A Security Compliance for JDK Mission Control

Follow these security recommendations to improve the processes of administering and managing JDK Mission Control.

• Use the latest security baseline JDK version for starting JMC.
• Enable Java Discovery Protocol (JDP) only in a secure environment: JDP is a protocol that enables technologies, in particular, JDK Mission Control and JDK Flight Recorder, to discover manageable JVMs across the same network subnet. It enables the JVM browser to list all JVM instances on the network.

  You can enable the preferences for JDP protocol using the auto-discover option in JMC. This option is disabled by default. To enable the option, go to Windows, Preferences, JDK Mission Control, JVM Browser, and then JDP. Click auto-discover check box.

• Use SSL for JMXRMI connections: While connecting to JMX remotely, ensure that you connect to JVMs having SSL and Authentication options enabled. This will ensure server side and client side security.

  Provide the Key store and Trust store credentials. To set the values, go to Windows, Preferences, JDK Mission Control, and then JMXRMI.

• To configure JMC to connect to a remote JVM using HTTPS:
  1. Ensure SSL is enabled on the remote JVM
  2. Configure JMC with the same certificates
  3. Add a custom connection with the JMX service URL
• See the Jolokia Protocol to configure a Jolokia agent. Ensure that you configure the agent using secured : true option.
• Enable Jolokia Discovery only in a secure environment: It is an agent based approach with support for many platforms. In addition to basic JMX operations, it enhances the JMX remoting with unique features like bulk requests and fine grained security policies.

  You can enable the preferences for Jolokia Discovery Protol using Discover jolokia agents option in JMC. This option is disabled by default. To enable the option, go to Windows, Preferences, JDK Mission Control, JVM Browser, and then Jolokia. Click Discover Jolokia agents check box.