HP rp3440 HP Integrity and HP 9000 iLO MP Operations Guide, Fifth Edition - Page 23
Security Setup, Protecting SNMP Traffic, Help System, Accessing Help Using the Text User Interface - serial console
View all HP rp3440 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 23 highlights
of iLO enables you to maintain network user accounts and security policies in a central, scalable database that supports thousands of users, devices, and management roles. Integrity Verifies that no one has altered incoming commands or data. iLO incorporates trusted Java applets to verify the integrity of data. Privacy iLO MP uses SSL for web connections, RSL-RC4 encryption for the remote serial console, and SSH-DES3/DES128 2.0 recommended encryption algorithms for SSH-based connections. You can enable or disable telnet, IPMI over LAN, web, and SSH connectivity. Because iLO devices are completely autonomous and can be used to control the server, they should be treated in the same manner as other servers. For example, the administrator should include the iLO devices in the security and network audits and should review the access logs daily. Security Setup HP generally recommends that iLO management traffic be on a separate management network and that only administrators be granted access to that network. This not only improves performance by reducing traffic load across the main network, it also acts as the first line of defense against security attacks. A separate network enables administrators to physically control which workstations are connected to the network. For security reasons, HP strongly recommends you modify the default settings during the initial logon session and determine the security access required and what user accounts and privileges are needed. You can create local accounts or use directory services to control user access. See "Modifying User Accounts and Default Password" (page 36). Protecting SNMP Traffic Because SNMP uses passwords (known as community strings) that are sent across the network in clear text, you must enhance the network security when using SNMP traffic. For enhancing network security , do the following: • Reset the community strings (read-write and read-only) with the same frequency and according to the same guidelines as the administrative passwords. For example, select alphanumeric strings with at least one uppercase letter, one numeral, and one symbol. • Set firewalls or routers to accept only specific source and destination addresses. For example, you can allow inbound SNMP traffic into the host server only if it comes from one of the predetermined management workstations. TIP: Telnet sends data without encryption and is not a secure connection. HP recommends using SSH instead of telnet because SSH uses encryption. To enable and disable telnet access, use the SA command. Help System The iLO MP has a robust help system. Accessing Help Using the Text User Interface To access the Help menu from the text user interface (TUI), enter HE at the MP> prompt. The following example shows the MP Help Main Menu: ==== MP Help: Main Menu Integrated Lights-Out for HP Integrity and HP 9000 - Management Processor (MP) MP Help System Enter a command at the help prompt: Help System 23