Using hp enterprise secure key manager with ilo – HP Integrated Lights-Out 4 User Manual
Page 242
The KCS interface is accessible to the SMS software running on the local system. Examples of
compatible SMS software applications follow:
•
IPMI version 2.0 Command Test Tool—A low-level MS-DOS command-line tool that enables
hex-formatted IPMI commands to be sent to an IPMI BMC that implements the KCS interface.
You can download this tool from the Intel website at
•
IPMItool—A utility for managing and configuring devices that support the IPMI version 1.5
and version 2.0 specifications. IPMItool can be used in a Linux environment. You can download
this tool from the IPMItool website at
.
When emulating a BMC for the IPMI interface, iLO supports all mandatory commands listed in the
IPMI version 2.0 specification. The SMS should use the methods described in the specification for
determining which IPMI features are enabled or disabled in the BMC (for example, using the Get
Device ID
command).
If the server operating system is running, and the iLO health driver is enabled, any IPMI traffic
through the KCS interface can affect health driver performance and overall system health. Do not
issue any IPMI commands through the KCS interface that might have a negative effect on health
driver monitoring. This restriction includes any command that sets or changes IPMI parameters,
such as Set Watchdog Timer and Set BMC Global Enabled. Any IPMI command that
simply returns data is safe to use, such as Get Device ID and Get Sensor Reading.
Using iLO with HP Insight Control server deployment
HP Insight Control server deployment is integrated with iLO to enable the management of remote
servers and the performance of Remote Console operations, regardless of the state of the operating
system or hardware.
The deployment server enables you to use the power management features of iLO to power on,
power off, or cycle power on the target server. Each time a server connects to the deployment
server, the deployment server polls the target server to verify that an iLO device is installed. If
installed, the server gathers information, including the DNS name, IP address, and user login name.
Security is maintained by requiring the user to enter the correct password for that user name.
For more information about HP Insight Control server deployment, see the documentation on the
HP Insight Control website at
.
Using HP Enterprise Secure Key Manager with iLO
The Key Manager page enables you to connect to an operational key manager, change redundancy
settings, view the key manager connection settings, test the connection, and view key management
events.
iLO 4 1.40 and later supports the HP Enterprise Secure Key Manager 3.1 and later, which can
be used in conjunction with HP Secure Encryption.
•
HP Secure Encryption supports HP Smart Array Controllers and provides data-at-rest encryption
for direct-attached HDD or SSD storage connected to HP ProLiant Gen8 servers. It provides
an integrated solution to encrypting HDD or SSD volumes by using 256-bit XTS-AES algorithms.
•
HP Enterprise Secure Key Manager generates, stores, serves, controls and audits access to
data encryption keys. It enables you to protect and preserve access to business-critical, sensitive,
data-at-rest encryption keys.
•
HP iLO manages the key exchange between the ESKM and the Smart Array Controller. iLO
uses a unique user account based on its own MAC address for communicating with the ESKM.
For the initial creation of this account, iLO uses a deployment user account that pre-exists on
the ESKM with administrator privileges. For more information about the deployment user
account, see the HP Secure Encryption Installation and User Guide
242 Using iLO