Manualshelf

Setup and Install

ManualsBrandsHP ManualsSoftwareHP Virtual Connect Firmware
31323334353637383940
Installation 35
The status of VC Fibre Channel modules is displayed as incompatible.
When a VC-Enet module is not in FIPS mode and the domain is in FIPS mode, the status of that module
is displayed as incompatible.
The VCM cannot configure modules that are not enabled with FIPS mode.
VC domain configuration files created in a FIPS enabled domain cannot be used in a non-FIPS domain.
VC domain configuration files created in a non-FIPS domain cannot be used in a FIPS enabled domain.
VC domain configuration files are deleted when FIPS mode is enabled or disabled.
When FIPS mode is enabled, security is increased across the domain. The following features are restricted:
FTP and TFTP
TACACS+ authentication
RADIUS authentication
Automated deployment
Configurable user roles
Administrator password recovery
USB firmware updates
SNMPv1 and SNMPv2
MD5 authentication and DES encryption for SNMPv3
Remote logging, except when using stunnel for encryption
Short passwords
Weak passwords
By default, the password strength is set to strong and the minimum password length must be 8 or more
characters. VCM uses SCP and SFTP protocols instead of FTP and TFTP.
TLS 1.2 is the default communication security protocol for a FIPS enabled domain. Verify the following
components support TLS 1.2:
The OA version
OA firmware versions prior to 4.10 do not support TLS 1.2.
The LDAP server
The terminal emulator you use for SSH
The browser you use to access the VCM web interface
If a component does not support TLS 1.2, you can use the VCM CLI or web interface to configure VCM to
support all TLS versions.
To verify browser settings, see "Configuring browser support (on page 58)."
Enabling FIPS mode
Enable FIPS mode by setting the DIP switch on the primary VC-Enet or FlexFabric module. To enable FIPS
mode:
1. Verify the interconnect module firmware version is at least 4.30/4.31.