Release Automation

  • Private Community

  • 1.  CA-RA middleware handling? (Java Runtime, Tomcat...)

    Posted Mar 07, 2017 10:33 AM

    Hey everyone,

     

    I was wondering if there is a list of the middleware that is being installed with CA Release Automation on management and execution server and the agents, like the java runtime and I think a tomcat comes with it as well.

     

    Also I would like to know, if it is possible to use own versions of this middleware or if always the one should be used that is shipped with the installer?

     

    I'm asking this because of a security audit. So what would for example happen if the middleware had a security issue and needed to be patched, will there be a patch for CA Release Automation or would we need to update the middleware on our own to fix it?

     

    Thanks

     

    best regards

    Michael



  • 2.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Broadcom Employee
    Posted Mar 07, 2017 06:12 PM

    Off the top of my head, the only secondary software that RA comes with is Java (agent), Nexus (NAC), and Apache (NAC). 



  • 3.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Posted Mar 08, 2017 01:49 AM

    Hi James,

     

    thanks for the feedback. any idea how security issues would be handled? so lets say there is an issue with the java version that is being shipped with the agents. will CA send out a notification and a patch or will the customers have to look for the security patch on java side themselves?

     

    I currently assume that CA would handle it, but I'm not sure

     

    best regards

    Michael



  • 4.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Broadcom Employee
    Posted Mar 09, 2017 09:50 AM

    That I am unsure of, as that would be a question for development. 

     

    Jacky_Mahadab - Do you know how we would handle such a situation?  I have not encountered this scenario before myself, so I'm unsure exactly what our protocol would be. 



  • 5.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)
    Best Answer

    Posted Mar 09, 2017 12:11 PM

    As I know ,any components that shipped by CA (Like agent jre, tomcat etc...) should be handle by CA ,

    e.g we already replaced the tomcat version few times to enhance NAC/NES security  ,same goes for certifications 



  • 6.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Posted Mar 10, 2017 01:32 AM

    Hi Jacky,

     

    thanks

     

    do you also have input if it is possible to replace this middleware with our own versions?

     

    I know that changing the Nexus to another Repository is no problem, but what about Tomcat, Java Versions etc., so that we for example could use versions that have been approved by our security.

     

    We probably won't do it, but I need to know if the possibility would be there. I would believe though, that it requires some nasty config changes to achieve that, especially with the java version of the agents.

     

    best regards

    Michael



  • 7.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Posted Mar 10, 2017 02:03 AM

    You shouldn't replace components unless it was certified and approved by CA.



  • 8.  Re: CA-RA middleware handling? (Java Runtime, Tomcat...)

    Posted Mar 10, 2017 02:04 AM

    perfect, thanks a lot Jacky