6 directory services, Directory integration benefits, Choosing a directory configuration to use with ilo – HP Integrated Lights-Out 3 User Manual
Page 160: Directory, Directory services
6 Directory services
This chapter describes how to configure iLO to use Kerberos login, schema-free directory
authentication, and HP extended schema directory authentication.
Directory integration benefits
Directory integration with iLO provides the following benefits:
•
Scalability—The directory can be leveraged to support thousands of users on thousands of
iLO processors.
•
Security—Robust user-password policies are inherited from the directory. User-password
complexity, rotation frequency, and expiration are policy examples.
•
User accountability—In some environments, users share iLO accounts, which makes it difficult
to determine who performed an operation.
•
Role-based administration—You can create roles (for example, clerical, remote control of the
host, complete control) and associate users or user groups with those roles. A change to a
single role applies to all users and iLO devices associated with that role.
•
Single point of administration—You can use native administrative tools like MMC and
ConsoleOne to administer iLO users.
•
Immediacy—A single change in the directory rolls out immediately to associated iLO processors.
This eliminates the need to script this process.
•
Simpler credentials—You can use existing user accounts and passwords in the directory without
having to record a new set of credentials for iLO.
•
Flexibility—You can create a single role for a single user on a single iLO processor, a single
role for multiple users on multiple iLO processors, or a combination of roles as suited to your
enterprise.
•
Compatibility—iLO directory integration supports Active Directory and eDirectory.
•
Standards—iLO directory support is based on the LDAP 2.0 standard for secure directory
access.
Choosing a directory configuration to use with iLO
Some directory configuration practices work better with iLO than others. Before you configure iLO
for directories, you must decide whether to use the schema-free directory integration method or
the HP extended schema directory integration method. Answer the following questions to help
evaluate your directory integration requirements:
1.
Can you apply schema extensions to your directory?
•
No—You are using Active Directory, and your company policy prohibits applying
extensions.
No—Directory integration does not fit your environment. Consider deploying an evaluation
server to assess the benefits of directory integration.
Use group-based schema-free directory integration. For more information, see
directory integration” (page 166)
.
•
Yes—Proceed to
.
160 Directory services