216
14. Using the iLO security features
iLO security
To access the security features that you can configure with the iLO web interface, click Security in
the navigation tree.
General security guidelines
When you set up and use iLO, consider the following guidelines for maximizing security:
• Configure iLO on a separate management network.
• Do not connect iLO directly to the Internet.
• Install an SSL certificate.
• Change the password for the default user account.
• Use an authentication service (for example, Active Directory or OpenLDAP), preferably with
two-factor authentication.
• Disable protocols that you do not use (for example, SNMP or IPMI over LAN).
• Disable features that you do not use (for example, Remote Console or Virtual Media).
• Use HTTPS for the Integrated Remote Console.
Key security features
Configure iLO security features on the following web interface pages.
Access Settings
• Enable or disable iLO interfaces and features.
• Customize the TCP/IP ports iLO uses.
• Configure authentication failure logging and delays.
• Secure the BMC Configuration Utility.
iLO Service Port
Configure iLO Service Port availability, authentication, and supported devices.
Secure Shell Key
Add SSH keys to iLO user accounts to provide stronger security.
SSL Certificate
Install X.509 CA signed certificates to enable encrypted communications.
Directory
Configure Kerberos authentication and Directory integration.
You can configure iLO to use a directory to authenticate and authorize its users. This
configuration enables an unlimited number of users and easily scales to the number of iLO
devices in an enterprise. The directory also provides a central point of administration for iLO
devices and users, and the directory can enforce a strong password policy.
To Next Page
Loading...
Need help?
General