Enable FIPS 140-2 compliant cryptography

Beginning in Web Help Desk 12.4.0, you can configure a new or existing Web Help Desk deployment for Federal Information Processing Standard (FIPS) 140-2 compliant cryptography. This compliance is required for computer systems installed in U.S. Federal Government agencies and companies in a regulated industry (such as healthcare and financial institutions) that share and distribute sensitive but unclassified (SBU) information.

If you are enabling FIPS in a new deployment, complete the installation procedures for a new deployment.

If you are enabling FIPS in an existing deployment:

  1. Complete the installation procedures for an existing deployment.
  2. Prepare for the database migration by running the Password Security Migration Tool.
  3. Migrate all client and tech passwords to FIPS 140-2 cryptography.

Enabling FIPS 140-2 compliant cryptography is optional and is not required to use Web Help Desk.

New FIPS cryptography with TLS 1.2 support

Beginning with the 12.7.5 release, Web Help Desk implements new FIPS cryptography that supports Transport Layer Security (TLS) 1.2. This implementation provides enhanced end-to-end data security over a computer network.

The new cryptography includes the BCFKS keystore, which replaces the existing PKCS12 keystore.

CA certificate

When you configure FIPS in your deployment, create a certificate signing request and send the generated file to a trusted Certificate of Authority (CA)---such as Verisign or GlobalSign---to validate the certificate identity. The certificate is signed by the CA and may require several weeks to certify and receive.

After you receive the signed certificate, import the certificate into your BCFKS keystore to authenticate your Web Help Desk server identity in a secure HTTPS connection. When completed, your deployment is FIPS 140-2 compliant.

Before you begin

Enabling FIPS 140-2 compliant cryptography requires careful planning and coordination with IT management and corporate personnel for a successful implementation. Review the requirements and procedures in this section to ensure you have the appropriate amount of time, hardware, software, and resources for your deployment.

FIPS 140-2 compliant cryptography is not recommended in a multiple-instance environment.

After you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment, you cannot revert back to your previous configuration.

Requirements

SolarWinds recommends reviewing the following requirements before you enable FIPS 140-2 compliant cryptography in your Web Help Desk deployment.

Component Requirement
Web Help Desk 12.4.x and later
Hardware system Non-virtualized platform
Operating system

Windows Server 2012 (64-bit)

Windows Server 2012 R2 (64-bit)

Windows Server 2016

Windows Server 2019

Database 1

MySQL 5.7

PostgreSQL 9.2 (embedded)

PostgreSQL 9.3.2 (embedded)

PostgreSQL 9.4 (embedded)

PostgreSQL 9.6 (embedded)

SQL Server 2008 R2 SP3 2

SQL Server 2012 SP1 2

SQL Server 2014 2

SQL Server 2016 2

SQL Server 2017 2

LDAP

Active Directory 2012

Active Directory 2012 R2

Open Directory 4

OpenLDAP 2.4

OpenLDAP 2.4.42

Mail server and protocols

Exchange Server 2010

Exchange Server 2013 CU7

Exchange Server 2016

Office 365

SMTP v3 3

Asset discovery connections

MySQL 5.7

SQL Server 2012 SP1

SQL Server 2014

SQL Server 2016

Windows Management Instrumentation (WMI)

Web browser

Google Chrome (Latest version)

Mozilla Firefox (Latest version)

Internet Explorer 9, 10, and 11

SolarWinds Integration

SolarWinds Network Configuration Manager

SolarWinds Network Performance Monitor

SolarWinds Server and Application Monitor

1 Single instance only.

2 SSL connections are not supported. Additionally, SolarWinds recommends running the database server on the same physical server running the Web Help Desk instance.

3 MD5 authentication is not supported.