XenMobile 10 – Configuration Series Part 1: Installing in FIPS 140-2 Compliance Mode
The latest version of XenMobile includes FIPS 140-2 compliant encryption for mobile apps, ensuring government and enterprise workers can access critical documents and apps securely. XenMobile 10 expands FIPS 140-2 support by encrypting connections from the network to the server and connections to the console. This is in addition to the existing client-side FIPS 140-2 that came with XenMobile 9.
This guide helps you go thru how to install XenMobile 10 in FIPS Compliance Mode.
What is FIPS?
The Federal Information Processing Standard (FIPS), issued by the US National Institute of Standards and Technologies (NIST), specifies the security requirements for cryptographic modules used in security systems. FIPS 140-2 is the second version of this standard.
More detailed information about FIPS and NIST see links:
XenMobile 10 – Installation
– Microsoft SQL Server ready for the XenMobile database.
– SSL certificate installed on the MS SQL and encrypted connections enabled on it.
– Root Certificate exported.
Important: You can enable XenMobile FIPS mode only during initial installation.
Configuring XenMobile 10 for the First Time Use:
After you have downloaded and imported XenMobile 10 virtual appliance into hypervisor, start the virtual machine and open console view.
1. Enter new password for the Admin (CLI) user.
2. Provide Network settings and commit by pressing y and hit Enter.
3. Type y to increase security by generating a random passphrase. The passphrase is used as part of the protection of the encryption keys used to secure your sensitive data.
4. There we are! Type y and hit Enter to enable FIPS mode configuration.
Important: FIPS mode only supports an SSL encrypted remote database connection.
5. Hit Enter to accept the default mi for Microsoft SQL.
6. To enable a secure connection you must copy or import a Root certificate. Hit Enter to accept the default y to upload a root certificate.
7. Type i or c depending can you copy-paste Root Certificate on your console or as in my case it needs to be copied from the IIS server, because I’m using VMWare Fusion and copy-paste won’t work.
8. Enter http URL to import Root Certificate and hit Enter.
9. Enter Database server FQDN and hit Enter.
10. Hit Enter to choose default Database TCP port.
11. Enter Database db_creator credentials.
12. Choose new XenMobile Database name and commit all settings pressing y and hit Enter.
13. Type y to enable Cluster and hit Enter. (not needed yet, but it’s safe to enable already)
13. Type XenMobile FQDN hostname and commit settings pressing y and hit Enter.
14. Hit Enter to choose all default communication ports and commit settings pressing y and hit Enter.
15. Enter y to use same password for the all PKI certificates and commit settings pressing y and hit Enter.
16. Hit Enter to choose default username for the Web Console admin account, or change it whatever you want. Enter new password for it can commit settings pressing y and hit Enter.
17. Hit Enter not to upgrade from previous release and you’re done!
18. Notice XenMobile Web Console access URL.
19. Login to the CLI and you’ll see that XenMobile is now configured as in FIPS Compliant Mode.
20. After configuration has finished you should be able to login to the XenMobile Web Console via web browser.