Precautions for Operation in Environments where the FIPS Mode Is Enabled
This software operates when the FIPS mode of Windows is enabled. However, some limitations apply. It may also be necessary to change the settings, depending on the device.
IMPORTANT |
Enable/disable the FIPS mode of Windows before installing this software. For information on the procedure for enabling/disabling the FIPS mode of Windows with this software installed, see the following. |
NOTE |
For information on setting the FIPS mode of Windows, see the documentation for Windows. This software does not have any settings regarding the FIPS mode. In operating systems with the FIPS mode enabled, it operates in the FIPS mode. |
Target Devices
When the FIPS mode is enabled, the following models can be managed with this software.
Models with a model name that starts with imageFORCE, imageRUNNER ADVANCE DX, imageRUNNER ADVANCE, or imagePRESS and platform version 3.13 or later
Other models with platform version 2.00 or later
NOTE |
This software will only operate correctly if the device is running the above platform version. |
The method for checking the platform version of the device is as follows.
For models with a model name that starts with imageFORCE, imageRUNNER ADVANCE DX, imageRUNNER ADVANCE, or imagePRESS
1. | Press (Counter/Device Information) or the [Counter/Device Information] key on the device. |
2. | Press [Device Information/Other] > [Check Device Configuration]. |
3. | Check the version in [Platform Version]. |
For other models
Follow the procedure below to check the platform version.
For models with the (Status Monitor) key on the control panel of the device: 1. | Press (Status Monitor). |
2. | Select [Device Status]. |
3. | Select [Version Information], then check the version. |
For models with the [Counter/Device Information] key on the control panel of the device:
1. | Press the [Counter/Device Information] key. |
2. | Press [Device Info./Other] > [Check Device Configuration]. |
3. | Check the version in [Platform Version]. |
Device Settings
NOTE |
For details on the setting method, see the following. Device instruction manuals |
Remote UI Settings
Device control panel menu:
(Settings/Registration) > [Management Settings] > [License/Other]
[Remote UI] | On |
[Use TLS] | On If the Remote UI is already able to be used, this setting can be configured in the Remote UI. |
Limitations
Settings for using SNMPv3 in communication with the device
Only the following algorithms can be used. If they are set in the devices for management, change the settings.
Authentication password algorithm: SHA
Encryption password algorithm: AES
Login Services
The following login services can be used. If a login service other than the following is set in a device for management, change the login service.
User Authentication
Register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]:
For Server Authentication: [Domain Authentication]
For Local Device Authentication: [User Authentication]
DepartmentID Authentication
Register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [System Manager ID]
Universal Login Manager
Local, uniFLOW, or Active Directory can be used as the authentication mode.
When using local authentication as the authentication mode, register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [User Authentication]
When using uniFLOW as the authentication mode and the uniFLOW server is linked with Active Directory or an LDAP server, register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [Domain Authentication]
When using uniFLOW as the authentication mode and the uniFLOW server is not linked with Active Directory or an LDAP server, register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [User Authentication]
When using Active Directory as the authentication mode, select an authentication method other than NTLM. Register the authentication information of a user with administrator privileges for the device to this software in the following format.
[Devices] menu > [Device Communication Settings] > [Authentication Information]
[Authentication Method]: [User Authentication]
If the settings required for domain authentication are configured in Universal Login Manager and the device, select [Domain Authentication] for [Authentication Method].
NOTE |
For information on the Active Directory, LDAP server, Universal Login Manager, and uniFLOW settings, see the instruction manual for the corresponding software. |
Changing the FIPS Mode Setting with This Software Installed
The procedure for changing the FIPS mode setting with this software installed is indicated below. When upgrading this software, follow this procedure to change the FIPS mode setting before upgrading.
1.
Stop the services of this software.
Open [Windows Administrative Tools] > [Services] from the Start menu.
Stop the services in the following order.
Canon Data Collection Agent
Squid *1
*1 | When HTTPS is the protocol for communication with the Remote Monitoring Server and [Monitoring Mode] is set to [CCA Mode] in this software. |
2.
Change the FIPS mode settings of Windows.
For information on the FIPS mode setting of Windows, see the documentation for Windows.
3.
Start the service of this software.