HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
BladeSystem Virtual Connect
cancel
Showing results for 
Search instead for 
Did you mean: 

Is there secure 2-factor authentication for the Onboard Administrator?

 
chuckk281
Trusted Contributor

Is there secure 2-factor authentication for the Onboard Administrator?

Customers want to ensure that the Onboard Administrator function is secure and can only used by authorized personnel. After all we don't what just anyone getting into the OA and making random changes. Here is what is possible: According to the 'HP BladeSystem OA_UG_v225_c00705292_Aug-08', page 176, that Juergen researched for us: "Two-Factor Authentication Two-Factor Authentication Settings tab IMPORTANT: Onboard Administrator must be configured in Virtual Connect mode before enabling Two-Factor Authentication when using Virtual Connect Manager and Two-Factor Authentication. When Two-Factor Authentication is enabled, only users with a valid user certificate are allowed to sign into Onboard Administrator. A valid user certificate is signed by a trusted Certificate Authority and is mapped to the respective user on the Onboard Administrator. To enable Two-Factor Authentication for user authentication during sign in, select Enable Two-Factor Authentication. When Two-Factor Authentication is enabled, SSH and Telnet access is disabled by default. Disabling Two-Factor Authentication does not automatically re-enable SSH and Telnet. You must go to the Network Access screen, and then select Enable Secure Shell and Enable Telnet. To enable the Onboard Administrator to verify with the Certifying Authority that the certificate being used has been added to the certificate revocation list (CRL), select Check for Certificate Revocation. If the certificate is on the CRL, the sign in is denied. Certificate Owner Field You can configure the Onboard Administrator to use the user principle name in the SAN by selecting SAN or to use the certificate subject name by selecting Subject when authenticating directory users with adirectory server. To save settings, click Apply."