Customizing or creating JVM profiles and JVM properties files

The DFHIJVMJ job places the sample JVM profiles in the HFS directory
/usr/lpp/cicsts/cicsts31/JVMProfiles
where cicsts31 is your chosen value for the CICS_DIRECTORY variable used by the DFHIJVMJ job during CICS installation.
The sample JVM properties files are in the HFS directory
/usr/lpp/cicsts/cicsts31/props

If you want to change any of the options specified in the JVM profiles or JVM properties files, you can either customize the CICS-supplied sample files, or create your own JVM profiles or JVM properties files. JVM profiles (JVMPROFILE attribute) gives an overview of the options that are available for you to change in the JVM profiles and JVM properties files.

Security caution:
  1. You should ensure that the JVM properties files are secure, with update authority restricted to system administrators. This is because the JVM properties files are typically used to define sensitive JVM configuration options, such as the security policy file and the trusted middleware class path.
  2. In particular, if you specify that a secure LDAP server is to be used, by coding java.naming.security.authentication in the JVM properties files, you also need to specify java.naming.security.principal and java.naming.security.credentials. These properties hold the UserID and password that CICS requires to access the secure LDAP service, so you need to give particular attention to the access controls in force at your installation for the JVM properties files, and any other copies of this information that you have.

The full list of options that you can specify in JVM profiles and JVM properties files, and their possible values, are documented in the CICS® System Definition Guide. Also, if you want to enable Java 2 security, Protecting Java applications in CICS by using the Java 2 security policy mechanism tells you what options you need to specify to achieve this. Some options in JVM profiles and JVM properties files are ignored for JVMs that share the class cache (those with CLASSCACHE=YES in their JVM profile, known as worker JVMs), or for the master JVM that initializes the shared class cache, and some options might or might not be relevant depending on whether the JVM is a resettable JVM, a continuous JVM, or a single-use JVM (REUSE=RESET, YES or NO). The information in the full list of options tells you where these exclusions apply.

For single-use JVMs (that is, with a JVM profile that specifies the option REUSE=NO), instead of customizing the JVM profile, you can override the options in it, using the user-replaceable program DFHJVMAT. This program is called at JVM initialization if you specify INVOKE_DFHJVMAT=YES as an option on the JVM profile that you want to override. DFHJVMAT cannot be used with any type of JVM other than the single-use JVM. Normally, a JVM profile provides sufficient flexibility to configure a JVM as required. If you find that you need to make unusual modifications, the CICS Customization Guide has more information about using DFHJVMAT. Resettable and continuous JVMs are more economical than single-use JVMs, so it is generally best to customize a JVM profile rather than using DFHJVMAT to override it.