Manualshelf

Integrated Lights-Out 3 technology

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out (iLO) Firmware
9101112131415161718
12
ProLiant servers can have up to 64 sensors located on DIMMs, hard drives, and elsewhere throughout the
server. The exact number of thermal sensors depends upon the server platform. You can view the status of
the temperature sensors through the iLO web pages and HP Systems Insight Manager (HP SIM).
Security
It is important to have strong security surrounding the iLO 3 device because it provides so many server
control capabilities.
One example of how we designed iLO 3 for security is the built-in firewall functionality. iLO 3 stores login
credentials, passwords, and encryption keys in the embedded memory, secured from the view of any
server software. The firewall is a hardware mechanism preventing any software from accessing registers,
data, and interfaces in iLO 3 without passing the request through iLO 3 firmware. This means malicious
programs running on a compromised server cannot directly access the dedicated iLO 3 network or data.
Refer to
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00212796/c00212796.pdf” for
more information.
We carefully considered security requirements of the enterprise and built iLO 3 to perform the following
functions securely across a network connection:
Authorize and authenticate users
Encrypt data transmitted over the network between the managed server and the management console
Ensure data integrity by using digital signatures and digitally-signed firmware
Alert administrators of potential login attacks
Authentication and Authorization
Authentication refers to determining who is at the other end of the network connection. Authorization
refers to determining whether the user attempting to perform a specific action has the right to perform that
action. iLO 3 provides local user accounts to define up to 12 separate users and to vary each user’s
access rights. Integration with Directory Services lets you create more than 12 user accounts.
Directory services
You can use directory services to authenticate user access and authorize user privileges for groups of iLO
3 processors. Directory services uses a central database to consistently store information about objects
such as servers, shared volumes, printers, network user accounts, and security policies. Maintaining this
data in a directory makes it possible for all servers on the network to access the same user accounts,
settings, and authentication services.
Integrating iLO 3 with directory services lets you use the standards-based LDAP to participate in the
authentication and authorization processes of an existing user database. iLO 3 layers the LDAP protocol
on top of SSL to transmit the directory services information securely to the directory.
HP provides snap-in management programs to ease directory-based administration of Lights-Out access
rights. The snap-in management programs understand how to render, display, and manipulate Lights-Out
objects stored in the directory. They integrate with existing management applications (Microsoft
Management Console for Active Directory and Novell ConsoleOne for eDirectory) so that a separate
administration application is unnecessary.
Using directory services simplifies user administration in multiple ways:
They provide a single repository for all user accounts and Lights-Out devices. This lets you scale your
infrastructure easily by managing all users’ rights—including those for iLO 3—in a single database.