beautypg.com

2 ssl connection, 13 ports needed for hp oneview, 14 access to the appliance console – HP OneView User Manual

Page 53

background image

3.12.2 SSL connection

The client should specify HTTPS as the protocol to ensure SSL is used on the network to protect
sensitive data. If the client specifies HTTP, it will be redirected to HTTPS to ensure that SSL is used.

The appliance certificate, which the client requires, allows the SSL connection to succeed. A
convenient way to obtain a certificate is to use a browser pointed at the appliance; for more
information on obtaining a certificate with a browser, see

“Managing certificates from a browser”

(page 50)

3.13 Ports needed for HP OneView

HP OneView requires specific ports to be made available to the appliance to manage servers,
enclosures, and interconnects.

Table 1 Required ports

Description

Usage

Protocol

Port number

Used for HTTP interface. Typically, this port redirects to port
443; this port provides the access that iLO requires.

Inbound

TCP

80

HP OneView acts as an NTP server, both iLO and Onboard
Administrator require access.

Inbound

UDP

123

The appliance uses this port as an NTP client to synchronize
the appliance time.

Outbound

UDP

123

Supports SNMP GET calls to obtain status data from a server
through iLO. Also used for iPDU.

Outbound

UDP

161

Used for SNMP trap support from the iLO, Onboard
Administrator, and iPDU devices.

Inbound

UDP

162

Used for the HTTPS interface to user interface and APIs.

Inbound

TCP

443

Used for secure SSL access to the iLO and Onboard
Administrator. Used for RIBCL, SOAP, and iPDU
communication.

Outbound

TCP

443

Used as an alternative SNMP trap port.

Inbound

UDP

2162

Used to allow external scripts or applications to connect to
and monitor messages from the SCMB (State Change Message
Bus).

Inbound

TCP

5671

Provides browser access to the remote console.

Browser to iLO

TCP

17988

Provides remote console access to iLO virtual media.

Browser to iLO

TCP

17990

3.14 Access to the appliance console

Use the hypervisor management software to restrict access to the appliance, which prevents
unauthorized users from accessing the password reset and service access features. See

“Restricting

console access” (page 54)

.

Typical legitimate uses for access to the console are:

Troubleshooting network configuration issues.

Enabling service access by an on-site authorized support representative.

The virtual appliance console is displayed in a graphical console; password reset and HP Services
access use a non-graphical console.

Switching from one console to another (VMware vSphere)

1.

Open the virtual appliance console from vSphere.

2.

Press and hold Ctrl+Alt.

3.13 Ports needed for HP OneView

53

See also other documents in the category HP Tools: