2 Installing a FIPS Feature Set and Upgrading a FIPS System
Note:
You enable the FIPS feature set via the Data Integrity entitlement by way of the setup entitlements command.CAUTION: Enabling this feature activates enhanced FIPS security functions. Once saved, factory rest may be required.
Installing a FIPS Feature Set
For the method in which the FIPS feature is installed on the Enterprise Session Border Controller and Enterprise Session Router, see the Enterprise Session Border Controller and Enterprise Session Router Release Notes. For instructions on provisioning the FIPS entitlement, see the Enterprise Session Border Controller ACLI Configuration Guide.
Enabling the FIPS Feature Set on the Enterprise Session Router
Unlike the ESBC, you must perform the steps in this procedure before any other FIPS enablement procedures on and Oracle Enterprise Session Router. After performing these steps, you set up your ESR for FIPS under the same conditions and using the same procedures as an ESBC:
- From the ACLI command prompt, run the show users command.
- Terminate any extraneous, open management sessions with the exception of your own.
- From the ACLI command prompt, run the update-grub command.
- Reboot your Oracle Enterprise Session Router.
- Enable FIPS using setup entitlements, as well as all other FIPS enablement steps.
Note:
Do not run the update-grub command if there are more than one active ACLI sessions. If so, enabling FIPS may fail. You determine whether there are additional ACLI sessions using the show users command. Applicable management sessions include open shells, ssh sessions and console sessions.Upgrading the Image on a FIPS Enabled System
This procedure assumes that the FIPS feature is already installed on the system. If the FIPS feature set on your system expires, you must install a valid FIPS feature. For more information on installing a FIPS feature set, see "Installing a FIPS Feature Set".
- SSH File Transfer Protocol (SFTP) client with access to the target Acme Packet platform.
- SFTP access to the target Acme Packet platform's management IP address.
- Access to the FIPS software image to which you are upgrading.
Note:
You must follow this procedure on a running device:Note:
The steps below use the text, <release>, as a variable to generalize the file's release version.