Lenovo XClarity Administrator cryptography settings

Cryptographic management is composed of communication modes and protocols that control the way that secure communications are handled between Lenovo XClarity Administrator and the managed systems as well as between your browser and Lenovo XClarity Administrator.

The cryptographic mode determines how secure communications are handled between Lenovo XClarity Administrator and all managed systems. It sets the encryption-key lengths to be used if secure communications are implemented.
Note: Regardless of the cryptography mode that you select, NIST approved Digital Random Bit Generators are always used, and only 128-bit or longer keys are used for symmetric encryption.
When you change the cryptographic mode in the Lenovo XClarity Administrator, the modes for all managed endpoints are switched to the same setting automatically. Consider the following implications of changing the cryptographic mode:
  • If you switch from Compatibility mode to NIST SP 800-131A mode and the current certificate authority (CA) on the managed CMMs and IMMs use RSA-2048/SHA-1 (the default), an RSA-2048/SHA-256 certificate is regenerated on each managed chassis and server, that causes a mismatch between the newly generated server certificates on the CMMs and IMMs and the server certificate that is stored in the Lenovo XClarity Administrator trust store. To resolve this issue, go to the All Chassis page or All Servers page, and click All Actions > Resolve Untrusted Certificate for each system (see Resolving an untrusted server certificate).
  • Not all Flex switches support NIST 800-131A mode. If the Flex switch does support NIST 800-131A mode, you might need to change the configuration for the switches through the Flex switch interface. For information about support for NIST 800-131A and about switching Flex switches between compatibility mode and NIST 800-131A mode, see the product documentation that is available for the Flex switches. For more information, see Flex System network switches.

For more information about configuring Lenovo XClarity Administrator cryptography settings, see Configuring cryptography settings from the Lenovo XClarity Administrator.