Security Concept in CDA
The Automation Engine, its components and its plug-ins control and process key data across platforms within your company. For this reason, providing secure systems is a top priority at CA Automic. Designed with this in mind,
Security measures are implemented at various levels. This topic gives you an overview of them and provides links to the detailed descriptions.
-
CA Automic products have a multi-tenant, centralized architecture consisting of multiple self-contained units with limited functionality that communicate over a safe network.
-
Network Communication and Encryption
The communication between the Automation Engine and the Agents, including API calls, is natively encrypted using AES.
All user-facing components and APIs support TLS v1.2. They are:
- Automic Web Interface
- Continuous Delivery Automation
- API Endpoints
- Proxy Client/Server
- Analytics Backend (Kafka, Zookeeper, Rule Engine)
-
To avoid man-in-the-middle attacks and confidentiality breaks, you can choose between three authentication methods. They ensure that the identity of the communication partners (the Automation Engine and the Agents) is authenticated.
-
Easy-to-use tools let you manage company-wide credentials and passwords.
-
Access to objects, folders, reports, execution data, etc. is subject to authorization. The Automation Engine offers multiple control mechanisms at various levels that include:
- Data (objects, users) and Client allocation.
- Permission to access functions.
- User access to specific objects.
- ACL aggregation.
-
Approvals introduce the 4-eye principle, requiring an additional confirmation by users or user groups with a specific right assigned to their definitions. Certain activities and executions can only be released if they have undergone this additional security measure.
-
The Automation Engine is completely revision secure and provides audit reports for all activities within the system.
After reading these topics you can start configuring your system to reap the benefits of the security concept. See System Hardening for detailed instructions.