You can now store sensitive keys either in the database or in an HSM. Currently, you can store the various encryption keys and the CA Strong Authentication Server listener SSL key in the HSM. The following table lists the requirements for the supported HSM modules.
|
HSM Module |
Java Cryptography Extension (JCE) |
PKCS #11 |
|---|---|---|
|
Thales nCipher netHSM (or nCipher netHSM) |
JCE framework provided with the 32-bit versions of JDK 5.0, JDK 6.0, and JDK 7.0 |
pkcs11v2.01 |
|
SafeNet High Availability HSM (or Luna HSM) |
Note: The decision to use and configure an HSM, if required, must be made while you are still in the planning and preparation stages. Otherwise, you will need to re-initialize the database later, because all your current encryption would use keys in software.
The following sections provide information about software requirements:
The following table lists the minimum software requirements for installing CA Strong Authentication and CA Risk Authentication on Solaris.
Note: For all third-party software mentioned in the following table, it is assumed that the higher versions are compatible with the specified supported version.
|
Software Type |
Version |
|---|---|
|
Operating System |
Solaris 10 |
|
Patches |
Latest patches Access latest patches at http://sunsolve.sun.com. Click the Patches and Updates link, click the Patch Cluster & Patch Bundle Downloads link, and under Solaris Patch Clusters expand the Recommended Patch Clusters to display the Solaris 10 SPARC 05/08 Patch Bundle entries. |
|
Database Server
|
|
|
|
|
|
|
|
|
JDBC Drivers (JARs) Important! It is recommended that the JDBC JAR version is same as or higher than your database server version. |
The JDBC driver version that is compatible with your database.
|
|
Directory Server |
The following Directory Servers are supported:
|
|
Application Server |
The following Application Servers are supported:
Important! If you are planning to use WebSphere 6.1, then ensure that you apply the 6.1.0.41: WebSphere Application Server V6.1 Fix Pack 41 and 6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server.
|
|
The JVM Memory Settings (Heap Size) for the application server must be a minimum of 512 MB or higher to support User Data Service (UDS) deployment. Note: If you plan to create organizations in the LDAP repository with a large user base (for example, 100,000 users), then it is recommended that you increase the heap size to at least 1 GB.
To set the heap size to 512 MB, use the -Xmx512M JVM memory setting. To set the heap size to 1 GB, use the -Xmx1024M JVM memory setting. Do not use the -Xms parameter when you set the JVM memory setting. |
|
|
JDK Note: If you perform a fresh installation of JDK, then include the new path in the JAVA_HOME environment variable, and ensure that the application server uses the same JAVA_HOME. If you fail to do so, then the Administration Console and other JDK-dependent components may fail to start. |
The JDK version that is best compatible with the Application Server that you are using:
Important! <JROCKIT_HOME>/jre/bin/ must be included in PATH environment variable. In addition, This change in the PATH variable must be effective before you start the WebLogic application server. |
|
Web Service Clients |
The following clients are supported:
|
|
Browsers |
The following Web browsers are supported:
|
The following table lists the minimum software requirements for installing CA Strong Authentication or CA Risk Authentication on Red Hat Enterprise Linux.
Note: For all third-party software mentioned in the following table, it is assumed that the higher versions are compatible with the specified supported version.
|
Software Type |
Version |
|---|---|
|
Operating System |
|
|
Update |
Update 1 and higher |
|
Patches |
Latest patches Access the latest patches at http://www.redhat.com. Log in to your account, download the latest updates and patches, and apply them as needed. |
|
Database Server
|
|
|
|
|
|
|
|
|
JDBC Drivers (JARs) Important! It is recommended that the JDBC JAR version is same as or higher than your database server version. |
The JDBC driver version that is compatible with your database.
|
|
Directory Server |
The following directory servers are supported:
|
|
Application Server |
The following Application Servers are supported:
Important! If you are planning to use WebSphere 6.1, then ensure that you apply the 6.1.0.41: WebSphere Application Server V6.1 Fix Pack 41 and 6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server.
|
|
The JVM Memory Settings (Heap Size) for the application server must be a minimum of 512 MB or higher to support User Data Service (UDS) deployment. Note: If you plan to create organizations in the LDAP repository with a large user base (for example, 100,000 users), then it is recommended that you increase the heap size to at least 1 GB.
To set the heap size to 512 MB, use the -Xmx512M JVM memory setting. To set the heap size to 1 GB, use the -Xmx1024M JVM memory setting. Do not use the -Xms parameter when you set the JVM memory setting. |
|
|
JDK Note: If you perform a fresh installation of JDK, then include the new path in the JAVA_HOME environment variable, and ensure that the application server uses the same JAVA_HOME. If you fail to do so, then the Administration Console and other JDK-dependent components may fail to start. |
The JDK version that is best compatible with the Application Server that you are using:
Important! If you are using JRockit, then ensure that <JROCKIT_HOME>/jre/bin/ must be included in PATH environment variable. In addition, This change in the PATH variable must be effective before you start the WebLogic application server. |
|
Web Service Clients |
The following clients are supported:
|
|
Browsers |
The following Web browsers are supported:
|
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|