Service Virtualization

Question about CA Service Virtualization (v9.5) ACL system, docops does not have any information:

If possible, an internal CA Service Virtualization architecture document would be very helpful, which can show all the protocols that are used by the ACL system for connections to all the internal and external components:

- ACLs to the database (hopefully JDBC ???);

- DevTest Portal to ACL (HTTP/S???);

- DevTest Workstation to ACL (HTTP/S???)

I have created a base diagram (attached - client details deleted) to capture the CA Service Virtualization components at a high level.

This is basically required to get security architecture accreditation for a client.

Any help would be much appreciated.

It is only the  registry component that handles the authorization of users using the devtest environment.  If the user logs into the portal or the workstation,  then the authentication will take place and the authorization will then be handled from the registry.  Different components do not handle ACL authorization,  but are brokered through our internal messaging bus (activemq)

ACL's are managed in the Registry's database via JDBC.

Hope this addresses your question.

Thanks Joe. Just wanted to be clear on your statement that "then the authentication will take place"? Which component handles the authentication? According to docops ("Access to DevTest Workstation or DevTest Portal is not possible without authenticating against the ACL system." link: Access Control (ACL) - DevTest Solutions - 9.5 - CA Technologies Documentation).

So I think, based on your comments and the above link, logging into the portal and workstation is handled by the registry and registry uses the ACL system to authenticate and authorize.

Any comments, anyone would be very helpful.