You can use JMX management and monitoring both locally and remotely. The term local means on the same host (machine) and running as the same user. For example, this means that local JMX access is possible only if the JVM you want to access is running on the same host and as the same user as the user who is running a JMX client such as JConsole (or a different user with sufficient file system permissions). In order to allow other users to access the JVM, or to allow access from other hosts, remote JMX must be enabled.
If you are using a Java SE 6 or later JVM, local JMX management and monitoring are most likely enabled by default.
Some JVMs, for example Java SE 5 JVMs, do not enable local JMX management by default. Refer to the documentation for your JVM for details. A common way to enable local JMX access on these JVMs is to include the -Dcom.sun.management.jmxremote option on the command line when you start the JVM.
Remote JMX management and monitoring is a powerful Java feature, allowing you to monitor a specific JVM from a remote location. Enabling remote JMX requires explicit actions by the JVM administrator, since it may involve exposing sensitive information about your system.
The most common way to enable remote JMX access to your JVM is to specify a TCP/IP port number and some basic security settings when you start the JVM. The security settings commonly include authentication and SSL (Secure Socket Layer). Derby attempts to use the JVM's built-in platform MBean server. For a list of current command line options (system properties) and their meanings, refer to the table in the Java SE Monitoring and Management Guide at http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdeum .
The following topics describe ways to enable and disable remote JMX access.