• iLO enforces the use of AES ciphers over the secure channels, including secure HTTP transmissions
through the browser, SSH port, iLO RESTful API, and RIBCL. When HighSecurity is enabled, you
must use a supported cipher to connect to iLO through these secure channels. This security state
does not affect communications and connections over less-secure channels.
• User name and password restrictions for iLO RESTful API and RIBCL commands executed from the
host system are enforced when iLO is configured to use this security state.
• Remote Console data uses AES-128 bidirectional encryption.
• The HPQLOCFG utility negotiates an SSL connection to iLO and then uses the strongest available
cipher to send RIBCL scripts to iLO over the network.
• You cannot connect to the server with network-based tools that do not support TLS 1.2.
• The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security
Override switch) does not disable the password requirement for logging in to iLO.
FIPS
When iLO is set to this security state:
• iLO operates in a mode intended to comply with the requirements of FIPS 140-2 level 1.
FIPS is a set of computer security standards mandated for use by United States government agencies
and contractors.
The FIPS security state is not the same as FIPS validated. FIPS validated refers to software that
received validation by completing the Cryptographic Module Validation Program.
For more information, see Configuring a FIPS-validated environment with iLO on page 260.
• iLO enforces the use of AES ciphers over the secure channels, including secure HTTP transmissions
through the browser, SSH port, iLO RESTful API, and RIBCL. When FIPS is enabled, you must use a
supported cipher to connect to iLO through these secure channels. This security state does not affect
communications and connections over less-secure channels.
• User name and password restrictions for iLO RESTful API and RIBCL commands executed from the
host system are enforced when iLO is configured to use this security state.
• Remote Console data uses AES-128 bidirectional encryption.
• The HPQLOCFG utility negotiates an SSL connection to iLO and then uses the strongest available
cipher to send RIBCL scripts to iLO over the network.
• You cannot connect to the server with network-based tools that do not support TLS 1.2.
• The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security
Override switch) does not disable the password requirement for logging in to iLO.
SuiteB
The SuiteB security state (also called CNSA mode) is available only when the FIPS security state is
enabled.
When set to this security state:
262 Using the iLO security features
To Next Page
Loading...
Need help?
General