Home > HP > Server > HP Ilo 3 User Guide

HP Ilo 3 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP Ilo 3 User Guide. The HP manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 51

    Page 51 8.FollowtheonscreeninstructionsandsubmittheCSRtotheCA. TheCAwillgenerateacertificateinthePKCS#10format. 9.Afteryouobtainthecertificate,makesurethat: •TheCNmatchestheiLOFQDN.ThisislistedastheiLOHostnameonthe Information→Overviewpage. •ThecertificateisgeneratedasaBase64-encodedX.509certificate,andisintheRAW format. •Thefirstandlastlinesareincludedinthecertificate. 10.ReturntotheSSLCertificateCustomizationpage(Figure21)intheiLOuserinterface. 11.ClicktheImportCertificatebutton.... 
    8.FollowtheonscreeninstructionsandsubmittheCSRtotheCA.
TheCAwillgenerateacertificateinthePKCS#10format.
9.Afteryouobtainthecertificate,makesurethat:
•TheCNmatchestheiLOFQDN.ThisislistedastheiLOHostnameonthe
Information→Overviewpage.
•ThecertificateisgeneratedasaBase64-encodedX.509certificate,andisintheRAW
format.
•Thefirstandlastlinesareincludedinthecertificate.
10.ReturntotheSSLCertificateCustomizationpage(Figure21)intheiLOuserinterface.
11.ClicktheImportCertificatebutton....

    Page 52

    Page 52 YoumusthavetheConfigureiLOSettingsprivilegetochangedirectorysettings. ThisfeatureandmanyothersarepartofaniLOlicensingpackage.Formoreinformationabout iLOlicensing,seethefollowingwebsite:http://www.hp.com/go/ilo/licensing. Configuringauthenticationanddirectoryserversettings 1.NavigatetotheAdministration→Security→Directorypage,asshowninFigure23(page52). Figure23Security-Directorypage 2.Configurethefollowingoptions: •LDAPDirectoryAuthentication—Enablesordisablesdirectoryauthentication.Ifdirectory... 
    YoumusthavetheConfigureiLOSettingsprivilegetochangedirectorysettings.
ThisfeatureandmanyothersarepartofaniLOlicensingpackage.Formoreinformationabout
iLOlicensing,seethefollowingwebsite:http://www.hp.com/go/ilo/licensing.
Configuringauthenticationanddirectoryserversettings
1.NavigatetotheAdministration→Security→Directorypage,asshowninFigure23(page52).
Figure23Security-Directorypage
2.Configurethefollowingoptions:
•LDAPDirectoryAuthentication—Enablesordisablesdirectoryauthentication.Ifdirectory...

    Page 53

    Page 53 extendedwiththeHPExtendedSchema.Useraccountsandgroupmembershipsare usedtoauthenticateandauthorizeusers.Afteryouenterandsavethedirectory networkinformation,clickAdministerGroups,andthenenteroneormorevalid directoryDNsandprivilegestograntusersaccesstoiLO. •KerberosAuthentication—EnablesKerberoslogin.IfKerberosloginisenabledand configuredcorrectly,theHPZeroSignInbuttonappearsontheloginpage. •LocalUserAccounts—Enablesordisableslocaluseraccountaccess.... 
    extendedwiththeHPExtendedSchema.Useraccountsandgroupmembershipsare
usedtoauthenticateandauthorizeusers.Afteryouenterandsavethedirectory
networkinformation,clickAdministerGroups,andthenenteroneormorevalid
directoryDNsandprivilegestograntusersaccesstoiLO.
•KerberosAuthentication—EnablesKerberoslogin.IfKerberosloginisenabledand
configuredcorrectly,theHPZeroSignInbuttonappearsontheloginpage.
•LocalUserAccounts—Enablesordisableslocaluseraccountaccess....

    Page 54

    Page 54 •LOMObjectDistinguishedName—SpecifieswherethisiLOinstanceislistedinthedirectory tree(forexample,cn=iLO Mail Server,ou=Management Devices,o=hp).This optionisavailablewhenUseHPExtendedSchemaisselected. UsersearchcontextsarenotappliedtotheLOMobjectDNwheniLOaccessesthe directoryserver. •DirectoryUserContexts—Theseboxesenableyoutospecifycommondirectorysubcontexts sothatusersdonotneedtoentertheirfullDNsatlogin.Directoryusercontextscanbe upto128characters.... 
    •LOMObjectDistinguishedName—SpecifieswherethisiLOinstanceislistedinthedirectory
tree(forexample,cn=iLO Mail Server,ou=Management Devices,o=hp).This
optionisavailablewhenUseHPExtendedSchemaisselected.
UsersearchcontextsarenotappliedtotheLOMobjectDNwheniLOaccessesthe
directoryserver.
•DirectoryUserContexts—Theseboxesenableyoutospecifycommondirectorysubcontexts
sothatusersdonotneedtoentertheirfullDNsatlogin.Directoryusercontextscanbe
upto128characters....

    Page 55

    Page 55 1.ClickTestSettingsontheSecurity→Directorypage. TheDirectoryTestspageopens,asshowninFigure24(page55). Figure24DirectoryTestspage Thispagedisplaystheresultsofaseriesofsimpletestsdesignedtovalidatethecurrentdirectory settings.Also,itincludesatestlogthatshowstestresultsandanydetectedissues.Afteryour directorysettingsareconfiguredcorrectly,youdonotneedtorerunthesetests.TheDirectory Testspagedoesnotrequirethatyoubeloggedinasadirectoryuser.... 
    1.ClickTestSettingsontheSecurity→Directorypage.
TheDirectoryTestspageopens,asshowninFigure24(page55).
Figure24DirectoryTestspage
Thispagedisplaystheresultsofaseriesofsimpletestsdesignedtovalidatethecurrentdirectory
settings.Also,itincludesatestlogthatshowstestresultsandanydetectedissues.Afteryour
directorysettingsareconfiguredcorrectly,youdonotneedtorerunthesetests.TheDirectory
Testspagedoesnotrequirethatyoubeloggedinasadirectoryuser....

    Page 56

    Page 56 4.ClickStartTest. Severaltestsbegininthebackground,startingwithanetworkpingofthedirectoryuserby establishinganSSLconnectiontotheserverandevaluatinguserprivileges. Whilethetestsarerunning,thepagerefreshesperiodically.Youcanstopthetestsormanually refreshthepageatanytime. Viewingdirectorytestresults TheDirectoryTestResultssectionshowsthedirectoryteststatuswiththedateandtimeofthelast update. •OverallStatus—Summarizestheresultsofthetests. NotRun—Notestswererun.◦ ◦Inconclusive—Noresultswerereported.... 
    4.ClickStartTest.
Severaltestsbegininthebackground,startingwithanetworkpingofthedirectoryuserby
establishinganSSLconnectiontotheserverandevaluatinguserprivileges.
Whilethetestsarerunning,thepagerefreshesperiodically.Youcanstopthetestsormanually
refreshthepageatanytime.
Viewingdirectorytestresults
TheDirectoryTestResultssectionshowsthedirectoryteststatuswiththedateandtimeofthelast
update.
•OverallStatus—Summarizestheresultsofthetests.
NotRun—Notestswererun.◦
◦Inconclusive—Noresultswerereported....

    Page 57

    Page 57 Table3Directorytests(continued) DescriptionTest 1.Verifythattheconfigureddirectoryserveristhecorrecthost. 2.VerifythatiLOhasaclearcommunicationpathtothedirectoryserverthroughport 636(consideranyroutersorfirewallsbetweeniLOandthedirectoryserver). 3.Verifythatanylocalfirewallonthedirectoryserverisenabledtoallowcommunications throughport636. iLOinitiatesSSLhandshakeandnegotiationandLDAPcommunicationswiththedirectory serverthroughport636. ConnectusingSSL... 
    Table3Directorytests(continued)
DescriptionTest
1.Verifythattheconfigureddirectoryserveristhecorrecthost.
2.VerifythatiLOhasaclearcommunicationpathtothedirectoryserverthroughport
636(consideranyroutersorfirewallsbetweeniLOandthedirectoryserver).
3.Verifythatanylocalfirewallonthedirectoryserverisenabledtoallowcommunications
throughport636.
iLOinitiatesSSLhandshakeandnegotiationandLDAPcommunicationswiththedirectory
serverthroughport636.
ConnectusingSSL...

    Page 58

    Page 58 Table3Directorytests(continued) DescriptionTest NOTE:YoucanenteraLOMObjectDistinguishedNameontheSecurity→Directory pageonlywhenUseHPExtendedSchemaisselected.ThistestisrunevenifLDAPDirectory Authenticationisdisabled. Ifthetestsissuccessful,iLOfoundtheobjectthatrepresentsitself. Ifafailureoccurs: 1.VerifythattheLDAPFQDNoftheLOMobjectiscorrect. 2.TrytoupdatetheHPExtendedSchemaandsnap-insinthedirectoryserverbyupdating theHPDirectoriesSupportforProLiantManagementProcessorssoftware.... 
    Table3Directorytests(continued)
DescriptionTest
NOTE:YoucanenteraLOMObjectDistinguishedNameontheSecurity→Directory
pageonlywhenUseHPExtendedSchemaisselected.ThistestisrunevenifLDAPDirectory
Authenticationisdisabled.
Ifthetestsissuccessful,iLOfoundtheobjectthatrepresentsitself.
Ifafailureoccurs:
1.VerifythattheLDAPFQDNoftheLOMobjectiscorrect.
2.TrytoupdatetheHPExtendedSchemaandsnap-insinthedirectoryserverbyupdating
theHPDirectoriesSupportforProLiantManagementProcessorssoftware....

    Page 59

    Page 59 •128-bitAESwithRSA,DHE,andaSHA1MAC •128-bitAESwithRSA,andaSHA1MAC •168-bit3DESwithRSA,andaSHA1MAC •168-bit3DESwithRSA,DHE,andaSHA1MAC iLOalsoprovidesenhancedencryptionthroughtheSSHportforsecureCLPtransactions.iLO supportsAES128-CBCand3DESCBCcipherstrengthsthroughtheSSHport. Ifenabled,iLOenforcestheuseoftheseenhancedciphers(bothAESand3DES)overthesecure channels,includingsecureHTTPtransmissionsthroughthebrowser,SSHport,andXMLport.When... 
    •128-bitAESwithRSA,DHE,andaSHA1MAC
•128-bitAESwithRSA,andaSHA1MAC
•168-bit3DESwithRSA,andaSHA1MAC
•168-bit3DESwithRSA,DHE,andaSHA1MAC
iLOalsoprovidesenhancedencryptionthroughtheSSHportforsecureCLPtransactions.iLO
supportsAES128-CBCand3DESCBCcipherstrengthsthroughtheSSHport.
Ifenabled,iLOenforcestheuseoftheseenhancedciphers(bothAESand3DES)overthesecure
channels,includingsecureHTTPtransmissionsthroughthebrowser,SSHport,andXMLport.When...

    Page 60

    Page 60 TheEncryptionSettingspagedisplaysthecurrentencryptionsettingsforiLO. •CurrentNegotiatedCipher—Thecipherinuseforthecurrentbrowsersession.Afteryoulog intoiLOthroughthebrowser,thebrowserandiLOnegotiateaciphersettingtouseduring thesession. •EncryptionEnforcementSettings—ThecurrentencryptionsettingsforiLO: FIPSMode—IndicateswhetherFIPSModeisenabledordisabledforthisiLOsystem.◦ ◦EnforceAES/3DESEncryption—IndicateswhetherAES/3DESencryptionisenforcedfor thisiLO.... 
    TheEncryptionSettingspagedisplaysthecurrentencryptionsettingsforiLO.
•CurrentNegotiatedCipher—Thecipherinuseforthecurrentbrowsersession.Afteryoulog
intoiLOthroughthebrowser,thebrowserandiLOnegotiateaciphersettingtouseduring
thesession.
•EncryptionEnforcementSettings—ThecurrentencryptionsettingsforiLO:
FIPSMode—IndicateswhetherFIPSModeisenabledordisabledforthisiLOsystem.◦
◦EnforceAES/3DESEncryption—IndicateswhetherAES/3DESencryptionisenforcedfor
thisiLO....
    Start reading HP Ilo 3 User Guide

    Related Manuals for HP Ilo 3 User Guide

    All HP manuals