Enable FIPS 140-2 compliant cryptography
Beginning in Web Help Desk 12.4.0, you can configure a new or existing Web Help Desk deployment for Federal Information Processing Standard (FIPS) 140-2 compliant cryptography. This compliance is required for computer systems installed in U.S. Federal Government agencies and companies in a regulated industry (such as healthcare and financial institutions) that share and distribute sensitive but unclassified (SBU) information.
If you are enabling FIPS in a new deployment, complete the installation procedures for a new deployment.
If you are enabling FIPS in an existing deployment:
- Complete the installation procedures for an existing deployment.
- Prepare for the database migration by running the Password Security Migration Tool.
- Migrate all client and tech passwords to FIPS 140-2 cryptography.
Enabling FIPS 140-2 compliant cryptography is optional and is not required to use Web Help Desk.
Network Security Services
The FIPS cryptography implements Network Security Services (NSS)—a set of open-source cryptographic libraries developed by Mozilla that support security-enabled client and server applications. When integrated with NSS, Web Help Desk can support public-key cryptography standards #11 (PKCS #11) certificates for FIPS compliance.
All connections through SSL to the external tools require a trusted certificate to be imported into the NSS database.
CA and self-signed certificates
After you configure FIPS in your deployment, you can obtain and import a signed certificate by a trusted Certificate Authority (for production environments) or a self-signed certificate (for test environments) to your NSS database to authenticate your Web Help Desk server identity in a secure HTTPS connection. When completed, your deployment is FIPS 140-2 compliant.
Web Help Desk 12.4.0 and later supports FIPS mode on supported Windows 64-bit operating systems.
Before you begin
Enabling FIPS 140-2 compliant cryptography requires careful planning and coordination with IT management and corporate personnel for a successful implementation. Review the requirements and procedures in this section to ensure you have the appropriate amount of time, hardware, software, and resources for your deployment.
FIPS 140-2 compliant cryptography is not recommended in a multiple-instance environment.
After you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment, you cannot revert back to your previous configuration.
SolarWinds recommends reviewing the following requirements before you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment.
|Web Help Desk||12.4.x and later|
|Hardware system||Non-virtualized platform|
Windows Server 2012 (64-bit)
Windows Server 2012 R2 (64-bit)
Windows Server 2016
Windows Server 2019
PostgreSQL 9.2 (embedded)
PostgreSQL 9.3.2 (embedded)
PostgreSQL 9.4 (embedded)
PostgreSQL 9.6 (embedded)
SQL Server 2008 R2 SP3 2
SQL Server 2012 SP1 2
SQL Server 2014 2
SQL Server 2016 2
SQL Server 2017 2
Active Directory 2012
Active Directory 2012 R2
Open Directory 4
|Mail server and protocols||
Exchange Server 2010
Exchange Server 2013 CU7
Exchange Server 2016
SMTP v3 3
|Asset discovery connections||
SQL Server 2012 SP1
SQL Server 2014
SQL Server 2016
Windows Management Instrumentation (WMI)
Google Chrome (Latest version)
Mozilla Firefox (Latest version)
Internet Explorer 9, 10, and 11
SolarWinds Network Configuration Manager
SolarWinds Network Performance Monitor
SolarWinds Server and Application Monitor
1 Single instance only.
2 SSL connections are not supported. Additionally, SolarWinds recommends running the database server on the same physical server running the Web Help Desk instance.
3 MD5 authentication is not supported.