Using The Ilo Security Features; Ilo Security - HP HPE iLO 5 User Manual

Using the iLO security features

iLO security

To access the security features that you can configure with the iLO web interface, click Security in the
navigation tree.
For in-depth information about iLO security, see the HPE Gen10 Security Reference Guide.
General security guidelines
When you set up and use iLO, consider the following guidelines for maximizing security:
• Configure iLO on a separate management network.
• Do not connect iLO directly to the Internet.
• Install an SSL certificate.
• Change the password for the default user account.
• Use an authentication service (for example, Active Directory or OpenLDAP), preferably with two-factor
authentication.
• Disable protocols that you do not use (for example, SNMP or IPMI over LAN).
• Disable features that you do not use (for example, Remote Console or Virtual Media).
• Use HTTPS for the Integrated Remote Console.
To configure this option, enable the IRC requires a trusted certificate in iLO setting on the Remote
Console & Media page Security tab.
Key security features
Configure iLO security features on the following web interface pages.
Access Settings
• Enable or disable iLO interfaces and features.
• Customize the TCP/IP ports iLO uses.
• Configure authentication failure logging and delays.
• Secure the iLO 5 Configuration Utility.
iLO Service Port
Configure iLO Service Port availability, authentication, and supported devices.
Secure Shell Key
To provide stronger security, add SSH keys to iLO user accounts.
Certificate Mappings and CAC Smartcard
Configure CAC Smartcard authentication and configure smartcard certificates for local users.
SSL Certificate
Install X.509 CA signed certificates to enable encrypted communications.
Using the iLO security features 225