Is a good idea to enable jmx (lambda probe) on a production server?

Serxipc picture Serxipc · Nov 24, 2008 · Viewed 15k times · Source

We are experiencing some slowdowns on our web-app deployed on a Tomcat 5.5.17 running on a Sun VM 1.5.0_06-b05 and our hosting company doesn't gives enough data to find the problem.

We are considering installing lambda probe on the production server but it requires to enable JMX (com.sun.management.jmxremote) in order to obtain memory and CPU statistics.

Does enabling JMX incur a serious performance penalty?

If we enable JMX, are we opening any security flaw? Do I need to setup secure authentication if we are only enabling local access to JMX?

Is anyone using the same (tomcat + lambda probe) without problems on production?

UPDATE

Looking at the answers it seems that enabling JMX alone doesn't incur significant overhead to the VM. The extra work may come if the monitoring application attached to the VM, be it JConsole, lambda probe or any other, is polling with excessive dedication.

Answer

JtR picture JtR · Nov 24, 2008

You can cross out security flaws by using secure authentication. Just keeping the JMX service ready does not incur any significant overhead and is generally a good idea. There's a benchmark here about this.