Federal Information Processing Standard
140-2(FIPS 140-2) is a standard that describes US Federal government
requirements that IT products should meet for Sensitive, but Unclassified (SBU)
use. The standard defines the security requirements that must be satisfied by a
cryptographic module used in a security system protecting unclassified
information within IT systems. To learn more about FIPS 140-2, refer to
FIPS 1402-2
publication.
VNX systems, starting with VNX for block OE 31.5 and
VNX for file OE 7.1, support a FIPS 140-2 mode for the SSL modules on the
Storage Processor (SP) and Control Station (CS) that handle client management
traffic. Management communication into and out of the system is encrypted using
SSL. As a part of this process, the client and the storage management server
negotiate an agreed upon cipher suite to use in the exchange. The use of the
FIPS 140-2 mode restricts the allowable set of cipher suites that can be
selected in the negotiation to only those that are sufficiently strong. If the
FIPS 140-2 mode is enabled, you may find that some of your existing clients can
no longer communicate with the management ports of the system if they do not
support a cipher suite of acceptable strength. FIPS Mode cannot be enabled on a
VNX system when non-FIPS-compliant certificates exist in the certificate store
for file or block. You must remove all non-FIPS compliant certificates from the
VNX system before you enable the FIPS 140-2 mode.
Managing FIPS 140-2 mode on a VNX unified
system
Only the Administrator or Security Administrator
has the privileges to manage the FIPS 140-2 mode. Use either of the following
block or file CLI commands to set the FIPS 140-2 mode on a VNX unified system.
Using either command affects the entire VNX:
When you set the FIPS 140-2 mode on a VNX unified
system, the storage management server will restart. For that brief period,
management commands to both SPs and the Control Station will be blocked.
However, this action should not effect the input/output operations happening on
the storage system.
NOTE:On systems with two Control Stations, CS0
will fail over to CS1 when you set the FIPS 140-2 mode.
Managing FIPS 140-2 mode on a VNX for block
system
Only the Administrator or Security Administrator
has the privileges to manage the FIPS 140-2 mode. Use the following block CLI
command to set the FIPS 140-2 mode on a VNX for block system:
When you set the FIPS 140-2 mode on a VNX for
block system, the storage management server will restart. For that brief
period, management commands to both SPs will be blocked. However, this action
should not effect the input/output operations happening on the storage system.
Managing FIPS 140-2 mode on a VNX for file
or Gateway system
Only the Administrator or Security Administrator
has the privileges to manage the FIPS 140-2 mode. Use the following file CLI
command to set the FIPS 140-2 mode on a VNX for file or Gateway system.
nas_fipsmode
-enable will set it to FIPS 140-2 mode.
nas_fipsmode
-disable will set it to non-FIPS 140-2 mode.
Use the following file CLI command to determine
the current FIPS 140-2 mode on a VNX for file or Gateway system.
nas_fipsmode -info
When you set the FIPS 140-2 mode on a Gateway
system, the NAS service on the Control Station will restart. For that brief
period, management commands to the Control Station will be blocked. However,
this action should not effect the input/output operations happening on the VNX
for file or Gateway system.
NOTE:On systems with two Control Stations, CS0
will fail over to CS1 when you set the FIPS 140-2 mode.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\