Idea Details

SNMPv3 AES256 for CA PM

Last activity 06-13-2019 10:04 AM
ICS Supportteam's profile image
06-02-2016 11:33 AM

While Spectrum supports SNMPv3 with AES256 the latest versions of CA PM (2.7, 2.8) are missing this functionality.

To avoid unnecessary configuration on the devices it is urgent that Spectrum and CA PM support both  SNMPv3 AES256.

 

( ICS#05000964 )


Comments

01-16-2018 11:18 AM

Delivered in CA PM 3.5 - thanks for all the cusotmers who raised, voted, and supported delivery of this enhancement!

10-11-2017 01:50 PM

We plan to support polling and trap based notifications via SNMPv3 with an 'AES 256 with 3DES key extension' privacy protocol option in our upcoming 3.5 release.  Check out our last CA PM 3.5 end of sprint demo to see an example of configuring an SNMP Profile with this new privacy protocol.

08-03-2017 02:34 PM

The engineering team has begun investigating this feature.  They've raised a question about which flavor of SNMPv3 AES 256 privacy protocol encryption is needed.

 

The two flavors that we're aware of are:

1) AES 256 in CFB mode – see https://tools.ietf.org/html/draft-blumenthal-aes-usm-04

2) AES 256 with 3DES key extension – see https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00e

 

Spectrum currently supports option #2, so we assume that's what's needed, but I don't want to miss the mark.

 

In case these IETF draft descriptions aren’t enough to determine which flavor is need, the engineering team has developed a command line tool that can be used to test each method against one of their network devices to see which one responds.  If you're interested, please email me (Matthew.Stormann@ca.com) and I can send it to you.

 

Appreciate any help.

 

Thanks,

Matt

08-03-2017 02:01 PM

Good to know... Tks!

07-13-2017 12:26 PM

For everybody who is interested in: I was told by Product Management

"It is planned for our 3.5 release (Fall 2017)".

Martin

05-30-2017 12:08 PM

Hello Product Management. Is this on the roadmap?

Best Regards, Martin

03-10-2017 02:42 AM

I have to switch to AES256 and  no support in PM will be the the K.O. for PM.

01-11-2017 09:08 AM

Should be moved to CA PM community

10-24-2016 02:22 PM

This idea is currently under consideration for a future release.