Setting up ilo 2 for hp sim sso, Adding hp sim trusted servers – HP Integrated Lights-Out User Manual

Configuring iLO 2 58

You can also access HP SIM SSO configuration settings using scripts, text files, and through a command-

line using text-based clients such as SSH over the network or from the operating system on the host
computer. Scripting SSO enables you to use the same SSO settings on all your LOM processors. For more

information, example scripts, and CLP extensions to read, modify, and write HP SIM SSO configuration

settings, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource

Guide.

Setting up iLO 2 for HP SIM SSO

Before you start SSO setup, you must have the network address of HP SIM and ensure that a license key is
installed. To setup SSO:

1.

Enable Single Sign-On Trust Mode by selecting either Trust by Certificate (recommended), Trust by
Name, or Trust All.

2.

Add the HP SIM certificate of the server to iLO 2.

a.

Click Add an HP SIM Server.

b.

Enter the HP SIM server network address.

c.

Click Import Certificate.

The certificate repository is sized to allow five typical iLO 2 certificates. However, certificate sizes
can vary if typical certificates are not issued. There is 6KB of combined storage allocated for

certificates and iLO 2 server names. When the allocated storage is used, no more imports are

accepted.

After setting up SSO in iLO 2, log into HP SIM, locate the LOM processor, select Tools>System
Information>iLO as... HP SIM launches a new browser that is logged in to the LOM management

processor.

Adding HP SIM trusted servers

You can install HP SIM server certificates using scripting that is suitable for mass deployment. For more

information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line

Resource Guide. To add HP SIM server records using a browser:

1.

Click Administration>Security>HP SIM SSO.

2.

Click Add an HP SIM Server.

3.

To authenticate the server, choose one of the following:

o

To add an HP SIM server using Trust by Name authentication, enter the full network name of the
HP SIM server in the Add a Trusted HP SIM Server Name section. Click Add Server Name.
Trust by Name authentication uses fully qualified domain names; for example, sim-host.hp.com
instead of sim-host. If you are unsure of the fully qualified domain name, use the nslookup

host command.

o

To retrieve and import a certificate from a trusted HP SIM server, enter the full network name of
an HP SIM Server in the Retrieve and import a certificate from a trusted HP SIM Server section.

Click Import Certificate to request the certificate from the HP SIM server and automatically import

it. This record supports SSO Trust by Name and SSO Trust by Certificate.
To prevent any certificate tampering directly import an HP SIM server certificate. To directly

import an HP SIM server certificate, retrieve the HP SIM certificate date using one of the
following options:

—

Using a separate browser window, browse to the HP SIM server using the URL: