Updated 12/6/2012 • Originally posted on 06-Dec-2012 by
Can anyone advise if it is possible to achieve FIPS level 1 compliancy (or above) when using the LTM VE product ?
We have had a request come in from a client that they would like us to become FIPS compliant however our long term design we were moving to us F5 VE (for our LTM/GTM deployments). I realise there is the HSM for the higher devices BIG-IP 6400 to 11050 to achieve FIPS l2/l3, and that it is possible to set up the supported ciphers when doing SSL decryption for a web site so that it just supports the FIPS approved range.
I am just wondering if it is at all possible to achieve level 1 FIPS compliancy on devices that do not support the HSM?
thanks in avance
This is not true, the Thales HSM is networked and can be configured to work on VE LTMs. It can actually be clustered for HA and be shared among passive and active nodes alike.
Eduardo - I am not following your comment. I stated I could use the Thales with the VE, however I lose the benefit of the load balancing being all virtual (e.g. migration of the setup to a different geographical location solely by copying the VE over the network to a different site etc. Can you clarify your comment, or did you mis-understand something I stated originally?
In case of VE LTM cluster with nCipher Connect clusters: where should I put the RFS and how should I sync them with the HSMs, please?
Thank you in advance, Best regards, Andras