Show Table of Contents
5.2. Java Security Manager and performance management
As noted earlier, enabling the Java Security Manager (JSM) to sandbox the evaluation of MVEL scripts in BPMS introduces a performance hit in high load environments. Environments and performance markers must be kept in mind when deploying a BPMS application. Use the following guidelines to deploy secure and high performance BPMS applications.
- In high load environments where performance is critical it is recommended to only deploy applications that have been developed on other systems and properly reviewed. It is also recommended not to create any users with Analyst role on such systems. If these safeguards are followed, it is safe to leave JSM disabled on these systems so it does not introduce any performance degradation.
- In testing and development environments without high loads, or in environments where rule and process authoring is exposed to external networks, it is recommended to have JSM enabled in order to achieve security benefits of properly sandboxed evaluation of MVEL.
Allowing users with Analyst role to log in to the Business Central console with JSM disabled is not secure and not recommended.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.