Security Concept
The Automation Engine, its components and its plug-ins control and process key data across platforms within your company. For this reason, providing secure systems is a top priority at CA Automic. Designed with this in mind, Automic Automation relies on a solid architecture and is equipped with many security features to protect the system. As a system administrator in charge of the security, these topics provide you with a description of the security concept and detailed instructions to help you make the most of it.
Security measures are implemented at various levels. This topic gives you an overview of them and provides links to the detailed descriptions.
-
The multitenant, centralized architecture consists of multiple self-contained units with limited functionality that communicate over a safe network.
-
Network Communication and Encryption
The communication between the Automation Engine and the Agents, including API calls, is natively encrypted using AES.
All user-facing components and APIs support TLS v1.2. They are:
- Automic Web Interface
- Automic Continuous Delivery Automation
- API Endpoints
- Proxy Client/Server
- Analytics Backend (Kafka, Zookeeper, Rule Engine)
-
To avoid man-in-the-middle attacks and confidentiality breaks, you can choose between three authentication methods. They ensure that the identity of the communication partners (the Automation Engine and the Agents) is authenticated.
-
Easy-to-use tools let you manage company-wide credentials and passwords.
-
Access to objects, folders, reports, execution data, etc. is subject to authorization. The Automation Engine offers multiple control mechanisms at various levels that include:
- Data (objects, users) and Client allocation.
- Permission to access functions.
- User access to specific objects.
- ACL aggregation.
-
Approvals
Approvals introduce the 4-eye principle, requiring an additional confirmation by users or user groups with a specific right assigned to their definitions. Certain activities and executions can only be released if they have undergone this additional security measure.
-
The Automation Engine is completely revision secure and provides audit reports for all activities within the system.
After reading these topics you can start configuring your system to reap the benefits of the security concept. For more information, see System Hardening.