Support for Using TLS Encryption With Oracle Hardware Management Pack Commands Over an Ethernet Network Connection

When using Oracle Hardware Management Pack CLI commands that access the Oracle ILOM SP, two methods of access are supported: a local Host-to-ILOM interconnect connection or a remote Ethernet network connection.

• Command execution using local access over the Host-to-ILOM connection is the fastest local interface available. If a Host-to-ILOM connection is not available, the slower local KCS interface is used. Security for local access is built-in and self-contained.

  Note:

  For systems with an Oracle ILOM version earlier than 3.2.4, you must use the -H and -U options to target the local ILOM over the Host-to-ILOM connection. You will need to manually include credentials for any commands that accesses a service processor. If the -H and -U options are not used, the commands will default to the slower local KCS interface to access the local service processor.

• Command execution using remote Ethernet network access is encrypted using TLS by default. Oracle Hardware Management Pack commands that access an Oracle ILOM SP must present login credentials and also a trusted SSL client-side certificate for the target Oracle ILOM SP in order to validate the connection. This certificate checking feature is the default for a remote network connection when using the fwupdate, ilomconfig and ubiosconfig commands.

  Note:

  Oracle recommends using SSL public key infrastructure on your network. Note that a --no-cert-check option is available to use with the fwupdate, ilomconfig and ubiosconfig commands in a safe network environment. However, use of this option makes the TLS connections vulnerable to man-in-the-middle attacks.

  For more information on certificate checking, obtaining certificates and service processor access, refer to the "Service Processor Access" section in the for the fwupdate, ilomconfig and ubiosconfig commands.