sun.com/javase/6/docs/technotes/guides/man

agement/snmp.html

• JVM related info can be monitored by SNMP> OS and environment, classpath and JMV options, JIT,

classloader, threads, GC, memory, memory pool andlogging


JMX tools• JConsole> Bundled with JDK 5 or later

• MC4J (http://mc4j.org)> Open source monitoring tool

• Sun Java System Management Framework> Bundled with Java ES 5> Opensourced: http://proctor.dev.java.net

• More..> HP Openview, AdventNet ManagemeEngine Applications

Manager, ...

http://proctor.dev.java.net/


JConsole• Graphical management tool• You can develop additional plugin for JConsole


Identity Manager and JMX• Support starts from Identity Manager 7.0• Status of cluster/server, Scheduler, information

about Resources, status of ActiveSync


Cluster

Attribute name Description

List of active IDM servers

List of known IDM servers

Most recent list of failed IDM servers

Alive Is polling thread alive?

ActiveServers

KnownServers

NewlyFailedServers

PollingInterval Polling interval (in milli-seconds)

ObjectName=IDM:type=Cluster


Example: ClusterObjectName=IDM:type=Cluster


Servers


Date of server created

Creator Name of user who create this server

Deleted Is this object deleted?

Most recent heart beat time

Status of this server

CreateDate

Heartbeat・HeartbeatDate

State・StateString

ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”

ObjectName=IDM:type=Server


Name Name of the server

Status of this serverStatus・StatusDisplay


Example: Servers

All servers arelisted

Same server to JMXserver

ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”

ObjectName=IDM:type=Server


Resources


Date of resource creation

Creator Creator user name

Deleted Is this object deleted?

Last modified date

Most recent activity

Most recent activity date

CreateDate

LastModificationDate

MostRecentActivity

MostRecentActivityDateMostRecentActivityDateMS

ObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”

Test connection to each resource feature availble.


Example: ResourcesObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”

All resource type/resources are listed


Connection test (IDM->Resource)Success case Invoke test connection

Failure case


ActiveSync


Progress string

Error string

Last modification number

Last modification date

Last start time

Status of this active sync

ProgressString

ErrorStatusString

LastPollAttempt Last ActiveSync date

NextPollAttempt Next ActiveSync date

LastModNum

LastModDate

LastKnownServer Last server name which starts this ActiveSync

LastStartTime

State, StateString

ObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<resource name>”


Example: ActiveSyncObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<Resource name>”

All ActiveSyncs which is:- currently running- failure or scheduled


SPE SyncObjectName=IDM:type=Cluster,service=Synchronization,component=SPE SyncresType=”<Resource type>”,name=”<Resource Name>”


Progress string

Error string

Last SPE Sync date

Next SPE Sync date

Last modification number

Last modification date

Last server name which starts this SPE Sync

Last start time

Status of this SPE sync

ProgressString

ErrorStatusString

LastPollAttempt

NextPollAttempt

LastModNum

LastModDate

LastKnownServer

LastStartTime

State, StateString


Scheduler 1 of 2

Attributes Description

Cycles ?

?

?

?

?

?

?

?

?

ErrorCount

ExpiredCount

FinishedCycleCounter

FinishedCycleTIme

LaunchedCount

ReadyCount

ReadyCycleCounter

ReadyCycleTime

ObjectName=IDM:type=Scheduler


Scheduler 2 of 2


Most recent heart beat time

?

?

Status of scheduler

MostRecentHeartbeat

ScheduledCycleCounter

ScheduledCycleTime

Status・StatusDisplay

ObjectName=IDM:type=Scheduler


Example: SchedulerObjectName=IDM:type=Scheduler


Event notification

Heart beat events are notified ifyou subscribe to Scheduler event


Configuration• Identity Manager• Application Server• JConsole


Identity Manager 1 of 2(1) Settings

(2) Servers

(3) Click your server


Identity Manager 2 of 2

(1) JMX

(2) Turn off default setting

(3)Turn on JMX


Application Server

Turn off if you want touse JConsole

Admin Service

Authentication realm

Memorize Port number


JConsole 1 of 2

JConsole bundled with JDK 5

JConsole bundled with JDK 6

Remote process


JConsole 2 of 2

JMX URLservice:jmx:rmi:///jndi/rmi://<hostname>:<port>/management/rmi-jmx-connector

User name and password

Default setting of Sun Java System App Serveris “admin-realm”, which is same user of appserver administrator (default user name:“admin”)


Demo environment

idm1

idmdb

idm2resource1

resource2

Solaris Container

JConsole


Monitoring fromcommand line• Most customers already have corporate standard

monitoring tool, but it may not supports JMX• Most monitoring tools have a capability to invoking

monitoring command• Using scripting languages which running on Java> JRuby, JavaScript, Groovy, Pnuts, (JavaFX!)... etc> Easy to customize


Example: JRuby#!/usr/bin/env jruby

include Javainclude_class 'javax.management.ObjectName'include_class 'javax.management.remote.JMXConnectorFactory'include_class 'javax.management.remote.JMXServiceURL'

jmxurl = 'service:jmx:rmi:///jndi/rmi://idm1:8686/jmxrmi'username, password = 'admin', 'adminadmin'

svcurl = JMXServiceURL.new(jmxurl)cred = java.lang.String[2].newcred[0], cred[1] = username, passwordenv = {'jmx.remote.credentials' => cred}conn = JMXConnectorFactory.connect(svcurl, env).getMBeanServerConnectionnames = conn.query_names(ObjectName.new('IDM:type=Cluster,service=Synchronization,component=ActiveSync,*'), nil)

names.each do |name|cname = name.get_canonical_nameif /name="(.+?)",resType="(.+?)"/ =~ cnameputs "Resource Type: #{$2}, Name: #{$1}, ”+ “Status: #{conn.get_attribute(name, 'StateString')}"

endend

Resource Type: FlatFileActiveSync, Name: My FlatFile, Status: downResource Type: LDAP, Name: SPE End-User Directory, Status: down

Gathering ActiveSync Status


Information• Custom JMX clinet using JRuby (Japanese)> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_

using_jruby> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_

using_jruby1

Takayuki [email protected]://blogs.sun.com/okazaki

JMXによるIdentity Managerシステムの監視

mailto:[email protected]

Monitoring Identity Manager by JMX

Technology

jmx identity manager

jmx support

jconsole copyright

connection test idmresource

jmx tools jconsole

useridpwd copyright

wbem copyright

logging copyright