Is Instance_level_glide_encrypter a system property and where is it in the instance?

Go to solution
Rain Vaine
Kilo Sage

‎12-14-2023 12:52 AM

Hello experts,

For the processing of 3DES deprecation, they stated that there is a mandatory configurations to be in place. Based on the lists, there is a step - "Check if “Instance_level_glide_encrypter” KMF password2 sub-module MAPs is set to track. ". I tried looking for Instance_level_glide_encrypter in the system property but I cannot find it and I also tried looking for more information about that topic but I cannot seem to find it.
Does anyone of you know what is Instance_level_glide_encrypter and what does it do?

Regards,
Vaine

0 Helpfuls
  • 2,538 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎12-14-2023 04:49 AM

Hi @Rain Vaine 

 

this is not a system property but a crypto module. Go to table sys_kmf_crypto_module and check whether the module "instance_level_glide_encrypter" is set to "Track":

 

MaikSkoddow_0-1702558095167.png

 

 Maik

View solution in original post

9 REPLIES 9

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rain Vaine

‎12-17-2023 06:48 PM

Hi @Rain Vaine 

with the introduction of KMF framework, you have to think about which user groups you have in your instance that are assigned some special roles. In my customer instances, I have two different user groups: "System Administrators" (has at least the "admin" role) and "Security Administrators" (has the "security_admin" and the "sn_kmf.admin" roles). Keeping these two groups separated is also a recommendation of ServiceNow. And to answer your question: It is not about assigning and removing a role but to have a clear user group and role concept and user which are assigned to the respective groups to be able fulfilling their tasks and responsibilities. 

Maik

Go to solution
Rain Vaine
Kilo Sage
In response to Maik Skoddow

‎12-17-2023 10:02 PM

Hello,


Thanks for giving expounded explanations. All your advice is noted. But in our case we would just like to check on ["instance_level_glide_encrypter" is set to "Track"]. Since we are not really using KMF in our instance, we don't have anyone assigned with "sn_kmf.admin". 
That is why I am not sure if there will be an impact if I tried to assign an "sn_kmf.admin" to my admin account just to check on crypto modules and then remove the role back.
I am not sure if assigning a role to a certain will trigger or activate anything in our instance.

Regards,
Vaine

0 Helpfuls

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rain Vaine

‎12-17-2023 10:11 PM

Hi @Rain Vaine 

you said "Since we are not really using KMF in our instance", but that's not correct. The KMF is the new standard for encrypting, and every single instance is already using it. Therefore, you do have to make familiar with its concepts. And no, just assigning a role will not trigger or activate any evil feature in your instance. Never.

Maik

Go to solution
Rain Vaine
Kilo Sage
In response to Maik Skoddow

‎12-17-2023 10:21 PM

Hello,
Thanks very much. This is much appreciated.

Regards,
Vaine

0 Helpfuls

Go to solution
Aniko Hegedus
Tera Expert
In response to Maik Skoddow

‎06-14-2024 05:23 AM

Hello @Maik Skoddow , thanks so much for all this info! Super helpful! 🙂

0 Helpfuls