This table describes configuration options for FIPS system recovery.
|Configure a device group||Configure the F5® devices in a device group with the FIPS HSMs synchronized. In the event of a system failure, the standby unit becomes active and handles incoming traffic. Contact F5 to arrange a Return Material Authorization (RMA) for the failed F5 device and then follow the steps for implementing a replacement unit to recover the failed device.|
|Configure an additional unit for recovery||Fully configure a third unit, add it to the security domain, and synchronize the configurations. Remove the unit from the network and store it in a secure location. If the F5 system in production is damaged or destroyed, you can use the backup unit to reconstitute the security domain.|
|Save the keys on a disk||Generate the private keys outside of the FIPS HSM. Copy the non-FIPS protected keys to
a secure external location as a backup. Then convert the non-FIPS into
FIPS keys on the F5 system. The keys on the F5 system are now protected
by the FIPS HSM. If there is a catastrophic system failure, use the
non-FIPS protected backup keys to repopulate the FIPS HSM.
This method for backup is not FIPS-compliant.