1. Oracle ILOM Security Guide For Firmware Release 5.0.x
  2. Oracle ILOM Deployment Practices for Increasing Security
  3. Configuring Oracle ILOM Interfaces for Increased Security
  4. Configure IPMI Management Access for Increased Security
  5. Use IPMI TLS Interface for Enhanced Authentication and Packet Encryption

Use IPMI TLS Interface for Enhanced Authentication and Packet Encryption

System administrators should always use the Oracle IPMI TLS interface (orcltls) to securely manage Oracle servers. Note that as of Oracle ILOM firmware version 5.0.0, the IPMI v2.0 sessions property is disabled by default and the TLS session property is always enabled.

To ensure a more secure IPMI TLS management session with Oracle ILOM, see the following information.

Before You Begin

  • For enhanced security, use only the Oracle IPMI TLS interface (orcltls) for all IPMI management sessions. For additional IPMI security guidelines, see Oracle ILOM IPMI Security Guidelines.

    Note:

    The IPMI TLS interface from Oracle is supported in Oracle ILOM as of firmware version 3.2.8.
  • The Admin (a) role is required to modify IPMI properties in Oracle ILOM.
  • To use the Oracle IPMI TLS interface, IPMItool users must use IPMItool v1.8.15.0 or later, which is available for download from Oracle Hardware Management Pack (version v2.4 for Linux or version 4.0 for Solaris).

    Note:

    Before using IPMItool, you need to set up users with the appropriate roles and privileges (such as Administrator or Operator) for the management functions you want to perform. For more information about setting up user accounts, see Setting Up and Maintaining User Accounts in Oracle ILOM Administrator’s Guide for Configuration and Maintenance Firmware Release 5.0.x.

To use the Oracle IPMI TLS interface, perform these steps:

  1. Ensure the IPMI v2.0 Session Property in Oracle ILOM is disabled.

    For instance:

    1. In the Oracle ILOM web interface: click ILOM Administration-> Management Access -> IPMI.
    2. In the IPMI page, disable the IPMI v2.0 Sessions check box, and then click Save.

    For Oracle ILOM CLI instructions, see Set the IPMI State and Session Properties (Web) in Oracle ILOM Protocol Management Reference SNMP and IPMI Firmware Release 5.0.x

  2. Download the TLS version of the IPMItool from the Oracle Hardware Management Pack (version 2.4 for Linux or version 4.0 for Oracle Solaris).
    For further download instructions, see IPMI TLS Service and Interface.
  3. From the Oracle ILOM CLI, type the following to access the Oracle IPMI TLS interface:

    ipmitool -I orcltls

    Note that in cases where the -I option is not specified, the IPMItool utility will negotiate to the most secure interface available.

    For additional information about how to use the Oracle IPMI TLS interface (orcltls)to manage and configure IPMI-enabled devices, refer to following information:

Related Information