search cancel

Confirmation of Impact with new Windows server settings for Windows IIS web server

book

Article ID: 203072

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

Hi Team,

As part of mandatory best practices from our Windows team, we have to make the below settings to our Data Masking servers in Dev and then prod. Please review the settings and suggest if these can cause any impact to the FDM (Fast Data Masker) that we are using. Also, please help us understand if there is any tool/link where we can check such information in future? Thank you.

  • 1.1      All content to be installed under <Non System Drive>:\inetpub\<feature>

Execute: à In this server Default website(inetpub) and TDoDWeb site are in C drive please move it and map it in IIS manager to F: drive. Actual Value: 'VDIR "Default Web Site/" (physicalPath:%SystemDrive%\inetpub\wwwroot) VDIR "TDoDWeb/" (physicalPath:C:\Grid-Tools\TDoD\TDOD_WebUI)' ; Policy Value:  'physicalpath:(\%systemdrive\%|c:)'

 

  • 1.3      Configure ?Application Pool? Identity? for all application pools

Execute: à Change identity of application pool to Application pool identity instead of Network services

  • 2.2      Configure ?forms authentication? to set to use cookies

Execute: à Mode of Forms Authentication should be set to use cookies

5.2.1      Configure ?forms authentication? to set to use require SSL

Execute: à check the Require SSL checkbox in Forms authentication

  • 1.5      Configure Anonymous user identity to use Application pool identity

Execute: à Change Anonymous user identity to use Application pool identity instead of any specific user id (default is IUSR)

 

  • 6.3      Disable RC4 Cipher Suites

Execute: à Disable this in registry with the script provided in the doc

 

  • 5.5      Enable TLS 1.2

Execute: à Enable this in registry with the script provided in the doc

 

  • 5.4  Disable TLS 1.1

Execute: à Disable this in registry with the script provided in the doc

 

  • 3.6      Ensure ?HTTP trace method? is disabled

Execute: à Deny TRACE verb in IIS manager

 

  • 7          TLS Cipher Suite Ordering

Execute: à Registry change with the script provided in the doc

Environment

TDM Portal  4.9.X

Component : CA Test Data Manager

Cause

NA

Resolution

I am glad to say I was able to answer your question today on the WebEx.

Below is a recap of what we talked about today.
1) Fast Data Masker(FDM) and Test Data Maker do not use windows IIS out of the box.
2) The Test Data Maker Product does not expect or require IIS to be installed on its servers.
3) the changes you have provided are all for the Windows IIS web server.
4) if this Web server is installed and these changes are made this will not impact The TDM product.
5) Having the IIS web server installed MAY lead to a port conflict but this can be corrected with an simple configuration change either for IIS or the TDM produce.

As the questions for this case have been provided I will plan to close this case at COB on Wednesday should I not hear back from you on this issue.