×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 19.02 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Remedy Action Request System 19.02 ... Getting started Key concepts Product overview

How Remedy Encryption Security enables secure communication between the client and server

Remedy AR System is also tested with database encryption products from your database vendor to ensure that this connection can be encrypted.

Cryptography protects important data as it passes through an unsecured medium such as, a computer network. The services provided by Remedy Encryption Security are data confidentiality, integrity, and authentication.

Encryption enables the Remedy Action Request System (Remedy AR System) server and its clients to communicate securely over a network by encrypting the messages sent between them. At the beginning of every client and server connection, a key exchange protocol negotiates shared encryption keys between the client and server. These keys encrypt all communication between the client and server, ensuring that the communication is secure and that third parties cannot decipher the messages in transit. The encryption options do not encrypt the communication between the browser and the Remedy Mid Tier. The encryption between the browser and mid tier requires the X.509 certificate to be installed on the mid tier or on the load balancer depending upon your deployment and security requirements. Data encryption is invisible to users.

The Remedy AR System client libraries provide built-in encryption capabilities that can be enabled to secure the connection to the AR System server. Higher levels of encryption are available from BMC if you need stronger encryption. Remedy AR System is also tested with database encryption products from your database vendor to ensure that this connection can be encrypted. The communication between the AR System server and the database are not natively encrypted. The encryption is subject to the capabilities provided by the database vendor. For more information see, https://communities.bmc.com/community/bmcdn/bmc_remedy_ar_system/blog/2017/02/25/trending-in-support-enabling-ssl-encryption-for-ar-to-ms-sql-database-connections-with-91-sp2 and https://communities.bmc.com/community/bmcdn/bmc_remedy_ar_system/blog/2017/06/12/trending-in-support-ssl-encryption-for-ar-to-oracle-connections-with-remedy-91-sp2-and-later.

Remedy Encryption Security includes:

  • Standard security — This level of encryption is built into the Remedy AR System API starting with version 8.1. You do not purchase or install it separately. Its algorithm is 56-bit Data Encryption Standard (DES) using Cipher Block Chaining (CBC) mode. It uses a 512-bit RSA modulus to exchange keys and MD5 MAC to authenticate messages. By default, standard security is disabled. To enable it, see Configuring Remedy Encryption Security.
  • Remedy Encryption Performance Security (Remedy Encryption Performance) — This optional product is installed separately and it provides the following types of encryption:
    • RC4 with a 128-bit key for data encryption and a 2048-bit modulus for the RSA key exchange.
    • AES CBC with a 128-bit key for data encryption and a 2048-bit modulus for the RSA key exchange. It uses SHA-1 for message authentication. This option supports the minimum Federal Information Processing Standard (FIPS) 140-2 encryption requirements. See FIPS encryption options Open link in Remedy ITSM Deployment documentation.
  • Remedy Encryption Premium Security (Remedy Encryption Premium) — This optional product is installed separately and it provides the following types of encryption:
    • RC4 with a 256-bit key for data encryption and a 4096-bit modulus for the RSA key exchange.
    • AES CBC with a 256-bit key for data encryption and a 4096-bit modulus for the RSA key exchange. It uses SHA-1 for message authentication. This option supports premium FIPS 140-2 encryption requirements. See FIPS encryption options Open link in Remedy ITSM Deployment documentation.

    • For more information, see FIPS encryption options (For on-premises only).

To install Remedy Encryption Premium or Remedy Encryption Performance, see Installing BMC Remedy Encryption Security Open link in Remedy ITSM Deployment online documentation. To configure encryption, see Configuring Remedy Encryption Security.

Remedy Encryption Security includes third-party encryption software developed by the OpenSSL Project for use in the OpenSSL toolkit (see http://www.openssl.org/).

Was this page helpful? Yes No Submitting... Thank you
Last modified by Onkar Telkikar on Mar 09, 2020
products servers installation configuration security encryption introduction fips clients

Comments

Log in or register to comment.

How BMC Remedy Email Engine enables email-driven business processes
How BMC Remedy Distributed Server Option manages distributed business requests
© Copyright 1991-2021 BMC Software, Inc. © Copyright 1991-2021 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.