Configure a FIPS-compliant Linux Virtual Machine

To configure a Linux virtual machine that meets the requirements of the Federal Information Processing Standard (FIPS) 140-2 mode, follow the procedure described in this article. You must install Horizon Agent with FIPS mode enabled and then install a CA-signed certificate for the VMwareBlastServer daemon.

Prerequisites

Verify that you have completed the following prerequisites:

Set up the virtual machine with vSphere Virtual Machine Encryption, recommended for increased security and protection. See Virtual Machine Encryption.
Installed RHEL 8.x on the machine. FIPS 140-2 mode is only supported on machines running RHEL 8.x.
Performed the relevant preparation steps described under Preparing a Linux Virtual Machine for Desktop Deployment.

Procedure

On the RHEL 8.x machine, enable FIPS mode at the Linux system level.
```
fips-mode-setup --enable
reboot
```
Install Horizon Agent using the RPM installer.
For example:
```
sudo rpm -ivh VMware-horizonagent-linux-YYMM-y.y.y-xxxxxxx.el8.x86_64.rpm
```
For detailed instructions, see Install Horizon Agent on a Linux Virtual Machine.
Enable FIPS mode at the Horizon Agent level.
```
sudo /usr/lib/vmware/viewagent/bin/viewSetup.sh -f yes
```
For more information, see Command-line Options for Installing Horizon Agent for Linux.
Complete the steps described in Install a CA-signed Certificate for VMwareBlastServer.
Restart the machine.
```
sudo reboot
```

Results

You can now use the Linux machine to create desktop or application pools that are FIPS-compliant.