Citrix: How to Make NetScaler FIPS Keys Highly Available
Many of Citrix’s US and Canadian (and some EU) government customers are mandated to abide by the FIPS encryption standards published by the National Institute of Standards and Technology (NIST). This standard defines various levels of compliance (140-2 Level 2, Level 3, etc.) that organizations may be mandated, or wish, to meet. For Citrix customers, this most notably means utilizing our line of FIPS NetScalers which include FIPS 140-2 Level 3 compliant, tamper-resistant, cryptographic hardware modules for storage of private encryption keys.
Backup and recovery of these keys is imperative for security and availability in any environment. By instituting proper backup procedures, you will ensure that any catastrophic loss of the cryptographic module will not bring down your critical production services. In this blog I will discuss the available backup options, pitfalls to avoid, and our consulting leading practices.
The Recommended Backup Method
There are two main ways of generating and installing server certificates on a FIPS NetScaler device:
Read the entire article here, How to Make NetScaler FIPS Keys Highly Available
Via the fine folks at Citrix Systems, Inc.