7.5 Deployment Scenarios

This section provides information about the deployment scenarios for Sentinel in FIPS 140-2 mode.

7.5.1 Scenario 1: Data Collection in Full FIPS 140-2 Mode

In this scenario, data collection is done only through the Connectors that support FIPS 140-2 mode. We assume that this environment involves a Sentinel server and data is collected through a remote Collector Manager. You may have one or more remote Collector Managers.

You must perform the following procedure only if your environment involves data collection from event sources using Connectors that support FIPS 140-2 mode.

  1. You must have a Sentinel server in FIPS 140-2 mode.

    NOTE:If your Sentinel server (freshly installed or upgraded) is in non-FIPS mode, you must enable FIPS on Sentinel server. For more information, see Enabling Sentinel Server to Run in FIPS 140-2 Mode.

  2. You must have a Sentinel remote Collector Manager running in FIPS 140-2 mode.

    NOTE:If your remote Collector Manager (freshly installed or upgraded) is running in non-FIPS mode, you must enable FIPS on the remote Collector Manager. For more information, see Enabling FIPS 140-2 Mode on Remote Collector Managers and Correlation Engines.

  3. Ensure that FIPS server and remote Collector Managers communicate with each other.

  4. Convert remote Correlation Engines if any to run in FIPS mode. For more information, see Enabling FIPS 140-2 Mode on Remote Collector Managers and Correlation Engines.

  5. Configure Sentinel plug-ins to run in FIPS 140-2 mode. For more information, see Configuring Sentinel Plug-Ins to Run in FIPS 140-2 Mode.

7.5.2 Scenario 2: Data Collection in Partial FIPS 140-2 Mode

In this scenario, data collection is done using Connectors that support FIPS 140-2 mode and Connectors that do not support FIPS 140-2 mode. We assume data is collected through a remote Collector Manager. You may have one or more remote Collector Managers.

To handle data collection using Connectors that support and those that do not support the FIPS 140-2 mode, you should have two remote Collector Managers - one running in FIPS 140-2 mode for FIPS supported Connectors, and another running in non-FIPS (normal) mode for Connectors that do not support the FIPS 140-2 mode.

You must perform the following procedure if your environment involves data collection from event sources using Connectors that support FIPS 140-2 mode and Connectors that do not support FIPS 140-2 mode.

  1. You must have a Sentinel server in FIPS 140-2 mode.

    NOTE:If your Sentinel server (freshly installed or upgraded) is in non-FIPS mode, you must enable FIPS on Sentinel server. For more information, see Enabling Sentinel Server to Run in FIPS 140-2 Mode.

  2. Ensure that one remote Collector Manager is running in FIPS 140-2 mode, and another remote Collector Manager continues to run in non-FIPS mode.

    1. If you do not have a FIPS 140-2 mode enabled remote Collector Manager, you must enable FIPS mode on the remote Collector Manager. For more information, see Enabling FIPS 140-2 Mode on Remote Collector Managers and Correlation Engines.

    2. Update the server certificate on the non-FIPS remote Collector Manager. For more information, see Updating Server Certificates in Remote Collector Managers and Correlation Engines.

  3. Ensure that the two remote Collector Managers communicate with FIPS 140-2 enabled Sentinel server.

  4. Configure the Remote Correlation Engines if any to run in FIPS 140-2 mode. For more information, see Enabling FIPS 140-2 Mode on Remote Collector Managers and Correlation Engines.

  5. Configure the Sentinel plug-ins to run in FIPS 140-2 mode. For more information, see Configuring Sentinel Plug-Ins to Run in FIPS 140-2 Mode.

    1. Deploy Connectors that support FIPS 140-2 mode in the remote Collector Manager running in FIPS mode.

    2. Deploy the Connectors that do not support FIPS 140-2 mode in the non-FIPS remote Collector Manager.