Profiling JVM Applications remotely using VisualVM

communicating between VisualVM and JVM applications by jstatd or JMX

VisualVM main window

Java Platform is one of the eldest and famous developments and deployment platforms for desktop and server applications. The most important component of this platform is Java Virtual Machine (JVM) which has the responsibility of running Java bytecode. There are several famous programming languages (e.g. Scala, Kotlin, Clojure, Jython, JRuby and …) that compile to Java bytecode and run on top of JVM and use the capabilities of this mature runtime environment. Java Platform is used in many industries including manufacturing, automotive, insurance, and the public sector, therefore, many desktop and server applications that run on top of JVM all over the world.

Why profiling applications is important

According to Wikipedia definition:

In software engineering, profiling (“program profiling”, “software profiling”) is a form of dynamic program analysis that measures, for example, the space (memory) or time complexity of a program, the usage of particular instructions, or the frequency and duration of function calls. Most commonly, profiling information serves to aid program optimization.

Profilers help us to find problems like memory leaks, performance problems and … at runtime and maybe in the production. Usually, we can not find this kind of problem during development on the development machine.

JVM Profiling tools

There are several great JVM profiler (free and commercial) like JProfiler, YourKit, VisualVM and … but in this article, I am going to write about VisualVM.

VisualVM is a simple, powerful, free and official profiling tool for JVM applications. Since JDK version 6 update 7 until early updates of JDK version 8 is bundled with the Java Development Kit (JDK) but after that, it releases separately as a standalone program. By VisualVM you can connect to local and remote JVM applications and monitor them.

VisualVM Applications window

When you start VisualVM, all local JVM applications are identified by default but for remote JVM applications, you need to connect to them by jstatd or JMX.

How to profiling JVM applications remotely using VisualVM

There are two ways to connect a remote JVM application to VisualVM: Either using jstatd or Java Management Extensions (JMX).

The jstatd program is an RMI server that bundled with the JDK and monitors JVM and provides an interface to allow remote monitoring tools to attach to JVM running on the localhost. You should start jstatd on the target machine and VisualVM will connect to it to get profiling data about the remote JVM.

JMX technology can be used to monitor and manage any JVM applications that are running in either a local or a remote JVM.

How to run the jstatd server on the target machine

The jstatd server needs native access permissions and requires a security policy file specified with the “java.security.policy” system property, if no security manager running on my machine. You should create a security policy file (I called it tools.policy) for the JVM containing:

grant {

permission java.security.AllPermission;

};

Now, you will be able to start the jstatd program:

jstatd -p 1089 -J-Djava.security.policy=tools.policy

Now jstatd is running and waiting at port 1089 for RMI protocol connections from remote machines by VisualVM.

This approach has some limitations in monitoring like no CPU usage monitoring, not possible to run the Sampler and take thread dumps.

How to prepare a target JVM application for JMX communication

VisualVM will automatically detect and connect to JVM applications that are running on version 6 of the JDK or that have been started with the correct system properties on version 5.0 (but there are cases in which VisualVM cannot automatically discover and connect to JMX agents) then you just need to start the JVM application with some system properties:

java -Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.port=1089 \

-Dcom.sun.management.jmxremote.ssl=false \

-Dcom.sun.management.jmxremote.authenticate=false \

YourJavaAppAndOtherParams

In the command above, the JVM application is launched and out-of-the-box monitoring and management capability configured via port 1089 and SSL encryption and Password authentication are deactivated.

Securing connection using SSH or VPN

You should secure communication between VisualVM and the JVM application if you are in the public network.

The easiest way to secure the environment is to use a VPN or secure connection by setting up an SSH tunnel with SOCKS proxy. You can follow this link to know more about that.

Advantage and disadvantage of each approach

I prefer the JMX approach because we don’t need to run any server on the target machine and also by using JMX we will give the full power of VisualVM (no limitations in monitoring capabilities).