Security reasons the AES encryption is seen as a less stronger

book

Article ID: 195795

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent CA Workload Automation AE

Issue/Introduction

Hi Team,

We have this ask from the security team. 

Security Risk team feel that the same AES encrypted key being used on all non prod agents communicating with the non-prod scheduler is a security breach. They expect each agent to have a specific Encryption key communicating with the scheduler.

A scenario as explained by them.

Server x is the actual Autosys Agent. 

They choose server Y and rename it to have same host name as server x, open firewall, and when the job runs, supposed to run on server x wd have run on server Y which is holding a different application.

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

You can configure each agent to used a different key.

You will then need to generate the encryptkey.txt for the agent using that and the steps as documented in the following URL:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/intelligent-automation/workload-automation-system-agent/11-4/configuring/set-up-security/set-up-security-between-the-agent-and-the-scheduling-manager.html#concept.dita_b2094df60db030f681fcec4abb2b761d98ba4225_SettheEncryptionontheAgentUsingtheKeygenUtility

On the AutoSys Server side, you will need to specify the key to be used in the machine defined for that agent. Please see the documentation of key_to_agent Attribute at the following URL:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP8/reference/ae-job-information-language/jil-machine-definitions/key-to-agent-attribute-specify-the-agent-encryption-key.html

key_to_agent Attribute -- Specify the Agent Encryption Key

The key_to_agent attribute specifies the key used to encrypt data from CA Workload Automation AE to the agent.