Encryption
MACsec Pre-Shared Keys (PSK)
Network Group Encryption
The NFM-P may optionally be used to deploy Network Group Encryption (NGE) attributes to NEs. The NFM-P uses SNMP to deploy general NGE attributes to NEs, and SSH2 sessions to configure the key values. You can use an existing SSH2 user account on each NE, or, to facilitate the tracking of key value configuration activity, you can use the User NGE account. The NFM-P creates the account on each participating NGE NE and uses the account only for creating and updating key values. The NFM-P user activity log records all NGE configuration activity.
Note: To facilitate the tracking of key value configuration activity, use the "User NGE" account on each NE.
Note: For increased security, Nokia recommends using a scheduled task for the regular and automatic replacement of the keys in the key group.
FIPS
The NFM-P supports Federal Information Processing Standards (FIPS) for NE management and client communication. See the NSP Installation and Upgrade Guide for information about enabling FIPS.