In vRealize Network Insight, you can use FIPS validated cryptographic modules for internal and external connections.
FIPS 140-2 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules. vRealize Network Insight uses FIPS-validated cryptographic modules to match those cryptographic modules that are specified by the FIPS 140-2 standard.
The objective of introducing FIPS support in vRealize Network Insight is to ease compliance and security activities in various regulated environments.
vRealize Network Insight uses the following validated modules:
| FIPS Object Module | Version | Certificate |
|---|---|---|
| VMware OpenSSL | 1.0.2y | Certificate #3622 |
| VMware's OpenSSL | 2.0.20-vmw | Certificate #3875 |
| BC-FJA (Bouncy Castle FIPS Java API) | version 1.0.2.1 | Certificate #3673 |
You can find more information about the cryptographic modules that VMware has validated against the FIPS 140-2 standard from here: https://www.vmware.com/security/certifications/fips.html.
Using FIPS Validated Cryptographic Modules for Internal Connections
By default, vRealize Network Insight uses FIPS validated cryptographic modules for internal connections.
Using FIPS Validated Cryptographic Modules for External Connections
By default, the use of FIPS validated cryptographic modules are deactivated for external connections. However, by enabling FIPS mode for external connections, you can restrict the use of cryptographic modules to FIPS validated cryptographic modules.
- Go to .
- Switch the FIPS Mode For External Connections toggle to true.
Enabling FIPS Mode For External Connections will restrict the use of cryptographic modules to the BC-FJA module.
For third-party devices such as switches, routers, and firewalls, vRealize Network Insight uses SSH connections for fetching the configuration data. To learn about supported algorithms for such SSH connections, see Encryption Algorithms and Ciphers.
