Dell PowerFlex v3.6.x Security Configuration Guide

Enable OpenSSL FIPS compliance

Enable the implementation of OpenSSL Federal Information Processing Standards (FIPS) compliance in the MDM for communication between the external components, including the PowerFlex GUI, PowerFlex Gateway, and CLI, to the MDM. It is also enabled for any other usage of the OpenSSL library.

1. On each host running PowerFlex, open the configuration file of each component with a text editor.
   The configuration file is /opt/emc/scaleio/<COMPONENT>/cfg/conf.txt, where <COMPONENT> is the lowercase name of the component (e.g. "sds").
2. Add the parameter security_enable_fips=1 to the file.
3. Save and close the file
4. Open the SCLI configuration file with a text editor:
   The configuration file is located at: ~/.scli/conf.txt.
5. Add the parameter security_enable_fips=1 to the file.
6. Save and close the file.
7. On each host, restart each component's service:

   service scaleio-<COMPONENT> restart

8. Verify FIPS enablement
   1. Update the GRUB bootloader to include fips=1
      See the following example:

      cat /etc/default/grub | grep GRUB_CMDLINE_LINUX=
      GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_os/root rd.lvm.lv=vg_os/swap rhgb quiet fips=1"

   2. Update GRUB config
      grub2-mkconfig -o /boot/grub2/grub.cfg
   3. Update Initrd
      dracut -f
   4. Reboot node, after entering IMM/PMM to go active
9. Verify that OpenSSL FIPS compliance has been enabled by running:

   cat  /proc/sys/crypto/fips_enabled

   If it has been enabled correctly, the output should be 1. If the output is not 1, enable OpenSSL FIPS at the operating system level.