What is the impact of enabling FIPS mode in vCenter, ESXI hosts, and VM's
search cancel

What is the impact of enabling FIPS mode in vCenter, ESXI hosts, and VM's

book

Article ID: 414900

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Are there direct impacts to VM's, ESXI and vCenter when FIPS mode is enabled?

Environment

vCenter server 7.x

vCenter server 8.x

Cause

Following STIG guidance, and one of the requirements is to enable FIPS mode in vCenter to harden the appliance. 

Resolution

Impact of enabling FIPS on vCenter:

1. Once FIPS mode is enabled, smarts card OCSP revocation is not compatible with FIPS, and will need to change to CRL, or be disabled.

2. Plugins will be impacted

3. file based backups may require adjusting the protocol

Impact On ESXI hosts:

1. Hosts already use FIPS validated modules, enabling FIPS in vCenter ensure that communication between vCenter and hosts adheres to FIPS validated cryptography.

Impact on VMs:

there is no direct impact on VM's after enabling FIPS mode in vCenter, as FIPS compliance is an independent setting controlled by the VM's GUEST OS. 

Additional Information

official certification guidelines, along with our validated cryptographic module certificates, here:

VMware FIPS Certifications: https://www.vmware.com/resources/certifications/fips

Below is the official technical documentation mapping the FIPS 140-2 modules integrated into ESXi 8.0/9.0

FIPS Modules Used in ESXI 8.0

Fips Modules used in ESX 9.0

FIPS Configurations for VCF Components

 

 

Powered by Wolken Software