Chat now with support
Chat with Support

Foglight for Virtualization Enterprise Edition 8.9 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Credentials for Foglight users

When an internal Foglight® user account is created, the user's password is hashed with the MD5 algorithm and the resulting digest is stored in the Foglight database. User passwords are therefore not stored anywhere, in encrypted or in clear text form.

LDAP credentials

LDAP server passwords are encrypted with Triple DES. A default 112-bit Triple DES encryption key is used in all cases of installations of Foglight®. This encryption key is stored in a Java keystore protected by a Foglight master password. Customers have the ability to change the Triple DES encryption key after installation by using Foglight to generate a new key. Quest recommends customers change the default Java keystore password upon the installation of the Management Server.

Management Server repository database credentials

The login credentials for the database administrator account on the Foglight® repository are encrypted in identical fashion as the LDAP credentials, using the same encryption key.

Foglight agent credentials

Foglight® cartridges include agents that require access to service account login credentials on the systems or applications that they monitor. Foglight stores these credentials in the repository database which is protected by access control. Any agent property that is marked as sensitive is masked during display in user interface consoles.

All agent properties are stored encrypted (with Triple DES) in an XML configuration file on the monitored host.

Related Documents