Manualshelf

HP Integrity and HP 9000 iLO MP Operations Guide, Fifth Edition

ManualsBrandsHP ManualsServerHP 9000 rp3440-4 Server
21222324252627282930
of iLO enables you to maintain network user accounts and security policies
in a central, scalable database that supports thousands of users, devices,
and management roles.
Integrity Verifies that no one has altered incoming commands or data. iLO
incorporates trusted Java applets to verify the integrity of data.
Privacy iLO MP uses SSL for web connections, RSL-RC4 encryption for the remote
serial console, and SSH-DES3/DES128 2.0 recommended encryption
algorithms for SSH-based connections. You can enable or disable telnet,
IPMI over LAN, web, and SSH connectivity.
Because iLO devices are completely autonomous and can be used to control the server, they
should be treated in the same manner as other servers. For example, the administrator should
include the iLO devices in the security and network audits and should review the access logs
daily.
Security Setup
HP generally recommends that iLO management traffic be on a separate management network
and that only administrators be granted access to that network. This not only improves
performance by reducing traffic load across the main network, it also acts as the first line of
defense against security attacks. A separate network enables administrators to physically control
which workstations are connected to the network.
For security reasons, HP strongly recommends you modify the default settings during the initial
logon session and determine the security access required and what user accounts and privileges
are needed. You can create local accounts or use directory services to control user access. See
“Modifying User Accounts and Default Password” (page 36).
Protecting SNMP Traffic
Because SNMP uses passwords (known as community strings) that are sent across the network
in clear text, you must enhance the network security when using SNMP traffic. For enhancing
network security , do the following:
Reset the community strings (read-write and read-only) with the same frequency and
according to the same guidelines as the administrative passwords. For example, select
alphanumeric strings with at least one uppercase letter, one numeral, and one symbol.
Set firewalls or routers to accept only specific source and destination addresses. For example,
you can allow inbound SNMP traffic into the host server only if it comes from one of the
predetermined management workstations.
TIP: Telnet sends data without encryption and is not a secure connection. HP recommends
using SSH instead of telnet because SSH uses encryption. To enable and disable telnet access,
use the SA command.
Help System
The iLO MP has a robust help system.
Accessing Help Using the Text User Interface
To access the Help menu from the text user interface (TUI), enter HE at the MP> prompt. The
following example shows the MP Help Main Menu:
==== MP Help: Main Menu ===============================================
Integrated Lights-Out for HP Integrity and HP 9000 - Management Processor (MP)
MP Help System
Enter a command at the help prompt:
Help System 23