Layer7 API Management

  • Private Community

  • 1.  FIPS 140 certified Gateway Cluster?

    Posted May 18, 2015 12:49 PM

    Can someone point me to the steps to deploy a FIPS 140 certified Gateway Cluster? I did see an older discussion that mentions that CA Process Automation may be involved. Please let us know all components needed, as well as the steps. We are currently on version 8.2 of the Gateway.

     

    Thanks,

    James



  • 2.  Re: FIPS 140 certified Gateway Cluster?

    Posted May 21, 2015 11:09 AM

    Is anyone able to help out with this question?

     

    Thank you



  • 3.  Re: FIPS 140 certified Gateway Cluster?

    Posted May 21, 2015 11:23 AM

    The fact that you are using a "cluster" does not require any more steps than being a single instance. The gtwys in a cluster use the same "configuration" repository so 1..n gtwy would use the same private keys with respect to FIPS 140-2.

     

    FIPS 140-2 is ambiguous. Do you mean Level 1 or Level 3?

     

    Level 1 - is accomplished in software with the RSA BSafe libraries we use for cryptographic operation. You would need to limit the algorithms available via the Policy Manager under the Task / Manage Cluster-Wide Properties. The property you want to set is

     

    security.fips.enabled = true


    This will require a restart. This is found in the Policy Manager User Manaual at page 637

     

    Level 3 - requires an HSM and in the Installation and Maintenance Manual at page 52. The steps necessary to integrate and achieve Level 3 are stated.



  • 4.  Re: FIPS 140 certified Gateway Cluster?

    Posted May 21, 2015 01:41 PM

    Hi Andy, (nice to hear from you) thanks for the explanation. Only interested in Level 1 at this point.

     

    Regards,

    James