Tuesday, November 30, 2010

Study notes on Cobit: Defining the IT organization and relationships

The CIO job position and relationships


Recall the IT strategic planning process involving the CEO, CIO and etc.? What if the company has no CIO (or any job position assuming such responsibilities), then all deals are off. It means that CIO is a important job position for the success of IT governance.
Consider the CIO position, in the process we implicitly assumed that the CIO reported to the CEO. But what if he reports just to the CFO (IT considered part of finance)? Then, IT may not play as a strategic role as when the CIO is reporting directly to the CEO. That is, in addition to the responsibilities of the position, the relationship (here, reporting relationship) between this position and others will have high impact on the significance of IT.
In addition to the reporting relationship, there are some other important relationships. For example, as described in the process for strategic IT planning, the executive-level collaborators (CEO, CIO, executives) also form a working relationship to steer IT. To highlight and formalize this relationship, we can give it a name like "IT steering committee" or "IT strategy committee". In Cobit, the former refers to the case we described before (up to the CEO level), and the latter refers to the case when the board of directors are involved (typically for major IT strategies involving a large investment).

Other strategic positions in IT and relationships


If we assume that CIO will take care of the business value alignment, then we will next see who will take care of quality and risk (other main elements of IT governance):

  • For quality, we should have a QA manager. If the CIO really values IT quality, he should have the QA manager reporting to him directly. In addition, the QA manager should have a working relationship with the enterprise wide quality director (or a similar position).

  • For risk, it can be divided into information security and legal compliance. For information security, we should have a chief information security officer (CISO). He may report to the CIO or even the CEO (if information security is considered very important by the enterprise).

  • For legal compliance, we should have a position in IT who reports to the CIO and has a working relationship with the chief compliance office in the enterprise.


Protecting from the loss or malfunctioning of key individuals


What if the CIO quits to work for another company? What if the CIO is the only one making purchase decisions but he is bribed? In order to limit the damages from the loss or malfunctioning of a key individual, you should design the IT organization so that there are backup positions (e.g., assistant CIO or a senior IT manager acting in that role) and important decisions are approved or reviewed by more than one person (duty segregation) (e.g., bid evaluation committee).

Study notes on Cobit: Defining IT processes

What is a process?


In my previous notes, you have learned that you, the CIO, must suggest IT strategies to support the business objectives or business strategies. How to do that? You might do it this way:

  1. The CEO conducts the annual business strategic planning process with other executives (COO, CFO, vice presidents, senior managers and etc.).

  2. Assuming that the CIO (you) is involved in the process, so, he  learns about the business objectives and strategies for the coming financial year and proposes rough ideas about the potential IT strategies to support the business objectives and strategies. He should provide very rough estimates on the business values, costs, resources and risks of such IT strategies.

  3. The CEO, with input from the CIO and other executives, selects a short list of IT strategies for further studying.

  4. For each selected IT strategy (which supports a business objective or strategy) you should be able to identify the executive who will be benefited the most. That executive should be enthusiastic enough to act as the champion.

  5. The CIO works with the architects to give better estimates on the costs, resources and risks for such IT strategies.

  6. The architects may conduct researches and if required, feasibility studies.

  7. The CIO obtains the support from the champion.

  8. The CIO obtains the support from the CEO and other participants.


The work flow above is called a process. Why is it useful to clearly specify (define) the process?

Seeking support


In the above the process, it is clear that the CIO, CEO, champions and architects need to collaborate to execute the process (these are called "roles" in the process). Each role has to carry out a certain responsibilities (e.g., an architect has the responsibility of estimating the cost, resource and risk of the IT strategies). Therefore, to establish the process, you must first obtain their consent on those responsibilities. In fact, as they're the collaborators, it is best to seek their suggestions to make the process better in order to obtain their strong support for the process.
Therefore, the process definition above can serve as a tool to get their agreements and support on the process including their respective responsibilities. This is the first important purpose of defining the process.
BTW, if you're careful, you may note that while roles like CIO, CEO and architect are probably job titles, but champion is probably not as it varies by case (e.g., the chief marketing officer may be the champion for an IT strategy involving facebook marketing). It means that you need to include all such possible people to act as the champion in this agreement seeking exercise.

Continuous care and delegation


Is it done after defining the process? Once you have a process, you need to continuously check if it is really working well and improve it. For example:

  • Is it effectiveness (does it work at all)? For example, has it generated IT strategies which turned out to be not supporting any business objectives or strategies?

  • Is it producing high quality output? For example, has it generated just mediocre IT strategies or excellent ones?

  • Is it efficient? For example, does it turn out that it takes many times of back-and-forth to convince the CEO?

  • Is it embedded into the DNA of the organization (maturity)?

  • Is it dealing with risks properly? For example, has it generated IT strategies which turned out to overlook a major risk?


Who will do this work on a continuous basis? As it is a lot of work, having a single person to do it for all the processes (or just all the IT processes) in the organization makes no sense. So, for each process, a process owner must be assigned. For this particular process, the process owner should probably be the CIO as this process has the most relevance for him. For a process regarding, say, user acceptance test, it should probably be the QA manager.

Defining IT processes


As it is extremely important to have IT processes properly defined, monitored and improved, this is itself an important process in Cobit.

Sunday, November 28, 2010

Study notes on Cobit: Determining technological direction

The need for enterprise wide standardized technologies


Suppose that you're the CIO of a company and have decided to acquire an ERP system and a CRM system to support the business strategies of optimizing the supply chain and enhancing the relationship with the customers. You've assigned two architects to work on those two projects respectively. If they don't communicate and you don't coordinate their decisions, it is possible that they will adopt completely different technologies that they consider the most suitable, like:

  • ERP: Linux server, Windows XP clients, DB2 database, web-based, Java.

  • CRM: Windows server, Windows 7 clients, Oracle database, client-server, .NET.


If they are allowed to go ahead like that, you'll be in big trouble:

  • Your infrastructure team will have to manage both Windows and Linux servers and thus have to learn both and deal with the quirks of both.

  • Your DBA will have to manage both Oracle and DB2 and thus have to learn both and deal with the quirks of both.

  • Your PCs just won't be able to access the two systems at the same time! Some PCs will be used to access the ERP system, while some others will the CRM system.

  • It is difficult for the two systems to share information (as mentioned in "defining information architecture") as they don't support the same database management system.

  • If, say, you're already using Oracle, introducing DB2 into the environment may create uncertainty and instabilities.

  • If you need to customize the two systems, you will have to find both Java programmers and .NET programmers.


Therefore, you (the CIO) should have a process to coordinate the technologies used by different applications as proposed by the architects. For example, you might standardize all new projects on:

  • Linux server

  • Oracle database

  • Java

  • web-based

  • Windows 7


Then you'll be able to leverage the same people (system administrators, DBAs, programmers) and the same resources (Linux server, Windows 7 clients) for both applications, enjoying economy of scale and better interoperability (e.g., now possible to share information).

What about legacy technologies?


For example, you may have an existing accounting system written in Cobol running in AS/400 accessed through a terminal. This is certainly holding you back in economy of scale and interoperability. Therefore, you should consider working out a plan to migrate the legacy technologies to your selected standardized technologies, after considering the benefits, costs and risks.

Looking forward and updating your standardized technologies


Of course, you can't stick to your standardized technologies for very long; Windows 8 may be released in a couple of years, cloud computing may take off, there might be legal regulations for cloud providers to ensure the security for customers, credit card security standard might change (PCI DSS), mobile phones may become the primary computing client, SOX might be updated and etc. So, you need to keep monitoring for new technological trends, legal, social or economical trends that may have technological impacts, and then create a future set of standardized technologies for your company (thus establishing a technological direction) and a plan for migration.

Saturday, November 27, 2010

Study notes on Cobit: Defining information Architecture

Creating, maintaining and using information for the business


Suppose that you're the owner of a retail store. You'd like to use IT to enhance your business (so, you're also acting as the CIO in addition to the CEO). You figure that if some products are missing on shelves, you'll lose business. So, you have to replenish the items on shelve from the storage area promptly and reorder the items if they're running out in the storage area in a just-in-time manner. To do that, you can use a POS system to keep track of the items sold, the items on shelve and in the storage area. That is, you need to create, maintain and use information that is modeling the real world. That's probably the most common purpose of business IT systems.
However, there comes a cost of storing information: you have to take good care of (manage) the information properly otherwise bad things can happen. This is like owing a car or a dog: once you own it, you have to keep it clean, keep it healthy and etc.

Keeping information correct


One problem with storing information is that, if unmanaged, the information can become erroneous. For example,the data in the POS may not match the real world as time goes by, so you need to perform inventory from time to time to reconcile them (a process to keep information correct).

Keeping information consistent


Another problem is that information, if gets duplicate, will become inconsistent. For example, while the POS system contains the information about your suppliers, you may also need to input such information into your accounting system for the accounts payable. Why is this a problem? Let's say if a supplier changes his address and informs you, you will have to update it in both the POS system and the accounting system. If you forget to do either, the information will become inconsistent.
How to solve this problem? The ideal solution is to not duplicate the data. For example, if both the POS system and the accounting system support it, they could be put into the same database but in different schemas (one schema for each application), while storing the supplier information into a third schema to be shared. If this is not supported (some applications may not allow you to specify the schema), you may have to synchronize the supplier information somehow between two databases. Both approaches can be considered enterprise-wide data coordination between different applications, departments or processes.

Keeping information secure


In addition, once keeping the information, you must keep it secure. For the information regarding the product items, it is not that confidential (confidentiality is one aspect of information security), but you must prevent ordinary users or other people from changing their retail prices (integrity is the second aspect of information security). For the financial information (accessed through the accounting system), reports like profit and loss should be confidential and accessible to the management of the company only.

Making sure the information & the processing system are available


As the operation of your business now relies on the POS system to read and update the product item information, if the database (information) or the POS system (processing system) breaks, your business will be severely hindered. Therefore, you must ensure the availability of the database and the POS system (availability is the third aspect of information security).
How to do that? You should conduct backup of the database and the POS system and practice restoration regularly. You could also consider redundant hardware (e.g., RAID, fault-tolerant server, dual power supply), redundant power (UPS or power generator), redundant systems (e.g., database replication, server cluster) and disaster recovery planning.

Archiving or removing the information


Finally, for performance of the system or to save space, you may want to archive the information to a long term storage (e.g., DVD) as historical records.
In some companies, if the law requires that the information be kept for a certain years, they will remove that information after meeting that requirement in case that the information could be used against them in court (just think Edison Chen who failed to really delete his photos in his laptop!).

Delegating the management responsibility of information


As there is a lot of different information in the company, it is difficult to depend on you, an individual, to decide how much care should be put on that information (How strong should the access control be? How long to keep the information? How much availability?). Therefore, for each type of information (e.g., financial information, product information), you (acting as the compliance officer or chief security officer) should ensure that there is a process to assign someone as the owner of that information, then let him decide how much management care is required. Usually, this can be done by classifying the data (e.g., in security: top secret, confidential, internal use, public. In availability: highly available, important, normal, rarely needed).

Information architecture


In summary, to support the business, you plan what information to create, maintain and use, how to keep it correct, consistent (sharing or synchronizing), secure (confidential, untempered, available), when and how to archive or remove it. The processes, methods and documents you create to achieve the above purposes (properly managing the information) are called the "integration architecture" for the enterprise.

Friday, November 19, 2010

Study notes on Cobit: Overview and strategic IT planning

What is strategic IT planning?


Simply put, strategic IT planning is to suggest various IT solutions to support business objectives or strategies. For example, suppose that you are the CIO of a school and that the school has an objective of improving education quality. It may have defined business strategies to achieve that objective like:

  • Making learning fun

  • Engaging parents

  • ...


As the CIO of the school, you could suggest various IT solutions to support one of those strategies. For example, for the first strategy ("Making learning fun"), you may suggest:

  • Provide educational games to the teachers.

  • Provide training to enable teachers to develop interactive courseware.

  • Locate and provide the best student-engaging lecture videos to the teachers.

  • ...


Note that each IT strategy must have a clear linkage to the business strategy so that it creates business value ("Value" is one of the three major concerns of Cobit). For example, it is assumed that educational games will make learning fun because students like playing games.

Cost and risk


After coming up with these IT strategies, you will explain them to the CEO (the principal) and business executives (the vice principals) to let them choose which ones to proceed. However, without the information regarding the cost ("Cost" is the second major concern of Cobit) and other needed resources for each IT strategy, it is just impossible to choose. So, you have to provide such information. For example, for the IT strategy of providing educational games, you may need:

  • MOP1,000 (cost) for a site license for each game (software).

  • Teachers (people) to attend a training session.

  • A server (hardware) to host the games.

  • A certain internal network bandwidth (network).

  • ...


These needed resources (people, software, hardware, network) are called "Enterprise architecture for IT" in Cobit.
In addition, what if some students become addicted to the games? What if some parents don't want their kids to play games? These risks must be communicated to the CEO and business executives to help them choose which IT strategies to pursue ("Risk" is the third major concern of Cobit).

Control objective


So, you can perform strategic IT planning as described above. But how to ensure the desired output (IT strategies as selected by the CEO will have good value, low cost and low risk) will be produced? For example, there are some success factors:

  • You (the CIO) knows the business objectives and strategies well.

  • The CEO is willing to make clear decisions.

  • You, the CEO and business executives can discuss and negotiate well.

  • You can plan (estimate) the costs, risks and other needed resources well.


Each process has its own such success factors and they're key to ensure that the process is effective (producing the desired output) and performance (producing the output efficiently). Such success factors are called "control objectives" in Cobit and is a key concept in Cobit (the term "Cobit" simply stands for control objectives for IT).

Maturity level


However, even if you're doing the strategic IT planning process very well, it doesn't mean that the process is embedded in the DNA of the organization. For example, if you leave the organization and your successor doesn't do it or does it poorly, then it is not in the DNA of the organization. This is reflected in the "maturity level" of the process:

  • Level 0 (No process): The organization has no process at all.

  • Level 1 (Ad-hoc): Different people in the organization have different processes to do the same thing.

  • Level 2 (Repeatable): Different people in the organization follow the same process, but the process is informal (not written down), so it is not formally reviewed, approved and used for training.

  • Level 3 (Defined): The process is formally defined.

  • Level 4 (Managed): The process is continuously improved.

  • Level 5 (Optimized): The process is considered among the best in that  industry.

Sunday, November 7, 2010

Scala exercise 6: Tackling the Wicket hierarchy mismatch problem

Introduction


This is the sixth exercise in my Scala exercises series. If you haven’t seen it before, you may want to start from the previous exercises. Below is exercise 6: Tackling the Wicket hierarchy mismatch problem.
Some people have alleged that a weakness in Wicket is that you have to keep the hierarchy of the component tree in sync with that of the HTML elements. For example, for the HTML code:

<html>
<form wicket:id="f">
<input type="text" wicket:id="num">
<input type="submit" value="OK">
</form>
<span wicket:id="result">10</span>
</html>

You would construct a component tree (in Scala) like:

class MyPage extends WebPage {
val f = new Form[MyPage]("f") {
override def onSubmit() {
...
}
}
add(f) //add the form to the page
val numField = new TextField[Int]("num")
f.add(numField) //add the text field to the form
val r = new Label("result")
add(r) //add the label to the page
}

The problem is that, if, say, you'd like to move the result span into the form, you must change the code accordingly:

class MyPage extends WebPage {
...
val r = new Label("result")
f.add(r) //you must add the label to the form, not to the page!
}

and a common problem is that we may forget to do so. While there is no easy way to solve this problem, you could make the Scala code reflect the HTML structure visually (and look more like a declarative UI):

class MyPage extends WebPage {
//the "ctx" represents a surrounding container context for the
//construction of child components
this containing { ctx =>
val f = ...
ctx.add(f) //add the form to the context (the page)
f containing { ctx =>
val numField = ...
ctx.add(numField) //add the text field to the context (the form)
}
val r = new Label("result")
ctx.add(r) //add the label to the context (the page)
}
}

Note that the Scala code reflects the structure of the HTML code so you can compare them visually. In addition, if you need to move the label into the form, you can simply cut and paste the construction code of the label into that context of the form:

class MyPage extends WebPage {
//the "ctx" represents a surrounding container context for the
this containing { ctx =>
val f = ...
ctx.add(f)
f containing { ctx =>
val numField = ...
ctx.add(numField)
//the following lines were simply cut and pasted into here
val r = new Label("result")
ctx.add(r)
}
}
}

Now, your task is to implement this solution by creating the necessary code. Try to do it now.
See the answer here.


Tuesday, November 2, 2010

Scala exercise 5: monitoring pattern

Introduction


This is the fifth exercise in my Scala exercises series. If you haven’t seen it before, you may want to start from the previous exercises. Below is exercise 5: monitoring pattern.
Suppose that you have created a web application displaying product information to and taking order from customers. From your testing, let's say you have determined that it can at most display the product page 100 times per minute, otherwise it will get painfully slow or even crash. Now, you'd like to monitor the application in production to make sure its loading is not approaching that limit. If yes, you'll promptly allocate more computing resources to it.
In order to do that, it would be great if the application would support something like SNMP and provide a variable named "display counter" for you to access. Then you could use a monitoring system like zabbix or nagios to monitor it. The good news is, there is something similar for Java: it is called JMX (Java Management eXtension).
Next, you'll do it step by step. Your job is to fill in the missing code.
First, create a Maven project. Use the following pom.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>scala-jmx</groupId>
<artifactId>scala-jmx</artifactId>
<version>1.0</version>
<packaging>war</packaging>
<properties>
<spring.version>3.0.5.RELEASE</spring.version>
</properties>
<repositories>
<repository>
<id>java.net2</id>
<name>Repository hosting the jee6 artifacts</name>
<url>http://download.java.net/maven/2</url>
</repository>
<repository>
<id>scala-tools.org</id>
<name>Scala-tools Maven2 Repository</name>
<url>http://scala-tools.org/repo-releases</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>scala-tools.org</id>
<name>Scala-tools Maven2 Repository</name>
<url>http://scala-tools.org/repo-releases</url>
</pluginRepository>
</pluginRepositories>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>6.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>2.8.0</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.0.2</version>
</plugin>
<plugin>
<groupId>org.scala-tools</groupId>
<artifactId>maven-scala-plugin</artifactId>
<version>2.9.1</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<executions>
<execution>
<phase>compile</phase>
<goals>
<goal>compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.1-beta-1</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.scala-tools</groupId>
<artifactId>maven-scala-plugin</artifactId>
<executions>
<execution>
<id>scala-compile-first</id>
<phase>process-resources</phase>
<goals>
<goal>add-source</goal>
<goal>compile</goal>
</goals>
</execution>
<execution>
<id>scala-test-compile</id>
<phase>process-test-resources</phase>
<goals>
<goal>testCompile</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

There is nothing special except that you'll use Spring. Next, create a Scala trait PerfCountersMBean in the com.foo package:

trait PerfCountersMBean {
def getDisplayCounter(): Int
}

It says that you'll have an "MBean" that has a property named displayCounter. MBean stands for managed bean, which is just a Java bean that can be inspected or called from a remote management console. Next, create a Scala class to implement the MBean in the com.foo package (fill in the code later):

...
class PerfCounters extends PerfCountersMBean {
...
}

In order to initialize the MBean, you'll turn it into a Spring bean (you'll do it later by annotating the PerfCounters class). Then, to register it with the JVM, you'll create a Spring bean that performs the registration. So, create a beans.xml file in the src/main/resources folder:

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.foo"/>
<!-- init this exporter eagerly as nobody will ask it to export the MBeans -->
<bean id="mbeansExporter" class="org.springframework.jmx.export.MBeanExporter" lazy-init="false">
<property name="beans">
<map>
<!--
the key is the name of the MBean, which starts with the domain
name (foo.com) and then some name=value pairs.

the value is the Spring bean acting as the MBean
-->
<entry key="com.foo:name=performance-counters" value-ref="perfCounters"/>
</map>
</property>
</bean>
</beans>

Of course, you need to increment the counter whenever the product page is displayed. So, create a servlet which should display something as the product information and more importantly, get access to your MBean (a Spring bean) and increment the counter (you'll fill in the code later):

class DisplayServlet extends HttpServlet {
...
}

Finally, create the web.xml file the src/main/webapp/WEB-INF folder:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>s1</servlet-name>
<servlet-class>com.foo.DisplayServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>s1</servlet-name>
<url-pattern>/product</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/beans.xml</param-value>
</context-param>
<!-- initialize Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>

Run "mvn package" to build the war file. Then deploy it into Tomcat. To enable JMX in the JVM on which Tomcat runs, you need to pass some JVM arguments by setting the CATALINA_OPTS environment variable before running startup.sh (or startup.bat). On Linux:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1234 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"

On Windows:

set CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1234 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"

Now, fill in all the missing code above.
To verify that it is working, run Tomcat with startup.sh (or startup.bat). Use netstat to check if it is listening on port 1234 (the port you specified above). Finally, run jconsole and connect to localhost:1234. Choose the "MBeans" tab and you should see your MBean in the com.foo folder. Check the value of the DisplayCounter. Access the product page at http://localhost:8080/scala-jmx/product. Then check the value again and it should have been incremented.
See the answer here.