Compliant Product - CA eHealth Network Performance Manager r6.1.2
Certificate Date: 19 May 2010
Validation Report Number: CCEVS-VR-VID10367-2010
Product Type: Network Management
Conformance Claim: EAL2 Augmented with ASE_TSS.2
PP Identifiers: None
CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory
Note that the CC-certified version of the TOE is product code EHDVCP990.
Ensuring IT is not a risk to critical business services can be challenging with the many complexities associated with a large and diverse infrastructure. IT services must be continuously available and operating at acceptable performance levels to support critical business processes. CA eHealth Network Performance Manager (eHealth) 6.1.2 provides the flexibility to manage multi-vendor networks, systems, databases and client/server applications with proactive, real-time analysis, distilling data from disparate sources across all technology silos into clear, predictive and actionable information.
With eHealth.6.1.2, issues can be quickly identified and remediated with one place to manage performance across IT. This allows for service-impacting issues to be avoided and makes administrators in control and better informed on how to plan and prioritize remediation and better allocate resources. eHealth 6.1.2 enables the following infrastructure capabilities:
- Assure the health and availability of business services with centralized, proactive performance management of the IT infrastructure.
- Transform IT operations from reactive to proactive with eHealth 6.1.2 patented algorithms to detect performance anomalies.
- Demonstrate IT business value to executive and business stakeholders with extensive reporting for performance and capacity planning.
With this combined view of voice/data networks, physical/virtual systems, database and client/server applications, IT organizations can ensure that the infrastructure operates at the optimal level to support the organization.
The TOE was evaluated on the following platform:
- IPv6-enabled Sun UltraSPARC-II running Solaris 2.10
- 1.8 GHz CPU
- 4 GB memory
- 200 GB Disk Drive
- eHealth Version 6.1.2
- Apache Web Server version 2.2.3, mod_ssl version 2.2.3, OpenSSL version 0.9.8d (included in eHealth)
In order to access the TOE remotely, a remote workstation equipped with Internet Explorer 8 and Firefox 3.5 was used. Note that Windows 2000 or later is required to run the OneClick for eHealth component. This component is required for management of the TOE.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The CA eHealth 6.1.2 software was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. It has been determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2 augmented with ASE_TSS.2. Validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in April 2010.
eHealth authorization protects the server resources from unauthorized access. The TSF defines a discretionary User Policy which restricts the administrative interfaces a user is allowed to access, what individual pages on those interfaces they are allowed access, and against what elements and groups of elements a user is able to report.
Authentication services are handled internally through passwords. eHealth authentication is the process of determining the end user’s true identity and mapping them to the appropriate privileges. This is enforced by the TOE. User passwords are hashed and stored on the eHealth server’s environmental OS.
The TOE generates audit records for selected security events. Audit records can be used to identify the operations that individual users perform against the TOE.
The TOE periodically polls a set of elements on the Operational Environment network. Elements are initially defined by an administrator instructing the TOE to discover assets located at certain IP addresses. Different elements are generated based on each asset’s device type. Polling utilizes SNMPv1 communications in order to collect performance and behavior metrics on these elements.
The purpose of polling is to provide aggregated data that is then used to generate reports. Reports are used to compare elements against one another and against a time series of their own history in order to determine if any assets on the network are exhibiting abnormal behavior.
Protected Data Transmission
The TOE uses an Apache web-server to support protection of external TOE communication with the users by performing SSL encryption through Apache’s OpenSSL-based cryptographic module (mod_SSL).
Security management is handled via one of two interfaces: the web interface and the OneClickEH interface. End users can use a web browser to generate and query reports. Administrators can use the downloaded OneClickEH executable to configure how the TOE discovers and polls elements. This executable is also used to view audit data on user activity, to modify user accounts, and to define the authorizations of the User Policy.