To configure a Linux virtual machine that meets the requirements of the Federal Information Processing Standard (FIPS) 140-2 mode, follow the procedure described in this article. You must install Horizon Agent with FIPS mode enabled and then install a CA-signed certificate for the VMwareBlastServer daemon.
Verify that you have completed the following prerequisites:
- Set up the virtual machine with vSphere Virtual Machine Encryption, recommended for increased security and protection. See Virtual Machine Encryption.
- Installed RHEL 8.x on the machine. FIPS 140-2 mode is only supported on machines running RHEL 8.x.
- Performed the relevant preparation steps described under Preparing a Linux Virtual Machine for Desktop Deployment.
- On the RHEL 8.x machine, enable FIPS mode at the Linux system level.
fips-mode-setup --enable reboot
- Install Horizon Agent using the RPM installer.
sudo rpm -ivh VMware-horizonagent-linux-YYMM-y.y.y-xxxxxxx.el8.x86_64.rpm
For detailed instructions, see Install Horizon Agent on a Linux Virtual Machine.
- Enable FIPS mode at the Horizon Agent level.
sudo /usr/lib/vmware/viewagent/bin/viewSetup.sh -f yes
For more information, see Command-line Options for Installing Horizon Agent for Linux.
- Complete the steps described in Install a CA-signed Certificate for VMwareBlastServer.
- Restart the machine.
You can now use the Linux machine to create desktop or application pools that are FIPS-compliant.