Chat now with support
Chat with Support

Foglight 5.9.7 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

FIPS-compliant mode for Foglight Management Server

Foglight Management Server and Foglight cartridges use the Java Cryptographic Extension and Bouncy Castle Java FIPS library for cryptographic operations.

By default, Foglight Management Server does not operate in FIPS-compliant mode. Foglight still uses the FIPS-validated libraries, but it also allows cryptographic algorithms that are not supported by the FIPS 140-2 standard.

When FIPS-compliant mode is enabled:

To enable FIPS-compliant mode, select FIPS Compliance Mode in FIPS Compliance Settings during installation of Foglight Management Server.

 

FIPS-compliant mode for Foglight Agent Manager

Foglight Agent Manager uses the Java Cryptographic Extension and Bouncy Castle Java FIPS library for cryptographic operations.

Whether the Agent Manager is FIPS-compliant is determined by the Foglight Management Server from which the Agent Manager installer is downloaded. That is to say if the Agent Manager installer is downloaded from an FIPS-compliant Foglight Management Server, the Agent Manager will be configured to be FIPS-compliant automatically, and vice versa.

You can check the value of the property fips.approved.mode.enabled in <fglam_home>/state/default/config/client.config file to see in which mode this Agent Manager is running. If the property is True, it means this Agent Manager is FIPS-compliant, and vice versa. In case the property is not found, it means this Agent Manager is not FIPS-compliant as well.

CAUTION: Do NOT change the value of fips.approved.mode.enabled property, otherwise the Agent Manager won’t work with the Foglight Management Server if their FIPS-compliant modes are inconsistent.

 

When FIPS-compliant mode is enabled:

It is not recommended to enable the ssl-allow-self-signed configuration in FIPS-compliant mode for security consideration.

 

Disclaimer

Quest Software Inc. has made every effort to ensure that the information provided in this document is accurate. However, Quest makes no representation about the content and suitability of this information for any purpose. This information may be modified by Quest at any time. Nothing contained herein shall be construed as a warranty, express or implied, regarding the operation of Quest Software Inc. products.

 

Security features for APM appliances

A Foglight® monitoring environment may include one or more physical appliances and/or virtual appliances used for application performance monitoring (APM). This describes the security features present on the appliances.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating