Manualshelf

HP Integrated Lights-Out Security, 7th edition

ManualsBrandsHP ManualsSoftwareInsight Software
21222324252627282930
28
completely isolated from the network ports on the server. Even if the DMZ network were
compromised, the iLO network would remain secure. This lets you use iLO on servers located in the
DMZ or in the internal network without compromising sensitive data. Administrators create this
separation by using a dedicated NIC or the SNP with its VLAN (see the section “
SNP for select
ProLiant servers”).
For best protection of the servers operating inside the DMZ, set the SNMP trap destinations to the
loop back address and enable the SNMP pass-thru in iLO to route traps onto the iLO network. This
SNMP pass-thru option does not activate all management functions. However, it does pass status,
inventory, and fault information to HP SIM or another SNMP-capable management application. This
option is very secure because the OS does not recognize the iLO product as a NIC.
The Rapid Deployment Pack Deployment Server Console provides secure access to the management
functions of iLO and Remote Insight Lights-Out Edition (RILOE).
HP Rapid Deployment Pack combines an off-the shelf version of Altiris eXpress Deployment Solution
and the ProLiant Integration Module. The ProLiant Integration Module includes:
SmartStart Scripting Toolkit
Configuration Events for industry-standard OSes
Sample unattended files
ProLiant Support Packs containing software drivers and management agents
Administrators can deploy servers through the Altirisimaging feature or through scripting using the
SmartStart Scripting Toolkit. HP Rapid Deployment Pack is a part of HP Insight Control Management
Software. See the HP
website for more information about HP Insight Control Management Software.
Communication between iLO and server blades
The HP BladeSystem architecture uses a single enclosure to hold multiple servers. A separate power
subsystem provides power to all servers in that enclosure. ProLiant c-Class server blades use iLO to
send alerts and management information throughout the server blade infrastructure.
There is a strict communication hierarchy among ProLiant c-Class server components. The Onboard
Administrator (OA) management module communicates with the iLO processor on each server blade.
The OA module provides independent IP addresses for each server blade. The iLO device on a server
blade also maintains an independent IP address. The iLO firmware exclusively controls any
communication from iLO to the OA module. There is no path from an iLO processor on one server
blade to the iLO processor on another blade. There is no connection from the iLO processor or OA
module to the server NICs. The iLO processor only has information about the presence of other server
blades in the infrastructure and whether enough amperage is available from the power subsystem to
boot the iLO server blade. A single, physical port on the rear of the BladeSystem enclosure provides
access to the iLO network connections on the server blade. This simplifies and reduces cabling.
Security audits
Recent legislation may mandate periodic security audits. iLO maintains an event log containing date-
and time-stamped information pertaining to events that occurred in the iLO configuration and
operation. You can manually access this log through the System Status tab of the iLO browser
interface. You can also use XML commands to set up an automated examination and extraction
process that parses the event log by date/time and by authenticated user for accessing information
about security events.