Enabling and installing FIPS component - Metasys - LIT-12012162 - MS-ADS05U-0 MS-ADX10U-0 MS-ADX10SQL-0 MS-ADX25U-0 MS-ADX25SQL-0 MS-ADX50U-0 MS-ADX50SQL-0 MS-ADX50SQL2-0 MS-ADX100U-0 MS-ADX100SQL2-0 - Server - Metasys Server - 13.0

Metasys Server Installation and Upgrade Instructions

Product
Building Automation Systems > Application Servers > Metasys Server
Document type
Installation Guide
Document number
LIT-12012162
Version
13.0
Revision date
2024-03-26
Product status
Active

Follow the steps in this section if you require the Metasys Server to comply with the FIPS 140-2 standard. FIPS stands for Federal Information Processing Standard Publication, which defines a set of cryptographic methods used within a government environment. All Microsoft operating systems provide a FIPS mode, but it is disabled by default. Enabling and installing FIPS on the computer that runs the Metasys Server software requires you to complete the following:

  • enabling FIPS on the Windows operating system
  • installing FIPS component for the Metasys Server
  • licensing FIPS after the Metasys Server software is installed and licensed
Important: If you enable FIPS on your Metasys Server, you must also update all network engines to Release 11.0 or later, because a FIPS-compliant server is restricted from communicating with engines that are non-FIPS compliant. All network engines at Release 11.0 and later are inherently FIPS compliant, so no additional steps are required at the engine.
Note: If you install FIPS on a server, you cannot install SCT, CCT, and MEU on the same computer as the server as these tools are not FIPS compliant.
  1. Open the Group Policy Editor on the Windows computer by typing gpedit.msc in the Run line or Search box and pressing Enter. The Local Group Policy Editor window appears.
  2. Navigate the tree to reach the following location: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
  3. Under the Policy table, locate the policy entitled System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (Figure 1).
    Figure 1. FIPS Setup Window
  4. Right-click this policy and select Properties. Select Enabled and click OK. FIPS mode is now enabled.
  5. Obtain the Metasys FIPS installation file.
  6. Using Windows Explorer, browse to the location of the Metasys FIPS installation file.
  7. Right-click MetasysFipsInstaller.exe and select Run as Administrator. Enter the Administrator's user credentials if prompted. The setup window appears.
    Figure 2. FIPS Setup Window
  8. To continue, click Install. The progress of each step is shown.
  9. After all installation steps have finished, click Finish.
  10. Start Software Manager and activate the Metasys FIPS license. For details, refer to the Software Manager Help (LIT-12012389).
  11. To verify the FIPS component is now licensed, log on to the Metasys SMP and open the Focus window for the Metasys Server object. To see the FIPS Compliance Status attribute while logged on with Metasys UI, select the Metasys Server object in the Network tree to display its network dashboard. The attribute appears in the Focus tab of the Detail widget. Verify the FIPS Compliance Status attribute indicates Compliant (Licensed).