HP Integrated Lights-Out Security, 7th edition

Security techniques used by iLO

Enabling a secure system requires trust that a specific person, computer, or device seeking access has

the required authentication and level of authorization. The following sections identify the three

essential iLO techniques that you can use to verify trust:

• Authentication and authorization

• Encryption

• Disabling ports and changing port locations

Every function of iLO builds on one or more of these techniques.

Authentication and authorization processes for browser access

When you access iLO through a browser, iLO authenticates through a local account or through

directory services. In either case, iLO re-evaluates privileges every time you make a request to ensure

that privileges are still valid. Browser access methods use signed JavaScript or ActiveX controls and

do not require an additional login process. The following sections explain how authentication and

authorization processes differ between iLO, iLO 2, and iLO 3.

Authentication and authorization with iLO or iLO 2

You can use two-factor authentication to boost iLO security (iLO v1.80 or iLO2 v1.10 and later). This

authentication method is more secure than the standard local accounts or directory services methods.

Figure 3 illustrates steps in a successful login/authentication process.

Figure 3. User login process when using a local account (iLO and iLO 2)

Client Browser

iLO

Browser attaches,

goes to SSL

with session key

User enters login

credentials. Browse

creates cookie.

Cookie returned to

iLO with request for

index.

iLO performs

credentials.

Index (status

page) returned.