Enable FIPS-Compliant Encryption

By default, when
DX NetOps Performance Management
synchronizes the Simple Network Management Protocol (SNMP) profiles to Federal Information Processing Standards (FIPS)-compatible data sources, it encrypts the following parameters using a FIPS-compliant algorithm:
  • SNMPv1/v2c:
    • Community Name
  • SNMPv3:
    • User Name
    • Authentication Password
    • Privacy Password
FIPS-compatible data sources include the data aggregator, the event manager, and
DX NetOps Spectrum
. For other data sources,
DX NetOps Performance Management
synchronizes these parameters using a non-FIPS-compliant algorithm.
For more information, see SNMP Profiles.
You can also configure
DX NetOps Performance Management
to use FIPS-compliant encryption and hashing algorithms (where applicable) for user passwords and Single Sign-On. By default, FIPS-compliant encryption is not enabled.
DX NetOps Performance Management
is not fully FIPS-compliant. FIPS-compliant encryption does not meet full FIPS compliance.
Enable FIPS-Compliant Encryption
To avoid disabling the data aggregator data source and getting FIPS-compatibility synchronization errors, if you are in the process of upgrading the data aggregator, enable FIPS-compliant encryption after the process is complete.
For more information this error, see Upgrade the Data Aggregator and Upgrade Fault-Tolerant Data Aggregators.
When you enable FIPS-compliant encryption:
  • You cannot register or use data sources which do not support FIPS.
  • Registered data sources that do not support FIPS are disabled.
Enabling FIPS-compliant encryption is not reversible. You can only roll back the configuration by restoring the
netqosportal
and
em
NetOps Portal
databases.
For more information, see Restore NetOps Portal.
Enable FIPS-compliant encryption during non-business hours. Any active user sessions are invalidated when you enable FIPS-compliant encryption. Users will need to log back in. The logs might also temporarily show encryption errors when these user sessions are invalidated.
Follow these steps:
  1. Back up the
    netqosportal
    NetOps Portal
    database.
    For more information, see Back Up NetOps Portal.
  2. Log in to the
    NetOps Portal
    host.
  3. Navigate to the
    NetOps Portal
    directory by issuing the following command:
    cd /opt/CA/PerformanceCenter
  4. Launch the Single Sign-On Configuration tool by issuing the following command:
    ./SsoConfig
  5. Enter
    1
    to configure
    NetOps Portal
    (CAPC) security settings.
    You are prompted to select a configuration option.
  6. Enter
    3
    to configure
    NetOps Portal
    (DX NetOps) security settings.
    You are prompted to specify the priority.
  7. Enter
    7: Enable FIPS
    .
  8. Follow the prompts in the console.
DX NetOps Performance Management
is configured to use FIPS-compliant encryption and hashing algorithms.
Next Steps
After you enable FIPS-compliant encryption, verify that the system is working. Store the most recent
NetOps Portal
backup in a secure location in case you have to roll back the configuration. Remove previous
NetOps Portal
backups or store the backups in a secure location. Passwords in backups from before you enable FIPS-compliant encryption do not use FIPS-compliant encryption.