6.5

Table Of Contents
2 Modify your Apache2 conguration by editing the /etc/apache2/ssl-global.conf le.
3 Search for the <IfModule mod_ssl.c> line and add the SSLFIPS on directive below it.
4 To reset the Apache conguration, run the service apache2 restart command.
TLS for Data in Transit
As a security best practice, ensure that the system is deployed with secure transmission channels.
Configure Strong Protocols for vRealize Operations Manager
Protocols such as SSLv2 and SSLv3 are no longer considered secure. In addition, it is recommended that you
disable TLS 1.0. Enable only TLS 1.1 and TLS 1.2.
Verify the Correct Use of Protocols in Apache HTTPD
vRealize Operations Manager disables SSLv2 and SSLv3 by default. You must disable weak protocols on all
load balancers before you put the system into production.
Procedure
1 Run the grep SSLProtocol /usr/lib/vmware-vcopssuite/utilities/conf/vcops-apache.conf | grep -
v '#' command from the command prompt to verify that SSLv2 and SSLv3 are disabled.
If the protocols are disabled, the command returns the following output: SSLProtocol All -SSLv2 -
SSLv3
2 To also disable the TLS 1.0 protocol, run the sed -i "/^[^#]*SSLProtocol/ c\SSLProtocol All -SSLv2
-SSLv3 -TLSv1" /usr/lib/vmware-vcopssuite/utilities/conf/vcops-apache.conf command from the
command prompt.
3 To restart the Apache2 server, run the /etc/init.d/apache2 restart command from the command
prompt.
Verify the Correct Use of Protocols in the GemFire TLS Handler
vRealize Operations Manager disables SSLv3 by default. You must disable weak protocols on all load
balancers before you put the system into production.
Procedure
1 Verify that the protocols are enabled. To verify that the protocols are enabled, run the following
commands on each node:
grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.properties | grep -v '#'
The following result is expected:
cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1
grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.native.properties | grep -
v '#'
The following result is expected:
cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1
grep cluster-ssl-protocol /usr/lib/vmware-vcops/user/conf/gemfire.locator.properties | grep -
v '#'
The following result is expected:
cluster-ssl-protocols=TLSv1.2 TLSv1.1 TLSv1
Chapter 3 Secure Configuration of vRealize Operations Manager
VMware, Inc. 23