Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Modify FIPS Mode Post Deployment

Use this procedure if you need to modify the FIPS mode operational state after performing a firmware update or specifying user-defined configuration properties in Oracle ILOM.


Note - FIPS compliance mode in Oracle ILOM is represented by a State and Status property. The State property represents the configured mode in Oracle ILOM and the Status property represents the operational mode in Oracle ILOM. When the FIPS State property is changed, the change does not affect the operational mode (FIPS Status property) until the next Oracle ILOM reboot.

Before You Begin

  • The configurable property for FIPS level 1 compliance is available in Oracle ILOM as of firmware 3.2.4 or later. Prior to firmware release 3.2.4, Oracle ILOM does not provide a configurable property for FIPS level 1 compliance.

  • When FIPS is enabled (configured and operational) some features in Oracle ILOM are not supported. For a list of unsupported features when FIPS is enabled, see Un-Supported Features When FIPS Mode Is Enabled.

  • The Admin (a) role is required to modify the FIPS State property on the Management Access > FIPS page.

  • To Restore the Oracle ILOM configuration, the following user privileges must be assigned:

    • Administrator (administrator) profile or

      -or-

    • Admin (a), User Management (u), Console (c), Reset and Host Control (r), and Read Only (o)

To modify the FIPS mode after updating the Oracle ILOM firmware, follow these steps:

  1. In the Oracle ILOM web interface back up the Oracle ILOM configuration.

    For instance:

    1. Click ILOM Administration -> Configuration Management -> Backup/Restore.
    2. In the Backup/Restore page, click the More details... link for further instructions.

      Note - To simplify the reconnection to Oracle ILOM after the firmware update, you should enable the firmware update options for Preserve the Configuration.

      Note - If you perform Step 2 before you perform Step 1, you will need to edit the XML backed-up configuration file and remove the FIPS setting. Otherwise, you will have an inconsistent configuration between the backed-up Oracle ILOM XML file and the operational FIPS mode state running on the server, which is not allowed.
  2. If a firmware update is required, perform the following steps:
    1. Click ILOM Administration -> Maintenance -> Firmware Update.
    2. In the Firmware Update page, click the More details... link for further instructions.
  3. Modify the FIPS compliance mode in Oracle ILOM as follows:
    1. Click ILOM Administration -> Management Access -> FIPS.
    2. In the FIPS page, click the More details link for instructions on how to:
      • Modify the FIPS State configuration.
      • Update the FIPS operational status on system by resetting the SP.
  4. Restore the backed-up Oracle ILOM Configuration as follows:
    1. Click ILOM Administration -> Configuration Management -> Backup/Restore.
    2. In the Backup/Restore page, click the More details link for further instructions.

Related Information