Connect to Azul Vulnerability Detection via the Forwarder

Table of Contents

Configure Runtimes
- Connect with Command Line Arguments
Identifying Successful Connection
Configuring JVMs at Scale
Disabling Azul Vulnerability Detection
- Environment Variable
Reference Documentation

Need help?

Schedule a consultation with an Azul performance expert.

The default connection mode for JVMs is auto, where they will determine if/where they should connect through the environment. JVMs will connect when they detect the right conditions.

Configure Runtimes

There are different ways to enable and control your connection to Azul Vulnerability Detection:

Using only Command Line Arguments
Using only Environment Variables
Using only a Properties file

The configuration can be controlled with optional settings, which are fully described in Configuration Options along with examples for each of the setup methods mentioned above.

Once enabled, advanced users can utilize DNS to control connections at scale without touching individual systems or containers.

Connect with Command Line Arguments

This example uses Command Line Arguments. Apply the following arguments to your Java command line, substituting your forwarder_endpoint.

Note	The Forwarder endpoint must be in URL format, e.g. `https://FORWARDER_IP:443`.

 java -XX:AzCRSMode=on \
    -XX:AzCRSArguments=api.url={forwarder_endpoint} \
    MyApp

Other configuration options are not required.

Identifying Successful Connection

By default, the JRE will not emit log messages. To control the log level and see connectivity messages, add the following to the AZ_CRS_ARGUMENTS: log=info.

Once in place, your JRE will produce a message about its JVM Instance ID:

 [CRS.id][info] CRS authenticated: YOUR_UUID

Configuring JVMs at Scale

If all JVMs share a common network, IT administrators can set up the DNS on the network so that all Java VMs can connect to the Forwarder that exchanges the data with Azul Vulnerability Detection. Rather than configuring each JRE individually, each enabled JRE will look up a DNS entry for the required property. You still can override the connection parameters for individual JVM instances via command line arguments or environment variables.

To set up service discovery via DNS, create the following DNS record:

Name Type Description

Name	Type	Description
`az-crs-endpoint`	CNAME	The IP address or FQDN of the Forwarder.

az-crs-endpoint

CNAME

The IP address or FQDN of the Forwarder.

When your DNS is configured, start the application with AzCRSMode set to either auto (default) or on:

 java -XX:AzCRSMode=on MyApp

Disabling Azul Vulnerability Detection

Application owners can disable features by setting the mode to off with -XX:AzCRSMode=off.

Environment Variable

In your AZ_CRS_ARGUMENTS, set enable=false.

This change will only be used for new launches and restarts.

Reference Documentation

Consult Configuration Options for complete documentation about arguments and variables.