FIPS 140-2 accreditation validates that an encryption solution meets a specific set of requirements designed to protect the cryptographic module from being cracked, altered, or otherwise tampered with. When FIPS 140-2 mode is enabled, any secure communication to or from vRealize Operations 8.4 and above uses cryptographic algorithms or protocols that are allowed by the United States Federal Information Processing Standards (FIPS). FIPS mode turns on the cipher suites that comply with FIPS 140-2. Security related libraries that are shipped with vRealize Operations 8.4 and above are FIPS 140-2 certified. However, the FIPS 140-2 mode is not enabled by default. FIPS 140-2 mode can be enabled if there is a security compliance requirement to use FIPS certified cryptographic algorithms with the FIPS mode enabled.

Note: Enabling FIPS is a one-way action, and cannot be disabled after it is enabled.

Enable FIPS during the initial cluster deployment

  • Ensure a new deployment of a vRealize Operations cluster.
  • Ensure that the Enable FIPS flag is appropriately used during the deployment of cluster nodes (OVF/OVA).
Enable FIPS on a working cluster
  1. Navigate to https://<VROPS IP>/admin/index.action.
  2. Login as an admin user.
  3. Take the cluster offline to activate the Enable FIPS button in the Administrator Settings page.
  4. Open the Administrator Settings tab in the left panel.
  5. Click Enable FIPS under the FIPS Setting section.
  6. Bring the cluster online.

Verify that FIPS mode is Enabled

From the Admin user interface:
  1. Navigate to https://<VROPS IP>/admin/index.action.
  2. Login as the admin user.
  3. Open the Administrator Settings tab from the left panel.
  4. A FIPS 140-2 Status message appears.