Wednesday, December 15, 2010

Java VisualVM - Remote Display, Firewall-Protected, Offline Environment

VisualVM can be used for remote monitoring of Java applications. Things work fine for an environment without firewall "interference". For folks that are fortunate enough to have the protection of a firewall, here's a trick which worked for me, and may work for you.

Basically, I used SSH + X-Windows to view the VisualVM GUI on my local PC. In my current company's testing environment, SSH access is given and certain number of ports e.g. 80-90 (HTTP), 443-449 (HTTPS) are open for access as well. The rest are inaccessible i.e. blocked by firewall. No doubt firewall ports can be opened to allow RMI traffic essential for VisualVM to connect to the remote machine, but due to the nature of the out-of-the-box RMI implementation that dynamically assigns its port numbers, ports assigned are only valid for that particular time. A restart will have different ports assigned. There are ways to go around this behaviour, but exploring this option is out of the scope of this blog entry.

So the tools I used: Putty (for SSH), NetSarang's Xmanager2 (for X-Windows display), and of course, Sun JDK6 (u21).

First, I run Putty to access Machine A (Linux box) via SSH. Xmanager2 is also running in the background in Passive mode. At the Putty console, I ran the command below to enable X-Window display on my PC (assuming IP=

export DISPLAY=

Then just run VisualVM on Machine A. On Machine A (could be different in your own environment):

/usr/java/jdk1.6.0_21/bin/jvisualvm &

The VisualVM GUI will then appear on my PC, but running on Machine A. So you can just "remotely" monitor your Java applications running on Machine A as a local client.

But unfortunately, the stock VisualVM application that comes with Sun JDK6 doesn't have the MBeans viewer plugin installed. And Machine A does not have access to the Internet, so online installation of the plugin is not possible. But fortunately, the plugin files (*.nbm) can be downloaded and installed offline (

So that's it. I will be using the MBeans viewer to monitor my application's Tomcat database connection pool, after I'm done converting from Apache DBCP to Tomcat Jdbc Pool. More on this later.

If there's no firewall to make this complicated, you can add this to your Java application startup command:

This will disable SSL and authentication (username/password). You can then use VisualVM to connect to the remote machine.

No comments: