JMX is widely used for monitoring and administrating servers but it’s a little quirky sometimes and in this post, I want to explain one of those quirks.
Typically, a client would connect to a JMX enabled server using a URL similar to this:
service:jmx:rmi:///jndi/rmi://host:port1/jmxrmi
This basically tells the client to connect to a JMX server on the specified host and port over RMI. At least, that’s what you’d expect right? Well, the reality is a little different. When the client connects to host over that port, the JMX server responds with something like “Ok, I got your connect request on port1, now you can connect on port2” and accordingly to this blog post, port2 is chosen randomly.
Why is this problematic? Imagine trying to administer your JMX enabled server through a firewall where a predetermined number of ports are open. You can see how random port2 makes life quite difficult. So what can you do? JMXMP comes to rescue. There’s not much info on JMXMP out there but according to JavaDocs:
The JMX Messaging Protocol (JMXMP) connector is a configuration of the generic connector where the transport protocol is based on TCP and the object wrapping is native Java serialization. Security is more advanced than for the RMI connector. Security is based on the Java Secure Socket Extension (JSSE), the Java Authentication and Authorization Service (JAAS), and the Simple Authentication and Security Layer (SASL).
It looks like JMXMP is not only better in terms of getting rid of random ports but it has better security. The only caveat is that JMXMP connector is optional (i.e. JDK does not include it by default). All you have to do is Google for the download page for jmxremote_optional.jar from Oracle or if you’re a Maven user, simply add the following to your pom.xml.
Once you have jmxremote_optional.jar in classpath of your client and server, you can connect your client to your JMX server using a URL like this with your own host and port:
service:jmx:jmxmp://host:port
The URL looks much cleaner than RMI, the port you specify is the only port you need to worry about and it’s more secure. I have no idea why JMXMP is not the default connector in JMX.
Mete Atamel 
fixed link to first blog post: http://blog.markfeeney.com/2010/10/jmx-through-ssh-tunnel.html
Thanks.
But it‘s the default protocol. When you try to create a new JMXServiceURL with null as protocol there jmxmp is used. The problem is that jmxmp connector is optional and distributed as external.
About RMI. You can specify custom host and ports separately for RMI registry and JMX connector too in one JMXServiceURL but you have must its running on this addresses. Using LocateRegistry and JMXConnectorServerFactory with Platform MBeanServer is simple.
Personally, I prefer jmxmp. Who and why uses RMI registries?