How to manually configure security for remote JMX for Windows

During the N4 installation, you can choose the option to enable security for JMX monitoring. If you did not choose this option during the installation, you can manually enable security with the settings below.

In order to enable secure remote access to JMX, you must have a valid Java SSL keystore file, and set up authentication credentials (user names and passwords). For detailed instructions, see Oracle's Java SE Documentation on Monitoring and Management Using JMX Technology (https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html).

To configure security on a Windows machine:

Configure the password and access files. When setting up the access and password files, make sure the path to the access and password files does not contain spaces or quotation marks.

  1. Secure the access and password files.

  1. Find the Tomcat service (for example, n4clusterw.exe).

  2. Right-click on the file and select 'Run as administrator.'

  3. Select the Java tab. Under Java Options, then add the following options to the JVM parameters on your Tomcat service:

-Dcom.sun.management.jmxremote.port=9019 --for N4

-Dcom.sun.management.jmxremote.authenticate=true

-Dcom.sun.management.jmxremote.ssl=true

-Dcom.sun.management.jmxremote.access.file=<conf-path>/access.properties

-Dcom.sun.management.jmxremote.password.file=<conf-path>/password.properties

  1. Click OK.

  2. Restart the Tomcat service.

After you have enabled remote JMX security, then remote JMX clients must connect using SSL and authentication options according to JSR-160 (https://www.jcp.org/en/jsr/detail?id=160). For each client application that you use for JMX monitoring, check the documentation provided by the application provider.