User's Manual
Table Of Contents
- HP Remote Insight Lights-Out Edition II User Guide
- Notice
- Contents
- Operational overview
- Installing the RILOE II
- Configuring the RILOE II
- Using the RILOE II
- Accessing RILOE II for the first time
- Features of the RILOE II
- Managing the user and configuration settings of the RILOE II
- Using the Remote Console
- Terminal Services pass-through option
- Using virtual devices
- Resetting the RILOE II to the factory default settings
- Getting help
- Pocket PC access with RILOE II
- RILOE II security
- Systems Insight Manager integration
- Directory services
- Overview of directory integration
- Benefits of directory integration
- How directory integration works
- Advantages and disadvantages of schema-free and HP Extended
- Setup for Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory settings
- Directory-enabled remote management
- Scripting, command line, and utility options
- Overview of the Lights-Out DOS utility
- Lights-Out directories migration utilities
- Compatibility
- Pre-migration checklist
- HP Lights-Out directory package
- HPQLOMIG operation
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is sele
- Setting up management processors for directories
- HPQLOMGC operation
- Lights-Out Configuration Utility
- Using Perl with the XML scripting interface
- HPONCFG
- Remote Insight command language
- RIBCL sample scripts
- RIBCL general guidelines
- XML header
- Data types
- Response definitions
- RIBCL
- LOGIN
- USER_INFO
- ADD_USER
- DELETE_USER
- GET_USER
- MOD_USER
- GET_ALL_USERS
- GET_ALL_USER_INFO
- RIB_INFO
- RESET_RIB
- GET_NETWORK_SETTINGS
- MOD_NETWORK_SETTINGS
- GET_GLOBAL_SETTINGS
- MOD_GLOBAL_SETTINGS
- CLEAR_EVENTLOG
- UPDATE_RIB_FIRMWARE
- GET_FW_VERSION
- HOTKEY_CONFIG
- DIR_INFO
- GET_DIR_CONFIG
- MOD_DIR_CONFIG
- SERVER_INFO
- RESET_SERVER
- INSERT_VIRTUAL_FLOPPY
- EJECT_VIRTUAL_FLOPPY
- COPY_VIRTUAL_FLOPPY
- GET_VF_STATUS
- SET_VF_STATUS
- GET_HOST_POWER_STATUS
- SET_HOST_POWER
- GET_VPB_CABLE_STATUS
- GET_ALL_CABLES_STATUS
- GET_TWOFACTOR_SETTINGS
- MOD_TWOFACTOR_SETTINGS
- Troubleshooting the RILOE II
- Supported client operating systems and browsers
- Supported hardware and software
- Server PCI Slot and Cable Matrix
- Network connection problems
- Alert and trap problems
- NetWare initialization errors
- Miscellaneous problems
- Accessing System Partition Utilities
- Inability to reboot the server
- Inability to upgrade the RILOE II firmware
- Incorrect time or date of entries in the event log
- Interpreting LED indicators
- Invalid Source IP address
- Login name and password problems
- Remote Console mouse control issue
- Resetting the RILOE II to Factory Default Settings
- Virtual Floppy media applet is unresponsive
- Video Problems
- Troubleshooting the host server
- Directory Services errors
- Directory Services schema
- Technical support
- Regulatory compliance notices
- Acronyms and abbreviations
- Index
RILOE II security 63
Two-factor authentication
RILOE II is a powerful tool for managing HP ProLiant servers. To prevent misuse of this tool, access to
RILOE II requires reliable user authentication. This firmware release provides a stronger authentication
scheme for RILOE II using two factors of authentication: a password or PIN and a private key for a digital
certificate. Users are asked to verify their identities by providing both factors. Users can store their digital
certificates and private keys wherever they choose, for example, smart card, USB token, or hard disk.
Setting up two-factor authentication for the first time
When setting up two-factor authentication for the first time you can use either local user accounts or
directory user accounts. For more information on two-factor authentication settings, See the "Two-Factor
Authentication Settings (on page 33)" section.
Setting up local user accounts:
1. Obtain the public certificate from the CA that issues user certificates or smart cards in your
organization.
2. Export the certificate in Base64 encoded format to a file on your desktop, for example, CAcert.txt.
3. Obtain the public certificate of the user who needs access to RILOE II.
4. Export the certificate in Base64 encoded format to a file on your desktop, for example, Usercert.txt.
5. Open the file CAcert.txt in Notepad, select all of the text, and copy by pressing the Ctrl+C keys.
6. Log in to RILOE II and browse to the Two-Factor Authentication Settings page.
7. Click Import Trusted CA Certificate. Another page appears.
8. Click the white text area so that your cursor is in the text area, and paste the contents of the
clipboard by pressing the Ctrl+V keys.
9. Click Import Root CA Certificate. The Two-Factor Authentication Settings page appears again
with information displayed under Trusted CA Certificate Information.
10. From your desktop, open the file for the user certificate in Notepad, select all the text, and copy the
text to the clipboard by pressing the Ctrl+C keys.
11. Browse to the User Administration page on RILOE II, and select the user for which you have obtained
a public certificate or create a new user.
12. Click View/Modify.
13. Click Add a certificate.
14. Click the white text area so that your cursor is in the text area, and paste the contents of the
clipboard by pressing the CTRL+V keys.
15. Click Add user Certificate. The Modify User page appears again with a 40 digit number in the
Thumbprint field. You can compare the number to the thumbprint displayed for the certificate by
using Microsoft® Certificate Viewer.
16. Browse to the Two-Factor Authentication Settings page.
17. Change Enforce Two-Factor Authentication to Yes.
18. Change Check for Certificate Revocation to No (default).
19. Click Apply. RILOE II is reset. When RILOE II attempts to go to the login page again, the browser
displays the Client Authentication page with a list of certificates that are available to the system.
If the user certificate is not registered on the client machine, you will not see it in the list. The user
certificate must be registered on the client system before you can use it. If there are no client
certificates on the client system you may not see the Client Authentication page and instead see a
Page cannot be displayed error. To resolve the error, the client certificate must be registered on the
client machine. For more information on exporting and registering client certificates, See the
documentation for your smart card, or certificate authority.