HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
ProLiant Servers (ML,DL,SL)
Showing results for 
Search instead for 
Did you mean: 

ILO Security Switch on motherboard


ILO Security Switch on motherboard

I am not sure I see the scenarios where it is important to re-enable the security override switch on the motherboard of a, for instance, DL 360 G5 server, if the server is in a locked cabinet in a Colo.

Can others opine on possible adverse scenarios?

If we have also have VNC on our server, and someone got unauthorized access via that avenue, then it seems access to changing ILO settings would not be significant as they could do as much damage as they wanted in the OS.

If they got unauthorized access to our ILO connection, without the advanced license key installed they could shut us down. But with the key, they have full KVM access, so changing ILO settings would seem insignificant.

The servers are within reasonable driving distance for us and would not require a complete re-setup remotely - so if they changed our IP for ILO we could get physical access.

Any thoughts appreciated.
Terry Hutchings
Honored Contributor

Re: ILO Security Switch on motherboard

I believe you can gain access to the iLO across the network with the security override switch turned on. The standard license (non Advanced) will allow for use of virtual power through the iLO2.

I the security override switch is enabled you can have someone turn you server off on you, as the login is not required when the switch is turned on.
The truth is out there, but I forgot the URL..

Re: ILO Security Switch on motherboard

When accessing ILO via the WAN with the security switch in disabled mode, it appears that a login is required to get into ILO2. Unless I am missing something. If so, I'd be interested in details.

If they could get to the windows desktop via the WAN or LAN (again requiring a login) they could change the configurtion of the ILO through the ILO utility, but they'd have to get to the desktop. And they could shut the server down there as well. s

Re: ILO Security Switch on motherboard

Ah, it appears a login and ID is required, but it is not.