IMPORTANT: If you choose to open a port through a firewall to enable communication between a node agent and a console, secure the tunneling port using HP-UX Secure Shell or HP-UX IPSec.

Configuring User Access

The node agent must be started by either the same user or group as the running JVM (recommended) or root to establish contact.

IMPORTANT: Setting access for owner or group should not be considered a security solution because node agent to JVM communications are not secured by default—see below.

Securing Communication Between the JVM and the HPjmeter Node Agent

IMPORTANT: The data stream between the JVM and the node agent is not protected from tampering by a user logged into the system running the JVM. For key applications in production, you may want to increase your confidence that the data has not been tampered with en route between the JVM and agent before you take action based on HPjmeter metrics.

Where you deem it necessary, either secure the communication mechanism between the JVM and node agent (HP-UX 11i v2 or later only), or confirm that the HPjmeter data looks reasonable according to the usual behavior of your application by independently validating its output.

To secure the communication mechanism between the JVM and node agent on HP-UX 11i v2 or later operating systems, set the umask of the JVM process to 77 (no access except for the owner) by executing the command

% umask 77

before running the JVM.

Related Topics

Managing Node Agents On HP-UX (page 37)

Node Agent Access Restrictions (page 38)

Connecting to the HPjmeter Node Agent (page 197)

22 Completing Installation of HPjmeter

Page 22
Image 22
HP jmeter Software for -UX manual Configuring User Access