HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 137
Integrating HP ProLiant Lights-Out processors with Microsoft® Active Directory
View all HP Xw460c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 137 highlights
A role contains one or more iLO 2 and one or more users, and has a list of privileges that these users have with the iLO 2 in the role. All iLO 2 access is managed by adding and removing users and iLO 2 to and from the role, and by managing the privileges on the role. For example: Advantages of using HP schema directory integration: o Greater flexibility controlling access. For example, you can limit access to a time of day or by a certain range of IP addresses. o Groups and permissions are maintained in the directory, not on each iLO 2, and HP provides the snap-ins required for managing HP groups and targets for Active Directory Users and Computers, and eDirectory ConsoleOne. o Integration with eDirectory Disadvantages of HP schema directory integration • The directory schema must be extended. However, this task is minimized because HP provides the .ldf file and a wizard to extend the schema, and later versions of Active Directory enable you to undo schema changes. For information about how to extend the schema and configuration of directory settings information, see Integrating HP ProLiant Lights-Out processors with Microsoft® Active Directory (http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf). • Certificate requirements iLO 2 must communicate with the directory using LDAP over SSL. This communication requires the directory server to have a certificate. Installing the certificate for the domain replicates it throughout the domain controllers in the domain. For information about installing the certificate, refer to the Customer Advisory available on the HP website (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_EM030604_ CW01&locale=en_US). • Failover options To enable failover (redundancy), use the domain name as the directory server name when configuring iLO 2. Most DNS servers resolve a domain name to a working directory server (domain controller). • Login format NetBIOS, UPN, and distinguished name formats are accepted for login names. The login script for iLO 2 communicates with the client operating system and attempts to translate the login name into a directory distinguished name. For the login script to do this, the directory name must be a DNS name, not an IP address. Also, both the client and iLO 2 must be able to access the directory server using the same name. Both the client and iLO 2 must be in the same DNS domain. Directory services 137