Keep the Java Virtual Machine (JVM) up to date with the latest patches.
Run the most recent major release of the JVM that the PingDirectory software supports because it can offer support for additional security features that are not available in older versions.
In some cases, you might want to run the PingDirectory software on a standalone JVM installation rather than one provided through the operating system’s package management system. This might not be necessary when using the DevOps configuration-as-code practice because the process of updating the JVM or applying operating system patches typically involves spinning up a new container using the updated software. However, if you use a more traditional deployment model in which the software is installed on long-lived systems that are updated over time, then relying on a JVM provided by the operating system vendor might cause it to be updated unexpectedly. By maintaining a dedicated Java installation for the PingDirectory software, you have better control over when the JVM is updated and the specific version that is in use.
Maintain a support contract with your JVM vendor to ensure that they will be able to assist with any issues that you encounter in the Java runtime itself.