Share this page
Encryption model
Transparent Data Encryption (TDE)
OpenText Application Quality Management and OpenText Enterprise Performance Engineering are certified to work with Transparent Data Encryption (TDE) for Microsoft and Oracle databases. Implementation of TDE can have an impact on system performance. For details, contact the vendor providing encryption.
Full Disk Encryption (FDE)
Full disk encryption (FDE) is supported for all system components, including database, server, repository server, and client machines. Implementation of FDE can have an impact on system performance. For details, contact the vendor providing encryption.
ALM Encryption
OpenText Application Quality Management crypto capability is used to encrypt sensitive credentials and store them encrypted in the database. Examples of sensitive data include credentials to the database server OpenText Application Quality Management uses, credentials to the LDAP and SMTP servers with which OpenText Application Quality Management integrates, and credentials for machines that contain user data.
OpenText Application Quality Management crypto implementation uses the following security configuration:
JCE crypto source, Symmetric block cipher, 3DES engine, 192 key size
LW crypto source, Symmetric block cipher, AES engine, 256 key size
Password Encryption
User passwords are never stored, only the hash versions are stored.
FAQ
Question
Does OpenText Application Quality Management transmit account passwords in an approved encrypted format?
Answer
It is strongly recommended to enable SSL on the OpenText Application Quality Management and LDAP servers to ensure secured account password transmission.
Question
Does OpenText Application Quality Management store account passwords in approved encrypted format?
Answer
User passwords are not stored at all, only the hash; but internal system passwords are stored in AES 256.
Question
Does OpenText Application Quality Management use the Federal Information Processing Standard (FIPS) 140-2 validated cryptographic modules and random number generator to implement encryption, key exchange, digital signature, and hash functionality?
Answer
The cryptography provider used by OpenText Application Quality Managementis not FIPS validated.
Question
What base product and service authentication methods are provided?
Answer
OpenText Application Quality Management can be configured to support one of the following authentication methods: user name and password, LDAP authentication, smartcard, and external authentication. For details, see the External Authentication Configuration Guide.
Question
Is SSO (Single Sign On) supported?
Answer
Yes, based on the third-party SSO provider, such as Siteminder. For details, see the External Authentication Configuration Guide.
Question
Does OpenText Application Quality Management integrate with Identity Management (via API or AD) for system and product users?
Answer
OpenText Application Quality Management integrates with IDM-SSO providers, such as Siteminder, where a remotely authenticated user name is passed in the header. This requires a separate configuration. For details, see the External Authentication Configuration Guide.
Question
Are there any default vendor-supplied passwords or other security parameters embedded in OpenText Application Quality Management?
Answer
Yes, but the defaults can be replaced by configuration.
