Prerequisites for the JMX Monitoring Agent
This page describes the prerequisites to successfully install and run the Nodinite JMX Monitoring Agent to Monitor JVM CPU and Memory.
Software Requirements
The Nodinite JMX Monitoring Agent is a hosted Windows Service using NSSM and is usually installed on the JVM application server.
| Product | Version/Edition |
|---|---|
| Windows Server with IIS | Windows 2025Windows 2022Windows 2019Windows 2016Windows 2012 R2 |
| ASP.NET Core Runtime v6 Hosting Bundle | .NET 6 |
| JVM | OpenJDK |
| NSSM | Download |
For obvious reasons, JMX Monitoring must be enabled in the JVM Application to monitor.
Below is an example configuration with parameters to enable JMX Monitoring using an unauthenticated connection not using SSL on a Java Application:
java -Dcom.sun.management.jmxremote.port=5002
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-jar $ACME_HOME/lib/AcmeApp_v1337.jar server start
Firewall
Depending on where you install the Nodinite JMX Monitoring Agent with respect to Nodinite Monitoring Service and your JMX instance you may need different firewall configurations on different servers. The following illustration shows the agent installed on its own server.
The Nodinite JMX Monitoring Agent has both inbound and outbound communication:
- Between the Nodinite Monitoring Service and the Nodinite JMX Monitoring Agent.
- Between the Nodinite JMX Monitoring Agent and the Java Spring Boot Application (Gateway).
- Between the Nodinite Java Spring Boot Application (Gateway) and the JVM Application.
1. Between the Monitoring Service and JMX Monitoring Agent
Server types: Nodinite Server (Monitoring Service), Agent Server (JMX Monitoring Agent hosted in IIS).
The following ports must be allowed on the Windows server where the agent is installed and running:
| Direction | Source | Destination | Protocol | Port(s) | Purpose | Notes |
|---|---|---|---|---|---|---|
| Inbound | Nodinite Server | Agent Server (IIS) | TCP | 80 (HTTP), 443 (HTTPS) | Monitoring Service communication | Port depends on IIS configuration |
| Outbound | Agent Server (IIS) | Nodinite Server | TCP | 80 (HTTP), 443 (HTTPS) | Response traffic | Allowed automatically by stateful firewalls |
Tip
Custom Ports: The JMX Monitoring Agent is hosted in IIS and uses HTTP/HTTPS bindings. If you use SSL/TLS or custom ports (e.g., 8080, 8443), adjust the firewall rules accordingly.
Tip
Local Installation: If the JMX Monitoring Agent and Monitoring Service run on the same server, firewall rules are typically not required for this communication (loopback traffic).
2. Between the JMX Monitoring Agent and Spring Boot Gateway
Server types: Agent Server (JMX Monitoring Agent in IIS), Gateway Server (Spring Boot .jar package hosting JMX API Gateway).
The JMX Monitoring Agent communicates with the Spring Boot Java application (JMX API Gateway) to retrieve monitoring data.
| Direction | Source | Destination | Protocol | Port(s) | Purpose | Notes |
|---|---|---|---|---|---|---|
| Outbound | Agent Server (IIS) | Gateway Server (Spring Boot) | TCP | 8080 | JMX API Gateway communication | Default port for Spring Boot |
| Inbound | Gateway Server (Spring Boot) | Agent Server (IIS) | TCP | 8080 | Response traffic | Allowed automatically by stateful firewalls |
Tip
Local Gateway: The Spring Boot Gateway is most likely installed on the same server as the JMX Monitoring Agent (local communication on 127.0.0.1). Firewalls should normally not block this loopback communication.
Tip
Custom Gateway Port: The Spring Boot Gateway port can be configured in the application properties. If you use a custom port (e.g., 9000), adjust the agent configuration and firewall rules accordingly.
3. Between the Spring Boot Gateway and JVM Applications
Server types: Gateway Server (Spring Boot JMX API Gateway), JVM Server (target Java application with JMX enabled).
The Spring Boot Gateway connects to target JVM applications via JMX to collect monitoring data.
| Direction | Source | Destination | Protocol | Port(s) | Purpose | Notes |
|---|---|---|---|---|---|---|
| Outbound | Gateway Server (Spring Boot) | JVM Server | TCP | 5002 (default) | JMX connection to JVM | Port depends on JMX configuration |
| Inbound | JVM Server | Gateway Server (Spring Boot) | TCP | 5002 (default) | Response traffic | Allowed automatically by stateful firewalls |
Tip
JMX Port Configuration: The actual port depends on the JMX Monitoring configuration for your JVM application (e.g.,
-Dcom.sun.management.jmxremote.port=5002). Common JMX ports include 5002, 9999, 7199 (Cassandra), 9010 (Kafka).
Tip
Multiple JVM Instances: If monitoring multiple JVM applications, each requires its own unique JMX port. Ensure the Spring Boot Gateway has outbound connectivity to all configured JMX ports.
Tip
JMX Authentication and SSL: For production environments, enable JMX authentication and SSL/TLS encryption. This may require additional certificate configuration and firewall rules for secure JMX communication.
Note
DNS Resolution: All servers (Agent Server, Gateway Server, and JVM Servers) require outbound access to DNS on TCP/UDP port 53 for name resolution. You can optionally solve this using entries in the local
hostsfile on each server.
Important
Stateful Firewalls: Most modern Windows Firewall implementations are stateful, meaning inbound response traffic for established outbound connections is automatically allowed. The inbound rules listed above are primarily for reference and troubleshooting scenarios where stateful inspection may be disabled or restricted.
Frequently asked questions
Additional solutions to common problems and the FAQ for the Nodinite JMX Monitoring agent exist in the Troubleshooting user guide.
Next Step
Installing the JMX Monitoring Agent
Add or manage a Monitoring Agent Configuration