User guide

What is Eliya?

Eliya JDK is a forensic-grade JVM platform from Asymm Systems, built for compliance-conscious production in regulated industries such as BFSI, healthcare, telecom, and government. It is distributed under GPLv2 with the Classpath Exception, the same licence as upstream OpenJDK.

What Eliya provides

Today (Phase 1). Pre-configured production observability and operational-readiness. A single flag -XX:EliyaProfile=Production activates heap dumps on OOM, native memory tracking, a predictable crash-log path, container support, and exit-on-OOM, and unlocks diagnostic options so Flight Recorder is one step away. Continuous JFR and unified GC logging become defaults in Phase 2. The profile is opt-in, not a coercive policy. See flags reference for the exact capabilities activated.

Phase 2 (next major release, target H2 2026). Local-only bundled diagnostic tooling (Eclipse MAT headless, async-profiler), a FIPS-validated build variant (eliya-jdk-fips) for regulated procurement, capability-flag carve-outs for fine-grained control, macOS aarch64 support (demand-gated), native .deb / .rpm packages.

Phase 3 (target 2027). Asymm Forensics: a JVM diagnostic platform that cross-correlates JFR recordings, heap dumps, thread dumps, GC logs, and crash artifacts to generate compliance-aligned audit reports. Local execution, no SaaS dependency. Windows x64 ships alongside.

Phase 4 (demand-gated). Compliance-aligned profile values (EliyaProfile=PCIDSS, =HIPAA, =SOX, =FedRAMP, =GDPR, =ISO27001, =SOC2) plus combined profiles for industries spanning multiple frameworks (=Healthcare-Payment for PCI DSS + HIPAA, =Financial-SaaS for SOC 2 + ISO 27001, =Federal-Defense for FedRAMP + CMMC). Each profile ships when at least 5 enterprise prospects have signed up with that specific framework requirement. The flag namespace is reserved today; implementations ship as customers ask for them.

Full trajectory and demand-gating mechanics: roadmap.

Across all phases, one principle holds: Eliya runs entirely inside your perimeter. No SaaS dependencies, no telemetry, no phone-home. Diagnostic data (JFR recordings, heap dumps, GC logs, crash artifacts) stays on your hardware. The Phase 2 bundled tools follow the same principle: local execution only.

Why use Eliya instead of Corretto, Temurin, or Zulu?

All four are honest OpenJDK builds. Eliya's distinct contribution is production-grade diagnostic, operational-readiness, and compliance tooling that runs entirely inside the perimeter: Phase 1 (shipped 25.0.3) activates six operational-readiness defaults via -XX:EliyaProfile=Production; later phases add continuous observability (Phase 2), bundled local diagnostic tooling, and compliance framework alignment that few other OpenJDK distributions offer without SaaS dependencies.

Capability Corretto Temurin Zulu Eliya
JDK 25 LTS
TCK-certified binary Phase 2 deliverable1
JFR continuous recording by default - - - ✓ (Phase 2)
Heap dump on OOM by default - - - ✓ (Phase 1)
NMT by default - - - ✓ (Phase 1)
GC logging by default - - - ✓ (Phase 2)
Bundled local diagnostic tooling (MAT, async-profiler) - - - ✓ (Phase 2)
FIPS-validated build variant - - - ✓ (Phase 2)
Compliance-aligned profile flags (PCIDSS, HIPAA, SOX, FedRAMP, …) - - - ✓ (Phase 4, demand-gated)
Quarterly CPU within 2 weeks of upstream typical, no formal commitment typical, no formal commitment typical, no formal commitment ✓ committed
Three-level diagnostic path layout (per-replica audit attribution) - - - ✓ (Phase 1)
Cross-correlation forensic platform (no SaaS) - - - ✓ (Phase 3: Asymm Forensics)
Local execution, no telemetry, no phone-home ✓ (architectural commitment across all phases)

1 TCK conformance is a property of a specific built binary, not of source code. The Eliya binary is its own build and has not yet been run against the TCK separately. The Eliya binary's TCK run, under the OpenJDK Community TCK License Agreement (OCTLA), is a Phase 2 deliverable. See TCK pedigree.

If your team already configures observability flags themselves and has no plans to adopt compliance-aligned profile flags or Asymm Forensics, Eliya offers less marginal value in Phase 1; Temurin or Corretto remains a fine pick. Eliya's strategic value compounds across phases: configured-by-default observability now, bundled local diagnostic tooling next, compliance-aligned profiles when customer demand triggers each framework, and Asymm Forensics when Phase 3 delivers.

Eliya runs alongside APM tools (AppDynamics, Dynatrace, New Relic, Elastic APM, Datadog) via the standard -javaagent: API. For the architectural distinction between observability platforms and forensic-grade JVM artefacts, and the incident-response use cases Eliya addresses that APM structurally cannot, see JVM forensics vs APM. For the vendor-by-vendor JDK comparison, see Choosing a JDK in 2026.

Where to go next

  • Quick start: zero to a running Eliya with operational-readiness defaults in five steps.
  • Flags reference: the precise breakdown of what EliyaProfile=Production activates, with performance impact and override semantics.
  • Integrations: Maven / Gradle toolchains, Kubernetes patterns, service mesh, logging stacks, CI/CD, APM coexistence, cryptographic providers.
  • Roadmap: consolidated Phase 1 to Phase 4 trajectory with demand-gating mechanics.
  • Lessons from production: the four recurring production patterns that motivated these defaults.
user guide
[ } Eliya Eliya Dial Dial
Privacy
[ }
[ }
// PRODUCTS Eliya Eliya Dial Dial
Engineer User Guide Flags reference Diff from upstream asymm CLI Flag architecture Install Migration Operator Downloads Security Lifecycle Verify download Lessons from production Decider FAQ Compare JDKs JVM forensics vs APM Diff from upstream License Release Notes
Privacy Policy © 2026 Asymm Systems