- Community Home
- >
- Partner Solutions and Certifications
- >
- Alliances
- >
- Understanding HPE ProLiant Gen10 & iLO 5 security ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
Understanding HPE ProLiant Gen10 & iLO 5 security modes
As threats move from network security to the hardware and firmware layers, customers need advanced features help protect their hardware, firmware, and network components from unauthorized access and unapproved use. Thankfully, HPE offers an array of embedded and optional software and firmware for HPE Gen10 servers that enable your customers to institute the best mix of remote access and control for their network and data center.
In recent blogs we have discussed how HPE Gen10 servers keep your customersโ infrastructure secure with the security features found in the HPE Secure Compute Lifecycle and HPE Integrated Lights-Out (iLO) 5. Today, weโre going to take a closer look into iLO 5 to discuss the varying degrees of encryption and security that Gen10 servers offer.
With HPE iLO 5 standard edition, included with every ProLiant Gen10 Server, customers get the ability to configure their servers in one of three security modes: Production Mode, High Security Mode, and FIPS Mode. With the iLO Advanced Premium Security Edition license, customers who need the highest-level encryption capabilities have a fourth mode available to them: CNSA Mode
As you move up the scale in security (with Production Mode at the bottom, and CNSA Mode at the top), the server enforces stronger encryption rules for webpages, SSH, and network communications.
Letโs take a deeper dive into each security mode and learn how they work to help your customers keep their server infrastructure secure.
Production Mode
HPE ProLiant Gen10 servers ship in production mode, which allows the broadest interoperability with existing software. When set to this security mode, iLO uses the factory default encryption settings. The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) disables the password requirement for logging in to iLO.
High Security Mode
High Security mode increases the sophistication of the encryption ciphers compared to production mode and uses the same encryption ciphers as FIPS mode. However, it does not require the same initialization steps that FIPS mode does. It also locks down the host interface by requiring authentication from the host OS side. High security mode enforces stricter security policies such as requiring valid iLO 5 credentials to use RBSU or other host-based utilities.
FIPS Mode
In FIPS Mode, iLO 5 operates in a mode intended to comply with the requirements of FIPS 140-2 level 1. FIPS (Federal Information Processing Standards) is a set of computer security standard mandated for use by United States government agencies and contractors. FIPS Mode not only implements validated encryption ciphers (as High Security Mode does) but also closes down insecure interfaces that do not meet the government standard. Because interfaces like IPMI and SNMP v1 are shut off, potential attack surfaces are reduced. When entering FIPS mode, all the iLO 5 settings are reinitialized to operate as a FIPS validated environment.
CNSA Mode
CNSA mode is available only when FIPS mode is enabled. In addition to the security standards already mentioned in the first three security modes, HPE Gen10 servers also support the highest-level cryptographic standard available for commercial use, the Commercial National Security Algorithm Suite (CNSA). CNSA is a suite of cryptographic algorithms approved for use by the US National Security Agency for protecting secret and top secret information with the U.S. government, and is the highest-level cryptographic algorithm available for commercial systems.
Whether your customers need the most basic security, or the highest level of commercial encryption capabilities, HPE Gen10 servers have the perfect security mode for them!
Donโt forget, pairing HPE Gen10 servers with Windows Server 2016 licensing from HPE offers your customers even more protection. Learn more about Windows Server security features, and how they can further boost HPE Gen10 security, in our Cyber Crime 101 videos.
Have questions about HPE OEM Microsoft products/solutions, Windows Server 2016, or HPE Servers? Join the Coffee Coaching community to keep up with the latest HPE OEM Microsoft news and interact with HPE and Microsoft experts.
Follow us on Twitter | Join our LinkedIn group | Like us on Facebook | Watch us on YouTube | Email us a question
- Back to Blog
- Newer Article
- Older Article
- JoeV_The_CT on: Streamline AI Workloads with HPE & NVIDIA
- iVAN LINARES on: Curious about Windows Server 2022 downgrade rights...
- HPEML350_22 on: Windows Server 2022 is here: how to implement it o...
- testingis on: How are you going to license that new server? A st...
- wowu on: Pick up the pace
- nice345 on: Donโt let the time slip away
- vmigliacc on: Frequently asked questions about HPE solutions for...
- MassimilianoG on: What are downgrade and Down-edition rights for Win...
- harithachinni on: Coffee Coaching's "Must See" Discover Virtual Expe...
- FannyO on: TOP 10 Reasons for choosing HPE for SAP HANA
-
Accenture
1 -
Citrix
13 -
Coffee Coaching
346 -
Event
62 -
Microsoft
180 -
Red Hat
7 -
SAP
37 -
Strategic Alliances
66 -
Veeam
8 -
VMware
32