Use IPMI TLS Interface for Enhanced Authentication and Packet Encryption
System administrators should always use the Oracle IPMI TLS interface
(orcltls
) to securely manage Oracle servers. Note
that as of Oracle ILOM firmware version 5.0.0, the IPMI v2.0 sessions
property is disabled by default and the TLS session property is always
enabled.
To ensure a more secure IPMI TLS management session with Oracle ILOM, see the following information.
Before You Begin
- For enhanced security, use only the Oracle IPMI TLS interface (
orcltls)
for all IPMI management sessions. For additional IPMI security guidelines, see Oracle ILOM IPMI Security Guidelines.Note:
The IPMI TLS interface from Oracle is supported in Oracle ILOM as of firmware version 3.2.8. - The Admin (a) role is required to modify IPMI properties in Oracle ILOM.
- To use the Oracle IPMI TLS interface, IPMItool users must use IPMItool
v1.8.15.0 or later, which is available for download from Oracle Hardware Management
Pack (version v2.4 for Linux or version 4.0 for Solaris).
Note:
Before using IPMItool, you need to set up users with the appropriate roles and privileges (such as Administrator or Operator) for the management functions you want to perform. For more information about setting up user accounts, see Setting Up and Maintaining User Accounts in Oracle ILOM Administrator’s Guide for Configuration and Maintenance Firmware Release 5.0.x.
To use the Oracle IPMI TLS interface, perform these steps:
Related Information