Security is a critical concern in the world of large-scale distributed networks. Therefore, the VMware Smart Assurance Service Assurance Manager provides several means by which VMware Smart Assurance administrators can set up security and control access to the system. This includes:
User rights and privileges, including client authentication
Encryption of passwords in files
Encryption of communication channels
Support for FIPS 140-2
An VMware Smart Assurance administrator can place access restrictions on certain console operations by applying user profiles. Each user should be associated with a profile that defines the appropriate level of access control (rights and privileges) for their position and job responsibilities.
Client/server connections are controlled on both the client and server sides of the system. The system is secured using authentication records and by assigning connection privileges on the server side. When a client initiates a connection to a server, the client must supply appropriate authentication to the server before the connection (as defined by the connection privileges) is permitted.
For added protection, authentication and other passwords are encrypted in the files that store them.
Communication channels (that is, TCP connections made through Remote API) between VMware Smart Assurance servers, brokers, and adapters can also be encrypted. Instead of passing information as clear text, these components’ communications can be encrypted using either a site secret, the Diffie Helman-Advanced Encryption Standard (DH-AES), or both. For new installations, encryption by DH-AES is enabled by default between VMware Smart Assurance processes that support encryption.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard governing cryptographic modules. FIPS 140 is required for any software purchased by the U.S government and U.S military. This release specifically addresses U.S Government accounts which require FIPS 140 compliance.
A configuration parameter, SM_FIPS140, has been introduced for FIPS 140 in the runcmd_env.sh file. The SAM administrator can enable or disable this parameter as required. The default value of this parameter is FALSE.
The VMware Smart Assurance Installation Guide for SAM, IP, ESM, MPLS, and NPM Managers provides additional information on FIPS 140-2.
The VMware Smart Assurance System Administration Guide contains additional information about securing access to VMware Smart Assurance applications. The VMware Smart Assurance Service Assurance Manager Configuration Guide includes additional information about restricting access to certain Global Console operations.