You can enable or disable Federal Information Processing Standard (FIPS) 140–2 compliant cryptography for inbound and outbound vRealize Automation appliance network traffic.

About this task

Changing the FIPS setting requires a vRealize Automation restart. FIPS is disabled by default.

Procedure

  1. Log in as root to the vRealize Automation appliance management interface.

    https://vrealize-automation-appliance-FQDN:5480

  2. Click vRA Settings > Host Settings.
  3. Near the upper right, click the button to enable or disable FIPS.

    When enabled, inbound and outbound vRealize Automation appliance network traffic on port 443 uses FIPS 140–2 compliant encryption. Regardless of the FIPS setting, vRealize Automation uses AES–256 compliant algorithms to protect secured data stored on the vRealize Automation appliance.

    Note:

    This vRealize Automation release only partially enables FIPS compliance, because some internal components do not yet use certified cryptographic modules. In cases where certified modules have not yet been implemented, the AES–256 compliant algorithms are used.

  4. Click Yes to restart vRealize Automation.

Results

You can also configure FIPS from a vRealize Automation appliance console session as root, using the following commands.

vcac-vami fips enable
vcac-vami fips disable
vcac-vami fips status