In vRealize Network Insight, you can use FIPS validated cryptographic modules for internal and external connections.

FIPS 140-2 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules. vRealize Network Insight uses FIPS-validated cryptographic modules to match those cryptographic modules that are specified by the FIPS 140-2 standard.

The objective of introducing FIPS support in vRealize Network Insight is to ease compliance and security activities in various regulated environments.

vRealize Network Insight uses the following validated modules:

FIPS Object Module Version Certificate
VMware OpenSSL 1.0.2y Certificate #3622
VMware's OpenSSL 2.0.20-vmw Certificate #3875
BC-FJA (Bouncy Castle FIPS Java API) version 1.0.2.1 Certificate #3673

You can find more information about the cryptographic modules that VMware has validated against the FIPS 140-2 standard from here: https://www.vmware.com/security/certifications/fips.html.

Using FIPS Validated Cryptographic Modules for Internal Connections

By default, vRealize Network Insight uses FIPS validated cryptographic modules for internal connections.

Using FIPS Validated Cryptographic Modules for External Connections

By default, the use of FIPS validated cryptographic modules are deactivated for external connections. However, by enabling FIPS mode for external connections, you can restrict the use of cryptographic modules to FIPS validated cryptographic modules.

  1. Go to Settings > System Configuration.
  2. Switch the FIPS Mode For External Connections toggle to true.
Note:

Enabling FIPS Mode For External Connections will restrict the use of cryptographic modules to the BC-FJA module.

For third-party devices such as switches, routers, and firewalls, vRealize Network Insight uses SSH connections for fetching the configuration data. To learn about supported algorithms for such SSH connections, see Encryption Algorithms and Ciphers.