Directory services, Overview of directory integration, Benefits of directory integration – HP Remote Insight Lights-Out Edition II Board User Manual
Page 75
Directory services 75
Directory services
In this section
Overview of directory integration............................................................................................................. 75
Benefits of directory integration................................................................................................................ 75
How directory integration works .............................................................................................................. 76
Advantages and disadvantages of schema-free and HP Extended schema .................................................... 76
Setup for Schema-free directory integration ............................................................................................... 77
Setting up HP schema directory integration ............................................................................................... 79
Directory settings.................................................................................................................................... 99
Overview of directory integration
RILOE II can be configured to use a directory to authenticate and authorize its users. There are two
configuration options available: using a directory that has been extended with HP Schema or using the
directory’s default schema (schema-free.)
There are white papers available for more information on directory integration on the HP website
Benefits of directory integration
Directory integration benefits include:
•
Scalability—The directory can be leveraged to support thousands of users on thousands of RILOE IIs.
•
Security—Robust user password policies are inherited from the directory. User password complexity,
rotation frequency, and expiration are policy examples.
•
Anonymity (lack thereof)—In some environments, users share Lights-Out accounts, which results in not
knowing who performed an operation, instead of knowing what account (or role) was used.
•
Role-based administration (when using HP Extended schema)—You can create roles (for instance,
clerical, remote control of the host, complete control) and associate users or user groups with those
roles. A change to a role applies to all users and Lights-Out devices associated with that role.
•
Single point of administration—You can use native administrative tools, such as MMC and
ConsoleOne to administrate Lights-Out users.
•
Immediacy—A single change in the directory rolls-out immediately to associated Lights-Out
processors, which eliminates the need to script the change process.
•
Elimination of another username and password—You can use existing user accounts and passwords
in the directory without having to record or remember a new set of credentials for Lights-Out.
•
Flexibility—When configured for HP Extended schema, you can create a single role for a single user
on a single RILOE II, you can create a single role for multiple users on multiple RILOEs, or you can
use a combinations of roles as is suitable for your enterprise.
•
Compatibility—Lights-Out directory integration applies to iLO, RILOE, and RILOE II products. The
integration supports the popular Active Directory and eDirectory.