Password guidelines, Securing rbsu, Ilo 2 security override switch administration – HP Integrated Lights-Out 2 User Manual
Page 42: Ilo 2 security override
Password guidelines
The following is a list of recommended password guidelines. Passwords must:
•
Never be written down or recorded
•
Never be shared with others
•
Not be words generally found in a dictionary, or easy to guess words, such as the company
name, product names, the user's name, or the user's User ID
•
Include at least three of the four following characteristics:
At least one numeric character
◦
◦
At least one special character
◦
At least one lowercase character
◦
At least one uppercase character
Passwords issued for a temporary user ID, password reset, or a locked-out user ID must also conform
to these standards. Each password must be a minimum length of zero characters and a maximum
length of 39 characters. The default minimum length is set to eight characters. Setting the minimum
password length to fewer than eight characters is not recommended unless you have a physically
secure management network that does not extend outside the secure data center.
Securing RBSU
iLO 2 RBSU enables you to view and modify the iLO 2 configuration. RBSU access settings can
be configured using RBSU, a web browser, RIBCL scripts, or the iLO 2 Security Override Switch.
For more information, see
. RBSU has three levels of security:
•
RBSU Login Not Required (default)
Anyone with access to the host during POST can enter the iLO 2 RBSU to view and modify
configuration settings. This is an acceptable setting if host access is controlled.
•
RBSU Login Required (more secure)
If RBSU login is required, then the active configuration menus are controlled by the authenticated
user's access rights.
•
RBSU Disabled (most secure)
If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU
interface.
iLO 2 Security Override Switch administration
The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor.
This access might be necessary for any of the following conditions:
•
The iLO 2 firmware must be re-enabled after it has been disabled.
•
All user accounts with the Administer User Accounts privilege have been locked out.
•
A bad configuration keeps the iLO 2 from displaying on the network and RBSU has been
disabled.
•
The boot block must be flashed.
Ramifications of setting the Security Override Switch include:
•
All security authorization checks are disabled while the switch is set.
•
The iLO 2 firmware RBSU runs if the host server is reset.
•
The iLO 2 firmware is not disabled and might display on the network as configured.
42
Configuring iLO 2