There must be a single CIA repository, containing the account and security policy information from all instances of CA ACF2 and CA Top Secret across an enterprise. This CIA repository can be hosted on any LPAR in the enterprise and can reside in a CA Datacom/AD MUF or in a DB2 subsystem.
Important! We recommend that the CA Datacom/AD MUF or DB2 subsystem be dedicated to the CIA repository. This recommendation helps to ensure that there is no unauthorized access to the security information contained in the repositories.
No integrity issues exist when the CIA repository and the CA Compliance Manager repositories reside on the same LPAR in a single CA Datacom/AD MUF or DB2 subsystem. However, if the CA Compliance Manager Warehouse repository is recording a high volume of security events, hosting the repositories in a single CA Datacom/AD MUF or DB2 subsystem is not recommended.
The CA Chorus server also includes a repository contained in CA Datacom/AD. When the CIA repository is on the same LPAR, DO NOT place the CIA repository in the same CA Datacom/AD as the CA Chorus server repository. This set up creates the potential security exposures discussed in the Important note.
When the CA Compliance Manager repositories or CIA repository resides in a CA Datacom/AD MUF, an instance of the CA Datacom Server is required for the CA Datacom/AD MUF. CA Chorus uses the CA Datacom Server to access the information from the repositories.
Follow these steps:
Note: This information is required during the CIA real-time implementation process.
Note: This information is required during the CIA real-time implementation process.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|