Overview

The DirX Identity servers provide Java interfaces that permit them to be monitored via Java Management Extensions (JMX) technology. So do other Java applications that run in the DirX Identity environment, like the Apache Tomcat servlet container and the Apache ActiveMQ™ message broker. Because Nagios® IT monitoring software - a popular tool for monitoring the status of hardware, applications and services - supports JMX monitoring, it can be set up to monitor the state of DirX Identity servers and other Java applications and alert administrators when problems appear and also when problems are resolved.

Nagios supports the concept of "plugins" for managing the details of monitoring the different resources available in a given configuration: when provided with a set of input parameters, a plugin gathers some metric, compares it with the passed-in thresholds, and returns a status code (OK, WARNING, CRITICAL, or UNKNOWN) and an explanatory message. DirX Identity provides a set of Java-based plugins for checking the status of DirX Identity servers that can be integrated into the Nagios environment.

However, because Nagios calls to Java-based plugins can generate a significant amount of resource overhead (the Nagios Remote Procedure Executor (NRPE) starts a Java Virtual Machine (JVM) for every Java-based plugin execution), efficient use of Nagios for DirX Identity monitoring means integrating the Java NRPE (JNRPE) add-on into the Nagios environment. JNRPE is a replacement for NRPE that allows for execution of Nagios plugins on remote machines without incurring the overhead of many short-lived JVM instances.

The rest of this chapter describes the DirX Identity plugins for checking DirX Identity server status and the supported use case configuration scenarios. See the section "Background Documentation" for references to documents and links that provide more detail about Nagios and JNRPE functions, installation, configuration and plugins.

Background Documentation

The following documents and links provide additional details about the concepts and procedures referenced in this use case document. We recommend that you become familiar with the information in these documents before proceeding with the tasks described in this use case document.

http://www.nagios.org/ - provides information about Nagios software installation and configuration and Nagios plugins
http://www.jnrpe.it/ - provides information about JNRPE software installation and configuration and how to create JNRPE plugins.
http://jnrpe.sourceforge.net/jnrpe-plugins - provides information about for JNRPE plugins, such as CHECK_JMX and CHECK_TOMCAT
https://sourceforge.net/projects/yajsw/ - provides information about the Java Service Wrapper YAJSW
http://docs.oracle.com/javase/8/docs/technotes/guides/management/jconsole.html - provides usage information about Oracle’s JMX console (Jconsole)
DirX Identity Connectivity Administration Guide → chapter title "Managing DirX Identity Servers" - provides detailed information about managing the Java-based and C++-based Servers.

You can also consult the online help provided with DirX Identity Manager (click Help in a dialog or topic to access the online help).

DirX Identity Plugins

DirX Identity provides the following DirX Identity-specific plugins to be used by the JNRPE Server:

DXI_CHECK_JMX - a plugin for accessing the Java-based Identity Server and other JMX-enabled programs. This plugin is an extension of the standard JNRPE plugin CHECK_JMX that supports:
- Extended values for warning and critical thresholds. It supports the threshold syntax described in http://nagios-plugins.org/doc/guidelines.html#THRESHOLDFORMAT You can define the critical range to be less than or equal to 3 (:3) and the warning range to be less than or equal to 6 (:6), because 0 is the worst state and 10 is the best state for the Java-based Server. The standard CHECK_JMX plugin does not support this syntax.
- Severity levels for exceptions, which define whether an exception (for example, "counter not available" or "server not reachable") should be treated as UNKNOWN (u), CRITICAL (c), WARNING (w) or OK (o). For example, suppose you want to check a workflow counter like "number of erroneous workflow runs". If the workflow has never been started, no counter is available and an exception is thrown; it’s also thrown if the server is down or unreachable. In these instances, you don’t want to see an error, because nothing has gone wrong. To avoid this problem, you can use the severity level argument to specify that these cases should be treated as "OK". See the CHECK_WF_EXC command description in the section "CHECK_WF and CHECK_WF_EXC Commands" for more detail.
DXI_CHECK_CSERVER - a plugin for accessing the C++-based Identity Server using internal DirX Identity interfaces.

Configuration Scenarios

The services to be deployed to support this use case are:

Nagios Core™, version 4.0.8
JNRPE Server, version 2.0.5
JNRPE plugins, version 2.0.5
YAJSW 12.16
DirX Identity Servers, V8.10

You can run Nagios and the JNRPE Server on the same host or on different hosts. If the JNRPE Server is located on another host, the JNRPE port (usually 5666) must be accessible.

Nagios can access the JNRPE Server over a plain or an SSL-enabled connection via a call to jcheck_nrpe/s, which is a Java implementation of the Nagios check_nrpe utility. The next two figures illustrate these configurations.

Figure 1. Nagios and JNRPE on the Same Host with SSL Connection

Figure 2. Nagios and JNRPE on Different Hosts with Plain Connection

See the jcheck_nrpe documentation for details about its command line format. The section "Defining the JNRPE Call" in this use case provides information on how to configure the call in the Nagios environment.

You can use the JNRPE Server to monitor DirX Identity servers running on the same host or on remote hosts. If you want to monitor servers on other hosts, access to the port for JMX access on these hosts must be allowed.

What to Check in the DirX Identity Server Environment

The most important items to check are:

The state of a Java-based Server. See the section "CHECK_IDSJ Command" for details.
The state of a C++-based Server. See the CHECK_CSERV command in the section "CHECK_CSERV and CHECK_CSERVATT Commands" for details.
The outstanding messages of a specific adaptor running in a Java-based Server. See the CHECK_ADAPTORBYNAME command in the section "CHECK_ADAPTOR and CHECK_ADAPTORBYNAME Commands" for details.

For the Java-based Server, many additional checks can be configured. The CHECK_WF_EXC command described in "CHECK_WF and CHECK_WF_EXC Commands" is one example. The section “Identifying Java-based Server Attributes to Check" describes how to determine other Java-based server attributes to check. You can also use all of the standard checks provided with Nagios and JNRPE, such as CHECK_JMXMEM.

Here is an example of a status report displayed in the Nagios web interface from a check of a C++-based Server and a Java-based Server:

Figure 3. Example Nagios Status Report on DirX Identity Servers

In the example display, the C++-based Server is running, but the Java-based Server is unreachable.