Managing the Global FIPS Compliance
You can retrieve information about the
current FIPS (Federal Information Processing Standards) settings of
vCenter Server
. You can also enable or deactivate the
global FIPS compliance.FIPS 140-2 is a U.S. and Canadian government
standard that specifies security requirements for cryptographic modules. vSphere uses
FIPS-validated cryptographic modules to match those specified by the FIPS 140-2
standard. The goal of vSphere FIPS support is to ease the compliance and security
activities in various regulated environments.
The following table lists the operations that you can perform to manage the FIPS settings of
your
vCenter Server
system.Operation | Description |
---|---|
Get FIPS status | You can check whether the global FIPS compliance is currently enabled on
the vCenter Server system. |
Manage FIPS status | You can enable or deactivate the global FIPS compliance on the
vCenter Server system. |
When you enable FIPS compliance, some
components might present functional constraints. For more information, see
vSphere Security
.You can run FIPS management operations by using the
vSphere
Automation
SDK or sending an HTTP
request. For information about the HTTP requests that
you can use to perform the user operations, see HTTP Requests for Global FIPS Compliance Operations.
- REST
- The following HTTP requests show the syntax that you can use to perform the available user operations.
- Get FIPS statusGET https://<vcenter_ip_address_or_fqdn>:443/api/appliance/system/global-fips
- Manage FIPS statusPUT https://<vcenter_ip_address_or_fqdn>:443/api/appliance/system/global-fipsYou can enable the global FIPS compliance by using the following request body.{ "enabled": true }You can deactivate the global FIPS compliance by using the following request body.{ "enabled": false }After you change the global FIPS compliance, thevCenter Serversystem reboots to apply the change.