FIPS 140-2 accreditation validates that an encryption solution meets a specific set of requirements designed to protect the cryptographic module from being cracked, altered, or otherwise tampered with. When FIPS 140-2 mode is activated, any secure communication to or from vRealize Operations 8.4 and above uses cryptographic algorithms or protocols that are allowed by the United States Federal Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply with FIPS 140-2. Security related libraries that are shipped with vRealize Operations 8.4 and above are FIPS 140-2 certified. However, the FIPS 140-2 mode is not activated by default. FIPS 140-2 mode can be activated if there is a security compliance requirement to use FIPS certified cryptographic algorithms with the FIPS mode activated.

Note: Activating FIPS is a one-way action, and cannot be deactivated after it is activated.

Activate FIPS during the initial cluster deployment

  • Ensure a new deployment of a vRealize Operations cluster.
  • Ensure that the Activate FIPS flag is appropriately used during the deployment of cluster nodes (OVF/OVA).
Activate FIPS on a working cluster
  1. Navigate to https://<VROPS IP>/admin/index.action.
  2. Login as an admin user.
  3. Take the cluster offline to activate the Activate FIPS button in the Administrator Settings page.
  4. Open the Administrator Settings tab in the left panel.
  5. Click Activate FIPS under the FIPS Setting section.
  6. Bring the cluster online.

Verify that FIPS mode is Activated

From the Admin user interface:
  1. Navigate to https://<VROPS IP>/admin/index.action.
  2. Login as the admin user.
  3. Open the Administrator Settings tab from the left panel.
  4. A FIPS 140-2 Status message appears.