Running VisualVM to Examine a JVM on a Remote Host Via an SSH Tunnel/Proxy Connection

VisualVM is a great tool for peering into a running JVM.  In many cases, it won’t be one that is running on your local box.
The first thing to be done is to get jstatd running on the remote machine:
Create a security policy file on the remote machine (this assumes that you have an additional layer of security and that the outside world cannot access these ports and/or you have a VPN set-up and you are operating in that enclave):
$ cd ~

$ more jstatd.all.policy

grant codebase “file:${java.home}/../lib/tools.jar” {

   permission java.security.AllPermission;

};
Next run jstatd on the remote machine:
$ jstatd -J-Djava.security.policy=/fully/qualified/path/to/jstatd.all.policy
On the local machine set up an SSH connection through which you will tunnel your VisualVM connection:
$ ssh -D localhost:9696 rchapin@remote.machine.to.proxy.to
On the local machine fire up jvisualvm
$ jvisualvm
Go to:  Tools > Options > Network:
Check ‘Manual proxy settings’:
Add localhost and port 9696 to the SOCKS Proxy setting
Under the Applications Tab, Right-click on ‘Remote’ and select ‘Add Remote Host’
Add the remote user name or ip (if you are running the RMI registry on a different port select Advanced and configure as necessary).
Once added the remote JVMs that are running as the same user as your local user will be displayed and you can connect to them as normal

Leave a Reply