Enabling Fips 140-2 - Raritan Dominion KX II-101-V2 User Manual

Hide thumbs Also See for Dominion KX II-101-V2:

User manual (213 pages)

Quick setup manual (9 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

page of 223

/ 223
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 8: Security Management

148

Enabling FIPS 140-2

For government and other high security environments, enabling FIPS

140-2 mode may be desirable. The KX II-101-V2 uses an embedded

FIPS 140-2-validated cryptographic module running on a Linux

per FIPS 140-2 Implementation Guidance section G.5 guidelines. Once

this mode is enabled, the private key used to generate the SSL

certificates must be internally generated; it cannot be downloaded or

exported.

To enable FIPS 140-2:

1. Access the Security Settings page.

2. Enable FIPS 140-2 Mode by selecting the Enable FIPS 140-2

checkbox in the Encryption & Share section of the Security Settings

page. You will utilize FIPS 140-2 approved algorithms for external

communications once in FIPS 140-2 mode. The FIPS cryptographic

module is used for encryption of KVM session traffic consisting of

video, keyboard, mouse, virtual media and smart card data.

3. Reboot the KX II-101-V2. Required

Once FIPS mode is activated, 'FIPS Mode: Enabled' will be displayed

in the Device Information section in the left panel of the screen.

For additional security, you can also create a new Certificate Signing

Request once FIPS mode is activated. This will be created using the

required key ciphers. Upload the certificate after it is signed or create

a self-signed certificate. The SSL Certificate status will updated from

'Not FIPS Mode Compliant' to 'FIPS Mode Compliant'.

When FIPS mode is activated, key files cannot be downloaded or

uploaded. The most recently created CSR will be associated

internally with the key file. Further, the SSL Certificate from the CA

and its private key are not included in the full restore of the backed-

up file. The key cannot be exported from KX II-101-V2.

FIPS 140-2 Support Requirements

The KX II-101-V2 supports the use of FIPS 140-20 approved encryption

algorithms. This allows an SSL server and client to successfully

negotiate the cipher suite used for the encrypted session when a client is

configured for FIPS 140-2 only mode.

Following are the recommendations for using FIPS 140-2 with the KX II-

101-V2:

KX II-101-V2

platform

Table of Contents

Enabling Fips 140-2 - Raritan Dominion KX II-101-V2 User Manual

Enabling FIPS 140-2

Related Manuals for Raritan Dominion KX II-101-V2

Related Content for Raritan Dominion KX II-101-V2

Table of Contents