Connecting to the ilo 2 using aes/3des encryption, Hp sim single sign-on (sso) – HP Integrated Lights-Out User Manual
Page 57
Configuring iLO 2 57
Connecting to the iLO 2 using AES/3DES encryption
After enabling the Enforce AES/3DES Encryption setting, iLO 2 requires you to connect through secure
channels (web browser, SSH, or XML port) using a cipher strength of at least AES or 3DES.
To connect to iLO 2 through a browser, the browser must be configured with a cipher strength of at least
AES or 3DES. If the web browser is not using AES or 3DES ciphers, iLO 2 displays an error message
informing you to close the current connection and select the correct cipher.
See your browser documentation to select a cipher strength of at least AES or 3DES. Different browsers
use different methods of selecting a negotiated cipher. You must log out of iLO 2 through the current
browser before changing the browser cipher strength. Any changes made to the browser cipher setting
while logged into iLO 2 might enable the browser to continue using a non-AES/3DES cipher.
All client operating systems and browsers supported by iLO 2, support the iLO 2 AES/3DES Encryption
feature except when using Windows 2000 Professional with Internet Explorer. By default, Windows 2000
Professional does not support AES or 3DES ciphers. If a client uses Windows® 2000 Professional, you
must use another browser, or update the operating system.
Internet Explorer does not have a user-selectable cipher strength setting. You must edit the registry to
enable Internet Explorer to connect to iLO 2 when the Enforce AES/3DES Encryption setting is enabled.
To enable AES/3DES encryption in Internet Explorer, open the registry and set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy
to 1.
IMPORTANT:
Incorrectly editing the registry can severely damage your system. HP
recommends creating a back up of any valued data on the computer before making changes
to the registry. For information on how to restore your registry, see the Microsoft Knowledge
base article
To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher
strength.
When connecting through the XML channel, the CPQLOCFG utility uses a secure 3DES cipher by default.
CPQLOCFG 2.26 or later displays the following current-connection cipher strength on the XML output. For
example:
Connecting to Server..
Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC
AES encryption is not supported by Internet Explorer on a Windows® 2000 Professional client. To use
AES encryption with this operating system, use another browser (such as Mozilla).
HP SIM single sign-on (SSO)
HP SIM SSO enables you to browse directly from HP SIM to your LOM processor, bypassing an
intermediate login step. To use SSO, a current version of HP SIM is required, and you must configure your
LOM processor to accept the links from HP SIM. HP SIM requires the latest updates and patches to
function correctly. For more information about HP Systems Insight Manager and available updates, see
the HP website
.
HP SIM SSO is a licensed feature available with the purchase of optional licenses. For more information,
)".
The HP SIM SSO page enables you to view and configure SSO settings through the iLO 2 interface. For
more information, see the section, "Setting up HP SIM SSO (on page
)."