diff --git a/01_prepare_host.sh b/01_prepare_host.sh
index 1af975c09..372765c24 100755
--- a/01_prepare_host.sh
+++ b/01_prepare_host.sh
@@ -143,7 +143,7 @@ case "${CONTAINER_RUNTIME}" in
 esac
 # TODO (mboukhalfa) fake images
 if [[ "${NODES_PLATFORM}" == "fake" ]]; then
-  echo Skipping image prepulling on fake nodes platform
+  echo "Skipping image prepulling on fake nodes platform"
 else
   # pre-pull node and container images
   # shellcheck disable=SC1091
diff --git a/02_configure_host.sh b/02_configure_host.sh
index 6d50b6bd9..11775455f 100755
--- a/02_configure_host.sh
+++ b/02_configure_host.sh
@@ -406,9 +406,10 @@ if [[ "${BUILD_IRONIC_IMAGE_LOCALLY:-}" == "true" ]] || [[ -n "${IRONIC_LOCAL_IM
     IRONIC_IMAGE="${REGISTRY}/localimages/$(basename "${IRONIC_LOCAL_IMAGE}")"
     export IRONIC_IMAGE
 fi
-VBMC_IMAGE=${VBMC_LOCAL_IMAGE:-${VBMC_IMAGE}}
-SUSHY_TOOLS_IMAGE=${SUSHY_TOOLS_LOCAL_IMAGE:-${SUSHY_TOOLS_IMAGE}}
-FAKE_IPA_IMAGE=${FAKE_IPA_LOCAL_IMAGE:-${FAKE_IPA_IMAGE}}
+VBMC_IMAGE="${VBMC_LOCAL_IMAGE:-${VBMC_IMAGE}}"
+SUSHY_TOOLS_IMAGE="${SUSHY_TOOLS_LOCAL_IMAGE:-${SUSHY_TOOLS_IMAGE}}"
+FAKE_IPA_IMAGE="${FAKE_IPA_LOCAL_IMAGE:-${FAKE_IPA_IMAGE}}"
+FKAS_IMAGE="${FKAS_LOCAL_IMAGE:-${FKAS_IMAGE}}"
 
 # Pushing images to local registry
 for IMAGE_VAR in $(env | grep -v "_LOCAL_IMAGE=" | grep "_IMAGE=" | grep -o "^[^=]*") ; do
diff --git a/03_launch_mgmt_cluster.sh b/03_launch_mgmt_cluster.sh
index f119f401f..4e44e6918 100755
--- a/03_launch_mgmt_cluster.sh
+++ b/03_launch_mgmt_cluster.sh
@@ -173,11 +173,6 @@ EOF
     echo "IRONIC_KERNEL_PARAMS=console=ttyS0" | sudo tee -a "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env"
   fi
 
-  # TODO (mboukhalfa) enable heartbeating and ironic TLS
-  if [[ "${NODES_PLATFORM}" == "fake" ]]; then
-    echo "OS_AGENT__REQUIRE_TLS=false" | sudo tee -a "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env"
-  fi
-
   if [ -n "${DHCP_IGNORE:-}" ]; then
     echo "DHCP_IGNORE=${DHCP_IGNORE}" | sudo tee -a "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env"
   fi
@@ -227,18 +222,16 @@ EOF
 #
 # Launch and configure fakeIPA
 #
-function launch_fakeIPA() {
+launch_fake_ipa() {
   # Create a folder to host fakeIPA config and certs
-  mkdir -p /opt/metal3-dev-env/fake-ipa
-  if [[ "${EPHEMERAL_CLUSTER}" == "kind" ]]; then
-    if [[ "${IRONIC_TLS_SETUP}" == "true" ]]; then
-      cp "${IRONIC_CACERT_FILE}" "/opt/metal3-dev-env/fake-ipa/ironic-ca.crt"
-    fi
-  else
+  mkdir -p "${WORKING_DIR}/fake-ipa"
+  if [[ "${EPHEMERAL_CLUSTER}" == "kind" ]] && [[ "${IRONIC_TLS_SETUP}" == "true" ]]; then
+    cp "${IRONIC_CACERT_FILE}" "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
+  elif [[ "${IRONIC_TLS_SETUP}" == "true" ]]; then
     # wait for ironic to be running to ensure ironic-cert is created 
     kubectl -n baremetal-operator-system wait --for=condition=available deployment/baremetal-operator-ironic --timeout=900s
     # Extract ironic-cert to be used inside fakeIPA for TLS 
-    kubectl -n legacy get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > /opt/metal3-dev-env/fake-ipa/ironic-ca.crt
+    kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > "${WORKING_DIR}/fake-ipa/ironic-ca.crt"
   fi
   # Create fake IPA custom config
   cat << EOF > "${WORKING_DIR}/fake-ipa/config.py"
@@ -581,15 +574,15 @@ if [ "${EPHEMERAL_CLUSTER}" != "tilt" ]; then
   # then dev-env will create the bmh files but do not apply them
   if [[ "${SKIP_APPLY_BMH:-false}" == "true" ]]; then
     pushd "${BMOPATH}"
-      list_nodes | make_bm_hosts
+    list_nodes | make_bm_hosts
     popd
   else
-    apply_bm_hosts "$NAMESPACE"
+    apply_bm_hosts "${NAMESPACE}"
   fi
   # if fake platform (no VMs) run FakeIPA
   if [[ "${NODES_PLATFORM}" == "fake" ]]; then
-    launch_fakeIPA
+    launch_fake_ipa
   fi
 elif [ "${EPHEMERAL_CLUSTER}" == "tilt" ]; then
-  source tilt-setup/deploy_tilt_env.sh
+  . tilt-setup/deploy_tilt_env.sh
 fi
diff --git a/04_verify.sh b/04_verify.sh
index 2eb75e973..e0ffebd5e 100755
--- a/04_verify.sh
+++ b/04_verify.sh
@@ -18,11 +18,6 @@ source lib/images.sh
 if [ "${EPHEMERAL_CLUSTER}" == "tilt" ]; then
   exit 0
 fi
-# TODO (mboukhalfa) Skip verification related to virsh
-if [[ "${NODES_PLATFORM}" == "fake" ]]; then
-  echo "Skipping virsh nodes verification on fake vm platform"
-  exit 0
-fi
 
 check_bm_hosts() {
     local FAILS_CHECK="${FAILS}"
@@ -250,6 +245,12 @@ echo ""
 iterate check_k8s_entity deployments "${EXPTD_DEPLOYMENTS}"
 iterate check_k8s_rs "${EXPTD_RS}"
 
+# Skip verification related to virsh when running with fakeIPA
+if [[ "${NODES_PLATFORM}" == "fake" ]]; then
+  echo "Skipping virsh nodes verification on fake vm platform"
+  exit 0
+fi
+
 # Verify the baremetal hosts
 ## Fetch the BM CRs
 RESULT_STR="Fetch Baremetalhosts"
diff --git a/lib/common.sh b/lib/common.sh
index 46ff009e8..3cecd6e7d 100644
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -265,6 +265,7 @@ export CONTAINER_REGISTRY="${CONTAINER_REGISTRY:-quay.io}"
 export VBMC_IMAGE="${VBMC_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/vbmc}"
 export SUSHY_TOOLS_IMAGE="${SUSHY_TOOLS_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/sushy-tools}"
 export FAKE_IPA_IMAGE="${FAKE_IPA_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/fake-ipa}"
+export FKAS_IMAGE="${FKAS_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/metal3-fkas}"
 
 # CAPM3 and IPAM controller images
 if [[ "${CAPM3RELEASEBRANCH}" = "release-1.6" ]]; then
diff --git a/vars.md b/vars.md
index 8fc0084bf..197dd3705 100644
--- a/vars.md
+++ b/vars.md
@@ -44,6 +44,7 @@ assured that they are persisted.
 | VBMC_IMAGE | Container image for vbmc container | | "$CONTAINER_REGISTRY/metal3-io/vbmc" |
 | SUSHY_TOOLS_IMAGE | Container image for sushy-tools container | | "$CONTAINER_REGISTRY/metal3-io/sushy-tools" |
 | FAKE_IPA_IMAGE | Container image for fakeIPA container | | "$CONTAINER_REGISTRY/metal3-io/fake-ipa" |
+| FKAS_IMAGE | Container image for fkas container | | "$CONTAINER_REGISTRY/metal3-io/metal3-fkas" |
 | CAPM3_VERSION | Version of Cluster API provider Metal3 | "v1beta1" | "v1beta1" |
 | CAPI_VERSION | Version of Cluster API | "v1beta1" | "v1beta1" |
 | CLUSTER_APIENDPOINT_IP | API endpoint IP for target cluster | "x.x.x.x" | "${EXTERNAL_SUBNET_VX}.249" |
diff --git a/vm-setup/roles/common/tasks/write_ironic_nodes_tasks.yml b/vm-setup/roles/common/tasks/write_ironic_nodes_tasks.yml
index 307444705..54ac55fc8 100644
--- a/vm-setup/roles/common/tasks/write_ironic_nodes_tasks.yml
+++ b/vm-setup/roles/common/tasks/write_ironic_nodes_tasks.yml
@@ -1,8 +1,5 @@
 ---
-# Generate the ironic node inventory files.  Note that this
-# task *must* occur after the above vm tasks, because if
-# `vm_nodes` is defined the template depends on the
-# `node_mac_map` variable.
+# Generate the ironic node inventory files.
 - name: Write ironic node json files
   template:
     src: ../templates/ironic_nodes.json.j2