By default, Veeam backup infrastructure components use platform-provided cryptographic APIs and FIPS-compliant Veeam Cryptographic Module to meet NIST CMVP cryptographic and security requirements. Additionally, you can enable FIPS-compliant operation mode. It restricts connections to non-FIPS compliant platforms and runs self-tests to ensure that encryption modules are valid and work properly.
To make your backup infrastructure FIPS-compliant follow vendor recommendations. For more information on Microsoft Windows Server, see this article.
To enable the FIPS-compliant operation mode:
- From the main menu on the backup server, select General Options.
- Open the Security tab.
- In the FIPS compliance section, select the Enable FIPS-compliant operation mode check box.
- Click OK.
If you use Amazon S3 or Amazon S3 Glacier object repositories in your backup infrastructure and enable FIPS-compliant operation mode, Veeam Backup & Replication checks if these components are FIPS-compliant. If some of them are not, the warning will be displayed.
If you have backup infrastructure components based on Linux servers with persistent Veeam Data Movers and select or clear the Enable FIPS-compliant operation mode check box, you must open the Edit Linux Server wizard for each Linux server with the persistent Veeam Data Mover and proceed to the end of the wizard. This will update server settings. If you do not update the settings, the servers will be unavailable.