Environment
NetIQ Operations Center
NetIQ AppManager Operations Portal
NetIQ AppManager Operations Portal
Situation
On Windows server NetIQ Operations Center (NOC) can be operated in two different ways. It can be loaded from GUI as a standard process, or it can be loaded automatically (or manually) as a service. From NOC functionality point of view, there is no difference between these two methods. However, for troubleshooting NOC server which is loaded as a service might turn into a kind of nightmare, because all Java VMs (mosimage, mosformula,..) get loaded in security context of the server itself, and so for monitoring they are neither " visible", nor reachable from Microsoft GUI, for example with standard Java monitoring/troubleshooting tools, like jconsole.exe, or jvisualvm.exe.
This TID explains what is needed to set, in order to make NOC Java VMs reachable for monitoring, even when VMs are loaded in o.s. server security context.
This TID explains what is needed to set, in order to make NOC Java VMs reachable for monitoring, even when VMs are loaded in o.s. server security context.
Resolution
The trick here is monitoring/debugging through remote access (also called remote process). Remote access is provided by com.sun.management.jmxremote class, using TCP/IP protocol. Java tools support this, and therefore all what is required here is to load each Java VM we want to monitor with additional remote access support and appropriate settings. This can be configured in NOC customizer, by modifying runtime options for given Java VM. For example for main mosformula process, "NOC Server Java Runtime Options" should be modified, and following entries should be added:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8484
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
First line above informs Java loader that extra class jmxremote should also be loaded. Second line is port number where Java VM should be listening, third and fourth lines can be used to set encryption and authentication. In our case we do not want to use these security features, therefore both parameters are set to false.
Once these parameters get added to runtime options, and saved, Java VM needs to be restarted. After that it is possible to access "hidden" Java VM from jconsole.exe or jvisualvm.exe, using their "remote process" or "remote application" option.
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8484
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
First line above informs Java loader that extra class jmxremote should also be loaded. Second line is port number where Java VM should be listening, third and fourth lines can be used to set encryption and authentication. In our case we do not want to use these security features, therefore both parameters are set to false.
Once these parameters get added to runtime options, and saved, Java VM needs to be restarted. After that it is possible to access "hidden" Java VM from jconsole.exe or jvisualvm.exe, using their "remote process" or "remote application" option.