Workflow for NE conversion to FIPS mode
Description
The following are the high-level steps required to commission and discover a device for NFM-P management using FIPS security.
Note: In order to use the workflow, the following must be true:
-
FIPS is enabled in each NFM-P main server configuration.
-
Each main server is running and operational.
-
The NFM-P has a FIPS-compliant SNMPv3 user account for device mediation.
FIPS is enabled on a main server using a parameter in the top-level section of samconfig, as described in the NFM-P system installation procedures.
Stages
| |
|
1 |
Modify the NFM-P discovery rule for the device to be FIPS-compliant; you must also ensure that the user named in the associated mediation policy is FIPS-compliant.
|
2 |
Manually commission the device for FIPS-secured management:
Note: You cannot use the NFM-P to enable FIPS mode or create an SNMPv3 user on a device.
-
Enable FIPS mode on the device; see the device documentation for information.
-
Create a FIPS-compliant SNMPv3 user on the device.
-
If any user account on the device is not FIPS-compliant, remove the account.
Note: If any non-compliant account remains, the device cannot reboot correctly.
-
Reboot the device, if required.
When the reboot is complete, the NFM-P discovers and manages the device using FIPS security during the next discovery-rule scan, in accordance with the NFM-P polling policy. |