Install > Configure OMi FIPS Compliancy > Configure Data Flow Probe for FIPS 140-2 Compliance

Configure the Data Flow Probe for FIPS 140-2 Compliance

Requirements

Before you start configuring the Data Flow Probe for FIPS mode, make sure the following requirements are met:

  • OMi server is running in FIPS mode.

  • Data Flow Probe has the same version as the RTSM on the OMi server.

Configure the Data Flow Probe for FIPS Mode

Note Data Flow Probes that are upgraded to version 10.21 are switched to FIPS mode automatically.

To configure the Data Flow Probe for FIPS mode, follow these steps:

  1. Install the Data Flow Probe as described in the OMi Data Flow Probe Installation Guide.

  2. Switch the probe to FIPS mode:

    • If the OMi/RTSM server is running in FIPS mode with HTTP enabled, the Data Flow Probe is switched automatically to FIPS mode when you connect it to OMi, and you do not have to perform any additional steps.
    • If the OMi/RTSM server is running in FIPS mode with HTTPS enabled (the default), follow these steps:

      1. Stop the probe.

      2. Open the following file in a text editor:

        <DFP install folder>/conf/security/ssl.properties

      3. Locate the following attributes, and update their values as follows:

        javax.net.ssl.keyStore=FIPS_HPProbeKeyStore.jks
        javax.net.ssl.trustStore=FIPS_HPProbeTrustStore.jks
      4. Copy the jar files of JCE Unlimited Strength Jurisdiction Policy Files 8 into the %\DataFlowProbe_HOME%\bin\jre\lib\security directory on the Data Flow Probe machine.

        For more information about how to obtain these files, see the UCMDB Help.

      5. Add the probe.fips.status=1 line into the DataFlowProbe.properties file on the Data Flow Probe machine, and then save the file.

      6. Restart the probe.

      Note If the Data Flow Probe is in separate mode, you must perform steps iv, v, and vi for both the Probe Manager and the Probe Gateway.

  3. Optional. Verify that the probe is switched to FIPS mode:

    1. Go to the probe's JMX Console.

      For example: <Probe_IP>:<Probe_Port>/jmx-console/

    2. Search for getFipsStatus.

    3. On the result page, check whether the value of the FipsStatus attribute is Current probe is in FIPS mode.