Monitoring Identity Manager by JMX

transcript

MonitoringIdentity Manager by JMXTakayuki OkazakiSolutions Architect, Software Practicehttp://blogs.sun.com/okazaki

Understanding JMX monitoring featurewhich introduced from Identity Manager7.0

NOTICE

• This is NOT officially verified documentof Identity Manager. All information in thisdocument are based upon personalresearch.

Agenda• About JMX• Identity Manager and JMX• Configuration instruction• Demo• TIPS

About JMX• Standard API for monitoring and managing JVM,

services, and applications.> JSR 3: Java Management Extensions (JMX)

• Monitoring and Managing from remote client> JSR 160: JMX Remote API

• Target use case of JMX> Referring and modifying application configuration> Gathering statistics about the application> Notify error or status change

Benefit of JMX• Lightweight• Secure• Scalable monitoring & management architecture• Easy to engage existing management solutions (like

SNMP, WBEM)

Scopeof JMX Specifications

What canmonitor by JMX?• Java VM> OS and environment, JVM options, Memory and

Garbage collection, Threads

• Web Container> Performance statistics, Cache, status of a connections,

Connection pool, Thread pool

• Application> All exposed MBeans(Managed bean)

Example

Memory

Thread

More use case• Notify events to JMX clients> Errors and warnings> Status change

• Invoking operations> Garbage collection> Test connection> State change

• Advanced use case> Self tuning and self management (like GlassFish v2)

JMXRemote and Security• Authentication> UserId/Password authentication by MBean server

• Protecting connection> TLS and SSL

Authentication through userid/pwd

SNMPand JMX• Several MBeans are monitored through SNMP> http://java.sun.com/javase/6/docs/technotes/guides/man

agement/snmp.html

• JVM related info can be monitored by SNMP> OS and environment, classpath and JMV options, JIT,

classloader, threads, GC, memory, memory pool andlogging

JMX tools• JConsole> Bundled with JDK 5 or later

• MC4J (http://mc4j.org)> Open source monitoring tool

• Sun Java System Management Framework> Bundled with Java ES 5> Opensourced: http://proctor.dev.java.net

• More..> HP Openview, AdventNet ManagemeEngine Applications

Manager, ...

JConsole• Graphical management tool• You can develop additional plugin for JConsole

Identity Manager and JMX• Support starts from Identity Manager 7.0• Status of cluster/server, Scheduler, information

about Resources, status of ActiveSync

Cluster

Attribute name Description

List of active IDM servers

List of known IDM servers

Most recent list of failed IDM servers

Alive Is polling thread alive?

ActiveServers

KnownServers

NewlyFailedServers

PollingInterval Polling interval (in milli-seconds)

ObjectName=IDM:type=Cluster

Example: ClusterObjectName=IDM:type=Cluster

Servers

Date of server created

Creator Name of user who create this server

Deleted Is this object deleted?

Most recent heart beat time

Status of this server

CreateDate

Heartbeat・HeartbeatDate

State・StateString

ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”

ObjectName=IDM:type=Server

Name Name of the server

Status of this serverStatus・StatusDisplay

Example: Servers

All servers arelisted

Same server to JMXserver

ObjectName=IDM:type=Cluster,service=Server,name=”<Server name>”

ObjectName=IDM:type=Server

Resources

Date of resource creation

Creator Creator user name

Deleted Is this object deleted?

Last modified date

Most recent activity

Most recent activity date

CreateDate

LastModificationDate

MostRecentActivity

MostRecentActivityDateMostRecentActivityDateMS

ObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”

Test connection to each resource feature availble.

Example: ResourcesObjectName=IDM:type=Cluster,service=Resource,resType=”<Resource type>”,name=”<Resource name>”

All resource type/resources are listed

Connection test (IDM->Resource)Success case Invoke test connection

Failure case

ActiveSync

Progress string

Error string

Last modification number

Last modification date

Last start time

Status of this active sync

ProgressString

ErrorStatusString

LastPollAttempt Last ActiveSync date

NextPollAttempt Next ActiveSync date

LastModNum

LastModDate

LastKnownServer Last server name which starts this ActiveSync

LastStartTime

State, StateString

ObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<resource name>”

Example: ActiveSyncObjectName=IDM:type=Cluster,service=Synchronization,component=ActiveSyncresType=”<Resource type>”,name=”<Resource name>”

All ActiveSyncs which is:- currently running- failure or scheduled

SPE SyncObjectName=IDM:type=Cluster,service=Synchronization,component=SPE SyncresType=”<Resource type>”,name=”<Resource Name>”

Progress string

Error string

Last SPE Sync date

Next SPE Sync date

Last modification number

Last modification date

Last server name which starts this SPE Sync

Last start time

Status of this SPE sync

ProgressString

ErrorStatusString

LastPollAttempt

NextPollAttempt

LastModNum

LastModDate

LastKnownServer

LastStartTime

State, StateString

Scheduler 1 of 2

Attributes Description

Cycles ?

ErrorCount

ExpiredCount

FinishedCycleCounter

FinishedCycleTIme

LaunchedCount

ReadyCount

ReadyCycleCounter

ReadyCycleTime

ObjectName=IDM:type=Scheduler

Scheduler 2 of 2

Most recent heart beat time

Status of scheduler

MostRecentHeartbeat

ScheduledCycleCounter

ScheduledCycleTime

Status・StatusDisplay

ObjectName=IDM:type=Scheduler

Example: SchedulerObjectName=IDM:type=Scheduler

Event notification

Heart beat events are notified ifyou subscribe to Scheduler event

Configuration• Identity Manager• Application Server• JConsole

Identity Manager 1 of 2(1) Settings

(2) Servers

(3) Click your server

Identity Manager 2 of 2

(1) JMX

(2) Turn off default setting

(3)Turn on JMX

Application Server

Turn off if you want touse JConsole

Admin Service

Authentication realm

Memorize Port number

JConsole 1 of 2

JConsole bundled with JDK 5

JConsole bundled with JDK 6

Remote process

JConsole 2 of 2

JMX URLservice:jmx:rmi:///jndi/rmi://<hostname>:<port>/management/rmi-jmx-connector

User name and password

Default setting of Sun Java System App Serveris “admin-realm”, which is same user of appserver administrator (default user name:“admin”)

Demo environment

idm2resource1

resource2

Solaris Container

JConsole

Monitoring fromcommand line• Most customers already have corporate standard

monitoring tool, but it may not supports JMX• Most monitoring tools have a capability to invoking

monitoring command• Using scripting languages which running on Java> JRuby, JavaScript, Groovy, Pnuts, (JavaFX!)... etc> Easy to customize

Example: JRuby#!/usr/bin/env jruby

include Javainclude_class 'javax.management.ObjectName'include_class 'javax.management.remote.JMXConnectorFactory'include_class 'javax.management.remote.JMXServiceURL'

jmxurl = 'service:jmx:rmi:///jndi/rmi://idm1:8686/jmxrmi'username, password = 'admin', 'adminadmin'

svcurl = JMXServiceURL.new(jmxurl)cred = java.lang.String[2].newcred[0], cred[1] = username, passwordenv = {'jmx.remote.credentials' => cred}conn = JMXConnectorFactory.connect(svcurl, env).getMBeanServerConnectionnames = conn.query_names(ObjectName.new('IDM:type=Cluster,service=Synchronization,component=ActiveSync,*'), nil)

names.each do |name|cname = name.get_canonical_nameif /name="(.+?)",resType="(.+?)"/ =~ cnameputs "Resource Type: #{$2}, Name: #{$1}, ”+ “Status: #{conn.get_attribute(name, 'StateString')}"

endend

Resource Type: FlatFileActiveSync, Name: My FlatFile, Status: downResource Type: LDAP, Name: SPE End-User Directory, Status: down

Gathering ActiveSync Status

Information• Custom JMX clinet using JRuby (Japanese)> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_

using_jruby> http://blogs.sun.com/nishigaya/entry/custom_jmx_client_

using_jruby1

Takayuki Okazakitakayuki.okazaki@sun.comhttp://blogs.sun.com/okazaki

JMXによるIdentity Managerシステムの監視

Monitoring Identity Manager by JMX

Technology