Working with vRangerPro DPP when FIPS is required (4045995)

Working with vRangerPro DPP when FIPS is required

Backups fail when FIPS in turned on.

Please follow steps outlined below to make sure FIPS is configured correctly per OS/Platform

Below are the steps required for enabling FIPS:

1. For Windows XP & 2003 (32 and 64 bit)

1. Go to Start -> Run
2. Enter regedit and click on OK
3. Expand to: HKEY_LOCAL_MACHINE à SYSTEM à CurrentControlSet à Control à Lsa
4. Click on Lsa directory
5. Right Click on Lsa and select New à Key
6. Name the key Lsa
7. On the right hand pane right click and select New à DWORD Value
8. Name the DWORD as “enabled”
9. Right click on that key and select “Modify”
10. Look for the field called “Value data”
11. Default value =0 à Means that FIPS is OFF
12. Set the value = 1 à Means that FIPS will be turned ON
13. Close regedit
14. Restart the machine
15. Re-run the Backup Job from vRanger

1. For Windows Vista, 2008, and 7 (32 and 64 bit)

1. Go to Start -> Run
2. Enter regedit and click on OK
3. Expand to: HKEY_LOCAL_MACHINE à SYSTEM à CurrentControlSet à Control à Lsa à
4. Create a new DWORD Value and name the key “FipsAlgorithmPolicy”
5. Right click on that key and select “Modify”
6. Look for the field called “Value data”
7. Default value =0 – Means that FIPS is OFF
8. Set the value to 1 – Means that FIPS will be turned ON
9. Expand to: HKEY_LOCAL_MACHINE à SYSTEM à CurrentControlSet à Control à Lsa à FipsAlgorithPolicy
10. Click on FipsAlgorithPolicy directory
11. Look for the REG_DWORD entry “Enabled”
12. Right click on that key and select “Modify”
13. Look for the field called “Value data”
14. Default value =0 – Means that FIPS is OFF
15. Set the value to 1 – Means that FIPS will be turned ON
16. Close regedit
17. Restart the machine
18. Re-run the Backup Job from vRanger

1. For ESX3.X Hosts you need to disable the AES cipher

1. Make sure that you have created the entry like described in B. (you will have to create the Key and the create a new REG_DWORD value
2. Log in the Host using putty
3. Go to the directory /etc/ssh/ à cd /etc/ssh
4. Edit the sshd_config file à vi sshd_config
5. Go to the last line in that file
6. Look for the line entry: Ciphers aes256-cbc,aes128-cbc
7. Comment out that line by putting a # in front of the line entry
8. Save the sshd_config file à :wq
9. Restart the SSH services by running the command: service sshd restart
10. Run a Backup job from vRanger Pro using a ESX 3.X host

1. For Upgrade ESX host from 3.X to 4.0

1.Log in the Host using putty

2.Go to the directory /etc/ssh/ à cd /etc/ssh

3.Edit the sshd_config file à vi sshd_config

4.Go to the last line in that file

5.Look for the line entry: Ciphers aes256-cbc,aes128-cbc

6.Comment out that line by putting a # in front of the line entry

7.Save the sshd_config file à :wq

8.Restart the SSH services by running the command: service sshd restart

1. For ESX4

ESX4 is FIPS ready once activated in the Operating System (OS) registry - (See above).

No additional modifications needed