Home > HP > Server > HP Ilo 2 User Guide

HP Ilo 2 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP Ilo 2 User Guide. The HP manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 41

    Page 41 •SupportforX.509CAsignedcertificates •SupportforsecuringRBSU •Encryptedcommunicationusing: SSHkeyadministration— —SSLcertificateadministration •SupportforoptionalLDAP-baseddirectoryservices Someoftheseoptionsarelicensedfeatures.Toverifyyouravailableoptions,see“Licensing”(page 26). Generalsecurityguidelines ThefollowingaregeneralguidelinesconcerningsecurityforiLO2: •Formaximumsecurity,iLO2mustbesetuponaseparatemanagementnetwork. •TheiLO2firmwaremustnotbeconnecteddirectlytotheInternet.... 
    •SupportforX.509CAsignedcertificates
•SupportforsecuringRBSU
•Encryptedcommunicationusing:
SSHkeyadministration—
—SSLcertificateadministration
•SupportforoptionalLDAP-baseddirectoryservices
Someoftheseoptionsarelicensedfeatures.Toverifyyouravailableoptions,see“Licensing”(page
26).
Generalsecurityguidelines
ThefollowingaregeneralguidelinesconcerningsecurityforiLO2:
•Formaximumsecurity,iLO2mustbesetuponaseparatemanagementnetwork.
•TheiLO2firmwaremustnotbeconnecteddirectlytotheInternet....

    Page 42

    Page 42 SecuringRBSU iLO2RBSUenablesyoutoviewandmodifytheiLO2configuration.RBSUaccesssettingscan beconfiguredusingRBSU,awebbrowser,RIBCLscripts,ortheiLO2SecurityOverrideSwitch. Formoreinformation,see“Accessoptions”(page38).RBSUhasthreelevelsofsecurity: •RBSULoginNotRequired(default) AnyonewithaccesstothehostduringPOSTcanentertheiLO2RBSUtoviewandmodify configurationsettings.Thisisanacceptablesettingifhostaccessiscontrolled. •RBSULoginRequired(moresecure)... 
    SecuringRBSU
iLO2RBSUenablesyoutoviewandmodifytheiLO2configuration.RBSUaccesssettingscan
beconfiguredusingRBSU,awebbrowser,RIBCLscripts,ortheiLO2SecurityOverrideSwitch.
Formoreinformation,see“Accessoptions”(page38).RBSUhasthreelevelsofsecurity:
•RBSULoginNotRequired(default)
AnyonewithaccesstothehostduringPOSTcanentertheiLO2RBSUtoviewandmodify
configurationsettings.Thisisanacceptablesettingifhostaccessiscontrolled.
•RBSULoginRequired(moresecure)...

    Page 43

    Page 43 Dependingontheserver,theiLO2SecurityOverrideSwitchmightbeasinglejumperoraspecific switchpositiononadipswitchpanel.ToaccessandlocatetheiLO2SecurityOverrideSwitch, seetheserverdocumentation.TheiLO2SecurityOverrideSwitchcanalsobelocatedusingthe diagramsontheserveraccesspanel. TrustedPlatformModulesupport TPMisahardwarebasedsystemsecurityfeature.Itisacomputerchipthatsecurelystoresartifacts usedtoauthenticatetheplatform.Theseartifactscanincludepasswords,certificates,orencryption... 
    Dependingontheserver,theiLO2SecurityOverrideSwitchmightbeasinglejumperoraspecific
switchpositiononadipswitchpanel.ToaccessandlocatetheiLO2SecurityOverrideSwitch,
seetheserverdocumentation.TheiLO2SecurityOverrideSwitchcanalsobelocatedusingthe
diagramsontheserveraccesspanel.
TrustedPlatformModulesupport
TPMisahardwarebasedsystemsecurityfeature.Itisacomputerchipthatsecurelystoresartifacts
usedtoauthenticatetheplatform.Theseartifactscanincludepasswords,certificates,orencryption...

    Page 44

    Page 44 Loginsecurity iLO2providesseveralloginsecurityfeatures.Afteraninitialfailedloginattempt,iLO2imposes adelayoffiveseconds.Afterasecondfailedattempt,iLO2imposesadelayof10seconds.After thethirdfailedattempt,andanysubsequentattempts,iLO2imposesadelayof60seconds.All subsequentfailedloginattemptscyclesthroughthesevalues.Aninformationpageappearsduring eachdelay.Thiscontinuesuntilavalidloginiscompleted.Thisfeatureassistsindefendingagainst possibledictionaryattacksagainstthebrowserloginport.... 
    Loginsecurity
iLO2providesseveralloginsecurityfeatures.Afteraninitialfailedloginattempt,iLO2imposes
adelayoffiveseconds.Afterasecondfailedattempt,iLO2imposesadelayof10seconds.After
thethirdfailedattempt,andanysubsequentattempts,iLO2imposesadelayof60seconds.All
subsequentfailedloginattemptscyclesthroughthesevalues.Aninformationpageappearsduring
eachdelay.Thiscontinuesuntilavalidloginiscompleted.Thisfeatureassistsindefendingagainst
possibledictionaryattacksagainstthebrowserloginport....

    Page 45

    Page 45 •TheSSLKeyLengthbuttontochoosebetween2048or1024bitprivatekeylengthforCSR. •TheCustomizedCSRradiobuttontochoosebetweenCSRwithcustomordefaultsubjectfields. •TheCountryfieldforconfiguringtheCSRsubjectcountryname. •TheStateorProvincefieldforconfiguringtheCSRsubjectstatename. •TheOrganizationNamefieldforconfiguringtheCSRsubjectorganizationname. •TheOrganizationUnitfieldforconfiguringtheCSRsubjectorganizationunitname. •TheCityorLocalityfieldforconfiguringtheCSRsubjectcityorlocalityname.... 
    •TheSSLKeyLengthbuttontochoosebetween2048or1024bitprivatekeylengthforCSR.
•TheCustomizedCSRradiobuttontochoosebetweenCSRwithcustomordefaultsubjectfields.
•TheCountryfieldforconfiguringtheCSRsubjectcountryname.
•TheStateorProvincefieldforconfiguringtheCSRsubjectstatename.
•TheOrganizationNamefieldforconfiguringtheCSRsubjectorganizationname.
•TheOrganizationUnitfieldforconfiguringtheCSRsubjectorganizationunitname.
•TheCityorLocalityfieldforconfiguringtheCSRsubjectcityorlocalityname....

    Page 46

    Page 46 identitybyprovidingbothfactors.Youcanstoreyourdigitalcertificatesandprivatekeyswherever youchoose,forexample,onasmartcard,USBtoken,orharddrive. TheTwo-FactorAuthenticationtabenablesyoutoconfiguresecuritysettingsandreview,import, ordeleteatrustedCAcertificate.TheTwo-FactorAuthenticationEnforcementsettingcontrols whethertwo-factorauthenticationisusedforuserauthenticationduringlogin.Torequiretwo-factor authentication,clickEnabled.Toturnoffthetwo-factorauthenticationrequirementandallowlogin... 
    identitybyprovidingbothfactors.Youcanstoreyourdigitalcertificatesandprivatekeyswherever
youchoose,forexample,onasmartcard,USBtoken,orharddrive.
TheTwo-FactorAuthenticationtabenablesyoutoconfiguresecuritysettingsandreview,import,
ordeleteatrustedCAcertificate.TheTwo-FactorAuthenticationEnforcementsettingcontrols
whethertwo-factorauthenticationisusedforuserauthenticationduringlogin.Torequiretwo-factor
authentication,clickEnabled.Toturnoffthetwo-factorauthenticationrequirementandallowlogin...

    Page 47

    Page 47 1.ObtainthepubliccertificatefromtheCAthatissuesusercertificatesorsmartcardsinyour organization. 2.ExportthecertificateinBase64-encodedformattoafileonyourdesktop(forexample, CAcert.txt). 3.ObtainthepubliccertificateoftheuserwhoneedsaccesstoiLO2. 4.ExportthecertificateinBase64-encodedformattoafileonyourdesktop(forexample, Usercert.txt). 5.OpenthefileCAcert.txtinNotepad,selectallofthetext,andcopyitbypressingtheCtrl+C keys. 6.LogintoiLO2,andbrowsetotheTwo-FactorAuthenticationSettingspage.... 
    1.ObtainthepubliccertificatefromtheCAthatissuesusercertificatesorsmartcardsinyour
organization.
2.ExportthecertificateinBase64-encodedformattoafileonyourdesktop(forexample,
CAcert.txt).
3.ObtainthepubliccertificateoftheuserwhoneedsaccesstoiLO2.
4.ExportthecertificateinBase64-encodedformattoafileonyourdesktop(forexample,
Usercert.txt).
5.OpenthefileCAcert.txtinNotepad,selectallofthetext,andcopyitbypressingtheCtrl+C
keys.
6.LogintoiLO2,andbrowsetotheTwo-FactorAuthenticationSettingspage....

    Page 48

    Page 48 6.Clickinsidethewhitetextareasothatyourcursorisinthetextarea,andpastethecontents oftheclipboardbypressingtheCtrl+Vkeys. 7.ClickImportRootCACertificate.TheTwo-FactorAuthenticationSettingspageappearsagain withinformationdisplayedunderTrustedCACertificateInformation. 8.ChangeEnforceTwo-FactorauthenticationtoYes. 9.ChangeCertificateRevocationCheckingtoNo (default). 10.ChangeCertificateOwnerFieldtoSAN.Formoreinformation,see“Two-factorauthentication” (page45).... 
    6.Clickinsidethewhitetextareasothatyourcursorisinthetextarea,andpastethecontents
oftheclipboardbypressingtheCtrl+Vkeys.
7.ClickImportRootCACertificate.TheTwo-FactorAuthenticationSettingspageappearsagain
withinformationdisplayedunderTrustedCACertificateInformation.
8.ChangeEnforceTwo-FactorauthenticationtoYes.
9.ChangeCertificateRevocationCheckingtoNo (default).
10.ChangeCertificateOwnerFieldtoSAN.Formoreinformation,see“Two-factorauthentication”
(page45)....

    Page 49

    Page 49 Afteryouhaveselectedacertificate,ifthecertificateisprotectedwithapassword,orifthecertificate isstoredonasmartcard,asecondpageappearspromptingyoutoenterthePINorpassword associatedwiththechosencertificate. ThecertificateisexaminedbyiLO2toensureitwasissuedbyatrustedCAbycheckingthe signatureagainsttheCAcertificateconfigurediniLO2.iLO2determinesifthecertificatehas beenrevokedandifitmapstoauserintheiLO2localuserdatabase.Ifallofthesetestspass, thenthenormaliLO2userinterfaceappears.... 
    Afteryouhaveselectedacertificate,ifthecertificateisprotectedwithapassword,orifthecertificate
isstoredonasmartcard,asecondpageappearspromptingyoutoenterthePINorpassword
associatedwiththechosencertificate.
ThecertificateisexaminedbyiLO2toensureitwasissuedbyatrustedCAbycheckingthe
signatureagainsttheCAcertificateconfigurediniLO2.iLO2determinesifthecertificatehas
beenrevokedandifitmapstoauserintheiLO2localuserdatabase.Ifallofthesetestspass,
thenthenormaliLO2userinterfaceappears....

    Page 50

    Page 50 AuthenticationusingDefaultDirectorySchema,part1:Thedistinguishednameforauserinthe directoryisCN=John Doe,OU=IT,DC=MyCompany,DC=com,andthefollowingaretheattributes ofJohnDoe'scertificate: •Subject: DC=com/DC=MyCompany/OU=IT/CN=John Doe •SAN/UPN: john.doe@MyCompany.com AuthenticatingtoiLO2withusername:john.doe@MyCompany.comandpasswordworksif two-factorauthenticationisnotenforced.Aftertwo-factorauthenticationisenforced,ifSANis... 
    AuthenticationusingDefaultDirectorySchema,part1:Thedistinguishednameforauserinthe
directoryisCN=John Doe,OU=IT,DC=MyCompany,DC=com,andthefollowingaretheattributes
ofJohnDoe'scertificate:
•Subject: DC=com/DC=MyCompany/OU=IT/CN=John Doe
•SAN/UPN: [email protected]
AuthenticatingtoiLO2withusername:[email protected]
two-factorauthenticationisnotenforced.Aftertwo-factorauthenticationisenforced,ifSANis...
    Start reading HP Ilo 2 User Guide

    Related Manuals for HP Ilo 2 User Guide

    All HP manuals