Activating FIPS 140-2
FIPS 140-2 accreditation validates that an encryption solution meets a specific set
of requirements designed to protect the cryptographic module from being cracked, altered, or
otherwise tampered with. When FIPS 140-2 mode is activated, any secure communication to or
from
VMware Aria
Operations
8.4 and above
uses cryptographic algorithms or protocols that are allowed by the United States Federal
Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply
with FIPS 140-2. Security related libraries that are shipped with VMware Aria
Operations
8.4 and above are FIPS
140-2 certified. However, the FIPS 140-2 mode is not activated by default. FIPS 140-2 mode
can be activated if there is a security compliance requirement to use FIPS certified
cryptographic algorithms with the FIPS mode activated. Activating FIPS is a one-way action
and cannot be deactivated after it is activated.
Activate FIPS during the initial cluster deployment
- Ensure a new deployment of aVMware Aria Operationscluster.
- Ensure that theActivate FIPSflag is appropriately used during the deployment of cluster nodes (OVF/OVA).
Activate FIPS on a working cluster
- Navigate tohttps://<VROPS IP>/admin/index.action.
- Login as an admin user.
- Take the cluster offline to activate theActivate FIPSbutton in theAdministrator Settingspage.
- Open theAdministrator Settingstab in the left panel.
- ClickActivate FIPSunder theFIPS Settingsection.
- Bring the cluster online.
Verify that FIPS mode is
Activated
From the Admin user
interface:
- Navigate tohttps://<VROPS IP>/admin/index.action.
- Login as the admin user.
- Open theAdministrator Settingstab from the left panel.
- AFIPS 140-2 Statusmessage appears.