Configuring and Maintaining a FIPS Security Domain
Platform Guide: 6900 and 8900
6 - 1
Understanding the FIPS implementation
The BIG-IP
®
system includes the option to install a FIPS hardware security
module (HSM). Currently, the FIPS HSM is available in the BIG-IP
6900/8900 platform. With this release, the HSM and the BIG-IP key
management software provide FIPS-140 level 2 support. This level of
support provides the following security benefits.
• Keys are stored in the HSM where they are protected from physical and
software attacks.
• Keys can never be extracted in plain text format.
This chapter describes how to configure a redundant system from the factory
with one FIPS HSM installed in each unit. To implement a FIPS solution in
a BIG-IP redundant system, you must perform the following tasks.
• Install the BIG-IP systems and connect a serial console.
• Create the FIPS security domain from the console.
• Run the Configuration utility.
• Run the
fipscardsync
utility to synchronize the FIPS HSMs from the
console.
Some of these tasks are described in other documents. When a section in this
document has tasks described in other documents, it contains links or
pointers to the related documentation.
WARNING
Do not issue back-to-back FIPS commands such as
fipsutil reset
and
fipsutil
crash
. Issuing these commands too quickly may destabilize the system.
Installing the BIG-IP systems and connecting a serial
console
The first two tasks that you need to complete when setting up a FIPS
configuration on a redundant system are to install the systems and connect a
serial console. For details about performing these tasks, refer to the
following documentation:
• For details about installing the hardware, see the
• For information on connecting a serial console, for version 9.x BIG-IP
systems, see
Installation, Licensing, and Upgrades for BIG-IP Systems
,
and for version 10.x BIG-IP systems, see
BIG-IP
®
Systems: Getting
Started Guide
.
After you set up the systems and configure a serial console, you can create
the FIPS security domain.
Summary of Contents for 6900
Page 1: ...Platform Guide 6900 and 8900 MAN 0297 03 ...
Page 2: ......
Page 5: ...Table of Contents ...
Page 6: ......
Page 10: ...Table of Contents viii ...
Page 11: ...1 The 6900 8900 Platform About the 6900 8900 platform Technical support resources ...
Page 12: ......
Page 18: ...Chapter 1 1 6 ...
Page 19: ...2 Installing the 6900 8900 Platform Installing and connecting the hardware ...
Page 20: ......
Page 32: ......
Page 40: ......
Page 49: ...5 Using Always On Management Introducing Always On Management Accessing the AOM Command Menu ...
Page 50: ......
Page 56: ......
Page 64: ...Chapter 6 6 8 ...
Page 65: ...7 Replacing AC Power Supplies About the AC power supply Replacing a power supply ...
Page 66: ......
Page 70: ...Chapter 7 7 4 ...
Page 71: ...8 Replacing DC Power Supplies About the DC power supply Guidelines for DC powered equipment ...
Page 72: ......
Page 81: ...9 Replacing the Fan Tray About the fan tray Replacing the fan tray ...
Page 82: ......
Page 86: ......
Page 96: ...Chapter 10 10 10 ...
Page 98: ......
Page 100: ...Chapter 11 11 2 ...
Page 101: ...12 Understanding Platform Airflow Reviewing platform airflow information ...
Page 102: ......
Page 104: ...Chapter 12 12 2 ...
Page 106: ......
Page 113: ...A Platform Specific Hazardous Substance Levels for China 6900 platform 8900 platform ...
Page 114: ......
Page 117: ...Glossary ...
Page 118: ......
Page 121: ...Index ...
Page 122: ......