- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2023 12:52 AM
Hello experts,
For the processing of 3DES deprecation, they stated that there is a mandatory configurations to be in place. Based on the lists, there is a step - "Check if “Instance_level_glide_encrypter” KMF password2 sub-module MAPs is set to track. ". I tried looking for Instance_level_glide_encrypter in the system property but I cannot find it and I also tried looking for more information about that topic but I cannot seem to find it.
Does anyone of you know what is Instance_level_glide_encrypter and what does it do?
Regards,
Vaine
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2023 04:49 AM
Hi @Rain Vaine
this is not a system property but a crypto module. Go to table sys_kmf_crypto_module and check whether the module "instance_level_glide_encrypter" is set to "Track":
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2023 06:48 PM
Hi @Rain Vaine
with the introduction of KMF framework, you have to think about which user groups you have in your instance that are assigned some special roles. In my customer instances, I have two different user groups: "System Administrators" (has at least the "admin" role) and "Security Administrators" (has the "security_admin" and the "sn_kmf.admin" roles). Keeping these two groups separated is also a recommendation of ServiceNow. And to answer your question: It is not about assigning and removing a role but to have a clear user group and role concept and user which are assigned to the respective groups to be able fulfilling their tasks and responsibilities.
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2023 10:02 PM
Hello,
Thanks for giving expounded explanations. All your advice is noted. But in our case we would just like to check on ["instance_level_glide_encrypter" is set to "Track"]. Since we are not really using KMF in our instance, we don't have anyone assigned with "sn_kmf.admin".
That is why I am not sure if there will be an impact if I tried to assign an "sn_kmf.admin" to my admin account just to check on crypto modules and then remove the role back.
I am not sure if assigning a role to a certain will trigger or activate anything in our instance.
Regards,
Vaine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2023 10:11 PM
Hi @Rain Vaine
you said "Since we are not really using KMF in our instance", but that's not correct. The KMF is the new standard for encrypting, and every single instance is already using it. Therefore, you do have to make familiar with its concepts. And no, just assigning a role will not trigger or activate any evil feature in your instance. Never.
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2023 10:21 PM
Hello,
Thanks very much. This is much appreciated.
Regards,
Vaine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2024 05:23 AM
Hello @Maik Skoddow , thanks so much for all this info! Super helpful! 🙂