Securing rbsu, Ilo 2 security override switch administration – HP Integrated Lights-Out User Manual

Configuring iLO 2 44

o

At least one numeric character

o

At least one special character

o

At least one lowercase character

o

At least one uppercase character

Passwords issued for a temporary user ID, password reset, or a locked-out user ID should also conform to

these standards. Each password must be a minimum length of zero characters and a maximum length of
39 characters. The default minimum length is set to eight characters. Setting the minimum password length

to fewer than eight characters is not recommended unless you have a physically secure management

network that does not extend outside the secure data center.

Securing RBSU

iLO 2 RBSU enables you to view and modify the iLO 2 configuration. RBSU access settings can be

configured using RBSU, a web browser (Access options (on page

40

)), RIBCL scripts, or the iLO 2 Security

Override Switch. RBSU has three levels of security:

•

RBSU Login Not Required (default)
Anyone with access to the host during POST can enter the iLO 2 RBSU to view and modify
configuration settings. This is an acceptable setting if host access is controlled.

•

RBSU Login Required (more secure)
If RBSU login is required, then the active configuration menus are controlled by the authenticated

user's access rights.

•

RBSU Disabled (most secure)
If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU
interface.

iLO 2 Security Override Switch administration

The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor. This access
may be necessary for any of the following conditions:

•

iLO 2 must be re-enabled after it has been disabled.

•

All user accounts with the Administer User Accounts privilege have been locked out.

•

A bad configuration keeps the iLO 2 from displaying on the network and RBSU has been disabled.

•

The boot block must be flashed.

Ramifications of setting the Security Override Switch include:

•

All security authorization checks are disabled while the switch is set.

•

iLO 2 RBSU runs if the host server is reset.

•

iLO 2 is not disabled and might display on the network as configured.

•

iLO 2, if disabled while the Security Override Switch is set, does not log the user out and complete
the disable process until the power is cycled on the server.

•

The boot block is exposed for programming.

A warning message is displayed on iLO 2 browser pages indicating that the iLO 2 Security Override

Switch is currently in use. An iLO 2 log entry records the use of the iLO 2 Security Override Switch. An
SNMP alert can also be sent upon setting or clearing the iLO 2 Security Override Switch.