When enabling FIPS on vCenter Server Appliance, some components present functional constraints currently.
You should see no differences after enabling FIPS on vCenter Server, however there are some considerations to be aware of.
Product or Component | Consideration | Workaround |
---|---|---|
vSphere Single Sign-On | When you enable FIPS, vCenter Server supports only cryptographic modules for federated authentication. As a result, RSA SecureID and some CAC cards no longer function. | Use federated authentication. See the vSphere Authentication documentation for details. |
Non-VMware and partner vSphere Client UI plug-ins | These plug-ins might not work with FIPS enabled. | Upgrade plug-ins to use conformant encryption libraries. See "Preparing Local Plug-ins for FIPS Compliance" at https://code.vmware.com/docs/13385/preparing-local-plug-ins-for-fips-compliance. |
vCenter Server file-based backup and restore mechanism | File-based backup and restore with SMB is not FIPS compliant. | Use a different protocol for backup and restore (FTP, FTPS, HTTP, HTTPS, SFTP, or NFS). |