Support for Using TLS Encryption With Oracle Hardware Management Pack Commands Over an Ethernet Network Connection

When using Oracle Hardware Management Pack CLI commands that access the Oracle ILOM SP, two methods of access are supported: a local Host-to-ILOM interconnect connection or a remote Ethernet network connection.

• Command execution using local access over the Host-to-ILOM connection is the fastest local interface available. If a Host-to-ILOM connection is not available, the slower local KCS interface is used. Security for local access is built-in and self-contained.

  Note:

  For systems with an Oracle ILOM version earlier than 3.2.4, you must manually include credentials using the -H and -U options for any commands that access a service processor. If credentials are not provided the commands will default to the slower local KCS interface to access the local service processor.

• Command execution using remote Ethernet network access is encrypted using TLS by default starting with Oracle Hardware Management Pack 2.4.4. This means that commands that access an Oracle ILOM SP must present login credentials and also a trusted SSL client-side certificate for the target Oracle ILOM SP in order to validate the connection. This certificate checking feature is the default for a remote network connection when using the fwupdate, ilomconfig and ubiosconfig commands.

  Note:

  Oracle recommends using SSL public key infrastructure on your network. Note that a --no-cert-check option is available to use with the fwupdate, ilomconfig and ubiosconfig commands in a safe network environment. However, use of this option makes the TLS connections vulnerable to man-in-the-middle attacks.

  For more information on certificate checking, obtaining certificates and service processor access, refer to the "Service Processor Access" section in the for the fwupdate, ilomconfig and ubiosconfig commands.