Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Kubernetes Administrator's Guide
  3. Enabling FIPS mode in Kubernetes
  4. Enable Federal Information Processing Standards (FIPS) mode in Kubernetes
NetBackup™ for Kubernetes Administrator's Guide

Enable Federal Information Processing Standards (FIPS) mode in Kubernetes

NetBackup Kubernetes 10.3 release provides FIPS support for RedHat based NetBackup deployments. All the Kubernetes workload component involved in NetBackup, Kubernetes operator and Data mover must run in FIPS mode. To achieve the FIPS support, there are certain requirements that needs to be met across all these components.

System requirements

Following are the system requirements for FIPS support in NetBackup Kubernetes workload.

Name

Parameters

NetBackup Primary and Media

  • Both Primary and Media must be deployed on the NetBackup10.2.1 with underlying RHEL-8system which is enabled with FIPS.

  • RHEL OS version must be greater than RHEL8.

    • You can check version of RedHat machine using the following command:

      cat /etc/Redhat-release

    • You can check if underlying system have FIPS enabled using the following command:

      FIPS-MODE-SETUP--CHECK

    • For more details, you can check man page entry of the following command:

      fips-mode-setup

Kubernetes Cluster

  • Kubernetes cluster must be deployed with FIPS enabled mode.

  • The process to deploy Kubernetes cluster in FIPS mode is vendor dependent.

  • For example, deploying Openshift with FIPS Enabled

Configuration parameters

Following are the configuration parameters for FIPS mode in NetBackup Kubernetes workload.

Configuration

Parameters

NetBackup Primary and Media

Enabling NetBackup process to run in FIPS mode:

  • Update <Netbackup-Installation-Path>/netbackup/bp.conf with the following key:

    NB_FIPS_MODE = ENABLE

  • For more information on NetBackup in FIPS mode, refer to the Configure the FIPS mode in your NetBackup domain section in the NetBackup™Security and Encryption Guide

NetBackup Kubernetes Operator

Do any of the following to enable FIPS mode:

  • Update the value of parameter fipsMode to ENABLE in values.yaml file from the Helm Chart.

  • Update the value of parameter NB_FIPS_MODE to ENABLE in backup-operator.

Note:

Make sure that all the systems on which NetBackup Kubernetes workload runs are FIPS compliant.

Troubleshooting for FIPS

Impact on the Automated Image Replication (AIR) operation:

  • For AIR on FIPS enabled environment, you need to do the additional configuration.

  • Update the <KB-Article>on the support site.

  • Run the following commands in the command-line interface (CLI):

    /usr/openv/java/jre/bin/keytool/keytool -storetype BCFKS -providerpath

    /usr/openv/wmc/webserver/lib/ccj-3.0.1.jar -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -importcert -trustcacerts -file <target CA certificate file (pem encoded)> -keystore

    NB_INSTALL_DIR/var/global/wsl/credentials/cacerts.bcfks -storepass <password from the /usr/openv/var/global/jkskey file>

    -alias <alias name of the trusted certificate entry to be added>

Feedback

Was this page helpful?
Previous

Enabling FIPS mode in Kubernetes

Next

About Openshift Virtualization support

Feedback

Was this page helpful?