Manualshelf

HP Integrated Lights-Out Security, 7th edition

ManualsBrandsHP ManualsSoftwareInsight Software
21222324252627282930
22
You can also selectively disable the services you do not need in your environment. Table 2 lists
default port locations and indicates port status.
Table 2. Default port locations for iLO
Port No. Protocol
Is Port Number
Change allowed? Supports
Enabled by
default?
22 [1] SSH Yes SSH Connections Yes
23 [1, 2] Telnet Yes Remote graphical console
Remote text console
Virtual serial port
Yes
80 Remote Insight browser
port
Yes HTTP interface to iLO management
board
Yes
161 SNMP get/set No HP SIM polls No
162 SNMP trap No HP SIM agent events No
443 [1] Remote Insight browser
access encrypted port
Yes SSL access to iLO management
board
Encrypted XML access
Yes
623 [3] IPMI over LAN No Yes
636 Lightweight Directory
Assisted Protocol
(LDAP)
Yes Secure connection to the directory
server
Yes, if
directory
support is
enabled
3389 [2] Terminal Services Pass-
Through
Yes Terminal Services session- software-
based remote console using
Microsoft Windows (RDC/TS)
Yes
9300 [2] Telnet Yes Multi-user remote console No
17988 Virtual Media Yes Virtual Media Yes
17990 Telnet/
Remote Console [4]
Yes Console replay No
[1] Port disabled if two-factor authentication is enabled for
web browser access.
[2] Not used by iLO 3.
[3] iLO 3 only.
[4] iLO 3 uses only Remote Console protocol.
Connectivity between iLO, the server, and the network
Knowing the points of access to and from iLO, the server, and the client helps you understand the
potential for security risks. The following sections briefly describe how the iLO design or its
configuration mitigates those risks.
Network access to iLO
These utilities identified in Figure 13 have access to the iLO processor through the network: SSH
connection, telnet connection (except for iLO 3), the web browser, the CPQLOCFG utility, SNMP,
directory services, the Lights-Out Migration Utility (for directory services), and Systems Insight
Manager or Insight Manager 7. CPQLOCFG is a Windows-based utility that allows users to configure
iLO devices. It sends RIBCL (XML) script files to iLO using a secure connection over the network.