When activating FIPS on vCenter Server Appliance, some components present functional constraints currently.
You should see no differences after activating FIPS on vCenter Server, however there are some considerations to be aware of.
| Product or Component | Consideration | Workaround |
|---|---|---|
| vSphere Single Sign-On | When you activate FIPS, vCenter Server supports only cryptographic modules for federated authentication. As a result, RSA SecureID and some CAC cards no longer function. | Use federated authentication. See the vSphere Authentication documentation for details. |
| Non-VMware and partner vSphere Client UI plug-ins | These plug-ins might not work with FIPS enabled. | Upgrade plug-ins to use conformant encryption libraries. See the topic titled "Preparing Local Plug-ins for FIPS Compliance" in the vSphere Client SDK documentation. |
| Certificates | Certificates with key sizes greater than 3072 bits have not been tested. | Generate certificates with keys using 2048 or 3072 bit sizes. |
