Encryption | HP Integrated Lights-Out instruction

136 User Guide Integrated Lights-Out

•iLO should not be connected directly to the Internet.

•A 128-bit cipher strength browser must be used.

Encryption

iLO provides strong security for remote management in distributed IT environments by using 128-bit SSL encryption of HTTP data transmitted across the network. SSL encryption ensures that the HTTP information is secure as it travels across the network.

Remote Console data is protected using 128-bit RC4 bidirectional encryption.

iLO Security Override Switch Administration

The iLO Security Override Switch allows the administrator full access to the iLO processor. This access may be necessary for any of the following conditions:

•iLO must be re-enabled after it has been disabled.

•All user accounts with the Administer User Accounts privilege have been locked out.

•A bad configuration keeps the iLO from displaying on the network and RBSU has been disabled.

•The boot block must be flashed.

Ramifications of setting the Security Override Switch include:

•All security authorization checks are disabled while the switch is set.

•iLO RBSU runs if the host server is reset.

•iLO is not disabled and might display on the network as configured.

•iLO, if disabled while the Security Override Switch is set, does not log the user out and complete the disable process until the power is cycled on the server.

•iLO Option ROMPaq is allowed to reprogram the iLO ROM even if the iLO firmware is not running.

Image 136

HP Integrated Lights-Out manual Encryption, ILO Security Override Switch Administration

Contents

HP Integrated Lights-Out User Guide Audience Assumptions Contents User Guide Integrated Lights-Out ILO Security 135 Certificate Services 189 Insight Manager 7 Integration 223 Lights-Out DOS Utility 249 Login Modglobalsettings Moddiagport Settings ILO Parameters 331 Contents Technical Support 397 New in This Version Operational OverviewThis Section Usage Model Network Connection Overview Supported Server Operating System Software Supported Browsers Linux Browser Configuration Configuring Linux Font SizePage Configuring iLO ILO Configuration Options ILO Rbsu Browser-Based Setup Installing iLO Device Drivers Scripted Setup Select Software and Drivers Installing or Updating the iLO Drivers for MicrosoftILO Pre-requisite Files for Microsoft Novell NetWare Server Driver Support Installing or Updating iLO Drivers for NetWareILO Pre-Requisite Files for NetWare ILO Pre-requisite Files for Red Hat and SuSE Linux Files Red Hat Linux and SuSE Linux Server Driver SupportInstaling or Updating iLO Linux and SuSE Drivers Enabling iLO Advanced Functionality ILO Advanced Evaluation License Activating iLO Advanced Features Using a BrowserILO Advanced License Options User Guide Integrated Lights-Out ProLiant BL p-Class Configuration Activating iLO Advanced Using Scripting Static IP Bay Configuration ProLiant BL p-Class User Requirements Configuring a ProLiant BL p-Class Blade Enclosure Configuring Static IP Bay Settings User Guide Integrated Lights-Out ProLiant BL p-Class Standard Configuration Parameters ProLiant BL p-Class Advanced Configuration Parameters Enable iLO IP Address Assignment Ribcl Rackinfo Commands Getting Static IP Bay Configuration Settings Ribcl Rackinfo Command ExamplesModifying Static IP Bay Configuration Settings Integration with Riloe II Accessory Boards Using iLO Logging in to iLO for the First Time Logging in to iLO for the First Time Using a Browser Using iLO User Guide Integrated Lights-Out Using iLO Progressive Delays for Failed Browser Login Attempts Help Status Summary System StatusILO Status Server Status ILO Event Log Integrated Management Log Server and iLO Diagnostics Post Diagnostic Results for the Host Server Nvram Environment Variables Listing Virtual NMI Button ILO Self-Test Results Remote Console Remote Console Option Remote Console Information Option Enhanced Features of the Remote Console Recommended Client SettingsOptimizing Performance for Graphical Remote Console Display Properties Remote Console Linux Settings Recommended Server SettingsRemote Console Mouse Properties Microsoft Windows NT 4.0 and Windows 2000 Settings Microsoft Windows Server 2003 Settings Novell NetWare Settings Red Hat Linux and SuSE Linux Server SettingsRemote Console Hot Keys Supported Hot Keys Single- and Dual-Cursor Modes for Graphical Remote Console Remote Console Single-Cursor Remote Console Dual-Cursor Virtual Devices Virtual Power Using iLO Virtual Media Operating System USB Support MS-DOS USB USB CD USB CD2 ILO Virtual Floppy Using iLO Virtual Media DevicesSelect Local Floppy Drive Click Connect Access iLO through a browser Connect Click Create Disk Image ILO Virtual CD-ROM Select Local CD-ROM Drive Using an Image File Virtual Media CD-ROM Operating System Notes Mounting USB Virtual Media CD in NetWare Mount /dev/scd0 /mnt/cdrom -t iso9660 Virtual Media Composite Device Support Select Local Floppy Drive ILO Virtual Media Privilege Virtual Media Applet TimeoutVirtual Media Scripting Command Line Input Result Scripting Web Server Requirements Virtual Media Image Files CGI Helper Application Virtual Indicators Virtual Serial Port Windows EMS Console Security Information Virtual Serial Port and Linux User Administration AdministrationLinux End-to-End Support Adding a New User Viewing or Modifying an Existing Users Settings Click View/Modify User Click Global Settings Global SettingsDeleting a User User Guide Integrated Lights-Out Network Settings Click Network Settings Using iLO ILO Diagnostic Port Configuration Parameters SNMP/Insight Manager Settings Recovering from a Failed iLO Firmware Update Enabling Snmp Alerts Click Apply Settings Generating Test Alerts Upgrade iLO Firmware Configure Insight Manager Integration Click Send firmware image Certificate Administration Licensing Directory Settings ProLiant BL p-Class Advanced Management User Guide Integrated Lights-Out Rack Settings Power Management Module Server Blade Management Module Redundant Power Management Module ILO Control of ProLiant BL p-Class Server LEDs Insufficient Power Notification Hot-Plug KeyboardKeyboard Definitions Server Post Tracking Hot-Plug Keyboard Troubleshooting Hot-Plug Keyboard Recommended Usage User Guide Integrated Lights-Out Terminal Services Pass-Through Option Terminal Services Client Requirements Windows RDP Pass-Through Service Terminal Services Pass-Through Installation Enabling the Terminal Services Pass-Through Option Windows 2000 Terminal Services Port Change Terminal Services Pass-Through Status Terminal Services Warning Message Remote Console and Terminal Services Clients Terminal Services Button Display ComputerPropertiesRemoteRemote Desktop Terminal Services TroubleshootingManagerMultifunction Adapters Telnet Support HP ProLiant Essentials Rapid Deployment Pack IntegrationViewerApplication Using Telnet Telnet Simple Command Set Supported Key Sequences Telnet Security ILO VT100+ Key Map Altk Altlowerj VT100+ Codes for the F-Keys Linux Codes for the F-Keys Using SSH Using Secure ShellSecure Shell Using OpenSSH ILO Supported SSH FeaturesUsing PuTTY ILO Shared Network Port ILO Shared Network Port Requirements ILO Shared Management Port Features and Restrictions Enabling the iLO Shared Network Port Feature Select AdministrationNetwork Settings Re-enabling the Dedicated iLO Management Port Command Line Interface Select NetworkNICTCP/IP, and press the Enter key Escape CLI CommandsHelp Power Remcons Vsp ExitPage ILO Security Security FeaturesGeneral Security Guidelines ILO Security Override Switch Administration Encryption User Accounts Login Security Privileges Password Guidelines Global Security Settings Certificates Securing Rbsu Page Directory Services Benefits of Directory Integration Features Supported by Directory Integration Installing Directory Services Schema Documentation Directory Services Support EDirectory Installation Prerequisites Schema Required Software Schema Installer Schema Preview Setup Directory Services 151 Management Snap-In Installer Results Directory Services for Active Directory Active Directory Installation Prerequisites Directory Services Preparation for Active Directory Start MMC Install the Active Directory Schema snap-in in MMC Snap-In Installation and Initialization for Active Directory Directory Services 157 User Guide Integrated Lights-Out Directory Services 159 User Guide Integrated Lights-Out Directory Services 161 Directory Services Objects Active Directory Snap-Ins HP Devices Members Active Directory Role Restrictions User Guide Integrated Lights-Out Time Restrictions Enforced Client IP Address or DNS Name Access Remove Active Directory Lights-Out Management Directory Services for eDirectory Snap-in Installation and Initialization for eDirectory User Guide Integrated Lights-Out Directory Services 173 Apply Directory Services 175 Directory Services Objects for eDirectory Role Managed Devices Role Restrictions EDirectory Role Restrictions Time Restrictions Delete Lights-Out Management Directory Services 183 Configuring Directory Settings Directory Services 185 Directory Tests User Login Using Directory Services User Guide Integrated Lights-Out Introduction to Certificate Services Certificate ServicesInstalling Certificate Services Verifying Directory Services Configuring Automatic Certificate Request Certificate Services 191 Page Directory-Enabled Remote Management Introduction to Directory-Enabled Remote Management Using Bulk Import Tools Using Existing Groups Using Multiple Roles AdminUserAdminRole Server UserRole Restricting Roles Creating Roles to Follow Organizational StructureRole Time Restrictions IP Address and Subnet Mask Restrictions IP Address Range RestrictionsDNS-Based Restrictions How Directory Login Restrictions are Enforced Role Address Restrictions How User Time Restrictions are Enforced User Address Restrictions Creating Multiple Restrictions and Roles Directory-Enabled Remote Management 203 User Guide Integrated Lights-Out Lights-Out Directories Migration Utilities Introduction to Lights-Out Migration Utilities Pre-Migration Checklist Compatibility HP Lights-Out Directory Package Hpqlomig Operation Finding Management Processors Lights-Out Directories Migration Utilities 209 Enter your Login NamePassword and click Find Upgrading Firmware on Management Processors Lights-Out Directories Migration Utilities 211 Select either Use Network Address or Create Name Using Index Naming Management Processors Configuring Directories Click Update Directory Browse Setting Up Management Processors for Directories Click Configure Hpqlomgc Operation Launching Hpqlomgc Using Application Launch Firmware version is validated and updated if necessaryManagement processor directory settings are updated Directory is updated Lights-Out Directories Migration Utilities 219 Hpqlomgc Command Language Iloconfig Page Insight Manager 7 Integration Integrating iLO with Insight Manager Functional Overview Identification and Association Queries StatusLinks Configuring Identification of iLO Receiving Snmp Alerts in Insight Manager Insight Manager 7 Integration 227 Port Matching Insight Manager 7 Integration 229 User Guide Integrated Lights-Out ProLiant BL p-Class Rack Visualization User Guide Integrated Lights-Out Systems Insight Manager Integration Integrating iLO with Systems Insight Manager Systems Insight Manager Functional Overview System Insight Manager Identification and Association System Insight Manager Status System Insight Manager Links Configuring System Insight Manager Identification of iLOSystem Insight Manager Systems Lists Receiving Snmp Alerts in Systems Insight Manager System Insight Manager Port Matching Systems Insight Manager Integration 239 Page Group Administration and iLO Scripting Lights-Out Configuration Utility \PROGRAM FILES\INSIGHT MANAGER\HP\SYTEMS Query Definition in Insight Manager Select Management Processor and click OK Application Launch Using Insight Manager Click ToolsCustom CommandsNew Custom Command Create a Custom CommandCreate a Customized List Create a Task Click either Schedule or Run Now Batch Processing Using the Lights-Out Configuration Utility Lights-Out Configuration Utility Parameters Cpqlocfg Lights-Out DOS Utility Overview of the Lights-Out DOS Utility Cpqlodos Recommended Usage Command Line ArgumentsCpqlodos General Guidelines Lights-Out DOS Utility 251 Cpqlodos Runtime Error Ribcl XML Commands for CpqlodosCpqlodos Parameter Adduser Runtime Errors Adduser Parameters Setlicense Runtime Errors Setlicense Parameter Perl Scripting Using Perl with the XML Scripting InterfaceXML Enhancements XML script modification Opening an SSL Connection Sending the XML Header and Script Body Perl Scripting 259 User Guide Integrated Lights-Out Hponcfg Hponcfg Online Configuration UtilityHponcfg Supported Operating Systems Hponcfg Installation and Usage Hponcfg Requirements Windows Server Installation Linux Server Installation Hponcfg Command Line Parameters Using Hponcfg Obtaining an Entire Configuration Hponcfg Usage Model Creating a User Account Sample adduser.xml input file Hponcfg Online Configuration Utility Page Remote Insight Command Language Overview of the Remote Insight Board Command Language Ribcl and ProLiant BL p-Class Servers XML Header Ribcl Sample Scripts Ribcl General GuidelinesData Types Response Definitions StringSpecific String Boolean String Ribcl Ribcl Runtime ErrorsRibcl Parameter Login Parameters LoginLogin Runtime Errors Userinfo Userinfo Runtime ErrorUserinfo Parameter Adduser Adduser Parameters Remote Insight Command Language Adduser Runtime Errors Deleteuser Deleteuser Runtime ErrorsDeleteuser Parameter Getuser Getuser Runtime ErrorsGetuser Parameter Moduser Getuser Return Messages Moduser Parameters Moduser Runtime Errors Getallusers Runtime Error GetallusersGetallusers Parameters Getallusers Return Messages Getalluserinfo Getalluserinfo Runtime ErrorsGetalluserinfo Parameters Ribinfo Getalluserinfo Return Messages Resetrib Ribinfo Runtime ErrorsResetrib Parameters Resetrib Runtime Errors Getnetworksettings Getnetworksettings ParametersGetnetworksettings Runtime Errors Getnetworksettings Return Messages Modnetworksettings Dhcpwinsserver VALUE=Y Regwinsserver VALUE=Y Modnetworksettings /RIBINFO Login Ribcl Modnetworksettings Parameters User Guide Integrated Lights-Out Modnetworksettings Runtime Errors GetglobalsettingsGetglobalsettings Parameters Getglobalsettings Runtime Errors ModglobalsettingsGetglobalsettings Return Messages Modglobalsettings Parameters User Guide Integrated Lights-Out Remote Insight Command Language Getsnmpimsettings Modglobalsettings Runtime ErrorsGetsnmpimsettings Parameters Getsnmpimsettings Runtime Errors Modsnmpimsettings Modsnmpimsettings Parameters Modsnmpimsettings Runtime Errors Cleareventlog Cleareventlog Runtime ErrorsCleareventlog Parameters Updateribfirmware Parameters UpdateribfirmwareUpdateribfirmware Runtime Errors Getfwversion Runtime Errors GetfwversionGetfwversion Parameters Getfwversion Return Messages Hotkeyconfig Hotkeyconfig Parameters Hotkeyconfig Runtime Errors License License Runtime Errors License Parameters Getdirconfig Dirinfo Runtime ErrorsDirinfo Dirinfo Parameters Getdirconfig Runtime Errors Getdirconfig ParametersGetdirconfig Return Messages Moddirconfig Moddirconfig Parameters Moddirconfig Runtime Errors Rackinfo Modbladerack Rackinfo Runtime ErrorsRackinfo Parameters Modbladerack Parameters Getdiagportsettings Modbladerack Runtime ErrorsGetdiagportsettings Parameters Getdiagportsettings Runtime Errors Getdiagportsettings Return Messages ModdiagportsettingsModdiagportsettings Parameters Moddiagportsettings Runtime Errors Gettopology Gettopology Parameters ServerinfoGettopology Return Message Serverinfo Runtime Errors GethostpowerstatusServerinfo Parameter Sethostpower Gethostpowerstatus ParametersGethostpowerstatus Runtime Errors Gethostpowerstatus Return Messages Sethostpower Parameters ResetserverSethostpower Runtime Errors Resetserver Parameters Resetserver ErrorsPresspwrbtn Presspwrbtn Parameters Presspwrbtn Runtime Errors Holdpwrbtn Runtime ErrorsHoldpwrbtn Holdpwrbtn Parameters Coldbootserver Parameters ColdbootserverColdbootserver Runtime Errors Warmbootserver Warmbootserver ParametersWarmbootserver Runtime Errors Getuidstatus Getuidstatus Parameters UidcontrolGetuidstatus Response Uidcontrol Errors InsertvirtualmediaUidcontrol Parameters Insertvirtualmedia Parameters Insertvirtualfloppy Runtime Errors Ejectvirtualmedia Ejectvirtualmedia Runtime ErrorsEjectvirtualmedia Parameters Getvmstatus Runtime Errors GetvmstatusGetvmstatus Parameters Getvmstatus Return Messages Setvmstatus Setvmstatus Parameters Setvmstatus Runtime Errors ILO Parameters ILO Parameters Table Global Settings ILO Parameters 333 SNMP/Insight Manager Settings ILO Parameters 335 ILO Status Server Name Server Status ParametersServer ID User Administration Parameters Password Administer User AccountsRemote Console Access Virtual Power and Reset Idle Connection Timeout Minutes Enable Lights-Out FunctionalityEnable iLO Rbsu Pass-Through Configuration Require Login for iLO Rbsu Remote Console Port ConfigurationShow iLO During Post Remote Console Data Encryption Terminal Services Port Web Server Non-SSL PortWeb Server SSL Port Virtual Media Port Serial Command Line Interface Status Serial Command Line Interface Speed bits/secondMinimum Password Length Network Settings Parameters Enable NIC Shared Network PortTransceiver Speed Autoselect Speed Registering with Wins Server Registering with DNS ServerPing Gateway on Startup ILO IP Address ILO Gateway IP Address ILO Subsystem NameDomain Name Dhcp Server SNMP/Insight Manager Settings Parameters Enable iLO Snmp AlertsEnable Snmp Pass-Through Snmp Alert Destinations ILO Advanced License Activation Settings Insight Manager Web Agent URLLevel of Data Returned ILO Advanced Pack License Key Rack Name Enclosure NameBay Name Bay Power Source Enable Automatic Power OnEnable Rack Alert Logging IML Directory Settings Parameters Enable Directory Authentication Enable Local User AccountsLOM Object Password Directory Server Address Click Test Settings Testing Directory SettingsClick Start Test Directory Services Schema HP Management Core Ldap OID Classes and AttributesCore Classes Core Attributes HpqTarget Core Class DefinitionsHpqRole Core Attribute Definitions HpqPolicyHpqPolicyDN HpqRoleMembership HpqTargetMembership HpqRoleIPRestrictionDefaultHpqRoleIPRestrictions HpqRoleTimeRestriction Directory Services Schema 357 Lights-Out Management Classes Lights-Out Management Attributes Lights-Out Management Attribute Definitions Lights-Out Management Class DefinitionsHpqLOMv100 HpqLOMRightRemoteConsole HpqLOMRightLoginHpqLOMRightVirtualMedia HpqLOMRightLocalUserAdmin HpqLOMRightServerResetHpqLOMRightConfigureSettings Page Troubleshooting iLO Minimum Requirements ILO Post LED Indicators Troubleshooting iLO 365 Event Log Entries FEH Code Consistency Check Explanation Troubleshooting iLO 367 User Guide Integrated Lights-Out Troubleshooting iLO 369 MS-DOS Error Codes Hardware and Software Link-Related Issues Hardware Login IssuesSoftware ILO Management Port Not Accessible by Name Login Name and Password Not AcceptedDirectory User Premature Logout ILO Rbsu Unavailable after iLO and Server Reset Inability to Access the Login Inability to Connect to iLO after Changing Network Settings Inability to Access iLO Using TelnetInability to Connect to the iLO Diagnostic Port Inability to Connect to the iLO Processor through the NIC Firewall Issues Troubleshooting Alert and Trap Problems Proxy Server Issues ILO Security Override Switch Authentication Code Error Message Troubleshooting Mouse Problems Local USB Mouse and Linux Mouse Issue Using SuSE Linux Remote Console Mouse Control Issue Emulating a PS/2 Keyboard in a Headless Server Environment Troubleshooting Remote Console ProblemsLinux Remote Console User Guide Integrated Lights-Out Remote Console Text Window not Updating Properly Troubleshooting SSH and Telnet Problems Remote Console Turns Grey or BlackInitial PuTTY Input Slow PuTTY Client Unresponsive with Shared Network Port Troubleshooting Terminal Services Problems Terminal Services Button Is Not WorkingTerminal Services Proxy Stops Responding SSH Text Support from a Remote Conosle Session Troubleshooting Video and Monitor Problems General GuidelinesTelnet Displays Incorrectly in DOS Video Applications not Displaying in the Remote Console Troubleshooting Virtual Media Problems Troubleshooting Miscellaneous ProblemsVirtual Drive Listing Virtual Media Applet has a Red X and Will Not Display Shared Instances Cookie Sharing Between Browser Instances and iLOCookie Order Behavior Troubleshooting iLO 389 Preventing Cookie-Related User Issues Displaying the Current Session Cookie Inability to Upgrade iLO Firmware ILO Network Flash RecoveryDiagnostic Steps Incorrect Time or Date of the Entries in the Event Log Flash Recovery Process ROMPaq Testing SSL ILO Does Not Respond to SSL Requests Resetting iLO Request New Certificate Troubleshooting a Remote Host Server Name Still Present after Erase Utility is Executed HP Contact Information Technical SupportBefore You Contact HP User Guide Integrated Lights-Out Acronyms and Abbreviations DAV ILO JVM MTU RDP SSL Page Index LAN Index Uidcontrol