Security is a critical concern in the world of large-scale distributed networks. Therefore, the Service Assurance Manager provides several means by which administrators can set up security and control access to the system. This includes:

  • User rights and privileges, including client authentication

  • Encryption of passwords in files

  • Encryption of communication channels

  • Support for FIPS 140-2

    An administrator can place access restrictions on certain console operations by applying user profiles. Each user should be associated with a profile that defines the appropriate level of access control (rights and privileges) for their position and job responsibilities.

    Client/server connections are controlled on both the client and server sides of the system. The system is secured using authentication records and by assigning connection privileges on the server side. When a client initiates a connection to a server, the client must supply appropriate authentication to the server before the connection (as defined by the connection privileges) is permitted.

    For added protection, authentication and other passwords are encrypted in the files that store them.

    Communication channels (that is, TCP connections made through Remote API) between servers, brokers, and adapters can also be encrypted. Instead of passing information as clear text, these components’ communications can be encrypted using either a site secret, the Diffie Helman-Advanced Encryption Standard (DH-AES), or both. For new installations, encryption by DH-AES is enabled by default between processes that support encryption.

    The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard governing cryptographic modules. FIPS 140 is required for any software purchased by the U.S government and U.S military. This release specifically addresses U.S Government accounts which require FIPS 140 compliance.

    A configuration parameter, SM_FIPS140, has been introduced for FIPS 140 in the runcmd_env.sh file. The SAM administrator can enable or disable this parameter as required. The default value of this parameter is FALSE.

    The VMware Telco Cloud Service Assurance Installation Guide for SAM, IP, and ESM Managers provides additional information on FIPS 140-2.

    The System Administration Guide contains additional information about securing access to applications. The Service Assurance Manager Configuration Guide includes additional information about restricting access to certain Global Console operations.