3.4. Java Security Manager and performance management

As noted earlier, enabling the Java Security Manager (JSM) to sandbox the evaluation of MVEL scripts in BPMS introduces a performance hit in high load environments. Environments and performance markers must be kept in mind when deploying a BPMS application. Use the following guidelines to deploy secure and high performance BPMS applications.
  • In high load environments where performance is critical it is recommended to only deploy applications that have been developed on other systems and properly reviewed. It is also recommended not to create any users with Analyst role on such systems. If these safeguards are followed, it is safe to leave JSM disabled on these systems so it does not introduce any performance degradation.
  • In testing and development environments without high loads, or in environments where rule and process authoring is exposed to external networks, it is recommended to have JSM enabled in order to achieve security benefits of properly sandboxed evaluation of MVEL.
Allowing users with Analyst role to log in to the Business Central console with JSM disabled is not secure and not recommended.