SV-213546r615939_rule
V-213546
SRG-APP-000435-AS-000069
JBOS-AS-000640
CAT II
10
Configure the application server to provide LB or HA services for the hosted application.
Interview the system admin and determine if the applications hosted on the application server are mission critical and require load balancing (LB) or high availability (HA).
If the applications do not require LB or HA, this requirement is NA.
If the documentation shows the LB or HA services are being provided by another system other than the application server, this requirement is NA.
If applications require LB or HA, request documentation from the system admin that identifies what type of LB or HA configuration has been implemented on the application server.
Ask the system admin to identify the components that require protection. Some options are included here as an example. Bear in mind the examples provided are not complete and absolute and are only provided as examples. The components being made redundant or HA by the application server will vary based upon application availability requirements.
Examples are:
Instances of the Application Server
Web Applications
Stateful, stateless and entity Enterprise Java Beans (EJBs)
Single Sign On (SSO) mechanisms
Distributed Cache
HTTP sessions
JMS and Message Services.
If the hosted application requirements specify LB or HA and the JBoss server has not been configured to offer HA or LB, this is a finding.
V-213546
False
JBOS-AS-000640
Interview the system admin and determine if the applications hosted on the application server are mission critical and require load balancing (LB) or high availability (HA).
If the applications do not require LB or HA, this requirement is NA.
If the documentation shows the LB or HA services are being provided by another system other than the application server, this requirement is NA.
If applications require LB or HA, request documentation from the system admin that identifies what type of LB or HA configuration has been implemented on the application server.
Ask the system admin to identify the components that require protection. Some options are included here as an example. Bear in mind the examples provided are not complete and absolute and are only provided as examples. The components being made redundant or HA by the application server will vary based upon application availability requirements.
Examples are:
Instances of the Application Server
Web Applications
Stateful, stateless and entity Enterprise Java Beans (EJBs)
Single Sign On (SSO) mechanisms
Distributed Cache
HTTP sessions
JMS and Message Services.
If the hosted application requirements specify LB or HA and the JBoss server has not been configured to offer HA or LB, this is a finding.
M
3987