Visit Azul.com Support

Connect to Azul Vulnerability Detection via the Forwarder

Table of Contents
Need help?
Schedule a consultation with an Azul performance expert.
Contact Us
Talk about OpenJDK?
Discuss with the community on the Foojay Forum.
Go to Forum

The default connection mode for JVMs is auto, where they will determine if/where they should connect through the environment. JVMs will connect when they detect the right conditions.

Configure Runtimes

There are different ways to control your connection to Azul Vulnerability Detection:

  1. Command Line Arguments

  2. Environment Variables

  3. Properties file

These methods can be further extended with optional settings and are fully described in Configuration Options. Here only the method via Command Line Arguments is described.

Once enabled, advanced users can utilize DNS to control connections at scale without touching individual systems or containers.

Connect with Command Line Arguments

Apply the following arguments to your Java command line, substituting your forwarder_endpoint if known.

Note
The Forwarder endpoint must be in URL format, e.g. https://FORWARDER_IP:443.
 
java -XX:+UnlockExperimentalVMOptions \ -XX:AzCRSMode=on \ -XX:AzCRSArguments=api.url={forwarder_endpoint} \ MyApp

Once applied, you will see your JVM ID printed at startup. Other configuration options are not required.

Identifying Successful Connection

By default, the JRE will not emit log messages. To control the log level and see connectivity messages, use the following AZ_CRS_ARGUMENTS: log=info.

Once in place, your JRE will produce a message about its JVM Instance ID:

 
[CRS.id][info] CRS authenticated: YOUR_UUID

Configuring JVMs at Scale

If all JVMs share a common network, IT administrators can set up the DNS on the network so that all Java VMs can connect to the Forwarder that exchanges the data with Azul Vulnerability Detection. Rather than configuring each JRE individually, each enabled JRE will look up a DNS entry for the required property. You still can override the connection parameters for individual JVM instances via command line arguments or environment variables.

To set up service discovery via DNS, create the following DNS record:

Name Type Description

az-crs-endpoint

CNAME

The IP address or FQDN of the Forwarder.

When your DNS is configured, start the application with AzCRSMode set to either auto (default) or on:

 
java -XX:+UnlockExperimentalVMOptions \ -XX:AzCRSMode=on \ MyApp

Disabling Azul Vulnerability Detection

Application owners can disable features by setting the mode to off with -XX:AzCRSMode=off.

Environment Variable

In your AZ_CRS_ARGUMENTS, set enable=false.

This change will only be used for new launches and restarts.

Reference Documentation

Consult Configuration Options for complete documentation about arguments and variables.