This chapter explains the security features of Oracle Communications ASAP. See ASAP System Administrator's Guide for more information on the ASAP security functionality.
ASAP uses the LDAP server included with the WebLogic Server software to manage default ASAP users, groups, roles, and methods. For more information about this embedded LDAP server, see the WebLogic Server documentation.
During the ASAP installation process, the ASAP installer creates default ASAP users, groups, roles, and methods in the embedded LDAP authentication provider included with the ASAP WebLogic server. You can use this authentication provider to configure the default ASAP users, groups, roles, and methods, or add, delete, or modify your own users, groups, roles, and methods.
ASAP also supports external LDAP provides, such as the Oracle Internet Directory.
ASAP supports only the default WebLogic server myrealm security realm. Using security realms other than myrealm, disabled all ASAP WebLogic-based features.
ASAP administrators can configure user password policies through the WebLogic Administration Console and the password policy utility page. For more information, see ASAP System Administrator's Guide.
Secure data must be stored in a secure location and distributed to authorized users. The ASAP security system governs how secure data is managed and ASAP diagnostics files are secured. This security system includes:
Secure Data Storage: The ASAP security administrator pre-defines the nature and accessibility of secure data for each ASAP server. Class A secure data is stored in the CSF wallet during the initial ASAP installation procedures. For more information, see ASAP Installation Guide.
Secure Data Encryption: The CSF wallet encrypts all data contained in it and obtained from it. In addition, the CSF wallet file (cwallet.sso) has restricted access permissions. Many ASAP utilities and scripts use the passwords contained in the CSF wallet.
NE credentials (also called custom secure class B data) used primarily by NEPs to establish network connections to NEs must be stored in a secure location and distributed to authorized users. An ASAP administrator can store NE credentials using ASAP APIs or the command line ASAP security tool (asap_security_tool).
The ASAP security tool supports the following features to protect NE credentials:
Secure Data Storage: An administrator can use the ASAP security tool to create NE credentials and store these credentials in a central repository on the Control server. The Control server distributes these credentials to NEPs and Java-enabled NEPs (JNEPs).
ASAP stores NE credentials in the Control server in the tbl_classB_secu database table.
Secure Data Encryption: The Control server uses a symmetric secret key encryption method to achieve data confidentiality for custom secure data.
Key Distribution: The Control server acts as a key distribution server, and distributes custom secure data to every ASAP server during provisioning. To acquire custom secure data, ASAP servers use a pre-defined key distribution protocol.