Hp sim single sign-on (sso), Setting up ilo 2 for hp sim sso – HP Integrated Lights-Out 2 User Manual

Internet Explorer does not have a user-selectable cipher strength setting. You must edit the registry
to enable Internet Explorer to connect to iLO 2 when the Enforce AES/3DES Encryption setting is
enabled. To enable AES/3DES encryption in Internet Explorer, open the registry and set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

FIPSAlgorithmPolicy

to 1.

NOTE:

Incorrectly editing the registry can severely damage your system. HP recommends creating

a back up of any valued data on the computer before making changes to the registry. For
information on how to restore your registry, see the Microsoft Knowledge Base article at

http://

support.microsoft.com/kb/307545

.

To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the
cipher strength.

When connecting through the XML channel, the CPQLOCFG utility uses a secure 3DES cipher by
default. CPQLOCFG 2.26 or later displays the following current-connection cipher strength on the
XML output. For example:

Connecting to Server..
Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC

AES encryption is not supported by Internet Explorer on a Windows 2000 Professional client. To
use AES encryption with this operating system, use another browser (such as Mozilla).

HP SIM single sign-on (SSO)

HP SIM SSO enables you to browse directly from HP SIM to your LOM processor, bypassing an
intermediate login step. To use SSO, a current version of HP SIM is required, and you must configure
your LOM processor to accept the links from HP SIM. HP SIM requires the latest updates and
patches to function correctly. For more information about HP Systems Insight Manager and available
updates, see the HP website at

http://www.hp.com/go/hpsim

.

HP SIM SSO is a licensed feature available with the purchase of optional licenses. For more
information, see

“Licensing” (page 26)

.

The HP SIM SSO page enables you to view and configure SSO settings through the iLO 2 interface.
For more information, see

“Setting up HP SIM SSO” (page 57)

.

You can also access HP SIM SSO configuration settings using scripts, text files, and through a
command-line using text-based clients such as SSH over the network or from the operating system
on the host computer. Scripting SSO enables you to use the same SSO settings on all your LOM
processors. For more information, example scripts, and CLP extensions to read, modify, and write
HP SIM SSO configuration settings, see the HP Integrated Lights-Out Management Processor
Scripting and Command Line Resource Guide at

http://h20000.www2.hp.com/bizsupport/

TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&
docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658

.

Setting up iLO 2 for HP SIM SSO

Before you start SSO setup, you must have the network address of HP SIM and ensure that a license
key is installed. To setup SSO:

1.

Enable Single Sign-On Trust Mode by selecting either Trust by Certificate (recommended),
Trust by Name, or Trust All.

2.

Add the HP SIM certificate of the server to iLO 2.
a.

Click Add an HP SIM Server.

b.

Enter the HP SIM server network address.

c.

Click Import Certificate.

The certificate repository is sized to allow five typical iLO 2 certificates. However, certificate
sizes can vary if typical certificates are not issued. There is 6KB of combined storage allocated

Security

55