System Properties and Environment Variables

You can use system properties and environment variables to configure many aspects of Management Center, from JMX to the home directory and feature flags. These properties give you the power to tweak settings at startup without having to configure anything in the UI.

If an environment variable isn’t available for a property and you start Management Center using any of the following methods, you can use the JAVA_OPTS environment variable to set system properties:

  • Docker environments

    You may also need to use other environment variables. For the Docker reference, see DockerHub.
  • hz-mc conf tool

  • Start scripts included with Hazelcast Platform or Management Center such as hz-mc start.

You can use properties to configure both Management Center and Management Center’s client connection strategy on startup.

Management Center Configuration

If an environment variable is available, it is listed under the system property in the Property column.

Table 1. System properties and environment variables for Management Center
Property Description Example

hazelcast.mc.allowMultipleLogin

MC_ALLOW_MULTIPLE_LOGIN

Whether a user can log into an account in Management Center on multiple devices in different locations at the same time. Default: true. See Securing User Sessions.

hz-mc start -Dhazelcast.mc.allowMultipleLogin=true

hazelcast.mc.auditlog.enabled

MC_AUDITLOG_ENABLED

Whether Management Center logs auditable events. See Audit Logging. Default: false.

hz-mc start -Dhazelcast.mc.auditlog.enabled=true \
-jar hazelcast-management-center-5.6.0.jar

hazelcast.mc.configReplacer.class

Full class name of a variable replacer to use. See Variable Replacers.

hz-mc start -Dhazelcast.mc.configReplacer.class=com.hazelcast.webmonitor.configreplacer.EncryptionReplacer \
-jar hazelcast-management-center-5.6.0.jar

hazelcast.mc.configReplacer.failIfValueMissing

Whether the configuration loading process stops when a replacement value is missing. Default: true.

hz-mc start -Dhazelcast.mc.configReplacer.failIfValueMissing=true \
-jar hazelcast-management-center-5.6.0.jar

hazelcast.mc.contextPath

MC_CONTEXT_PATH

Prefix of all URL paths in Management Center. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.contextPath=hazelcast-mc \
-jar hazelcast-management-center-5.6.0.jar

In this example, the URL for Management Center would be \http:localhost:8080/hazelcast-mc.

hazelcast.mc.cors.allowedOriginPatterns

MC_CORS_ALLOWED_ORIGIN_PATTERNS

A list of origins patterns for which cross-origin requests are allowed.

If none of hazelcast.mc.cors.* properties are set, all origins are allowed to make cross-origin HTTP requests, but WebSocket connection could be established only from the same origin. By default this is not set.

hz-mc start -Dhazelcast.mc.cors.allowedOriginPatterns=http://domain.com:[*],https://*.domain.com:8443,http://domain.com:[8080,8090],

hazelcast.mc.cors.allowedMethods

MC_CORS_ALLOWED_METHODS

HTTP methods to allow for cross-origin requests.

By default this is not set.

If any other hazelcast.mc.cors.* property is set while hazelcast.mc.cors.allowedMethods is not set, only GET and HEAD HTTP methods will be allowed.

hz-mc start -Dhazelcast.mc.cors.allowedMethods=GET,HEAD,POST,DELETE

hazelcast.mc.cors.allowedHeaders

MC_CORS_ALLOWED_HEADERS

List of headers that a pre-flight request can list as allowed for use during an actual request.

The special value * allows actual requests to send any header.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma.

By default this is not set.

hz-mc start -Dhazelcast.mc.cors.allowedHeaders=*

hazelcast.mc.cors.exposedHeaders

MC_CORS_EXPOSED_HEADERS

List of response headers that an actual response might have and can be exposed to the client.

The special value * allows all headers to be exposed.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma.

By default this is not set.

hz-mc start -Dhazelcast.mc.cors.exposedHeaders=*

hazelcast.mc.cors.allowCredentials

MC_CORS_ALLOW_CREDENTIALS

Whether user credentials are supported or not. Setting this property to true forbids originPatterns, allowedMethods, allowedHeaders to have a * value. Be aware that this option establishes a high level of trust with the configured domains and also increases the surface attack of the web application by exposing sensitive user-specific information such as cookies and CSRF tokens. By default this is not set (i.e. user credentials are not supported).

hz-mc start -Dhazelcast.mc.cors.allowCredentials=true

hazelcast.mc.cors.allowPrivateNetwork

MC_CORS_ALLOW_PRIVATE_NETWORK

Whether private network access is supported for user-agents restricting such access by default.

Private network requests are requests whose target server’s IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (https://router.local), or a request from a private website to localhost.

By default this is not set (i.e. private network access is not supported).

hz-mc start -Dhazelcast.mc.cors.allowPrivateNetwork=true

hazelcast.mc.cors.maxAge

MC_CORS_MAX_AGE

Configure how long, in seconds, the response from a pre-flight request can be cached by clients.

By default this is not set.

hz-mc start -Dhazelcast.mc.cors.maxAge=1600

hazelcast.mc.cluster.operation.timeout.millis

Timeout in milliseconds for Management Center operations that wait for a response from members. Default: 60000.

hz-mc start -Dhazelcast.mc.cluster.operation.timeout.millis=60000

hazelcast.mc.disableHostnameVerification

Whether Management Center does not verify the hostname of signed TLS/SSL certificates. Default: false.

hz-mc start -Dhazelcast.mc.disableHostnameVerification=true

hazelcast.mc.disableLoginPeriodMultiplier

MC_DISABLE_LOGIN_PERIOD_MULTIPLIER

Multiplier used for extending the disabled login period in case the failed login attempts continue after the disabled login period expires. Default: 10. See Securing User Sessions.

hz-mc start -Dhazelcast.mc.disableLoginPeriodMultiplier=20

hazelcast.mc.exclude.cipher.suites

MC_EXCLUDE_CIPHER_SUITES

A comma separated list of cipher suites to be excluded from the list of supported ciphers in Management Center. Wildcards are supported.

hz-mc start -Dhazelcast.mc.exclude.cipher.suites=^.*_(MD5|SHA|SHA1)$,^TLS_RSA_.*$,^.*_NULL_.*$

hazelcast.mc.existingKeyStore.path

MC_EXISTING_KEYSTORE_PATH

Path to an existing keystore. You do not have to set this property if you use a Hardware Security Module (HSM). Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.existingKeyStore.path=/path/to/existing/keyStore.jceks

hazelcast.mc.existingKeyStore.pass

MC_EXISTING_KEYSTORE_PASS

Password for the keystore. You do not have to set this property if you use a Hardware Security Module (HSM) that provides another means to access the keystore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.existingKeyStore.pass=somepass

hazelcast.mc.existingKeyStore.type

MC_EXISTING_KEYSTORE_TYPE

Type of the keystore. Default: JCEKS.

hz-mc start -Dhazelcast.mc.existingKeyStore.type=JCEKS

hazelcast.mc.existingKeyStore.provider

MC_EXISTING_KEYSTORE_PROVIDER

Provider of the keystore. If you use a Hardware Security Module (HSM), specify the class name of your HSM’s java.security.Provider` implementation. Default: System provider.

hz-mc start -Dhazelcast.mc.existingKeyStore.provider=com.yourprovider.MyProvider

hazelcast.mc.failedAttemptsBeforeDisableLogin

MC_FAILED_ATTEMPTS_BEFORE_DISABLE_LOGIN

Number of failed login attempts that Management Center allows before disabling logins. Default: 3. See Securing User Sessions.

hz-mc start -Dhazelcast.mc.failedAttemptsBeforeDisableLogin=1

hazelcast.mc.forceLogoutOnMultipleLogin

MC_FORCE_LOGOUT_ON_MULTIPLE_LOGIN

Whether Management Center forces users to log out when other users try to log into the same account. Default: false. See Securing User Sessions.

hz-mc start -Dhazelcast.mc.forceLogoutOnMultipleLogin=true

hazelcast.mc.forwarded.requests.enabled

MC_FORWARDED_REQUESTS_ENABLED

Whether Management Center reads X-Forwarded-* headers from reverse proxies. Default: true.

hz-mc start -Dhazelcast.mc.forwarded.requests.enabled=false

hazelcast.mc.healthCheck.enable

MC_HEALTH_CHECK_ENABLED

Whether the /health endpoint is enabled on port hazelcast.mc.http.port + 1. Default: false. This endpoint is always served over HTTP, regardless of any TLS/SSL settings. This endpoint responds with 200 OK HTTP status code if Management Center is running.

hz-mc start -Dhazelcast.mc.healthCheck.enable=true

In this example, the health check would be available at http://localhost:8081/health.

hazelcast.mc.healthCheck.port

MC_HEALTH_CHECK_PORT

The port on which the /health endpoint is exposed. Default: hazelcast.mc.http.port + 1.

hz-mc start -Dhazelcast.mc.healthCheck.port=2000

hazelcast.mc.home

MC_HOME

Home directory where metrics, executed SQL queries, and configuration settings are saved. See Configuring Management Center.

hz-mc start -Dhazelcast.mc.home=/home/management-center

hazelcast.mc.hostAddress

MC_HOST_ADDRESS

Network address that Management Center is reachable on. Default: 0.0.0.0 (all network interfaces).

hz-mc start -Dhazelcast.mc.hostAddress=127.0.1.1

hazelcast.mc.http.port

MC_HTTP_PORT

HTTP port for Management Center. Default: 8080.

java hazelcast.mc.http.port=80

In this example, the URL for Management Center would be \http:localhost:80.

hazelcast.mc.include.cipher.suites

MC_INCLUDE_CIPHER_SUITES

A comma separated list of cipher suits to be included in the list of supported ciphers in Management Center. Wildcards are supported.

hz-mc start -Dhazelcast.mc.include.cipher.suites=^SSL_.*$

hazelcast.mc.initialDisableLoginPeriod

MC_INITIAL_DISABLE_LOGIN_PERIOD

Initial duration for the disabled login period in seconds. Default: 5. See Securing User Sessions.

hz-mc start -Dhazelcast.mc.initialDisableLoginPeriod=50

hazelcast.mc.jmx.enabled

MC_JMX_ENABLED

Whether the clustered JMX service is enabled. Default: false. See Clustered JMX.

hz-mc start -Dhazelcast.mc.jmx.enabled=true

hazelcast.mc.jmx.host

MC_JMX_HOST_NAME

Hostname/IP address of the JMX host machine. This is used by the JMX client to connect back into JMX, so the given host must be accessible from the host machine that runs the JMX client. Default: Server’s hostname.

hz-mc start -Dhazelcast.mc.jmx.host=127.0.0.1

hazelcast.mc.jmx.mutualAuthentication

MC_JMX_SSL_MUTUAL_AUTH_ENABLED

Whether mutual authentication is enabled for the JMX interface. Default: false.

hz-mc start -Dhazelcast.mc.jmx.ssl.mutualAuthentication=false

hazelcast.mc.jmx.port

MC_JMX_PORT

Port on which the clustered JMX service is exposed. Default: 9999.

hz-mc start -Dhazelcast.mc.jmx.port=9000

hazelcast.mc.jmx.rmi.port

MC_JMX_RMI_PORT

Port on which the Java process that you want to monitor listens for incoming connections from the client (Remote management applications) such as JConsole . For monitoring a local Java process, there is no need to specify the JMX RMI port number. Default: 9998.

hz-mc start -Dhazelcast.mc.jmx.rmi.port=9001

hazelcast.mc.jmx.ssl.enabled

MC_JMX_SSL_ENABLED

Whether TLS/SSL is enabled for communication between the JMX interface and JMX clients. Default: false.

hz-mc start -Dhazelcast.mc.jmx.ssl.enabled=true

hazelcast.mc.jmx.ssl.protocol

MC_JMX_SSL_PROTOCOL

The standard name of the requested SSL protocol. Default: TLS.

hz-mc start -Dhazelcast.mc.jmx.ssl.protocol=SSLv3

hazelcast.mc.jmx.ssl.keyStore

MC_JMX_SSL_KEY_STORE_TYPE

Path to a keystore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.jmx.ssl.keyStore=/some/dir/selfsigned.jks

hazelcast.mc.jmx.ssl.keyStorePassword

MC_JMX_SSL_KEY_STORE_PASSWORD

Password for the keystore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.jmx.ssl.keyStorePassword=myPassword

hazelcast.mc.jmx.ssl.trustStore

MC_JMX_SSL_TRUST_STORE

Path to a truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.jmx.ssl.trustStore=/some/dir/truststore

hazelcast.mc.jmx.ssl.trustStoreType

MC_JMX_SSL_TRUST_STORE_TYPE

Type of the truststore. Default: JKS.

hz-mc start -Dhazelcast.mc.jmx.ssl.trustStoreType=DKS

hazelcast.mc.jmx.ssl.trustStorePassword

MC_JMX_SSL_TRUST_STORE_PASSWORD

Password for the truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.jmx.ssl.trustStorePassword=myPassword

hazelcast.mc.jmx.ssl.trustManagerAlgorithm

MC_JMX_SSL_TRUST_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. System default is used if none is provided. You can find out the default by calling the javax.net.ssl.TrustManagerFactory#getDefaultAlgorithm method.

hz-mc start -Dhazelcast.mc.jmx.ssl.trustManagerAlgorithm=SunX509

hazelcast.mc.jmx.ssl.keyStoreType

MC_JMX_SSL_KEY_STORE_TYPE

Type of the keystore. Default: JKS.

hz-mc start -Dhazelcast.mc.jmx.ssl.keyStoreType=JKS

hazelcast.mc.jmx.ssl.keyManagerAlgorithm

MC_TLS_KEY_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. You can find out the default by calling the javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm method. Default: System default.

hz-mc start -Dhazelcast.mc.jmx.ssl.keyManagerAlgorithm=SunX509

hazelcast.mc.ldap.timeout

MC_LDAP_CONN_TIMEOUT

Timeout in milliseconds for Active Directory and LDAP search queries. Default: 3000.

hz-mc start -Dhazelcast.mc.ldap.timeout=4000 \

hazelcast.mc.ldap.ssl.protocol

MC_LDAP_SSL_PROTOCOL

The standard name of the requested SSL protocol for LDAP connection. Default: TLS.

hz-mc start -Dhazelcast.mc.ldap.ssl.protocol=SSLv3 \

hazelcast.mc.ldap.ssl.keyStore

MC_LDAP_SSL_KEY_STORE

Path to a keystore for LDAP SSL connection. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ldap.ssl.keyStore=/some/dir/selfsigned.jks \

hazelcast.mc.ldap.ssl.keyStoreType

MC_LDAP_SSL_KEY_STORE_TYPE

Type of the keystore. Default: JKS.

hz-mc start -Dhazelcast.mc.ldap.ssl.keyStoreType=JKS \

hazelcast.mc.ldap.ssl.keyStorePassword

MC_LDAP_SSL_KEY_STORE_PASSWORD

Password for the keystore for LDAP SSL connection. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ldap.ssl.keyStorePassword=myPassword \

mc.ldap.ssl.keyManagerAlgorithm

MC_LDAP_SSL_KEY_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. Default: System default.

hz-mc start -Dmc.ldap.ssl.keyManagerAlgorithm=SunX509 \

hazelcast.mc.ldap.ssl.trustStore

MC_LDAP_SSL_TRUST_STORE

Path to the truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ldap.ssl.trustStore=/some/dir/truststore \

hazelcast.mc.ldap.ssl.trustStorePassword

MC_LDAP_SSL_TRUST_STORE_PASSWORD

Password for the truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ldap.ssl.trustStorePassword=myPassword \

hazelcast.mc.ldap.ssl.trustStoreType

MC_LDAP_SSL_TRUST_STORE_TYPE

Type of the truststore. Default: JKS.

hz-mc start -Dhazelcast.mc.ldap.ssl.trustStoreType=DKS \

mc.ldap.ssl.trustManagerAlgorithm

MC_LDAP_SSL_TRUST_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. Default: System default.

hz-mc start -Dmc.ldap.ssl.trustManagerAlgorithm=SunX509 \

hazelcast.mc.ad.ssl.protocol

MC_AD_SSL_PROTOCOL

The standard name of the requested SSL protocol for AD connection. Default: TLS.

hz-mc start -Dhazelcast.mc.ad.ssl.protocol=SSLv3 \

hazelcast.mc.ad.ssl.keyStore

MC_AD_SSL_KEY_STORE

Path to a keystore for AD SSL connection. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ad.ssl.keyStore=/some/dir/selfsigned.jks \

hazelcast.mc.ad.ssl.keyStoreType

MC_AD_SSL_KEY_STORE_TYPE

Type of the keystore. Default: JKS.

hz-mc start -Dhazelcast.mc.ad.ssl.keyStoreType=JKS \

hazelcast.mc.ad.ssl.keyStorePassword

MC_AD_SSL_KEY_STORE_PASSWORD

Password for the keystore for AD SSL connection. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ad.ssl.keyStorePassword=myPassword \

mc.ad.ssl.keyManagerAlgorithm

MC_AD_SSL_KEY_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. Default: System default.

hz-mc start -Dmc.ad.ssl.keyManagerAlgorithm=SunX509 \

hazelcast.mc.ad.ssl.trustStore

MC_AD_SSL_TRUST_STORE

Path to the truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ad.ssl.trustStore=/some/dir/truststore \

hazelcast.mc.ad.ssl.trustStorePassword

MC_AD_SSL_TRUST_STORE_PASSWORD

Password for the truststore. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.ad.ssl.trustStorePassword=myPassword \

hazelcast.mc.ad.ssl.trustStoreType

MC_AD_SSL_TRUST_STORE_TYPE

Type of the truststore. Default: JKS.

hz-mc start -Dhazelcast.mc.ad.ssl.trustStoreType=DKS \

mc.ad.ssl.trustManagerAlgorithm

MC_AD_SSL_TRUST_MANAGER_ALGORITHM

Name of the algorithm based on which the authentication keys are provided. Default: System default.

hz-mc start -Dmc.ad.ssl.trustManagerAlgorithm=SunX509 \

hazelcast.mc.license

MC_LICENSE

Enterprise license. When this property is set, the license takes precedence over one that is set in the user interface, and you cannot update the license in the UI. For more details about licenses, see See Enterprise Licenses.

hz-mc start -Dhazelcast.mc.license={license key}

hazelcast.mc.lock.skip

MC_LOCK_SKIP

Whether the hz-mc conf tool does not check for an mc.lock file in the home directory. Default: false. See Skipping the Check for a Lock File

hz-mc start -Dhazelcast.mc.lock.skip=true

hazelcast.mc.maxDisableLoginPeriod

MC_MAX_DISABLE_LOGIN_PERIOD

Maximum amount of time for the disable login period. By default, the disabled login period is unlimited.

hz-mc start -Dhazelcast.mc.maxDisableLoginPeriod= \

hazelcast.mc.metrics.persistence.enabled

MC_METRICS_PERSISTENCE_ENABLED

Whether Management Center persists metrics. Default: true. See Historical Metrics.

hz-mc start -Dhazelcast.mc.metrics.persistence.enabled=false

hazelcast.mc.metrics.disk.ttl.duration

MC_METRICS_DISK_TTL_DURATION

Time-to-Live (TTL) in ISO-8601-based durations format for each record in the metrics persistence. Default: P1D (one day). This value must be positive. See Historical Metrics.

hz-mc start -Dhazelcast.mc.metrics.disk.ttl.duration=P2D

hazelcast.mc.metrics.consumer.thread.pool.size

MC_METRICS_CONSUMER_THREAD_POOL_SIZE

Number of threads that are used to consume metrics from cluster members. Default: 2. See Historical Metrics.

hz-mc start -Dhazelcast.mc.metrics.consumer.thread.pool.size=5

hazelcast.mc.metrics.reschedule.delay.millis MC_METRICS_RESCHEDULE_DELAY_MILLIS

Interval in milliseconds that Management Center waits before requesting metrics from cluster members. Default: 1000.

hz-mc start -Dhazelcast.mc.metrics.reschedule.delay.millis=5000

hazelcast.mc.jet.metrics.retentionSecs MC_JET_METRICS_RETENTION_SECS

Interval in seconds that Management Center holds Jet metrics in memory. Default: 3600.

hz-mc start -Dhazelcast.mc.jet.metrics.retentionSecs=7200

hazelcast.mc.phone.home.enabled

MC_PHONE_HOME_ENABLED

Whether Management Center sends usage data to the Hazelcast phone home server. Default: true. See Usage Analytics.

hz-mc start -Dhazelcast.mc.phone.home.enabled=false \

hazelcast.mc.prometheusExporter.enabled

MC_PROMETHEUS_EXPORTER_ENABLED

Whether to expose all metrics to the /metrics endpoint to be consumed by Prometheus. All metrics at the endpoint include the hz_ prefix. Default: false.

hz-mc start -Dhazelcast.mc.prometheusExporter.enabled=true \

hazelcast.mc.prometheusExporter.timestamp.enabled

MC_PROMETHEUS_EXPORTER_TIMESTAMP_ENABLED

Whether to send timestamp of the individual members' metrics to Prometheus. Its default value is true (enabled).

hz-mc start -Dhazelcast.mc.prometheusExporter.timestamp.enabled=false \

hazelcast.mc.prometheusExporter.filter.metrics.included

MC_PROMETHEUS_EXPORTER_FILTER_METRICS_INCLUDED

Metrics to include in the /metrics endpoint. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.prometheusExporter.filter.metrics.included=hz_topic_totalReceivedMessages,hz_map_totalPutLatency \

hazelcast.mc.prometheusExporter.filter.metrics.excluded

MC_PROMETHEUS_EXPORTER_FILTER_METRICS_EXCLUDED

Metrics to exclude from the /metrics endpoint. Default: ' ' (empty).

hz-mc start -Dhazelcast.mc.prometheusExporter.filter.metrics.excluded=hz_os_systemLoadAverage,hz_memory_freeHeap \

hazelcast.mc.prometheusExporter.port

MC_PROMETHEUS_EXPORTER_PORT

Port on which the /metrics endpoint is exposed.

  • Linux and Mac

  • Windows

hz-mc start -Dhazelcast.mc.prometheusExporter.enabled=true \
  -Dhazelcast.mc.prometheusExporter.port=2222
mc-start.cmd -Dhazelcast.mc.prometheusExporter.enabled=true ^
  -Dhazelcast.mc.prometheusExporter.port=2222

In this example, the /metrics endpoint would be available on port 2222: http://localhost:2222/metrics.

hazelcast.mc.rest.enabled

MC_REST_ENABLED

Enable clustered REST endpoints. Default: false.

hz-mc start -Dhazelcast.mc.rest.enabled=true

hazelcast.mc.security.dictionary.minWordLength

MC_SECURITY_DICTIONARY_MIN_WORD_LENGTH

Minimum length that words in the dictionary must contain. Default: 3.

hz-mc start -Dhazelcast.mc.security.dictionary.path=/usr/MCtext/pwd.txt \
     -Dhazelcast.mc.security.dictionary.minWordLength=3 \

hazelcast.mc.security.dictionary.path

MC_SECURITY_DICTIONARY_PATH

Path to a text file that contains words that cannot be included in user passwords.

hz-mc start -Dhazelcast.mc.security.dictionary.path=/usr/MCtext/pwd.txt \

hazelcast.mc.session.timeout.seconds

MC_SESSION_TIMEOUT_SECONDS

Number of seconds that a session can remain inactive before it is invalid and the user must log in again. Default 1800.

hz-mc start -Dhazelcast.mc.session.timeout.seconds=60

hazelcast.mc.state.reschedule.delay.millis

MC_STATE_RESCHEDULE_DELAY_MILLIS

Duration in milliseconds that Management Center waits before requesting metadata from a Hazelcast cluster. Metadata includes a list of all data structures and their configurations. Default: 1000.

hz-mc start -Dhazelcast.mc.state.reschedule.delay.millis=2000

hazelcast.mc.tls.excludeProtocols

MC_TLS_EXCLUDE_PROTOCOLS

A comma separated list of TLS/SSL protocols to be excluded from the list of supported protocols in Management Center.

hz-mc start -Dhazelcast.mc.tls.excludeProtocols=SSLv3

hazelcast.mc.tls.openSsl

MC_TLS_OPEN_SSL

Allow Management Center to use Google’s Conscrypt SSL that is built on their fork of OpenSSL, BoringSSL. Default: false.

hz-mc start -Dhazelcast.mc.tls.openSsl=true

hazelcast.mc.tls.enabled

MC_TLS_ENABLED

Whether TLS/SSL is enabled. Default: false.

hz-mc start -Dhazelcast.mc.tls.enabled=true

hazelcast.mc.tls.keyStore

MC_TLS_KEY_STORE

Path to a keystore.

hz-mc start -Dhazelcast.mc.tls.keyStore=/keys/mc.keystore

hazelcast.mc.tls.keyStorePassword

MC_TLS_KEY_STORE_PASSWORD

Password of the keystore in hazelcast.mc.tls.keyStore.

hz-mc start -Dhazelcast.mc.tls.keyStorePassword=mypassword123

hazelcast.mc.tls.trustStore

MC_TLS_TRUST_STORE

Path to a truststore. If the hazelcast.mc.tls.enabled system property is true and this value is empty, Management Center uses the system JVM’s own truststore.

hz-mc start -Dhazelcast.mc.tls.trustStore=/truststores/mc.truststore

hazelcast.mc.tls.trustStorePassword

MC_TLS_TRUST_STORE_PASSWORD

Password of the truststore.

hz-mc start -Dhazelcast.mc.tls.trustStorePassword=mypassword123

hazelcast.mc.tls.enableHttpPort

MC_TLS_ENABLE_HTTP_PORT

Whether the HTTP port in the hazelcast.mc.http.port system property is redirected to the HTTPS port in the hazelcast.mc.https.port system property.

hz-mc start -Dhazelcast.mc.tls.enableHttpPort=true

hazelcast.mc.tls.mutualAuthentication

MC_TLS_MUTUAL_AUTHENTICATION

Whether clients connected to Management Center are authenticated:

  • REQUIRED: If the client does not provide a keystore or the provided keys are not included in the Management Center’s truststore, the client will not be authenticated.

  • OPTIONAL: If the client does not provide a keystore, it will be authenticated. But, if the client provides keys that are not included in the Management Center’s truststore, the client will not be authenticated.

Default: OPTIONAL.

hz-mc start -Dhazelcast.mc.tls.mutualAuthentication=REQUIRED

hazelcast.mc.useExistingKeyStore

MC_USE_EXISTING_KEY_STORE

Enables use of an existing keystore. Default: false.

hz-mc start -Dhazelcast.mc.useExistingKeyStore=true

hazelcast.mc.sql.max-cell-length MC_MC_SQL_MAX_CELL_LENGTH

Max length of a cell in SQL query result, longer values are truncated. Default: 2048.

hz-mc start -Dhazelcast.mc.sql.max-cell-length=10000

hazelcast.mc.sql.max-row-count MC_MC_SQL_MAX_CELL_LENGTH

Max number of rows returned by SQL batch query. Default: 1000.

hz-mc start -Dhazelcast.mc.sql.max-row-count=10000

hazelcast.mc.websocket.buffer-size HAZELCAST_MC_WEBSOCKET_BUFFER_SIZE

The buffer size of the WebSocket connection MC uses for SQL operations. Default: 5MB.

hz-mc start -Dhazelcast.mc.websocket.buffer-size=10MB

hazelcast.mc.ui.asyncTableThreshold MC_UI_ASYNC_TABLE_THRESHOLD

Tables bigger than the threshold are loaded asynchronously. You can’t sort an asynchronous table. Default: 500.

hz-mc start -Dazelcast.mc.ui.asyncTableThreshold=1000

Client Connection Strategy Configuration

Use the following properties to configure the connection strategy of the Management Center client.

These properties apply to all clients that are started by Management Center.

Table 2. System properties and environment variables for Management Center client
Property Description Example

hazelcast.mc.client.max.backoff.millis

Upper limit of the backoff in milliseconds. Default: 30000. Values must be between 30000 and 600000.

hz-mc start -Dhazelcast.mc.client.max.backoff.millis=486000

hazelcast.mc.client.backoff.multiplier

Factor by which to multiply the backoff after each failed retry. Default: 2. Values must be between 1 and 10.

hz-mc start -Dhazelcast.mc.client.backoff.multiplier=3

hazelcast.mc.client.initial.backoff.millis

Duration in milliseconds that Management Center waits after the first connection failure before retrying. Default: 1000. Values must be between 1000 and 60000.

hz-mc start -Dhazelcast.mc.client.initial.backoff.millis=2000

hazelcast.mc.clientFiltering.modes

Adjusts client filtering modes. Default: ALLOWLIST, DENYLIST. Value must be set of ALLOWLIST and DENYLIST.

hz-mc start -Dhazelcast.mc.clientFiltering.modes=ALLOWLIST