Enable FIPS 140-2 compliant cryptography
Check out this video (7:04) for information about configuring WHD to be FIPS compatible.
Beginning in Web Help Desk 12.4.0, you can configure a new or existing Web Help Desk deployment for Federal Information Processing Standard (FIPS) 140-2 compliant cryptography. This compliance is required for computer systems installed in U.S. Federal Government agencies and companies in a regulated industry (such as healthcare and financial institutions) that share and distribute sensitive but unclassified (SBU) information.
If you are enabling FIPS in a new deployment, complete the installation procedures for a new deployment.
If you are enabling FIPS in an existing deployment:
- Complete the installation procedures for an existing deployment.
- Prepare for the database migration by running the Password Security Migration Tool.
- Migrate all client and tech passwords to FIPS 140-2 cryptography.
Enabling FIPS 140-2 compliant cryptography is optional and is not required to use Web Help Desk.
Network Security Services
The FIPS cryptography implements Network Security Services (NSS)—a set of open-source cryptographic libraries developed by Mozilla that support security-enabled client and server applications. When integrated with NSS, Web Help Desk can support public-key cryptography standards #11 (PKCS #11) certificates for FIPS compliance.
All connections through SSL to the external tools require a trusted certificate to be imported into the NSS database.
CA and self-signed certificates
After you configure FIPS in your deployment, you can obtain and import a signed certificate by a trusted Certificate Authority (for production environments) or a self-signed certificate (for test environments) to your NSS database to authenticate your Web Help Desk server identity in a secure HTTPS connection. When completed, your deployment is FIPS 140-2 compliant.
Web Help Desk 12.4.0 and later supports FIPS mode on supported Windows 64-bit operating systems.
Before you begin
Enabling FIPS 140-2 compliant cryptography requires careful planning and coordination with IT management and corporate personnel for a successful implementation. Review the requirements and procedures in this section to ensure you have the appropriate amount of time, hardware, software, and resources for your deployment.
FIPS 140-2 compliant cryptography is not recommended in a multiple-instance environment.
After you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment, you cannot revert back to your previous configuration.
Requirements
SolarWinds recommends reviewing the following requirements before you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment.
Component | Requirement |
---|---|
Web Help Desk | 12.4.x and later |
Hardware system | Non-virtualized platform |
Operating system |
Windows Server 2012 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2016 Windows Server 2019 |
Database 1 |
MySQL 5.7 PostgreSQL 9.2 (embedded) PostgreSQL 9.3.2 (embedded) PostgreSQL 9.4 (embedded) PostgreSQL 9.6 (embedded) SQL Server 2008 R2 SP3 2 SQL Server 2012 SP1 2 SQL Server 2014 2 SQL Server 2016 2 SQL Server 2017 2 |
LDAP |
Active Directory 2012 Active Directory 2012 R2 Open Directory 4 OpenLDAP 2.4 OpenLDAP 2.4.42 |
Mail server and protocols |
Exchange Server 2010 Exchange Server 2013 CU7 Exchange Server 2016 Office 365 SMTP v3 3 |
Asset discovery connections |
MySQL 5.7 SQL Server 2012 SP1 SQL Server 2014 SQL Server 2016 Windows Management Instrumentation (WMI) |
Web browser |
Google Chrome (Latest version) Mozilla Firefox (Latest version) Internet Explorer 9, 10, and 11 |
SolarWinds Integration |
SolarWinds Network Configuration Manager SolarWinds Network Performance Monitor SolarWinds Server and Application Monitor |
1 Single instance only. 2 SSL connections are not supported. Additionally, SolarWinds recommends running the database server on the same physical server running the Web Help Desk instance. 3 MD5 authentication is not supported. |