HP Ilo 3 User Guide
Have a look at the manual HP Ilo 3 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
8.FollowtheonscreeninstructionsandsubmittheCSRtotheCA. TheCAwillgenerateacertificateinthePKCS#10format. 9.Afteryouobtainthecertificate,makesurethat: •TheCNmatchestheiLOFQDN.ThisislistedastheiLOHostnameonthe Information→Overviewpage. •ThecertificateisgeneratedasaBase64-encodedX.509certificate,andisintheRAW format. •Thefirstandlastlinesareincludedinthecertificate. 10.ReturntotheSSLCertificateCustomizationpage(Figure21)intheiLOuserinterface. 11.ClicktheImportCertificatebutton. TheImportCertificatewindowopens,asshowninFigure22(page51). Figure22ImportCertificatewindow 12.Pastethecertificateintothetextbox,andthenclicktheImportbutton. iLOsupportsDER-encodedSSLcertificatesthatareupto3KBinsize(includingthe609or 1,187bytesusedbytheprivatekey,for1,024-bitand2,048-bitcertificates,respectively). 13.RestartiLO. Configuringdirectorysettings TheiLOfirmwareconnectstoMicrosoftActiveDirectory,Novelle-Directory,andotherLDAP 3.0-compliantdirectoryservicesforuserauthenticationandauthorization.YoucanconfigureiLO toauthenticateandauthorizeusersbyusingtheHPExtendedSchemadirectoryintegrationorthe schema-freedirectoryintegration.TheHPExtendedSchemaworksonlywithMicrosoftWindows. TheiLOfirmwareconnectstodirectoryservicesbyusingSSLconnectionstothedirectoryserver LDAPport.ThedefaultsecureLDAPportis636. FormoreinformationaboutusingdirectoryauthenticationwithiLO,see“Directoryservices” (page160). Locallystoreduseraccounts(listedontheUserAdministrationpage)canbeactivewheniLO directorysupportisenabled.Thisenablesbothlocal-basedanddirectory-baseduseraccess. Typically,youcandeletelocaluseraccounts(withthepossibleexceptionofanemergencyaccess account)afteriLOisconfiguredtoaccessthedirectoryservice.Youcanalsodisableaccessto theseaccountswhendirectorysupportisenabled. ConfiguringiLOsecurity51
YoumusthavetheConfigureiLOSettingsprivilegetochangedirectorysettings. ThisfeatureandmanyothersarepartofaniLOlicensingpackage.Formoreinformationabout iLOlicensing,seethefollowingwebsite:http://www.hp.com/go/ilo/licensing. Configuringauthenticationanddirectoryserversettings 1.NavigatetotheAdministration→Security→Directorypage,asshowninFigure23(page52). Figure23Security-Directorypage 2.Configurethefollowingoptions: •LDAPDirectoryAuthentication—Enablesordisablesdirectoryauthentication.Ifdirectory authenticationisenabledandconfiguredcorrectly,userscanloginbyusingdirectory credentials. Choosefromthefollowingoptions: ◦Disabled—Usercredentialsarenotvalidatedbyusingadirectory. ◦UseHPExtendedSchema—Selectsdirectoryauthenticationandauthorizationby usingdirectoryobjectscreatedwiththeHPExtendedSchema.Selectthisoption whenthedirectoryhasbeenextendedwiththeHPExtendedSchema. ◦UseDirectoryDefaultSchema—Selectsdirectoryauthenticationandauthorization byusinguseraccountsinthedirectory.Selectthisoptionwhenthedirectoryisnot 52ConfiguringiLO
extendedwiththeHPExtendedSchema.Useraccountsandgroupmembershipsare usedtoauthenticateandauthorizeusers.Afteryouenterandsavethedirectory networkinformation,clickAdministerGroups,andthenenteroneormorevalid directoryDNsandprivilegestograntusersaccesstoiLO. •KerberosAuthentication—EnablesKerberoslogin.IfKerberosloginisenabledand configuredcorrectly,theHPZeroSignInbuttonappearsontheloginpage. •LocalUserAccounts—Enablesordisableslocaluseraccountaccess. Enabled—Ausercanloginbyusinglocallystoredusercredentials.HPrecommends enablingthisoptionandconfiguringauseraccountwithadministratorprivileges. ThisaccountcanbeusedifiLOcannotcommunicatewiththedirectoryserver. ◦ ◦Disabled—Useraccessislimitedtovaliddirectorycredentials. Accessthroughlocaluseraccountsisenabledwhendirectorysupportisdisabledoran iLOlicenseisrevoked.Youcannotdisablelocaluseraccesswhenyouareloggedin throughalocaluseraccount. •KerberosRealm—ThenameoftheKerberosrealminwhichtheiLOprocessorisoperating. Thisstringcanbeupto128characters.ArealmnameisusuallytheDNSnameconverted touppercase.Realmnamesarecasesensitive. •KerberosKDCServerAddress—TheIPaddressorDNSnameoftheKDCserver.This stringcanbeupto128characters.EachrealmmusthaveatleastoneKDCthatcontains anauthenticationserverandaticketgrantserver.Theseserverscanbecombined. •KerberosKDCServerPort—TheTCPorUDPportnumberonwhichtheKDCislistening. ThedefaultKDCportis88. •KerberosKeytab—Abinaryfilethatcontainspairsofserviceprincipalnamesand encryptedpasswords.IntheWindowsenvironment,thekeytabfileisgeneratedbythe ktpassutility.ClickBrowse(InternetExplorerorFirefox)orChooseFile(Chrome),and thenfollowtheonscreeninstructionstoselectafile. IMPORTANT:ThecomponentsoftheserviceprincipalnamestoredintheKerberos keytabfilearecasesensitive.Theprimary(servicetype)mustbeinuppercaseletters,for example,(HTTP).Theinstance(iLOhostname)mustbeinlowercaseletters,forexample, iloexample.example.net.Therealmnamemustbeinuppercase,forexample, EXAMPLE.NET. 3.Enterthedirectoryserversettings. iLOdirectoryserversettingsenableyoutoidentifythedirectoryserveraddressandLDAPport. •DirectoryServerAddress—SpecifiesthenetworkDNSnameorIPaddressofthedirectory server.Thedirectoryserveraddresscanbeupto127characters. IMPORTANT:HPrecommendsusingDNSround-robinwhenyouaredefiningthe directoryserver. •DirectoryServerLDAPPort—SpecifiestheportnumberforthesecureLDAPserviceonthe server.Thedefaultvalueis636.Youcanspecifyadifferentvalueifyourdirectoryservice isconfiguredtouseadifferentport. ConfiguringiLOsecurity53
•LOMObjectDistinguishedName—SpecifieswherethisiLOinstanceislistedinthedirectory tree(forexample,cn=iLO Mail Server,ou=Management Devices,o=hp).This optionisavailablewhenUseHPExtendedSchemaisselected. UsersearchcontextsarenotappliedtotheLOMobjectDNwheniLOaccessesthe directoryserver. •DirectoryUserContexts—Theseboxesenableyoutospecifycommondirectorysubcontexts sothatusersdonotneedtoentertheirfullDNsatlogin.Directoryusercontextscanbe upto128characters. YoucanidentifytheobjectslistedinadirectorybyusinguniqueDNs.However,DNs canbelong,andusersmightnotknowtheirDNsormighthaveaccountsindifferent directorycontexts.iLOattemptstocontactthedirectoryservicebyDN,andthenapplies thesearchcontextsinorderuntilsuccessful. ◦Example1—Ifyouenterthesearchcontextou=engineering,o=hp,youcanlog inasuserinsteadoflogginginascn=user,ou=engineering,o=hp. ◦Example2—IfasystemismanagedbyInformationManagement,Services,and Training,searchcontextssuchasthefollowingenableusersinanyofthese organizationstologinbyusingtheircommonnames: Directory User Context 1:ou=IM,o=hp Directory User Context 2:ou=Services,o=hp Directory User Context 3:ou=Training,o=hp IfauserexistsinboththeIMorganizationalunitandtheTrainingorganizational unit,loginisfirstattemptedascn=user,ou=IM,o=hp. ◦Example3(ActiveDirectoryonly)—MicrosoftActiveDirectoryallowsanalternate [email protected],inwhich caseasearchcontextof@domain.example.comallowstheusertologinasuser. Onlyasuccessfulloginattemptcantestsearchcontextsinthisformat. 4.ClickApplySettings. 5.TotestthecommunicationbetweenthedirectoryserverandiLO,clickTestSettings. Formoreinformation,see“Runningdirectorytests”(page54). 6.Optional:ClickAdministerGroupstonavigatetotheUserAdministrationpage. Forinformationaboutgroupadministration,see“Administeringdirectorygroups”(page37). Runningdirectorytests Directorytestsenableyoutovalidatetheconfigureddirectorysettings.Thedirectorytestresults areresetwhendirectorysettingsaresaved,orwhenthedirectorytestsarestarted. Tovalidatetheconfigureddirectorysettings: 54ConfiguringiLO
1.ClickTestSettingsontheSecurity→Directorypage. TheDirectoryTestspageopens,asshowninFigure24(page55). Figure24DirectoryTestspage Thispagedisplaystheresultsofaseriesofsimpletestsdesignedtovalidatethecurrentdirectory settings.Also,itincludesatestlogthatshowstestresultsandanydetectedissues.Afteryour directorysettingsareconfiguredcorrectly,youdonotneedtorerunthesetests.TheDirectory Testspagedoesnotrequirethatyoubeloggedinasadirectoryuser. 2.IntheDirectoryTestControlssection,entertheDNandpasswordofadirectoryadministrator. •DirectoryAdministratorDistinguishedName—SearchesthedirectoryforiLOobjects, roles,andsearchcontexts.Thisusermusthaverightstoreadthedirectory. •DirectoryAdministratorPassword—Authenticatesthedirectoryadministrator. HPrecommendsthatyouusethesamecredentialsthatyouusedwhencreatingtheiLOobjects inthedirectory.ThesecredentialsarenotstoredbyiLO;theyareusedtoverifytheiLOobject andusersearchcontexts. 3.IntheDirectoryTestControlssection,enteratestusernameandpassword. •TestUserName—TestsloginandaccessrightstoiLO.Thenamedoesnothavetobe fullydistinguishedbecauseusersearchcontextscanbeapplied.Thisusermustbe associatedwitharoleforthisiLO. •TestUserPassword—Authenticatesthetestuser. Typically,thisaccountisusedtoaccesstheiLOprocessorbeingtested.Itcanbethedirectory administratoraccount,butthetestscannotverifyuserauthenticationwithasuperuseraccount. ThesecredentialsarenotstoredbyiLO. ConfiguringiLOsecurity55
4.ClickStartTest. Severaltestsbegininthebackground,startingwithanetworkpingofthedirectoryuserby establishinganSSLconnectiontotheserverandevaluatinguserprivileges. Whilethetestsarerunning,thepagerefreshesperiodically.Youcanstopthetestsormanually refreshthepageatanytime. Viewingdirectorytestresults TheDirectoryTestResultssectionshowsthedirectoryteststatuswiththedateandtimeofthelast update. •OverallStatus—Summarizestheresultsofthetests. NotRun—Notestswererun.◦ ◦Inconclusive—Noresultswerereported. ◦Passed—Nofailureswerereported. ◦ProblemDetected—Aproblemwasreported. ◦Failed—Aspecificsubtestfailed.Checktheonscreenlogtoidentifytheproblem. ◦Warning—OneormoreofthedirectorytestsreportedaWarningstatus. •Test—Thenameofeachtest. Table3(page56)providesdetailsabouteachdirectorytest. Table3Directorytests DescriptionTest IfthedirectoryserverisdefinedinFQDNformat(directory.company.com),iLO resolvesthenamefromFQDNformattoIPformat,andqueriestheconfiguredDNS server. DirectoryServerDNS Name Ifthetestissuccessful,iLOobtainedanIPaddressfortheconfigureddirectoryserver.If iLOcannotobtainanIPaddressforthedirectoryserver,thistestandallsubsequenttests fail. IfthedirectoryserverisconfiguredwithanIPaddress,iLOskipsthistest. Ifafailureoccurs: 1.VerifythattheDNSserverconfigurediniLOiscorrect. 2.VerifythatthedirectoryserverFQDNiscorrect. 3.Asatroubleshootingtool,useanIPaddressinsteadoftheFQDN. 4.Iftheproblempersists,checktheDNSserverrecordsandnetworkrouting. iLOinitiatesapingtotheconfigureddirectoryserver.PingDirectoryServer ThetestissuccessfulifiLOreceivesthepingresponse;itisunsuccessfulifthedirectory serverdoesnotreplytoiLO. Ifthetestfails,iLOwillcontinuewiththesubsequenttests. Ifafailureoccurs: 1.Checktoseeifafirewallisactiveonthedirectoryserver. 2.Checkfornetworkroutingissues. iLOattemptstonegotiateanLDAPconnectionwiththedirectoryserver.ConnecttoDirectory ServerIfthetestissuccessful,iLOwasabletoinitiatetheconnection. Ifthetestfails,iLOwasnotabletoinitiateanLDAPconnectionwiththespecifieddirectory server.Subsequenttestswillstop. Ifafailureoccurs: 56ConfiguringiLO
Table3Directorytests(continued) DescriptionTest 1.Verifythattheconfigureddirectoryserveristhecorrecthost. 2.VerifythatiLOhasaclearcommunicationpathtothedirectoryserverthroughport 636(consideranyroutersorfirewallsbetweeniLOandthedirectoryserver). 3.Verifythatanylocalfirewallonthedirectoryserverisenabledtoallowcommunications throughport636. iLOinitiatesSSLhandshakeandnegotiationandLDAPcommunicationswiththedirectory serverthroughport636. ConnectusingSSL Ifthetestissuccessful,theSSLhandshakeandnegotiationbetweeniLOandthedirectory serverweresuccessful. Ifafailureoccurs,thedirectoryserverisnotenabledforSSLnegotiations. IfyouareusingMicrosoftActiveDirectory,verifythatActiveDirectoryCertificateServices (WindowsServer2008)areinstalled. Thistestbindstheconnectionwiththeusernamespecifiedinthetestboxes.Ifnouseris specified,iLOwilldoananonymousbind. BindtoDirectory Server Ifthetestissuccessful,thedirectoryserveracceptedthebinding. Ifafailureoccurs: 1.Verifythatthedirectoryserverallowsanonymousbinding. 2.Ifyouenteredausernameinthetestboxes,verifythatthecredentialsarecorrect. 3.Ifyouverifiedthattheusernameiscorrect,tryusingotheruser-nameformats;for example,[email protected],DOMAIN\username,username(calledDisplay NameinActiveDirectory),oruserlogin. 4.Verifythatthespecifieduserisallowedtologinandisenabled. IfDirectoryAdministratorDistinguishedNameandDirectoryAdministratorPassword werespecified,iLOusesthesevaluestologintothedirectoryserverasanadministrator. Theseboxesareoptional. Directory AdministratorLogin iLOauthenticatestothedirectoryserverwiththespecifiedusernameandpassword.UserAuthentication Ifthetestissuccessful,thesuppliedusercredentialsarecorrect. Ifthetestfails,theusernameand/orpasswordisincorrect. Ifafailureoccurs: 1.Ifyouverifiedthattheusernameiscorrect,tryusingotheruser-nameformats;for example,[email protected],DOMAIN\username, username(calledDisplay NameinActiveDirectory),oruserlogin. 2.Verifythatthespecifieduserisallowedtologinandisenabled. 3.ChecktoseeifthespecifiedusernameisrestrictedbylogonhoursorIP-basedlogging. Thistestverifiesthatthespecifiedusernameispartofthespecifieddirectorygroup,and ispartofthedirectorysearchcontextspecifiedduringdirectoryservicesconfiguration. UserAuthorization Ifafailureoccurs: 1.Verifythatthespecifiedusernameispartofthespecifieddirectorygroup. 2.ChecktoseeifthespecifiedusernameisrestrictedbylogonhoursorIP-basedlogging. IfDirectoryAdministratorDistinguishedNamewasspecified,iLOtriestosearchthe specifiedcontext. DirectoryUser Contexts Ifthetestissuccessful,iLOfoundthecontextbyusingtheadministratorcredentialsto searchforthecontainerinthedirectory. Contextsthatbeginwith"@"canbetestedonlybyuserlogin. Afailureindicatesthatthecontainercouldnotbelocated. ThistestsearchesfortheiLOobjectinthedirectoryserverbyusingtheLOMObject DistinguishedNameconfiguredontheSecurity→Directorypage. LOMObjectExists ConfiguringiLOsecurity57
Table3Directorytests(continued) DescriptionTest NOTE:YoucanenteraLOMObjectDistinguishedNameontheSecurity→Directory pageonlywhenUseHPExtendedSchemaisselected.ThistestisrunevenifLDAPDirectory Authenticationisdisabled. Ifthetestsissuccessful,iLOfoundtheobjectthatrepresentsitself. Ifafailureoccurs: 1.VerifythattheLDAPFQDNoftheLOMobjectiscorrect. 2.TrytoupdatetheHPExtendedSchemaandsnap-insinthedirectoryserverbyupdating theHPDirectoriesSupportforProLiantManagementProcessorssoftware. •Result—Reportsstatusforaspecificdirectorysettingoranoperationthatusesoneormore directorysettings.Theseresultsaregeneratedwhenasequenceoftestsisrun.Theresultsstop whenthetestsruntocompletion,whenatestfailurepreventsfurtherprogress,orwhenthe testsarestopped.Testresultsfollow: ◦Passed—Thetestransuccessfully.Ifmorethanonedirectoryserverwastested,allservers thatranthistestweresuccessful. ◦NotRun—Thetestwasnotrun. ◦Failed—Thetestwasunsuccessfulononeormoreofthedirectoryservers.Directory supportmightnotbeavailableonthoseservers. ◦Warning—Thetestranandreportedawarningcondition,forexample,acertificateerror. ChecktheNotescolumnforsuggestedactionstocorrectthewarningcondition. •Notes—Indicatestheresultsofvariousphasesofthedirectorytests.Thedataisupdatedwith failuredetailsandinformationthatisnotreadilyavailable,likethedirectoryservercertificate subjectandwhichroleswereevaluatedsuccessfully. Usingthedirectorytestcontrols TheDirectoryTestControlssectionenablesyoutoviewthecurrentstateofthedirectorytests,adjust thetestparameters,startandstopthetests,andrefreshthepagecontents. •InProgress—Indicatesthatdirectorytestsarecurrentlybeingperformedinthebackground. ClicktheStopTestbuttontocancelthecurrenttests,orclicktheRefreshbuttontoupdatethe contentsofthepagewiththelatestresults.UsingtheStopTestbuttonmightnotstopthetests immediately. •NotRunning—Indicatesthatdirectorytestsarecurrent,andthatyoucansupplynewparameters torunthetestsagain.UsetheStartTestbuttontostartthetestsandusethecurrenttestcontrol values.Directorytestscannotbestartedaftertheyarealreadyinprogress. •Stopping—Indicatesthatdirectorytestshavenotyetreachedapointwheretheycanstop. YoucannotrestarttestsuntilthestatuschangestoNotRunning.UsetheRefreshbuttonto determinewhetherthetestsarecomplete. Forinformationabouttheparametersyoucanenter,see“Runningdirectorytests”(page54). Usingencryption iLOprovidesenhancedsecurityforremotemanagementindistributedITenvironments.SSL encryptionprotectswebbrowserdata.SSLencryptionofHTTPdataensuresthatthedataissecure asitistransmittedacrossthenetwork.iLOsupportsthefollowingcipherstrengths: •256-bitAESwithRSA,DHE,andaSHA1MAC •256-bitAESwithRSA,andaSHA1MAC 58ConfiguringiLO
•128-bitAESwithRSA,DHE,andaSHA1MAC •128-bitAESwithRSA,andaSHA1MAC •168-bit3DESwithRSA,andaSHA1MAC •168-bit3DESwithRSA,DHE,andaSHA1MAC iLOalsoprovidesenhancedencryptionthroughtheSSHportforsecureCLPtransactions.iLO supportsAES128-CBCand3DESCBCcipherstrengthsthroughtheSSHport. Ifenabled,iLOenforcestheuseoftheseenhancedciphers(bothAESand3DES)overthesecure channels,includingsecureHTTPtransmissionsthroughthebrowser,SSHport,andXMLport.When AES/3DESencryptionisenabled,youmustuseacipherstrengthequaltoorgreaterthanAES/3DES toconnecttoiLOthroughthesesecurechannels.TheAES/3DESencryptionenforcementsetting doesnotaffectcommunicationsandconnectionsoverless-securechannels. Bydefault,RemoteConsoledatauses128-bitRC4bidirectionalencryption.TheHPQLOCFGutility uses128-bitRC4with160-bitSHA1and2048-bitRSAKeyXencryptiontosecurelysendRIBCL scriptstoiLOoverthenetwork. Version1.50andlateroftheiLO3firmwaresupportsFIPSMode. NOTE:ThetermFIPSModeisusedinthisdocumentandiniLOtodescribethefeature,notits validationstatus. •FIPSisasetofstandardsmandatedforusebyUnitedStatesgovernmentagenciesand contractors. •FIPSModeiniLO31.50andlaterisintendedtomeettherequirementsofFIPS140-2level 1.ThisversionoranyotherversionoftheiLOfirmwaremighthavethisfeaturebutmightor mightnotbeFIPSvalidated.TheFIPSvalidationprocessislengthy,sonotalliLOfirmware versionswillbevalidated.ForinformationaboutthecurrentFIPSstatusofthisoranyother versionoftheiLOfirmware,seethefollowingdocument:http://csrc.nist.gov/groups/STM/ cmvp/documents/140-1/140InProcess.pdf. Viewingencryptionenforcementsettings NavigatetotheAdministration→Security→Encryptionpage,asshowninFigure25(page59). Figure25Security–EncryptionSettingspage ConfiguringiLOsecurity59
TheEncryptionSettingspagedisplaysthecurrentencryptionsettingsforiLO. •CurrentNegotiatedCipher—Thecipherinuseforthecurrentbrowsersession.Afteryoulog intoiLOthroughthebrowser,thebrowserandiLOnegotiateaciphersettingtouseduring thesession. •EncryptionEnforcementSettings—ThecurrentencryptionsettingsforiLO: FIPSMode—IndicateswhetherFIPSModeisenabledordisabledforthisiLOsystem.◦ ◦EnforceAES/3DESEncryption—IndicateswhetherAES/3DESencryptionisenforcedfor thisiLO. Whenenabled,iLOacceptsonlythoseconnectionsthroughthebrowserandSSHinterface thatmeettheminimumcipherstrength.AcipherstrengthofatleastAESor3DESmust beusedtoconnecttoiLOwhenthissettingisenabled. ModifyingtheAES/DESencryptionsetting YoumusthavetheConfigureiLOSettingsprivilegetochangetheencryptionsettings. TomodifytheAES/DESencryptionsetting: 1.NavigatetotheAdministration→Security→Encryptionpage,asshowninFigure25(page59). 2.ChangetheEnforceAES/3DESEncryptionsettingtoEnabledorDisabled. 3.ClickApplytoendyourbrowserconnectionandrestartiLO. Waitatleast30secondsbeforeyouattempttore-establishaconnection. WhenchangingtheEnforceAES/3DESEncryptionsettingtoEnabled,closeallopenbrowsers afterclickingApply.Anybrowsersthatremainopenmightcontinuetouseanon-AES/3DES cipher. ConnectingtoiLObyusingAESor3DESencryption AfteryouenabletheEnforceAES/3DESEncryptionsetting,iLOrequiresthatyouconnectthrough securechannels(webbrowser,SSHconnection,orXMLchannel)byusingacipherstrengthofat leastAESor3DES. •Webbrowser—YoumustconfigurethebrowserwithacipherstrengthofatleastAESor3DES. IfthebrowserisnotusingAESor3DESciphers,iLOdisplaysanerrormessage.Theerrortext variesdependingontheinstalledbrowser. Differentbrowsersusedifferentmethodsforselectinganegotiatedcipher.Formoreinformation, seeyourbrowserdocumentation.YoumustlogoutofiLOthroughthecurrentbrowserbefore changingthebrowserciphersetting.Anychangesmadetothebrowserciphersettingwhile youareloggedintoiLOmightenablethebrowsertocontinueusinganon-AES/3DEScipher. •SSHconnection—Forinstructionsonsettingthecipherstrength,seetheSSHutility documentation. •XMLchannel—HPQLOCFGusesasecure3DEScipherbydefault.Forexample,HPQLOCFG displaysthefollowingcipherstrengthintheXMLoutput: Connecting to Server... Negotiated cipher: 128–bit Rc4 with 160–bit SHA1 and 2048–bit RsaKeyx EnablingFIPSMode YoumusthavetheConfigureiLOSettingsprivilegetochangetheencryptionsettings. ToenableFIPSModeforiLO: 1.Optional:CapturethecurrentiLOconfigurationbyusingHPONCFG. Formoreinformation,seetheHPiLO3ScriptingandCommandLineGuide. 60ConfiguringiLO