|
|
|
The following CA Enterprise Log Manager features and product interoperations do not support FIPS mode operations:
ODBC and JDBC in CA Enterprise Log Manager relies on an underlying SDK that does not support FIPS mode operations. Administrators of federated networks that require FIPS operations must manually disable the ODBC service on each CA Enterprise Log Manager server. See the section in the Implementation Guide about disabling ODBC and JDBC access to the event log store.
CA Enterprise Log Manager r12.1 SP1 uses CA EEM r8.4 SP3, which is FIPS compatible. Enabling FIPS mode on the CA Enterprise Log Manager server disables the communication between the shared CA EEM and any product that does not support CA EEM r8.4 SP3.
For example, CA IT PAM is not FIPS compatible. If you upgrade your CA Enterprise Log Manager server to FIPS mode, the intergration with CA IT PAM fails.
You can share a CA EEM server between CA Enterprise Log Manager r12.1 SP1 and CA IT PAM r2.1 SP2 and r2.1 SP3 in non-FIPS mode only.
If your CA IT PAM installation is not sharing the same CA EEM server, CA Enterprise Log Manager r12.1 SP1 can run in FIPS mode and it can communicate with CA IT PAM; howvever, those communication channels are not FIPS compatible.
Successful communication with an external user store depends on the following:
Note: FIPS-compatibility is not available when using unencrypted communications between the CA EEM server and the external user store, or when the CA EEM server and user store are in different FIPS modes.
You can send SNMP events using either SNMP V2 or SNMP V3. Both are supported in non-FIPS mode.
If the SNMP Trap Destination server is FIPS enabled you must choose V3 Security and then choose SHA as the authentication protocol and AES as the encryption protocol. You make these choices on the Destination page of the Schedule Action Alerts wizard.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |