Before You Begin
Micro Focus Fortify WebInspect Enterprise is available in FIPS and non-FIPS compliant versions for 64-bit operating systems. This topic provides information to help you select the appropriate installer package and to ensure that your system meets the requirements and recommendations for installing Fortify WebInspect Enterprise.
FIPS or Non‑FIPS Compliance
Federal Information Processing Standards (FIPS) are standards developed by the U.S. federal government for use in computer systems to ensure that all agencies adhere to the same guidelines regarding security and communication.
Fortify WebInspect Enterprise version 21.1.0 has two installer packages with different filenames—one installation complies with FIPS cryptography requirements and the other does not. Make sure that you download and use the correct installer package, based on whether your environment uses FIPS. The user interface for the installation procedure is the same for both packages.
Fortify WebInspect Enterprise and the Micro Focus Fortify WebInspect sensors it uses must all be compliant with FIPS or they must all be non-compliant.
Fortify Software Security Center runs on an Apache Tomcat server, which includes a FIPS mode. When integrating Fortify WebInspect Enterprise with Fortify Software Security Center in a FIPS-compliant environment, see your Apache Tomcat documentation for instructions on configuring FIPS mode on the server.
Installation and Upgrade Options
The following table describes the installation and upgrade options for Fortify WebInspect Enterprise.
| Option | Description |
|---|---|
| Integration with Fortify Software Security Center | Integration with Micro Focus Fortify Software Security Center provides a way to publish scans to a central repository of all static and dynamic scans. It also provides somewhat centralized accounts, although permissions are still managed separately, the ability to submit scan requests, and more extensive reporting than a standalone installation. |
| Standalone |
For new installations, you may choose not to integrate your Fortify WebInspect Enterprise with Fortify Software Security Center. Important! If you install Fortify WebInspect Enterprise as standalone, you cannot integrate with Fortify Software Security Center at a later date. You must choose to integrate with Fortify Software Security Center initially. |
| Decouple from Fortify Software Security Center |
For existing installations, you may choose to decouple your Fortify WebInspect Enterprise from Fortify Software Security Center. If you choose to decouple, the Initialization Wizard provides an option to map each existing Fortify Software Security Center account—either user account or LDAP account—to a Windows account. Only Fortify Software Security Center accounts that were configured with permissions in Fortify WebInspect Enterprise will be displayed for mapping. Important! Decoupling Fortify WebInspect Enterprise from Fortify Software Security Center is permanent. Reconnecting to Fortify Software Security Center is not supported. |
Important Considerations About Decoupling
Decoupling Fortify WebInspect Enterprise from Fortify Software Security Center ends all links and communication between the two systems. Before decoupling Fortify WebInspect Enterprise from Fortify Software Security Center, you should perform maintenance in both systems to ensure that you are ready to decouple.
Consider the following:
-
You will not be able to log into Fortify WebInspect Enterprise and Fortify Software Security Center using the same credentials.
-
Decoupled and standalone Fortify WebInspect Enterprise installations use Windows Authentication.
Important! Before decoupling Fortify WebInspect Enterprise from Fortify Software Security Center, enable Windows Authentication as described in Installing IIS, ASP.NET, and .NET Framework.
-
When decoupling, you will have the opportunity to map Fortify Software Security Center users to Fortify Windows Users for logging into Fortify WebInspect Enterprise.
-
-
You will not be able to publish scans to Fortify Software Security Center from Fortify WebInspect Enterprise.
-
Any previous scans published to Fortify Software Security Center will remain in Fortify Software Security Center.
-
You will not be able to perform or see previous Scan Requests.
-
Deleted Application Versions that have not been purged will remain in Fortify WebInspect Enterprise.
-
Any new Applications and Application Versions that are created in Fortify Software Security Center will not be created in Fortify WebInspect Enterprise.
-
Any new Applications and Application Versions that are created in Fortify WebInspect Enterprise will not be created in Fortify Software Security Center.
System Requirements
Before installing Fortify WebInspect Enterprise, make sure that your systems meet the requirements described in the Micro Focus Fortify Software System Requirements.
Installation Recommendation
Fortify recommends that you do not install Fortify WebInspect Enterprise on the same machine as Fortify WebInspect. Doing so may result in known issues that affect the usability of the products.