Applies To:
Show Versions
BIG-IP DNS
- 12.1.4, 12.1.3
BIG-IP PEM
- 12.1.4, 12.1.3
BIG-IP AFM
- 12.1.4, 12.1.3
BIG-IP ASM
- 12.1.4, 12.1.3
BIG-IP AAM
- 12.1.4, 12.1.3
BIG-IP APM
- 12.1.4, 12.1.3
BIG-IP LTM
- 12.1.4, 12.1.3
About setting up the BIG-IP systems in a device group
You can configure a device group using two platforms that have the same FIPS hardware security module (HSM) model installed. When setting up a FIPS solution on a device group, you install the two systems and can connect to a serial console to remotely manage the systems. In the event that network access is impaired or not yet configured, the serial console might be the only way to access your system.
After you have set up and configured the systems, you can create the FIPS security domain by initializing the HSM and creating a security officer (SO) password. You must configure the same security domain name on all HSMs in the group.
Initializing the HSM in 6900/8900 platforms
Initializing the HSM in 5000/7000/10200/11000/11050 platforms
Initializing the HSM in 10350 platforms
Initializing the HSM in i5000/i7000 Series platforms
Viewing HSM information using tmsh
Before you synchronize the HSMs
Before you can synchronize the FIPS hardware security modules (HSMs), you must ensure that the target HSM:
- Is already initialized
- Has an identical security domain name
- Does not contain existing keys
- Includes the same model of FIPS HSM (card)
- Contains the same firmware version
Before you run the fips-card-sync command, ensure that you have this information:
- The SO password for the source BIG-IP® device
- The SO password for the target BIG-IP device
- The root password for the target BIG-IP device
The target device must also be reachable using SSH from the source device.