By default, the JMX (mx4j) console is exposed on all installations (all components) of CA Release Automation via HTTP with only basic authentication, for ease of debugging purpose.

Default login/password for the console is nolio/nolio respectively.  You can access either of them via:

Server:

http://hostname:20203

Agent:

http://hostname:8282

This may not be acceptable in some environments due to security policies within the organization.
How to enable/disable JMX console in CA Release Automation? 

CA Release Automation 5.5.1 onwards

Management Server

The JMX console on the Management Server can be disabled by removing the httpAdaptorMgr management bean from wrapperContext.xml:

1. Edit:

%RA_MANAGEMENT_SERVER_HOME%/webapps/datamanagement/WEB-INF/wrapperContext.xml

===================================================

<beans>

    <bean name="httpAdaptorMgr" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr"

          autowire="constructor"/>

</beans>

===================================================

2. Remove the bean definitions that are marked in bold in the above snippets.

3. Restart the NolioServer service on the Management Server for the change to take effect.
    Windows - In Services.msc restart the 'Nolio Release Automation Server' service
     Linux - Go to the RA Home directory and run ./nolio_server.sh restart

Execution Server

The JMX console on the Management Server can be disabled by removing the exporter management bean from execution-servlet.xml :

1. Edit:

%RA_EXECUTION_SERVER_HOME%/webapps/execution/WEB-INF/execution-servlet.xml

===================================================

<beans>

<bean id="exporter" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr" depends-on="propertyConfigurer"/>

</beans>

===================================================

2. Remove the bean definitions that are marked in bold in the above snippets.

3. Restart the NolioServer service on the Execution Server for the change to take effect.
    Windows - In Services.msc restart the 'Nolio Release Automation Server' service
     Linux - Go to the RA Home directory and run ./nolio_server.sh restart

       
Agent

Use one of the following methods to disable the JMX console on the agent.

1. Modify $AGENT_HOME/conf/nolio.jmx.properties, set the following properties and restart the agent service. (preferred)
DeployerJmxPort=0
DeployerJmxEnabled=false

2. Remove the HttpAdaptor MBean via WS GET call to JMX console, Ex:

GET http://nolio:nolio@host:8282/delete?objectname=HtmlAdaptor%3Atype%3Dhtmladapter%2Cport%3D8282

It is suggested to insert the above call into the agent startup script. 

​3. Add a simple FW rule on either windows(Windows firewall, etc)  or Linux(iptables, etc) to filter incoming TCP traffic dst port 8282.