Connect to Azul Vulnerability Detection via the Forwarder
The default connection mode for JVMs is auto, where they will determine if/where they should connect through the environment. JVMs will connect when they detect the right conditions.
Configure Runtimes
There are different ways to control your connection to Azul Vulnerability Detection:
-
Command Line Arguments
-
Environment Variables
-
Properties file
These methods can be further extended with optional settings and are fully described in Configuration Options. Here only the method via Command Line Arguments is described.
Once enabled, advanced users can utilize DNS to control connections at scale without touching individual systems or containers.
Connect with Command Line Arguments
Apply the following arguments to your Java command line, substituting your forwarder_endpoint if known.
Note
|
The Forwarder endpoint must be in URL format, e.g. https://FORWARDER_IP:443 .
|
java -XX:+UnlockExperimentalVMOptions \
-XX:AzCRSMode=on \
-XX:AzCRSArguments=api.url={forwarder_endpoint} \
MyApp
Once applied, you will see your JVM ID printed at startup. Other configuration options are not required.
Identifying Successful Connection
By default, the JRE will not emit log messages. To control the log level and see connectivity messages, use the following AZ_CRS_ARGUMENTS: log=info
.
Once in place, your JRE will produce a message about its JVM Instance ID:
[CRS.id][info] CRS authenticated: YOUR_UUID
Configuring JVMs at Scale
If all JVMs share a common network, IT administrators can set up the DNS on the network so that all Java VMs can connect to the Forwarder that exchanges the data with Azul Vulnerability Detection. Rather than configuring each JRE individually, each enabled JRE will look up a DNS entry for the required property. You still can override the connection parameters for individual JVM instances via command line arguments or environment variables.
To set up service discovery via DNS, create the following DNS record:
Name | Type | Description |
---|---|---|
|
CNAME |
The IP address or FQDN of the Forwarder. |
When your DNS is configured, start the application with AzCRSMode set to either auto (default) or on:
java -XX:+UnlockExperimentalVMOptions \
-XX:AzCRSMode=on \
MyApp
Disabling Azul Vulnerability Detection
Application owners can disable features by setting the mode to off with -XX:AzCRSMode=off
.
Reference Documentation
Consult Configuration Options for complete documentation about arguments and variables.