Disabling fips mode, Configuring ilo for hp sso – HP Integrated Lights-Out 3 User Manual

Page 61

Advertising
background image

2.

Verify that a trusted certificate is installed.

Using iLO in FIPS Mode with the default self-signed certificate is not FIPS compliant. For
instructions, see

“Obtaining and importing an SSL certificate” (page 49)

.

IMPORTANT:

Some interfaces to iLO, such as supported versions of IPMI and SNMP, are

not FIPS compliant and cannot be made FIPS compliant. For information about the iLO firmware
versions that are FIPS validated, see the following document:

http://csrc.nist.gov/groups/

STM/cmvp/documents/140-1/140-1val.zip

3.

Power off the server.

4.

Navigate to the Administration

→Security→Encryption page, as shown in

Figure 25 (page 59)

.

5.

Set FIPS Mode to Enabled.

CAUTION:

Enabling FIPS Mode resets iLO to the factory default settings, and clears all user

and license data.

6.

Click Apply.

iLO reboots in FIPS Mode. Wait at least 90 seconds before attempting to re-establish a
connection.

7.

Optional: Restore the iLO configuration by using HPONCFG.

For more information, see the HP iLO 3 Scripting and Command Line Guide.

TIP:

You can use the Login Security Banner feature to notify iLO users that a system is using FIPS

Mode. For more information, see

“Configuring the Login Security Banner” (page 67)

.

You can also use XML configuration and control scripts to enable FIPS mode. For more information,
see the HP iLO 3 Scripting and Command Line Guide.

Disabling FIPS Mode

If you want to disable FIPS Mode for iLO (for example, if a server is decommissioned), you must
set iLO to the factory default settings. You can perform this task by using RIBCL scripts or iLO RBSU.

For instructions, see

“Resetting iLO to the factory default settings by using iLO RBSU” (page 230)

or

the HP iLO 3 Scripting and Command Line Guide.

When you disable FIPS Mode, all potentially sensitive data is erased, including all logs and settings.

Configuring iLO for HP SSO

HP SSO enables you to browse directly from an HP SSO-compliant application (such as HP SIM)
to iLO, bypassing an intermediate login step. To use SSO, you must have a supported version of
an HP SSO-compliant application, and you must configure the iLO processor to trust the
SSO-compliant application.

This feature and many others are part of an iLO licensing package. For more information about
iLO licensing, see the following website:

http://www.hp.com/go/ilo/licensing

.

Some HP SSO-compliant applications automatically import trust certificates when they connect to
iLO. For applications that do not do this automatically, use the HP SSO page to configure the SSO
settings through the iLO web interface. You must have the Configure iLO Settings privilege to
change these settings.

Configuring iLO security

61

Advertising
Popular Brands
Popular manuals