Administer > FIPS Configuration > Getting Started

Getting Started

Preparing your environment

You must prepare your environment before you perform FIPS-related configuration.

CSAthat is compliant with FIPS 140-2 supports the Microsoft SQL database and Oracle JRE only. For more information about application and version requirements, see the Cloud Service Automation System and Software Support Matrix

Content capsules

Do NOT install these content capsules on your system:

  • HPE-CODAR-1.60.0000
  • Helion-Development-Platform
  • Docker
  • HPE-ICSP-CSA-Sequential-Integration-15.12.0000

Preconfigured CSA features and tools

Do not configure CSA features or use any CSA tools before you configure CSA to be compliant with FIPS 140-2.

If you already configured a feature or used a CSA tool, you must reinstall CSA before you configure the product for FIPS 140-2 compliance.

Verifications

  1. Verify that you are configuring a new or fresh installation of CSA version 4.80.0002 to be compliant with FIPS 140-2. You cannot configure an upgraded installation of CSA version 4.80.0002 or an installation of CSA version 4.80.0002 that is in use. For information on upgrading FIPS 140-2, see the Cloud Service Automation Upgrade Guide.

  2. Stop and disable the global search services:

    1. On the server that hosts CSA, navigate to Start > Administrative Tools > Services.

    2. Right-click on the Elasticsearch 1.6.1 service and select Stop.

    3. Right-click on the Elasticsearch 1.6.1 service and select Properties.

    4. For Startup type, select Disabled.

    5. Click OK.

    6. Right-click on the HPE Search Service and select Stop.

    7. Right-click on the HPE Search Service and select Properties.

    8. For Startup type, select Disabled.

    9. Click OK.

  3. Back up the following directories:

    • %CSA_HOME%\jboss-as\standalone\deployments\csa.war\
    • %CSA_HOME%\jboss-as\standalone\deployments\idm-service.war\
    • %CSA_HOME%\jboss-as\standalone\configuration\
    • %CSA_HOME%\portal\conf\
    • %CSA_HOME%\node.js\
    • <csa_jre>\lib\security
      (where <csa_jre> is the directory in which the JRE that is used by CSA is installed.)
  4. Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

    See the Readme.txt file from the downloaded content for information on how to deploy the files and upgrade the JRE used by CSA.

  5. Download and install the Microsoft Visual C++ 2010 Redistributable Package (x86).

  6. Contact HPE support to install the RSA BSAFE Crypto software files. Unzip the acquired ZIP file to <csa_jre>\lib\ext\ (where <csa_jre> is the directory in which the JRE that is used by CSA is installed..

  7. Install the recompiled version of NodeJS needed for FIPS compliance. On the system on which CSA is installed, unzip the \fips\nodejs-fips-windows.zip file to the %CSA_HOME%\node.js\ directory.