ProLiant Servers (ML,DL,SL)
1748180 Members
4165 Online
108759 Solutions
New Discussion

Lights-out 100 Advanced

 
mossun
Occasional Visitor

Lights-out 100 Advanced

Im after some help with setting this up. Also any advice would be helpful

 

 I have a SBS 2008 running on an ML110 G6, certificate is setup and port 443 (https) (on router) directing to the sbs OS (192.168.5.100) on the server.

The lights-out has a fixed IP address (192.168.5.99).   How can I access the Lights Out from the outside using https?

 

Thank you

3 REPLIES 3
Johan Guldmyr
Honored Contributor

Re: Lights-out 100 Advanced

Aha, your server is behind a NAT.

It is not recommended that you publish the lights-out to somewhere on the internet where it can be directly accessed.

If I were you I'd set up a vpn on another server and then allow you to connect to the lights-out only via that vpn-server.

You could change the port on the lights-out or change the port on your SBS 2008.

Or, in a lot of NAT routers you can forward for example port 12345 to port 443 on a machine behind the NAT. So then lights-out would still actually listen on port 443 but you would connect to it via port 12345 to the public IP.

But really, I'd be careful with putting lights-out on the internets.
mossun
Occasional Visitor

Re: Lights-out 100 Advanced

Thats a very usefull answer. Thank you.  Previously Id been using the VPN server on the router to connect to lights-out but that becamet faulty so I was looking for alternatives.

  Ive allready changed the default usernames and have solid passwords on the lights-out but Im assuming from your response that there are still vulnerabilities in the product?  

  

Johan Guldmyr
Honored Contributor

Re: Lights-out 100 Advanced

I wouldn't say that there are open vulnerabilities for the Lights-Out 100. 

 

But there have been: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412

 

I looked briefly in the user guide for the LO100i but couldn't find much more you could do in terms of hardening (except disable telnet, but if you're behind a NAT maybe it's not needed) and to use ssl/certificate.

 

Maybe there are more hardening things you can do on the router?

 

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02752580/c02752580.pdf