Configuring iLO 2 56
IMPORTANT:
Incorrectly editing the registry can severely damage your system. HP
recommends creating a back up of any valued data on the computer before making changes
to the registry. For information on how to restore your registry, see the Microsoft Knowledge
base article (
http://support.microsoft.com/kb/307545
).
To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher
strength.
When connecting through the XML channel, the CPQLOCFG utility uses a secure 3DES cipher by default.
CPQLOCFG 2.26 or later displays the following current-connection cipher strength on the XML output. For
example:
Connecting to Server..
Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC
AES encryption is not supported by Internet Explorer on a Windows® 2000 Professional client. To use
AES encryption with this operating system, use another browser (such as Mozilla).
HP SIM single sign-on (SSO)
HP SIM SSO enables you to browse directly from HP SIM to your LOM processor, bypassing an
intermediate login step. To use SSO, a current version of HP SIM is required, and you must configure your
LOM processor to accept the links from HP SIM. HP SIM requires the latest updates and patches to
function correctly. For more information about HP Systems Insight Manager and available updates, see
the HP website (
http://www.hp.com/go/hpsim
).
HP SIM SSO is a licensed feature available with the purchase of optional licenses. For more information,
see "Licensing (on page
26
)".
The HP SIM SSO page enables you to view and configure SSO settings through the iLO 2 interface. For
more information, see the section, "Setting up HP SIM SSO (on page
58
)."
You can also access HP SIM SSO configuration settings using scripts, text files, and through a command-
line using text-based clients such as SSH over the network or from the operating system on the host
computer. Scripting SSO enables you to use the same SSO settings on all your LOM processors. For more
information, example scripts, and CLP extensions to read, modify, and write HP SIM SSO configuration
settings, see the
HP Integrated Lights-Out Management Processor Scripting and Command Line Resource
Guide.
Setting up iLO 2 for HP SIM SSO
Before you start SSO setup, you must have the network address of HP SIM and ensure that a license key is
installed. To setup SSO:
1.
Enable Single Sign-On Trust Mode by selecting either
Trust by Certificate
(recommended),
Trust by
Name
, or
Trust All
.
2.
Add the HP SIM certificate of the server to iLO 2.
a.
Click
Add an HP SIM Server.
b.
Enter the HP SIM server network address.
c.
Click
Import Certificate.
The certificate repository is sized to allow five typical iLO 2 certificates. However, certificate sizes
can vary if typical certificates are not issued. There is 6KB of combined storage allocated for