Manualshelf

Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)
81828384858687888990
FIPS mode is not the same as FIPS validated. FIPS validated refers to software that received
validation by completing the Cryptographic Module Validation Program.
To date, iLO 3 version 1.50 and iLO 4 version 2.11 are FIPS validated.
It is important to decide if a FIPS-validated version of the iLO firmware is required for your
environment, or if running iLO in FIPS mode will suffice. Because of the lengthy validation process,
a FIPS-validated version of the iLO firmware has probably been superseded by a nonvalidated
version with new features and security enhancements, which means that a FIPS-validated version
of iLO might be less secure than the latest version.
AES/3DES encryption
iLO can be configured to enforce AES/3DES encryption. If enabled, iLO enforces the use of these
enhanced ciphers (both AES and 3DES) over the secure channels, including secure HTTP
transmissions through the browser, SSH port, and XML port. When AES/3DES encryption is
enabled, you must use a cipher equal to or greater than AES/3DES to connect to iLO through
these secure channels. The AES/3DES encryption enforcement setting does not affect
communications and connections over less-secure channels.
By default, Remote Console data uses 128-bit RC4 bidirectional encryption. The HPQLOCFG
utility uses 128-bit RC4 with 160-bit SHA1 and 2048-bit RSA KeyX encryption to send RIBCL
scripts to iLO over the network.
Viewing encryption enforcement settings
Navigate to the AdministrationSecurityEncryption page.
The Encryption Settings page displays the cipher in use, and allows you to configure FIPS
Mode or Enforce AES/3DES Encryption.
Encryption settings
Current Negotiated Cipher—The cipher in use for the current browser session. After you
log in to iLO through the browser, the browser and iLO negotiate a cipher setting to use
during the session.
Encryption Enforcement Settings—The current encryption settings for iLO:
FIPS Mode—Indicates whether FIPS mode is enabled or disabled for this iLO system.
Enforce AES/3DES Encryption—Indicates whether AES/3DES encryption is enforced
for this iLO system.
When enabled, iLO only accepts connections that use the AES or 3DES ciphers.
86 Configuring the iLO security features