Securing rbsu, Ilo 2 security override switch administration – HP Integrated Lights-Out User Manual
Page 44
Configuring iLO 2 44
o
At least one numeric character
o
At least one special character
o
At least one lowercase character
o
At least one uppercase character
Passwords issued for a temporary user ID, password reset, or a locked-out user ID should also conform to
these standards. Each password must be a minimum length of zero characters and a maximum length of
39 characters. The default minimum length is set to eight characters. Setting the minimum password length
to fewer than eight characters is not recommended unless you have a physically secure management
network that does not extend outside the secure data center.
Securing RBSU
iLO 2 RBSU enables you to view and modify the iLO 2 configuration. RBSU access settings can be
configured using RBSU, a web browser (Access options (on page
)), RIBCL scripts, or the iLO 2 Security
Override Switch. RBSU has three levels of security:
•
RBSU Login Not Required (default)
Anyone with access to the host during POST can enter the iLO 2 RBSU to view and modify
configuration settings. This is an acceptable setting if host access is controlled.
•
RBSU Login Required (more secure)
If RBSU login is required, then the active configuration menus are controlled by the authenticated
user's access rights.
•
RBSU Disabled (most secure)
If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU
interface.
iLO 2 Security Override Switch administration
The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor. This access
may be necessary for any of the following conditions:
•
iLO 2 must be re-enabled after it has been disabled.
•
All user accounts with the Administer User Accounts privilege have been locked out.
•
A bad configuration keeps the iLO 2 from displaying on the network and RBSU has been disabled.
•
The boot block must be flashed.
Ramifications of setting the Security Override Switch include:
•
All security authorization checks are disabled while the switch is set.
•
iLO 2 RBSU runs if the host server is reset.
•
iLO 2 is not disabled and might display on the network as configured.
•
iLO 2, if disabled while the Security Override Switch is set, does not log the user out and complete
the disable process until the power is cycled on the server.
•
The boot block is exposed for programming.
A warning message is displayed on iLO 2 browser pages indicating that the iLO 2 Security Override
Switch is currently in use. An iLO 2 log entry records the use of the iLO 2 Security Override Switch. An
SNMP alert can also be sent upon setting or clearing the iLO 2 Security Override Switch.