Network access
Using these settings, an administrator can configure settings relating to network access to the Onboard Administrator. These settings are specific to the enclosure and do not affect the network configurations for server blades.
Protocol restrictions
The Protocol Restrictions subcategory is used to restrict access to the Onboard Administrator. Up to four protocol settings can be selected to allow or restrict access to the Onboard Administrator.
- Enable Web Access (HTTP/HTTPS)—This checkbox is selected by default. Clearing this checkbox disables HTTP/HTTPS access to the Onboard Administrator. Port 80 is used for HTTP, and port 443 is used for HTTPS.
CAUTION: Disabling Web Access (HTTP/HTTPS) disconnects all users attached to the Onboard Administrator through HTTP/HTTPS, including the administrator.
- Enable Secure Shell—This checkbox is selected by default. Clearing this checkbox disables Secure Shell connections to the Onboard Administrator. SSH is disabled when Two-Factor Authentication is enabled. Disabling Two-Factor Authentication does not automatically re-enable SSH. To re-enable SSH, you must select the checkbox, and then click Apply. Port 22 is used for SSH.
- Enable Telnet—This checkbox is selected by default. Clearing this checkbox disables Telnet connections to the Onboard Administrator. Telnet is disabled when Two-Factor Authentication is enabled. Disabling Two-Factor Authentication does not automatically re-enable Telnet. To re-enable Telnet, you must select the checkbox, and then click Apply. Port 23 is used for Telnet.
NOTE: When the Onboard Administrator is operating in FIPS mode ON/DEBUG, the Telnet protocol cannot be used.
- Enable XML Reply—This checkbox is selected by default. This checkbox enables XML data to be shared between the Onboard Administrator and other HP management tools such as HP Systems Insight Manager. To display the information that is shared by the Onboard Administrator if this protocol is enabled, click View.
- Enforce Strong Encryption—This checkbox is not selected by default. Selecting this checkbox enforces use of only FIPS140-2 approved algorithms including AES, 3DES, and SHA for SSH sessions. Deselecting this option will allow other SSLv3 algorithms such as RSA, RC4, and MD5 to also be used in SSH sessions. Web GUI sessions use FIPS140-2 approved algorithms regardless of this setting. To set this option, you must select the checkbox, and then click Apply.
The HP BladeSystem Onboard Administrator FIPS 140-2 implementation is based on the open source package openssl-fips-1.2. For more information see, the OpenSSL website.
Click Apply to save settings.
Login Banner
|
NOTE: The Login Banner accepts English (ASCII) characters only. |
Enabling the Login Banner option requires Onboard Administrator users to acknowledge the banner text before they can log in.
Enable Display of Banner on User Login
Select this checkbox to enable the Login Banner option.
Acknowledgment of the Login Banner text provides access to all systems connected to the primary Onboard Administrator.
Banner Text
The field size is limited to 1,500 printable characters, excluding the % or characters.
While spaces and line feeds are accepted, using only white space characters within this text field is not allowed.
Apply
Click Apply to validate the Banner Text field.
If the Banner Text field is empty or contains only white space characters, but the Enable Display of Banner on User Login checkbox is selected, you are prompted to disable this feature.
Trusted Hosts
The Trusted Hosts subcategory is used to restrict access to the Onboard Administrator to all hosts except those listed. When enabled, this protocol only allows access to the Onboard Administrator to listed hosts.
This subcategory contains one dialog box, one entry field, and one display box, which, if enabled, is used to list trusted IP addresses.
The Enable IP address access restriction checkbox is not selected by default. Selecting this checkbox allows only those IP addresses listed as Trusted Addresses to connect to the Onboard Administrator.
|
|
CAUTION: Enabling IP address access restriction without first entering the user’s IP address in the Trusted Addresses list will disconnect the user from the Onboard Administrator. |
The Trusted Addresses field is used to enter the IP addresses of all hosts that are to be trusted and allowed to connect remotely to the Onboard Administrator through the protocols set up in the Protocol Restrictions subcategory. This field allows for IP addresses only.
Below the Trusted Addresses field is the list box of all trusted IP addresses, if trusted IP addresses are configured.
To add a trusted host, enter the IP address in the Trusted Addresses field, and then click Add. You can add a maximum of five Trusted Addresses.
To remove a trusted host, select the IP address in the Trusted Addresses list, and then click Remove.
To save the settings, click Apply.
Anonymous Data
Enable Extended Data on GUI Login Page—This checkbox is selected by default. Clearing this checkbox disables the + functionality in the topology view on the sign in page for this enclosure. Also, the Onboard Administrator health status appears as N/A on the sign in page.
Disabling the extended data on the GUI sign in page prevents unauthenticated users from viewing additional information. To prevent additional information from appearing for each linked enclosure, you must clear this checkbox for each enclosure.
Click Apply to save settings.