Security requirements for production and non-production integration environments can be different. The default security configuration in Integration Server is meant for local development or testing purposes and not for environments where security is critical. To address this concern, Integration Server provides security profiles.

A security profile is a predefined set of security settings with values applicable to a specific type of environment. Integration Server provides two security profiles, DEV and PROD. The DEV security profile provides a relaxed security configuration and is meant for development purposes. It is also a replica of the default security settings in Integration Server. The PROD security profile provides a strict security configuration meant to mitigate security risks in production environments. To review the differences between the two profiles, see Differences Between Security Profiles.

By enabling a security profile, you can secure your integration environment right from server start-up, ensuring protection before active use. Additionally, using a security profile minimizes the manual effort of configuring individual security settings.

An environment-variable-based mechanism is provided to enable a security profile for your Integration Server. For information on how to enable a security profile, see Enabling a Security Profile. Before enabling a security profile or switching between profiles for an environment, review the differences between the security profiles and assess the impact on your integrations to ensure minimal disruption. For more information, see Impact Analysis of Using a Security Profile.