ADC

Provision a new instance or modify an existing instance and assign a partition

After creating the partitions, you must assign them to instances.

Important:

  • You can attach only one FIPS partition to an instance.
  • An instance with a FIPS partition can be assigned only one CPU core.

Provision a new instance or modify an existing instance

  1. On the Configuration tab, navigate to NetScaler > Instances, and add or modify an instance.
  2. Select Enable FIPS, and from the Partitions list, select a partition to attach to this instance.

You can verify that the partition is attached to an instance by using either the GUI or the CLI.

In the GUI, navigate to System > HSM Administration > Partitions. The instance name attached to the partition is displayed.

To unassign a FIPS partition¸ navigate to NetScaler > Instances. Edit the instance and clear the Enable FIPS check box.

In the CLI, at the command prompt, type the following commands:

show fips

FIPS Card is not configured
 Done
<!--NeedCopy-->

If you see the following output, see the troubleshooting section for debugging.

ERROR: Operation not permitted - no FIPS card present in the system

Note

When a partition is detached from any of the existing VPX instances, the data on the partition is cleared. As a result, any current configuration (for example FIPS keys) is lost. After a partition is detached or reattached to a new or previously bound VPX instance, it must be initialized as per the instructions in Configure the HSM before you can use the partition for any secure connections.

During this time (after the partition is detached or reattached), the corresponding VPX instance can be accessed through the GUI using HTTP and through the CLI using SSH.

Provision a new instance or modify an existing instance and assign a partition