Nomad has always provided encryption for most of its communications. Now, In Nomad version 6.0, an advanced FIPS compliant encryption algorithm has been made available. The United States Federal Information Processing Standard (FIPS) is a standard that defines security requirements for software used by the U.S. federal government. It stipulates that applications that encrypt any sensitive data should use only a certain set of approved encryption algorithms.

On this page

FIPS compliant communication encryption

The following types of Nomad data are encrypted:

  1. License information when it is stored in the registry
  2. Data that is sent over the network during peer-to-peer communications. This includes:
    • Election communications
    • Connectionless data transfer
    • Nomad FanOut requests
    • Sign-on/sign-off communication
    • SSD Package Status Requests
    • PBA communications

Encryption types

Nomad provides two types of encryption:its default 40-bit RC2 encryption algorithm and the new FIPS compliant encryption. You can set the encryption type used by Nomad during installation or by modifying a Nomad registry entry.

Nomad clients running different encryption types will be unable to communicate with each other. If you want to use FIPS compliant encryption and earlier versions of Nomad are already deployed roll-out Nomad 6.0 using its default encryption standard. Once all clients have been upgraded to Nomad 6.0, change the encryption level to FIPS compliant.

Installing Nomad with FIPS encryption

FIPS encryption can be set when you install Nomad. This is done by checking the Use FIPS Encryption checkbox on the Nomad Settings screen of the installer, as shown highlighted in the picture opposite.

You can also set the use of FIPS encryption with the USEFIPS installer property.

 Enabling FIPS encryption

Setting FIPS encryption post-installation

To change Nomad's encryption type after installation you can modify the EncryptionType registry value. By default this is set to 0, for standard Nomad encryption, unless the Use FIPS Encryption checkbox was checked during installation, in which case it is set to 1.