Workflow for NE conversion to FIPS mode

Description

The following are the high-level steps required to commission and discover a device for NFM-P management using FIPS security.

Note: In order to use the workflow, the following must be true:

  • FIPS is enabled in each NFM-P main server configuration.

  • Each main server is running and operational.

  • The NFM-P has a FIPS-compliant SNMPv3 user account for device mediation.

FIPS is enabled on a main server using a parameter in the top-level section of samconfig, as described in the NFM-P system installation procedures.

Stages
 

Modify the NFM-P discovery rule for the device to be FIPS-compliant; you must also ensure that the user named in the associated mediation policy is FIPS-compliant.

Manually commission the device for FIPS-secured management:

Note: You cannot use the NFM-P to enable FIPS mode or create an SNMPv3 user on a device.

  1. Enable FIPS mode on the device; see the device documentation for information.

  2. Create a FIPS-compliant SNMPv3 user on the device.

  3. If any user account on the device is not FIPS-compliant, remove the account.

    Note: If any non-compliant account remains, the device cannot reboot correctly.

  4. Reboot the device, if required.

When the reboot is complete, the NFM-P discovers and manages the device using FIPS security during the next discovery-rule scan, in accordance with the NFM-P polling policy.