I know of several DoD contractors using it in their closed areas with DCSA approval. The fun part is getting the OS and Hypervisor configured to be as close to stig compliant as possible. This requires a good bit of work remapping the controls an settings to whats needed.
Proxmox in a US Federal environment?
- Thread starter dpearceFL
- Start date
FIPS may only be required in many of these US gov/contractor applications if encryption is defined as the only mechanism protecting confidentiality of the data. If the server cluster is appropriately physically protected and separate VLANS are used to isolate ceph/management/ipmi/corosync from each other and from user facing workloads, then using encryption on ceph or zfs may count towards a defense-in-depth, ie- going above and beyond the requirement, even if the encryption isn't being performed by a fips validated module.
Having a FIPS validated module involved to protect the confidentiality of the data as it flies over networks outside of that controlled server room is important for these applications. This requirement could be met by configuring the underlying workload hosted within proxmox to use a FIPS validated module, for example, file shares on a Windows Server, SMB can be configured to use an encryption algorithm that is part of the fips framework, and the underlying modules in the windows server/desktop systems are already fips validated (for applicable encryption modes). One could go a step further and enforce fips mode on the windows server/computers, but this may break other services and may not be strictly required to demonstrate compliance.
Having a FIPS validated module involved to protect the confidentiality of the data as it flies over networks outside of that controlled server room is important for these applications. This requirement could be met by configuring the underlying workload hosted within proxmox to use a FIPS validated module, for example, file shares on a Windows Server, SMB can be configured to use an encryption algorithm that is part of the fips framework, and the underlying modules in the windows server/desktop systems are already fips validated (for applicable encryption modes). One could go a step further and enforce fips mode on the windows server/computers, but this may break other services and may not be strictly required to demonstrate compliance.
FIPS is all about the processing and storing of data. The only way we were able to get around Proxmox not having FIPS validation is by using native encryption in the VMs. So for any windows VMs running on Proxmox they are Bitlocker encrypted, for any linux VMs they are lux encrypted. If Proxmox was FIPS validated like vmware this wouldnt be a concern. Its still ok as long as you have it Ok'd by the right people. DCSA auditors approved using the native OS encryption since proxmox wasnt FIPS validated so just make sure you go through the processes to make sure all the right people have approved it.
I you are concerend about encryption you can use your server hardware for that. As an example, on HPE Servers with SED Drives you can encrypt all your drives within the BIOS (Direct Attached NVMe) or on the RAID Controller setup. They are unlocked at boot, no OS involved.
If you use HPE NS204i boot controller there is currently only one model that supports SED encryption and you have to enable the encryption via REDFISH api, not via BIOS.
A possible downside is (on Direct Attached NVMe) you can't export the encryption key from BIOS / TPM, if the drive is moved to another server you have to reinitialize it, you won't have access to the data on the drive.
If you use HPE NS204i boot controller there is currently only one model that supports SED encryption and you have to enable the encryption via REDFISH api, not via BIOS.
A possible downside is (on Direct Attached NVMe) you can't export the encryption key from BIOS / TPM, if the drive is moved to another server you have to reinitialize it, you won't have access to the data on the drive.