We do need to ensure
1) password complexity standards are adhered to, and
2) idle Oracle database connections are terminated, which means that Harvest will need to detect that the connection has been terminated and re-establish it, and
3) all data in transit must by encrypted.
Release : 13.0.3
Component : CA HARVEST SCM CORE FUNCTIONALITY/PROCESS AUTOMATION
Requirement #1 - Password complexity
Password complexity for LDAP-authenticated users is controlled by LDAP.
For internally authenticated users, the password complexity can be set from the command line utilities, hppolget and hppolset . Hppolget gets the existing default password configuration file. Any complexity can be introduced into this policy and then the policy can be set using hppolset command line formulation.For more details on how to run these utilities, please refer to the below command line utilities docops link.
hppolget link: https://docops.ca.com/ca-harvest-scm/13-0/en/command-reference/get-started-with-ca-harvest-scm-commands/hppolget-command-get-password-policy
hppolset link: https://docops.ca.com/ca-harvest-scm/13-0/en/command-reference/get-started-with-ca-harvest-scm-commands/hppolset-command-set-password-policy
Requirement # 2 - Idle database connections terminated:
There is no provision to determine the idle database connections on Oracle but there is a provision to determine idle server from harvest side and kill it. Idle hservers can be detected and can be set to shutdown after a pre-determined time line. We can use -killperiod to shutdown the idle servers over a period of configured timeline. You can use the -killperiod option to set the server idle time limit (the period of inactivity after which the broker shuts down “temporary” servers.For more details ,please refer to the below link
Topic : How the Broker Manages Server Processes on Windows
Requirement #3 - all data in transit must be encrypted:
Existing Harvest Encryption enablement methods include:
Oracle database encryption on Windows:
If the server is on windows platform ,you may refer to the article below.
Oracle database encryption on Non-windows:
This is possible on Non -windows using the below specified methods
[c]The encryption methods available in datadirect odbc drivers are applicable here
We can add EncryptionMethod=X in the odbc.ini file
X can be of levels 1,2,3,4 and 5
Valid Values 0 | 1 | 3 | 4 | 5
If set to 0 (No Encryption), data is not encrypted.
If set to 1 (SSL), data is encrypted using SSL. If the server supports protocol negotiation, the driver and server negotiate the use of TLS v1, SSL v3, or SSL v2 in that order.
If set to 3 (SSL3), the driver uses SSL3 data encryption.
If set to 4 (SSL2), the driver uses SSL2 data encryption.
If set to 5 (TLS1), the driver uses TLS1 data encryption.
Default 0 (No Encryption)
The CAPKI option is automatic, the rest must be enabled and configured according to your needs.