Follow the steps in this section if the customer requires the Metasys Server to comply with the FIPS 140-2 standard. FIPS stands for Federal Information Processing Standard Publication, which defines a set of cryptographic methods used within a government environment. All Microsoft operating systems provide a FIPS mode, but it is disabled by default. Enabling and installing FIPS on the computer that is running the Metasys Server software includes the following steps:
- enabling FIPS on the Windows operating system
- licensing FIPS after the Metasys Server software is installed and licensed
- installing FIPS component for the Metasys Server
Important: If you enable FIPS
on your Metasys Server, you must
also update all network engines to Release 11.0, because a FIPS-compliant server is
restricted from communicating with engines that are non-FIPS compliant. All network
engines at Release 11.0 are inherently FIPS compliant, so no additional steps are
required at the engine.
- Open the Group Policy Editor on the Windows computer by typing gpedit.msc in the Run line or Search box and pressing Enter. The Local Group Policy Editor window appears.
- Navigate the tree to reach the following location: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
- Under the Policy table, locate the policy entitled System cryptography: Use FIPS compliant algorithms for encryption, hashing,
and signing (Figure 1). Figure 1. FIPS Setup Window
- Right-click this policy and select Properties. Select Enabled and click OK. FIPS mode is now enabled.
- Start Software Manager and activate the Metasys FIPS license. For details, refer to the Software Manager Help (LIT-12012389).
- Obtain the Metasys FIPS installation file.
- Using Windows Explorer, browse to the location of the Metasys FIPS installation file.
- Right-click MetasysFipsInstaller.exe and select Run as Administrator. Enter the Administrator's user
credentials if prompted. The setup window appears. Figure 2. FIPS Setup Window
- To continue, click Install. The progress of each step is shown.
- After all installation steps have finished, click Finish.
- To verify the FIPS component is now licensed, log on the Metasys SMP and open the Focus window for the ADS object. Verify the FIPS Compliance Status attribute indicates Compliant (Licensed).