Configuring iLO 2 43
•
RBSU Disabled (most secure)
If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU
interface.
iLO 2 Security Override Switch administration
The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor. This access
may be necessary for any of the following conditions:
•
iLO 2 must be re-enabled after it has been disabled.
•
All user accounts with the Administer User Accounts privilege have been locked out.
•
A bad configuration keeps the iLO 2 from displaying on the network and RBSU has been disabled.
•
The boot block must be flashed.
Ramifications of setting the Security Override Switch include:
•
All security authorization checks are disabled while the switch is set.
•
iLO 2 RBSU runs if the host server is reset.
•
iLO 2 is not disabled and might display on the network as configured.
•
iLO 2, if disabled while the Security Override Switch is set, does not log the user out and complete
the disable process until the power is cycled on the server.
•
The boot block is exposed for programming.
A warning message is displayed on iLO 2 browser pages indicating that the iLO 2 Security Override
Switch is currently in use. An iLO 2 log entry records the use of the iLO 2 Security Override Switch. An
SNMP alert can also be sent upon setting or clearing the iLO 2 Security Override Switch.
Setting the iLO 2 Security Override Switch also enables you to flash the iLO 2 boot block. HP does not
anticipate that you will need to update the iLO 2 boot block. If an iLO 2 boot block update is ever
required, physical presence at the server will be required to reprogram the boot block and reset iLO 2.
The boot block will be exposed until iLO 2 is reset. For maximum security, HP recommends that you
disconnect the iLO 2 from the network until the reset is complete. The iLO 2 Security Override Switch is
located inside the server and cannot be accessed without opening the server enclosure.
To set the iLO 2 Security Override Switch:
1.
Power off the server.
2.
Set the switch.
3.
Power on the server.
Reverse the procedure to clear the iLO 2 Security Override Switch.
Depending on the server, the iLO 2 Security Override Switch might be a single jumper or a specific switch
position on a dip switch panel. To access and locate the iLO 2 Security Override Switch, refer to the
server documentation. The iLO 2 Security Override Switch can also be located using the diagrams on the
server access panel.
Trusted Platform Module support
TPM is a hardware based system security feature. It is a computer chip that securely stores artifacts used
to authenticate the platform. These artifacts can include passwords, certificates, or encryption keys. You
can also use a TPM to store platform measurements to help ensure that the platform remains trustworthy.