Configuring iLO 2 42
•
Encrypted communication using:
o
SSH key administration
o
SSL certificate administration
•
Support for optional LDAP-based directory services
Some of these options are licensed features. To verify your available options, see the section, "Licensing
(on page
26
)."
General security guidelines
The following are general guidelines concerning security for iLO 2:
•
For maximum security, iLO 2 should be set up on a separate management network.
•
iLO 2 should not be connected directly to the Internet.
•
A 128-bit cipher strength browser must be used.
Password guidelines
The following is a list of recommended password guidelines. Passwords should:
•
Never be written down or recorded
•
Never be shared with others
•
Not be words generally found in a dictionary, or easy to guess words, such as the company name,
product names, the user's name, or the user's User ID
•
Include at least three of the four following characteristics:
o
At least one numeric character
o
At least one special character
o
At least one lowercase character
o
At least one uppercase character
Passwords issued for a temporary user ID, password reset, or a locked-out user ID should also conform to
these standards. Each password must be a minimum length of zero characters and a maximum length of
39 characters. The default minimum length is set to eight characters. Setting the minimum password length
to fewer than eight characters is not recommended unless you have a physically secure management
network that does not extend outside the secure data center.
Securing RBSU
iLO 2 RBSU enables you to view and modify the iLO 2 configuration. RBSU access settings can be
configured using RBSU, a web browser (Access options (on page
39
)), RIBCL scripts, or the iLO 2 Security
Override Switch. RBSU has three levels of security:
•
RBSU Login Not Required (default)
Anyone with access to the host during POST can enter the iLO 2 RBSU to view and modify
configuration settings. This is an acceptable setting if host access is controlled.
•
RBSU Login Required (more secure)
If RBSU login is required, then the active configuration menus are controlled by the authenticated
user's access rights.