When using an IBM Flex System Manager

Follow these steps to enable a chassis to support NIST 800-131A strict mode from the IBM Flex System Manager management node.

  1. Install a Web browser that supports Transport Layer Security (TLS) version 1.2 and cipher suites that use SHA-256.
  2. Enable TLS 1.2 in the Web browser.

    See the documentation provided with your browser to enable the TLS setting.

  3. Configure the CMM to use NIST SP 800-131A mode.
    Note: When you configure the CMM to use NIST SP 800-131A mode, all compute nodes will operate in the same mode.
    You can configure the CMM to support through the Web interface or through the CLI:
  4. Install the IBM Flex System Manager and configure it to enable NIST strict mode.
    To configure the IBM Flex System Manager to comply with NIST 800-131A, choose NIST SP 800-131A Strict Compliance Mode on the Set Cryptography Mode page of the initial Setup Wizard.
    Important: You choose whether to be compliant when you initially configure the IBM Flex System Manager. Once configured, you cannot change this setting. Instead, you must reinstall the IBM Flex System Manager.
    Note: If you are using IBM Fabric Manager (IFM), you must also set it to TLS restrict mode separately through the IFM interface.
    The IBM Flex System Manager supports a customized version of NIST 800-131A strict mode called NIST 800-131A custom mode, which is set automatically when you perform one or more of the following functions:
    • Enable the IPC and DCOM protocols, which are used to discover Windows-based compute nodes. These protocols can be enabled when you initially configure the IBM Flex System Manager or, if you are operating in NIST SP 800-131A Strict Compliance Mode, you can use the CLI command smcli cfgWinSecProPolicy.
    • Enable the deployment of operating systems to compute nodes using the CLI command smcli enabledeployosoverride.
    Note: Not all I/O modules support NIST 800-131A. See the documentation provided with the I/O module to determine the steps required to configure the module to support the NIST 800-131A standard. You can find documentation for all I/O modules at the following location:

    Lenovo Flex System network switches

Parent topic: Installing a new chassis