When you enable the FIPS mode, any secure communication to or from the NSX Manager will use cryptographic algorithms and protocols that are allowed by the United States Federal Information Processing Standards (FIPS).
- In a Cross-vCenter NSX environment, you should enable the FIPS mode on each NSX Manager separately.
- If one of the NSX Managers is not configured for FIPS, you must still ensure that it uses a secure communication method which complies with the FIPS standards.
-
Both primary and secondary NSX Managers must be on the same TLS version for universal synchronization to work correctly.
Important: Changing FIPS mode reboots the
NSX Manager virtual appliance.
Prerequisites
- Verify that any partner solutions are FIPS mode certified. See the VMware Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php?deviceCategory=security.
- If you have upgraded from an earlier version of NSX, do not enable FIPS mode until the upgrade to NSX 6.3.0 is complete. See Understand FIPS Mode and NSX Upgrade in the NSX Upgrade Guide.
- Verify that the NSX Manager is NSX 6.3.0 or later.
- Verify that the NSX Controller cluster is NSX 6.3.0 or later.
- Verify that all host clusters running NSX workloads are prepared with NSX 6.3.0 or later.
- Verify that all NSX Edge appliances are version 6.3.0 or later, and that FIPS mode has been enabled on the required NSX Edge appliances. See Change FIPS Mode on NSX Edge.
Procedure
- Click Edit next to FIPS Mode and TLS settings.
