| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Integrated Lights Out Manager (ILOM) 3.1 Security Guide |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Integrated Lights Out Manager (ILOM) 3.1 Security Guide |
1. Oracle ILOM Security Principles and Considerations
Oracle ILOM Security Principles
Important Security Considerations
2. Oracle ILOM Security at Deployment
Understanding the Default Settings of Oracle ILOM
Changing the Default root User Account
Understanding User Roles and Privileges
Enabling or Disabling Unwanted Services to Control Open Ports
Understanding the Single Sign-On Feature
Configuring the Oracle ILOM Web Interface for Maximum Security
Understanding Web Security Settings
Configuring the Web Interface Session Time-Out
Configuring the Oracle ILOM CLI for Maximum Security
Configuring the CLI Session Time-Out
Understanding SSH Key Generation
Configuring SNMP for Maximum Security
Differences Between SNMPv1/v2c and SNMPv3
Choosing Whether to Enable Sets
Configuring Ws-Man for Maximum Security
User Authentication Services and Security
Security Implications of Enabling Sideband Management
3. Oracle ILOM Security After Deployment
Understanding the KCS Interface to Oracle ILOM
Understanding the LAN Interconnect Interface for Oracle ILOM
Connecting to Oracle ILOM Using Secure Protocols
Understanding the Differences Between IPMI 1.5 and IPMI 2.0
Using Serial Console Redirection (start /HOST/console)
Monitoring Audit Events to Find Unauthorized Access
Understanding the Physical Presence Check Feature
Oracle ILOM provides the ability to remotely redirect the keyboard, video, and mouse of the host server to a remote client, as well as to mount remote storage. These features are collectively called Remote KVMS. Remote KVMS allows you to see the graphical console of the host operating system on the server by running Java applications called Oracle ILOM Remote Console and CLI Storage Redirection on a client machine.
The Oracle ILOM Remote Console and CLI Storage Redirection applications use a series of network protocols to communicate remotely with Oracle ILOM. Using the Java application, you can also control the host keyboard and mouse and mount a local storage device (such as a CD or DVD drive) on the remote server.
The following table describes, in more detail, the way in which Remote KVMS information is transmitted over the network.
Table 3-2 Remote KVMS Transmission
|
Remote KVMS video redirects what you would see if you were looking at a physical monitor connected to that server. While it is possible to have multiple remote clients with KVMS sessions to Oracle ILOM, each session will display the exact same video since there is typically only one video output for a single server.
Likewise, anything that you type on the screen from one Remote KVMS session will be visible to other KVMS users connected to the same machine. Most importantly, if one user logs in to the host operating system inside of the Oracle ILOM Remote Console and CLI Storage Redirection applications as a privileged user, all other KVMS users will be able to share that authenticated session. Therefore, it is important to understand that the Remote KVMS feature allows for shared connections.
Because the host console is considered a shared network resource when using Remote KVMS, if one user logs into the host console and closes the Oracle ILOM Remote Console and CLI Storage Redirection applications without having logged out from the host operating system, a second user who connects to the same console using Remote KVMS will be able to use the previously authenticated operating system session. For this reason, Oracle ILOM provides the ability to automatically lock the host operating system whenever a Remote KVMS session is disconnected. For maximum security, enable or configure this feature in Oracle ILOM.
For information about how to enable the host lock feature, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.
|