Security Manager

Data Collector includes a Java Security Manager that is enabled by default. For enhanced security, you can enable the Data Collector Security Manager which prevents stages from accessing files in protected Data Collector directories.

Data Collector can use one of the following security managers:

Java Security Manager

By default, Data Collector uses the Java Security Manager. The Java Security Manager restricts the runtime permissions of user libraries. This allows administrators to control user libraries actions on production systems. For example, by default, user libraries cannot call out to network resources and potentially cause denial-of-service (DDoS) attacks.

The security policy is defined in the $SDC_CONF/sdc-security.policy fileSecurity Policy configuration properties of the deployment. The file syntax is java standard.

Data Collector Security Manager

For enhanced security, enable the Data Collector Security Manager. The Data Collector Security Manager prevents stages from accessing files in protected Data Collector directories, regardless of how you define the $SDC_CONF/sdc-security.policy fileSecurity Policy configuration properties of the deployment.

To enable the Data Collector Security Manager, uncomment the security_manager.sdc_manager.enable property in the Data Collector configuration file, $SDC_CONF/sdc.propertiesData Collector configuration properties.

Note: If you use an older JVM version, the Data Collector Security Manager might encounter some JVM known issues.

If needed, you can configure Data Collector to use neither security manager by setting the SDC_SECURITY_MANAGER_ENABLED environment variable to false.

Modify environment variables Modify environment variables using the method required by your installation type.