VMware Cloud Community
centixo
Contributor
Contributor
‎02-18-2023 01:41 PM

Disable FIPS Mode on SDDC Manager 4.4.x

Is it possible to disable FIPS mode on SDDC Manager? This is enabled at bring-up and there are documented methods of checking if it is enabled or not via RestAPi, however, there does not appear to be a method of disabling it once it is enabled. I do know there are some vRealize LCM issues if you have FIPS enabled and the process of upgrading those LCM environments is to disable FIPS, perform the upgrade, and enable FIPS. 

Is there a supported way to disable this on SDDC Manager?

Reply
0 Kudos
1 Reply
Shen88
Enthusiast
Enthusiast
‎02-21-2023 12:13 PM

@centixo,

You can enable FIPS mode during bring-up, which will enable it on all the VMware Cloud Foundation components that support FIPS like SDDC Manager, vCenter, NSX-T and vRSLCM.

There is way to disable via vRSLCM outlined below:
https://docs.vmware.com/en/VMware-vRealize-Suite-Lifecycle-Manager/8.10/com.vmware.vrsuite.lcm.8.10....

However, per VMware documentation below "This option is only available for new VMware Cloud Foundation installations and the setting you apply during bring-up will be used for future upgrades. You cannot change the FIPS security mode setting after bring-up"

https://docs.vmware.com/en/VMware-Cloud-Foundation/4.5/vcf-deploy/GUID-1F75AE6E-E860-4A3A-AEC7-41962...

If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen
Reply
0 Kudos