Servers inside the DMZ and on the internal network can use iLO processors. Because the network
connection to iLO is completely isolated from the network ports on the server, there is no possibility for
data to flow from the DMZ network to the iLO network, or vice-versa. Therefore, even if the DMZ
network is compromised, the iLO network will remain secure. This architecture permits administrators
to use iLO on servers located in the DMZ or in the internal network without the risk of compromising
sensitive data. This separation is accomplished by using a dedicated NIC or the Shared Network Port
(SNP) with its VLAN (see the section “
SNP for select ProLiant servers
”).
For best protection of the servers operating inside the DMZ, administrators should set the SNMP trap
destinations to the loop back address and enable the SNMP pass-through in iLO so that SNMP traps
are routed onto the iLO network. While this SNMP pass-through option does not enable all
management functions, it allows for passing status, inventory, and fault information to HP Systems
Insight Manager or another SNMP-capable management application. This option has the benefit of
being very secure because the host operating system does not recognize the Lights-Out product as a
NIC.
Lights-Out Management Integration with Rapid Deployment Pack
The Rapid Deployment Pack (RDP) Deployment Server Console provides secure access to the
management features of iLO and Remote Insight Lights-Out Edition (RILOE).
IMPORTANT:
If Rapid Deployment Pack—Windows Edition and HP SIM will be
installed on the same server, Rapid Deployment Pack—Windows
Edition must be installed before HP SIM and the other products on
the Management CD.
The Rapid Deployment Pack combines an off-the shelf version of Altiris eXpress Deployment Solution
and the ProLiant Integration Module. The ProLiant Integration Module consists of software
optimizations including the SmartStart Scripting Toolkit, Configuration Events for leading industry-
standard operating systems, sample unattended files, and ProLiant Support Packs containing software
drivers, management agents, and important documentation. Servers can be deployed through Altiris’
imaging feature or through scripting using the SmartStart Scripting Toolkit. For more information on
the ProLiant Essentials Rapid Deployment Pack, visit the website at
www.hp.com/servers/rdp-we.
Communication between iLO and server blades
In the HP BladeSystem architecture, a single enclosure houses multiple servers. A separate power
subsystem provides power to all server blades in that enclosure. ProLiant c-Class server blades (see the
website at
www.hp.com/servers/blades
) use the iLO management processor to send alerts and
management information throughout the server blade infrastructure. However, there is a strict
communication hierarchy among ProLiant c-Class server components. The Onboard Administrator
(OA) management module communicates with the iLO processor on each server blade. The OA
module provides independent IP addresses for each server blade. The iLO firmware exclusively
controls any communication from iLO to the OA module. There is no path from an iLO processor on
one server blade to the iLO processor on another blade. The iLO processor has information only
about the presence of other server blades in the infrastructure, and whether there is enough amperage
available from the power subsystem to boot the iLO host server blade.
Within BladeSystem c-Class enclosures, the server blade iLO network connections are accessed
through a single, physical port on the rear of the enclosure. This greatly simplifies and reduces
cabling. Note that the iLO on a server blade maintains an independent IP address.
33