FIPS Compliance
Veeam Backup & Replication can be configured to run in a FIPS-compliant operation mode.
When this mode is enabled:
- Veeam Backup & Replication uses platform-provided cryptographic APIs and the Veeam Cryptographic Module.
- NTLM is disabled. Kerberos is the only available domain authentication protocol.
- Connections cannot be established with components that are not FIPS-compliant.
- Self-tests are performed. For more information, see the Self-tests section of the Veeam FIPS 140-2 Security Policy.
Note |
To make your backup infrastructure FIPS-compliant, follow vendor recommendations. |
To enable the FIPS-compliant operation mode:
- From the main menu on the backup server, select Options.
- Open the Security tab.
- In the FIPS compliance section, select the Force strict FIPS compliance mode check box.
- Click OK.
Note |
If you use Amazon S3 or Amazon S3 Glacier object repositories in your backup infrastructure and enable the FIPS-compliant operation mode, Veeam Backup & Replication checks if these components are FIPS-compliant. If any of them are not, a warning will be displayed. |
Important |
If you have backup infrastructure components based on Linux servers with persistent Veeam Data Movers and select or clear the Force strict FIPS compliance mode check box, you must open the Edit Linux Server wizard for each Linux server with the persistent Veeam Data Mover and proceed to the end of the wizard. This will update server settings. If you do not update the settings, the servers will be unavailable. |
