We are experiencing some slowdowns on our web-app deployed on a Tomcat 5.5.17 running on a Sun VM 1.5.0_06-b05 and our hosting company doesn't gives enough data to find the problem.
We are considering installing lambda probe on the production server but it requires to enable jmx (com.sun.management.jmxremote) in order to obtain memory and cpu statistics.
Does enabling jmx incur a serious performance penalty?
If we enable jmx, are we opening any security flaw? Do i need to setup secure authentication if we are only enabling local acces to jmx?
Is anyone using the same (tomcat + lambda probe) without problems on production?
UPDATE
Looking at the answers it seems that enabling JMX alone doesn't incur significant overhead to the VM. The extra work may come if the monitoring application attached to the VM, be it jConsole, lambda probe or any other, is polling with excessive dedication.