Enable FIPS 140-2 compliant cryptography
Beginning in Web Help Desk 12.4.0, you can configure a new or existing Web Help Desk deployment for Federal Information Processing Standard (FIPS) 140-2 compliant cryptography. This compliance is required for computer systems installed in U.S. Federal Government agencies and companies in a regulated industry (such as healthcare and financial institutions) that share and distribute sensitive but unclassified (SBU) information.
If you are enabling FIPS in a new deployment, complete the installation procedures for a new deployment.
If you are enabling FIPS in an existing deployment:
- Complete the installation procedures for an existing deployment.
- Prepare for the database migration by running the Password Security Migration Tool.
- Migrate all client and tech passwords to FIPS 140-2 cryptography.
Enabling FIPS 140-2 compliant cryptography is optional and is not required to use Web Help Desk.
New FIPS cryptography with TLS 1.2 support
Beginning with the 12.7.5 release, Web Help Desk implements new FIPS cryptography that supports Transport Layer Security (TLS) 1.2. This implementation provides enhanced end-to-end data security over a computer network.
The new cryptography includes the BCFKS keystore, which replaces the existing PKCS12 keystore.
CA certificate
When you configure FIPS in your deployment, create a certificate signing request and send the generated file to a trusted Certificate of Authority (CA)---such as Verisign or GlobalSign---to validate the certificate identity. The certificate is signed by the CA and may require several weeks to certify and receive.
After you receive the signed certificate, import the certificate into your BCFKS keystore to authenticate your Web Help Desk server identity in a secure HTTPS connection. When completed, your deployment is FIPS 140-2 compliant.
Before you begin
Enabling FIPS 140-2 compliant cryptography requires careful planning and coordination with IT management and corporate personnel for a successful implementation. Review the requirements and procedures in this section to ensure you have the appropriate amount of time, hardware, software, and resources for your deployment.
FIPS 140-2 compliant cryptography is not recommended in a multiple-instance environment.
After you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment, you cannot revert back to your previous configuration.
Requirements
SolarWinds recommends reviewing the following requirements before you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment.
| Component | Requirement |
|---|---|
| Web Help Desk | 12.4.x and later |
| Hardware system | Non-virtualized platform |
| Operating system |
Windows Server 2012 (64-bit) Windows Server 2012 R2 (64-bit) Windows Server 2016 Windows Server 2019 |
| Database 1 |
MySQL 5.7 PostgreSQL 9.2 (embedded) PostgreSQL 9.3.2 (embedded) PostgreSQL 9.4 (embedded) PostgreSQL 9.6 (embedded) SQL Server 2008 R2 SP3 2 SQL Server 2012 SP1 2 SQL Server 2014 2 SQL Server 2016 2 SQL Server 2017 2 |
| LDAP |
Active Directory 2012 Active Directory 2012 R2 Open Directory 4 OpenLDAP 2.4 OpenLDAP 2.4.42 |
| Mail server and protocols |
Exchange Server 2010 Exchange Server 2013 CU7 Exchange Server 2016 Microsoft 365 (previously called Office 365) SMTP v3 3 |
| Asset discovery connections |
MySQL 5.7 SQL Server 2012 SP1 SQL Server 2014 SQL Server 2016 Windows Management Instrumentation (WMI) |
| Web browser |
Google Chrome (Latest version) Mozilla Firefox (Latest version) Internet Explorer 9, 10, and 11 |
| SolarWinds Integration |
SolarWinds Network Configuration Manager SolarWinds Network Performance Monitor SolarWinds Server and Application Monitor |
|
1 Single instance only. 2 SSL connections are not supported. Additionally, SolarWinds recommends running the database server on the same physical server running the Web Help Desk instance. 3 MD5 authentication is not supported. |
|