About FIPS
FIPS (Federal Information Processing Standard) 140-2 is a U.S. government standard relating to computer security and encryption. The Scalar i500 offers a FIPS 140-2 Level 1 certified encryption solution composed of the Scalar Key Manager and HP LTO-5 Fibre Channel or HP LTO-6 Fibre Channel tape drives in a Scalar i500 library. FIPS mode can be enabled on the HP LTO-5 or HP LTO-6 tape drives via the library user interface. Once in FIPS mode, all encryption key communication between the tape drive and the library controller is authenticated. FIPS mode is disabled by default.
This topic discusses:
- Library firmware must be at version 600G or later.
- HP LTO-5 FC or HP LTO-6 FC tape drive firmware must be at the latest version qualified for the library firmware (see the Scalar i500 Release Notes for qualified firmware levels).
- FIPS mode is configured by partition.
- The partition encryption method must be set to Library Managed Encryption enabled in order to set FIPS mode.
- An Encryption Key Management license must be installed on the library sufficient to cover the tape drive(s) on which you want to enable FIPS mode.
- A Storage Networking license must be installed on the library sufficient to cover the tape drive(s) on which you want to enable FIPS mode.
- Ethernet connectivity is required for the tape drives on which you want to enable FIPS mode. For most libraries, this requires one or more Ethernet Expansion blades installed on the library, unless your library consists of a single 5U control module. For 5U libraries, you can connect your tape drives directly to the Ethernet ports on the library control blade (LCB). See the Scalar i500 User's Guide for information on installing the Ethernet Expansion blade.
- The library must be connected to Scalar Key Manager. Scalar Key Manager software must be at version 2.0 or later in order to be FIPS certified.
Upgrade library firmware to version 600G or later.
- For all HP LTO-5 FC and HP LTO-6 FC tape drives that you plan to enable for FIPS, upgrade firmware to the latest qualified version (see the Scalar i500 Release Notes for qualified firmware levels).
- Shut down the library.
- Establish Ethernet connectivity. See the Scalar i500 User's Guide for how to establish Ethernet connectivity in 5U libraries, or how to install an Ethernet Expansion blade in 14U and larger libraries.
- Power on the library.
- Install Storage Networking and Encryption Key Management licenses on the library, if they are not already installed.
- Enable FIPS mode as follows (see Configuring Partition Encryption for more information):
- On the library web client, select Setup > Encryption > Partition Configuration.
The Setup - Encryption Partition Configuration screen displays.
- Change the Encryption Method of the partition to Library Managed Encryption enabled.
- Select the FIPS check box to enable FIPS mode for the partition.
- Click Apply.
There are three ways to view FIPS status on the library:
- The Partition Configuration screen (Setup > Encryption > Partition Configuration) shows which partitions are enabled for FIPS. All tape drives in FIPS partitions are enabled. See Configuring Partition Encryption for more information.
- The System Information Report (Reports > System Information) contains a FIPS column in the Library Partitions section. The column displays “Yes” if FIPS is enabled on the partition and “No” FIPS is disabled. See Viewing System Information for more information.
- The tape drive information pop-up screen on the Library Configuration Report (Reports > Library Configuration) contains a FIPS Enabled item. This item only displays when the tape drive is an HP LTO-5 or HP LTO-6 Fibre Channel tape drive. The item displays “Yes” when FIPS is enabled on the drive and “No” when FIPS is disabled. See Viewing the Library Configuration for more information.
See also: