CA Access Control
Platform Support FAQ
Date: February, 2011
Purpose: The CA Technologies Security CSU has instituted a new process for certifications to provide customers with certification roadmap dates for CA Technologies security products and to streamline the certification process. This FAQ is designed to help you understand the new process and how it may impact your platform certification requests and needs.
General SLA and Tier Definition Questions
- Q. Where is the SLA Guidelines document posted?
A. The SLA Guidelines are posted on CA Support:
- Q. Where are the Access Control Product Family Tier Definitions posted?
A. The Access Control Product Family Tier Definitions are posted on CA Support:
- Q. Will the Tier 1/Tier 2 definitions ever change?
A. Product Management will review the Tier 1/Tier 2 definitions on a quarterly basis and update the definitions as needed based on., among other things, market and customer demand.
- Q .What happens to certification requests that are not Tier 1 or Tier 2 combinations?
A. Custom certification requests that are not Tier 1 or Tier 2 combinations will be reviewed by Product Management on a case-by-case basis based on enhancement requests (DAR) submitted for consideration.
- Q. What about platform combinations I am currently using that are listed on the support matrices but are not included in the SLA Tier 1 and Tier 2 definitions?
A. The CURRENT releases of such combinations, as of February 2011, will remain on the Access Control support matrices, but subsequent releases of the same combinations will not be added to the support matrices.
Questions Regarding Access Control End-Point Certifications
- Q. Intermediate kernel builds for Linux are not listed on the CA Access Control Compatibility matrix. Are these builds supported by CA?
A. CA certifies every major and minor OS release for Linux. For example, CA provides support for Access Control on RHEL 5.4, RHEL 5.5, SLES 11, SLES 11 SP1, etc. However, CA cannot certify each and every intermediate kernel build due to engineering time and resource constraints. Support for these kernels is provided on an "as is" basis, i.e. customers are encouraged to install Access Control on these systems in a test environment and report any problems to CA support.
- Q. The above explanation on intermediate builds does not discuss production environments. What if customers require specific certification of intermediate kernel builds?
A. If there are specific certification requests for intermediate Linux kernel builds, Product Management will review them on a case-by-case basis based on enhancement requests (DAR) submitted for consideration.
- Q. I am running an older version of CA Access Control. However, I have noticed that the latest OS releases are only certified with the latest GA version of Access Control. Does this mean customers have to upgrade every time a new OS version is released?
A. CA certifies the latest OS releases (e.g. RHEL 6, AIX 7) with the latest GA version of Access Control. If there is a specific request for certification with an older version of Access Control, a test fix can be provided on a case-by-case basis. However, customers are encouraged to upgrade to the latest version of Access Control so that they can be up-to-date on the latest maintenance and service pack levels.
- Q. I do not see any reference to specific combinations of architectures and Operating Systems on the CA Access Control compatibility matrix. For example, does Access Control support AIX 6.1 on the new P7 architecture?
A. Yes, AC does support AIX 6.1 on both P6 and P7 architectures. For the sake of brevity, it is not always possible to report a complete combination of architectures and Operating Systems on the CA Support site. We do make some exceptions when required, but that is generally the exception, not the rule. For further questions, please contact CA Support.
Questions Regarding End-Of-Service (EOS) Announcements
- Q. For how long does CA support a specific release of Access Control?
A. CA generally plans to support a specific release of Access Control for 3 years.
- Q. How long before the intended EOS date for a specific Access Control release does CA send out a notice to customers?
A. CA generally sends out an EOS notification about 12 months prior to the intended EOS date for a specific release of Access Control.
- Q. Does CA provide extended support for releases of Access Control that are announced EOS?
A. Yes, CA does provide such support on a case-by-case basis. Please contact your CA Account Team for pricing and other details.
- Q. My OS Vendor has announced EOS for a specific OS release. Will CA continue to support this OS release with Access Control?
A. CA will accordingly announce EOS for that specific OS release and will not plan to support CA Access Control on that release. Current information about such announcements is made available on the CA Access Control Product Home Page in CA Support under Product Status.
- Q. In the scenario mentioned above, if I decide to enter into an extended service agreement with my OS vendor, will CA then support the particular release with Access Control?
A. You may accordingly have to enter into an extended service agreement with CA to receive continued support for Access Control on that particular release. CA's extended service agreement does not offer support every platform and release, so please contact your CA Account Team for further details.
Questions Regarding Privileged User Password Management (PUPM) Certifications
- Q. The Access Control PUPM Compatibility Matrix does not list support for a majority of network devices such as routers, firewalls, switches and network appliances. What are CA's plans in this area?
A. Support for PUPM connectors can be submitted to GD (Global Delivery Team) for consideration.
- Q. If the certification request is accepted by GD, is there a fee for the custom certification?
A. Yes, you will receive a statement of work from GD with the price for this work.
- Q. What about support?
A. The custom certification will NOT be placed on the Access Control PUPM support matrices and will not be supported by the CSU. Rather, it will be supported solely under the terms of the GD statement of work.
- Q. Will customers have to call CA Support for issues pertaining to custom PUPM connectors developed by GD?
A. No. GD provides its own support contract and customers will have to contact GD for support.
- Q. What is the process for getting a quote for a custom PUPM certification from GD?
A. The customer opens an enhancement request (DAR) with CA Support
- The DAR request should include specifics such as device name, version number(s) , OS release and any other relevant details
- CA Access Control Product Management reviews the DAR request and contacts GD
- GD sends an email to the customer asking the customer to request a formal quote for the custom certification from their sales team.
- GD prepares a quote to for the custom certification.
- If the quote is accepted by the customer, GD creates a Statement of Work (SOW).
- When the custom certification is completed, GD supports the certification.
- The Access Control PUPM Platform Support Matrices are not updated with custom certifications.
Questions Regarding UNIX Authentication Broker (UNAB) Certifications
- Q. CA UNAB is only certified with Active Directory as the back-end user repository. Are there any plans to certify other LDAP stores such as Sun One Directory, CA Directory, etc.?
A. Currently, there are no plans to certify UNAB with other user stores. Only Active Directory is supported.
- Q. Are CA UNAB end-points supported on all platforms as CA Access Control end-points?
A. CA Engineering makes every effort to certify both CA Access Control and UNAB end-points on new and intermediate OS releases. However, there may be cases where CA is unable to provide UNAB support on some OS releases due to compatibility issues. In such situations, please refer to the CA UNAB Compatibility Matrix on CA Support.