Snp For Select Proliant Servers; Shared Network Port With Virtual Lan - HP AB500A - Integrated Lights-Out Advanced Technology Brief

will not be able to route packets between its 10/100 Ethernet port and an Ethernet port (possibly
embedded) on the host server.
Therefore, if the host is compromised, iLO cannot be exploited as a means to compromise the
management network. Conversely, in the unlikely event that the management port is compromised,
there is no chance that the server network will be compromised as a result.

SNP for select ProLiant servers

Most G4 and later ProLiant ML and DL servers with iLO now support SNP, but there are exceptions.
Users should consult the server documentation to determine whether a specific ProLiant server supports
SNP. HP ProLiant servers supporting iLO are identified on this HP web page:
www.hp.com/servers/ilo/supportedservers. At this time HP does not plan to support SNP on HP
BladeSystem.
In HP server platforms that do support SNP, iLO management traffic uses the host NIC rather than the
iLO management port. In this case, one of the server network ports shares its traffic with iLO
management traffic (Figure 2). This capability is an advantage for customers who do not want to
maintain a separate network for management traffic.
Figure 2. Shared network port is available for most ProLiant servers with the iLO processor.
Even though network traffic and iLO management traffic both flow through the same port, it is
impossible for management data to flow to the host data stream. To ensure that all packets travel to
the appropriate destination, the shared network port contains two separate Media Access Control
(MAC) addresses inside the NIC – one for the iLO traffic and one for the host server traffic. The MAC
layer is a sub-layer in the hardware data-link layer of the Open System Interconnection (OSI) model. It
is responsible for moving data packets to and from one NIC to another across a shared channel.
Because iLO maintains its own MAC address, it also maintains its own IP address. This ensures that
other devices can address iLO independently of the host server, even though the network and
management traffic share a port.

Shared network port with Virtual LAN

Security for the iLO SNP is enhanced by implementing the Virtual LAN (VLAN) feature. This feature is
available with the release of iLO v1.80 and iLO 2 v1.10 and later.
A VLAN is a logical network that isolates network traffic to segments. It increases security because
rules are established that restrict traffic on one segment from entering another segment. The Institute of
Electrical and Electronic Engineers (IEEE) 802.1Q specification stipulates the use of VLAN tags. A
8