Configuring iLO 2 54
To test
the communication between the directory server and iLO 2, click
Test Settings.
For more
information, see the section, "Directory Tests (on page
54
)."
Directory tests
To validate current directory settings for iLO 2, click
Test Settings
on the Directory Settings page. The
Directory Tests page appears.
The test page displays the results of a series of simple tests designed to validate the current directory
settings. Additionally, it includes a test log that shows test results and any problems that have been
detected. After your directory settings are configured correctly, you do not need to rerun these tests. The
Directory Tests screen does not require you to be logged in as a directory user.
To verify your directory settings:
1.
Enter the distinguished name and password of a directory administrator. A good choice would be
the same credentials used when creating the iLO 2 objects in the directory. These credentials are not
stored by iLO 2. They are used to verify the iLO 2 object and user search contexts.
2.
Enter a test user name and password. Typically, this account would be intended to access the iLO 2
being tested. It can be the same account as the directory administrator. However, the tests cannot
verify user authentication with a superuser account. These credentials are not stored by iLO 2.
3.
Click
Start Test
. Several tests begin in the background, starting with a network ping of the directory
user through establishing an SSL connection to the server and evaluating user privileges as they
would be evaluated during a normal login.
While the tests are running, the page periodically refreshes. At any time during test execution, you can
stop the tests or manually refresh the page. Consult the help link on the page for test details and actions in
the event of trouble.
Encryption
iLO 2 provides enhanced security for remote management in distributed IT environments. Web browser
data is protected by SSL encryption. SSL encryption of HTTP data ensures that the data is secure as it is
transmitted across the network. iLO 2 provides support for two of the strongest available cipher strengths;
the Advanced Encryption Standard (AES) and the Triple Data Encryption Standard (3DES). iLO 2 supports
the following cipher strengths:
•
256-bit AES with RSA, DHE and a SHA1 MAC
•
256-bit AES with RSA and a SHA1 MAC
•
128-bit AES with RSA, DHE and a SHA1 MAC
•
128-bit AES with RSA and a SHA1 MAC
•
168-bit Triple DES with RSA and a SHA1 MAC
•
168-bit Triple DES with RSA, DHE and a SHA1 MAC
iLO 2 also provides enhanced encryption through the SSH port for secure CLP transactions. iLO 2
supports AES128-CBC and 3DES-CBC cipher strengths through the SSH port.
If enabled, iLO 2 enforces the usage of these enhanced ciphers (both AES and 3DES) over the secure
channels, including secure HTTP transmissions through the browser, SSH port, and XML port. When
AES/3DES encryption is enabled, you must use a cipher strength equal to or greater than AES/3DES to
connect to iLO 2 through these secure channels. Communications and connections over less secure
channels (such as the telnet port) are not affected by the AES/3DES encryption enforcement setting.