Anonymous data, Fips tab – HP Onboard Administrator User Manual

Configuring the HP BladeSystem c7000 enclosure and enclosure devices 117

CAUTION:

RFC 4941 describes an IPv6 SLAAC extension that allows for generation of

global-scope temporary IPv6 addresses using interface identifiers that change over time. When

an OS that supports RFC 4941 reboots or the current address expires, a new temporary IPv6
address is generated. Windows 7 is an example of an OS that supports RFC 4941.

With trusted hosts enabled, if you are accessing the Onboard Administrator from a client hosted

on an OS with RFC 4941 support, a reboot of the client OS can result in the inability to reconnect

to the Onboard Administrator. The connection fails because the client’s new temporary IPv6
address does not match the IPv6 address configured for the client in the Trusted Addresses list. To

avoid this issue, either disable generation of global-scope temporary IPv6 addresses in the OS, or

reconfigure the Trusted Host IP address with the newly generated client IPv6 address.

The Trusted Addresses field is used to enter the IP addresses of all hosts that are to be trusted and allowed to

connect remotely to the Onboard Administrator through the protocols set up in the Protocol Restrictions
subcategory. This field allows for IP addresses only. When specifying an IPv6 address, do not specify the

prefix length.
Below the Trusted Addresses field is the list box of all trusted IP addresses, if trusted IP addresses are

configured.
To add a trusted host, enter the IP address in the Trusted Addresses field, and then click Add. You can add

a maximum of five Trusted Addresses.
To remove a trusted host, select the IP address in the Trusted Addresses list, and then click Remove.
To save the settings, click Apply.

Anonymous Data

Enable Extended Data on GUI Login Page—This checkbox is selected by default. Clearing this checkbox
disables the + functionality in the topology view on the sign in page for this enclosure. Also, the Onboard
Administrator health status appears as N/A on the sign in page.
Disabling the extended data on the GUI sign in page prevents unauthenticated users from viewing additional

information. To prevent additional information from appearing for each linked enclosure, you must clear this
checkbox for each enclosure.
Click Apply to save settings.

FIPS tab

FIPS mode

•

FIPS mode OFF—Enables the use of non-FIPS-140-2-approved algorithms.

•

FIPS mode ON—Enforces the use of the Onboard Administrator in a FIPS 140-2-approved mode. This
FIPS mode includes the use of approved algorithms such as AES, 3DES, SHA and other security

restrictions.

•

FIPS mode DEBUG—Sets the Onboard Administrator to an environment similar to the FIPS mode ON,
but with the option of debug support from HP. The FIPS mode DEBUG has the functionalities of the FIPS

mode ON, but it is not considered FIPS-compliant because of the debug option.

The Onboard Administrator restarts after all changes are made.

IMPORTANT:

All existing settings are lost when you run this operation. Any change to the FIPS

mode setting performs a Restore to Factory Default operation.