5 directory services, Overview of directory integration, Benefits of directory integration – HP Integrated Lights-Out 2 User Manual
Page 130
5 Directory services
Overview of directory integration
iLO 2 can be configured to use a directory to authenticate and authorize its users. Before configuring
iLO 2 for directories, you must decide whether or not you want to use the HP Extended schema
option.
The advantages of using the HP Extended schema option are:
•
There is much more flexibility in controlling access. For example, access can be limited to a
time of day or from a certain range of IP addresses.
•
Groups are maintained in the directory, not on each iLO 2.
•
RILOE and RILOE II only work with HP Extended schema. (Schema-free will be added to RILOE
II at later date.)
iLO 2, RILOE, and RILOE II will only work with eDirectory with HP Extended schema.
For more information, see
“Benefits of directory integration” (page 130)
.
details how roles, groups, and security is enabled and enforced using
directories. There are also white papers available for more information on directory integration
on the HP website at
.
Benefits of directory integration
•
Scalability – The directory can be leveraged to support thousands of users on thousands of
iLO 2s.
•
Security – Robust user password policies are inherited from the directory. User password
complexity, rotation frequency, and expiration are policy examples.
•
Anonymity (lack thereof) – In some environments, users share Lights-Out accounts, which results
in the lack of knowing who performed an operation, instead of knowing what account (or
role) was used.
•
Role-based administration – You can create roles (for instance, clerical, remote control of the
host, complete control) and associate users or user groups with those roles. A change at a
single role applies to all users and Lights-Out devices associated with that role.
•
Single point of administration – You can use native administrative tools like MMC and
ConsoleOne to administrate Lights-Out users.
•
Immediacy—A single change in the directory rolls-out immediately to associated Lights-Out
processors. This eliminates the need to script this process.
•
Elimination of another username and password – You can use existing user accounts and
passwords in the directory without having to record or remember a new set of credentials for
Lights-Out.
•
Flexibility – You can create a single role for a single user on a single iLO 2, or you can create
a single role for multiple users on multiple iLOs, or you can use a combinations of roles as is
suitable for your enterprise.
•
Compatibility – Lights-Out directory integration applies to iLO 2, RILOE and RILOE II products.
The integration supports the popular Active Directory and eDirectory.
•
Standards – Lights-Out directory support builds on top of the LDAP 2.0 standard for secure
directory access.
130 Directory services