FIPS mode in XenMobile 10 supports federal government customers by configuring the server to use only 140-2 certified libraries for all cryptographic operations FIPS. [1945003Installieren] Your XenMobile 10 Server with FIPS mode ensures that all data at rest and data in transit both the XenMobile client and server are fully compliant with FIPS 140-2.
for those who are not with FIPS 140-2, it is a US federal government control, are the security requirements for cryptographic modules. US federal agencies are required to use FIPS 140-2 certified cryptographic modules in products such XenMobile, use encryption. Therefore, it is strongly recommended that the US Federal customers FIPS mode enable when installing XenMobile. However, other non-federal customers can also use the FIPS mode in order to maximize the security of their investment.
Before installing a XenMobile Server in FIPS mode, there are a few prerequisites that you need to complete.
- configure
- to the XMS for FIPS mode, you must use an external SQL Server 2012 or 2014 for the XM database. The SQL Server must be configured for secure SSL communication. Instructions for configuring secure SSL communication to SQL Server, click to be found in the SQL Server Books Online.
- Secure SSL communication requires that a SSL certificate be installed on the SQL Server. The SSL certificate, either a public certificate from a commercial certification or a self-signed certificate from an internal CA. It is important that SQL Server to observe 2014 can not accept wildcard certificate, so it is recommended that you obtain an SSL certificate with the FQDN of the SQL Server.
- If you are using a self-signed certificate for SQL Server, you will need a copy of the root CA certificate that your self-signed certificate issued. The root CA certificate must be imported during the installation on your XMS.
configuration FIPS mode
FIPS mode can be enabled only during the XMS, first time use (FTU) setup. It is not possible FIPS after installation to enable. Therefore, if you ever plan FIPS mode, you must with FIPS mode to install your XMS from the outset. If you have an XMS cluster, all cluster nodes have FIPS enabled -. can you not That a mixture of FIPS and non-FIPS XMS in the same cluster have
You may have noticed that there is. a "Toggle FIPS mode" option in the XMS command line interface Do not use it! This option is purely for non-production, diagnostic use, and is not supported on a production XMS
These are steps to activate the FIPS mode .:
1. While FTU setup, you will be prompted to enable FIPS mode:
2. Next, you are prompted, the root CA certificate upload your SQL Server. If you use a self-signed SSL certificate instead of a public certificate on the SQL server, select "Yes" for this option, then import either copy / paste the CA certificate or. To import the CA certificate, they must be published on a website accessible from the XMS via a HTTP URL.
3. You will then be prompted to specify the server name and port of your SQL Server, log your credentials in SQL Server, and create the database name for XenMobile. Note that you can use either a SQL login or AD account to access SQL Server, but whichever you use must play the role DBCreator.
to use an AD account, enter it in the format "domain username" FIPS mode
To confirm that the configuration of the FIPS.
When you have finished these steps the FTU setup as usual.
confirm mode is successful, simply log in to the XMS command-line interface in, and you see "in FIPS-compliant mode" in the login banner.
Further reading
- Official FIPS 140 -2 declaration of conformity for XenMobile 10
- XenMobile 10 online documentation
- XenMobile tech info site
0 Komentar