HP Integrated Lights-Out Security, 7th edition
25
HP Systems Insight Manager
HP SIM checks for an iLO presence by starting an HTTP session. Tight integration between iLO and
SIM means that you can use HP Insight Management software to get server serial numbers, iLO status
and serial numbers, and hardware/firmware revision data.
Physical access to iLO
Someone physically present at the server can access iLO in one of two ways:
• Through the physical serial port on the server
• By means of the iLO Security Override jumper
Server serial port
Users with access to the server serial port can access the iLO CLI and perform many iLO functions on
the server. A potential risk is that the connection from the serial port to the CLI is not encrypted.
However, we assume that anyone with physical access is authorized to access iLO. Because the
server serial port connects to the iLO CLI, you can disable the SSH/CLI functionality or restrict user
access by requiring authentication to the CLI. You can also change the server OS to disable any
support for the server serial port.
iLO Security Override jumper switch
People with physical access to a server can alter the server and the iLO setup. They can access the
security override jumper, reconfigure iLO through RBSU, reprogram the iLO ROM, or reprogram the
boot block. Therefore, data center managers must ensure that only super-users or administrators have
unrestricted access to the inside of a server enclosure. Consult the server documentation for the
location of the iLO Security Override jumper.
Access to the server from iLO
You can directly access the server through iLO functions such as virtual serial port, remote console,
virtual media, and Terminal Services (Figure 13). iLO secures the environment through strong user
authentication and authorization processes.
iLO software on server using the PCI bus
Several pieces of iLO software reside on the server and provide an entry point into the server. The iLO
driver enables the other iLO integration services, such as RBSU, Terminal Services pass-thru,
HPONCFG, and the agents.
RBSU
RBSU lets you initially configure iLO and iLO user accounts. RBSU is available to anyone with access
to the server console when the server boots. You can configure RBSU to require valid user credentials
using the robust iLO login mechanisms. If you don’t want RBSU to be accessible at reboot, you can
disable RBSU in the Global Settings preferences. Disabling RBSU prevents reconfiguration from the
server unless the iLO Security Override Switch is set.
iLO firmware (FlashROM)
The ROM boot block protects the iLO firmware by using a digital signature created with a private key
known only to HP. The iLO boot block verifies the digital signature by using a corresponding public
key. No one can modify the firmware contents without generating a new digital signature. This
requires the original private key from HP. The boot block examines the digital signature of the iLO
main-line code and refuses to transfer control to the main-line code if the signature is invalid. This
prevents loading corrupt or rogue firmware.