Remote console computer lock – HP Integrated Lights-Out User Manual
Page 60
Configuring iLO 2 60
Users who log in to HP SIM are authorized based upon the role assignment at the HP SIM server.
The role assignment is passed to the LOM processor when SSO is attempted. You can configure iLO
2 privileges for each role in the Single Sign-On Settings section. For more information about each
privilege, see the section, "User administration (on page
)."
Using directory-based user accounts, SSO attempts to receive only the privileges assigned in this
section. Lights-Out directory settings do not apply. Default privilege assignments are:
o
User—Login only
o
Operator—Login, Remote Console, Power and Reset, and Virtual Media
o
Administrator—Login, Remote Console, Power and Reset, Virtual Media, Configure iLO 2, and
Administer Users
•
HP SIM Trusted Servers—Enables you to view the status of trusted HP SIM servers configured to use
SSO with the current LOM processor. Click Add a SIM Server to add a server name, import a server
certificate, or directly install a server certificate. For more information, see the section, "Adding HP
)."
The server table displays a list of registered HP SIM servers with the status of each. The actual
number of systems allowed depends on the size of the stored certificate data.
Although a system might be registered, SSO might be refused because of the current trust level or
certificate status. For example, if an HP SIM server name is registered and the trust level is set to Trust
by Certificate, SSO is not allowed from that server. Likewise, if a HP SIM server certificate is
imported, but the certificate has expired, SSO is not allowed from that server. Additionally, the
records are not used when SSO is disabled. iLO 2 does not enforce SSO server certificate
revocation.
o
Status—Indicates the status of the record (if any are installed).
o
Description—Displays the server name (or certificate subject). A thumbnail of a certificate
indicates that the record contains a stored certificate.
o
Actions—Displays the actions you can take on a selected record. The actions displayed depend
on the type and number of records installed:
—
Remove Name—Removes the server name record.
—
Remove Certificate—Removes the certificate record.
Remote Console Computer Lock
Remote Console Computer Lock enhances the security of an iLO 2 managed server by automatically
locking an operating system, or logging out a user when a remote console session terminates or the
network link to iLO 2 is lost. Unlike Remote Console or Integrated Remote Console, this feature is standard
and does not require an additional license. As a result, if you open a Remote Console Session or an
Integrated Remote Console window and have this feature configured, it will lock the operating system
when the window is closed even if additional feature licenses are not installed.
You can view and configure the Remote Console Computer Lock settings through the Administration or
Remote Console tabs in the iLO 2 interface. The Remote Console Computer Lock feature is disabled by
default.
To change the Remote Console Computer Lock settings:
1.
Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege.