directory, for example, username@domain.extension. If Subject is specified, RILOE II will derive the user's distinguished name from the subject name attribute. For example, if the subject name is

/DC=com/DC=domain/OU=organization/CN=user, RILOE II will derive: CN=user,OU=organization,DC=domain,DC=com.

The Certificate Owner Field setting is only used if directory authentication is enabled. Configuration of the Configuration Owner Field depends on the version of directory support used, the directory configuration, and the certificate issuing policy of your organization.

A trusted CA certificate is required for two-factor authentication to function. You cannot change the Enforce Two-Factor Authentication setting to Yes if a trusted CA certificate has not been configured. Also, a client certificate must be mapped to a local user account if local user accounts are used. If RILOE II is using directory authentication, client certificate mapping to local user accounts is optional.

To change two-factor authentication settings for RILOE II:

1.Log in to RILOE II using an account that has the Configure RILOE II Settings privilege. Click

Administration.

2.Click Two-Factor Authentication Settings.

3.Change the settings as needed by entering your selections in the fields.

4.After completing any parameter changes, click Apply to save the changes.

Security Settings

The Security Settings provided for the RILOE II include:

Session Timeout—This option allows the Remote Console session on the network client to end automatically after the set amount of time selected.

ROM-Based Configuration Utility (F8)—This option allows you to enable or disable the RBSU F8 setup.

Remote Access with Pocket PC—This option allows you to enable or disable the remote access for pocket PCs.

To change the security settings:

1.Log in to the RILOE II using an account with administrator privileges.

2.Click Global Settings on the Administration tab.

3.Change the settings in the Security Settings section.

4.Click Apply Settings.

Another security feature is the progressive delays for failed browser login attempts. After a series of five failed login attempts by a user, the RILOE II imposes delays to subsequent logins. This scenario continues until a valid login is completed. This feature assists in defending against possible dictionary attacks against the browser login port.

RILOE II firmware updates

Firmware upgrades enhance the functionality of RILOE II. Firmware upgrades can be accomplished from any network client using a standard web browser. However, only users with the "configure RILOE settings" privilege can upgrade the firmware on RILOE II.

The most recent firmware is available on the HP website (http://www.hp.com/servers/lights-out) as a Smart Component.

To upgrade RILOE II firmware:

1.Log in to RILOE II using an account with "configure RILOE settings" privileges.

2.Click Upgrade Firmware on the Administration tab.

Using the RILOE II 34

Page 34
Image 34
HP 232664-006 manual Security Settings, Riloe II firmware updates