Transcription

Hewlett Packard Enterprise Development LPiLO 4 Cryptographic ModuleFirmware Version: 2.11Hardware Version: Gen9 Servers: ASIC (GLP-4: 531510-004) with Flash Memory (820595-001),NVRAM (820597-001), and DDR3 SDRAM (820594-001);Gen8 Servers: ASIC (GLP-3: 531510-003 or Sabine: 610107-002) with Flash Memory (820595-001),NVRAM (820596-001), and DDR3 SDRAM (820594-001)FIPS 140-2 Non-Proprietary Security PolicyFIPS Security Level: 1Document Version: 1.2Prepared for:Prepared by:Hewlett Packard Enterprise Development LP11445 Compaq Center Dr. W.Houston, TX 77070United States of AmericaCorsec Security, Inc.13921 Park Center Road, Suite 460Herndon, VA 20171United States of AmericaPhone: 1 (281) 370-0670http://www.hpe.comPhone: 1 (703) 267-6050http://www.corsec.com

Security Policy, Version 1.2February 10, 2016Table of Contents1INTRODUCTION . 31.1 PURPOSE . 31.2 REFERENCES . 31.3 DOCUMENT ORGANIZATION . 32ILO 4 CRYPTOGRAPHIC MODULE . 42.1 OVERVIEW . 42.2 MODULE SPECIFICATION. 82.3 MODULE INTERFACES .112.4 ROLES AND SERVICES .122.4.1 Crypto-Officer Role. 122.4.2 User Role . 142.4.3 Additional Services. 152.5 PHYSICAL SECURITY .152.6 OPERATIONAL ENVIRONMENT.152.7 CRYPTOGRAPHIC KEY MANAGEMENT .162.8 EMI/EMC .202.9 SELF-TESTS .202.9.1 Power-Up Self-Tests . 202.9.2 Conditional Self-Tests . 202.9.3 Critical Functions Tests . 202.9.4 Self-Test Failure Handling. 212.10 MITIGATION OF OTHER ATTACKS .213SECURE OPERATION . 223.1 CRYPTO-OFFICER GUIDANCE .223.1.1 Initialization . 223.1.2 Secure Management . 233.2 USER GUIDANCE .233.3 MODULE’S MODE OF OPERATION .233.4 NON-APPROVED MODE .234ACRONYMS . 24Table of FiguresFIGURE 1 – ILO 4 ASIC.7FIGURE 2 – ILO 4 HARDWARE BLOCK DIAGRAM .9List of TablesTABLE 1 – COMPARISON OF HP ILO 4 ADVANCED AND STANDARD FEATURES.4TABLE 2 – SECURITY LEVEL PER FIPS 140-2 SECTION .7TABLE 3 – MODULE COMPONENT PART NUMBERS .8TABLE 4 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS IN HARDWARE .9TABLE 5 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS IN FIRMWARE . 10TABLE 6 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS . 11TABLE 7 – CRYPTO-OFFICER SERVICES . 13TABLE 8 – USER SERVICES . 14TABLE 9 – CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS. 16TABLE 10 – ACRONYMS . 24HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 2 of 27

Security Policy, Version 1.21February 10, 2016Introduction1.1 PurposeThis is a non-proprietary Cryptographic Module Security Policy for the iLO 4 Cryptographic Module fromHewlett Packard Enterprise Development LP, or HP. This Security Policy describes how the iLO 4Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS)Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographicmodules. More information about the FIPS 140-2 standard and validation program is available on theNational Institute of Standards and Technology (NIST) and the Communications Security /cmvp.This document also describes how to run the module in a secure FIPS-Approved mode of operation. Thispolicy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The iLO 4 CryptographicModule is referred to in this document as iLO 4, the cryptographic module, or the module.1.2 ReferencesThis document deals only with operations and capabilities of the module in the technical terms of a FIPS140-2 cryptographic module security policy. More information is available on the module from the followingsources: The HP website (http://www.hp.com) contains information on the full line of products from HP. The CMVP website 0-1/140val-all.htm)contains contact information for individuals to answer technical or sales-related questions for themodule.1.3 Document OrganizationThe Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to thisdocument, the Submission Package contains: Vendor Evidence document Finite State Model document Other supporting documentation as additional referencesThis Security Policy and the other validation submission documentation were produced by Corsec Security,Inc. under contract to HP. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2Submission Package is proprietary to HP and is releasable only under appropriate non-disclosure agreements.For access to these documents, please contact HP.HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 3 of 27

Security Policy, Version 1.22February 10, 2016iLO 4 Cryptographic Module2.1 OverviewHP’s Integrated Lights-Out (iLO) is a proprietary embedded server management technology that providesout-of-band management functionality. HP’s fourth generation of iLO (iLO 4) is the foundation of HP’sProliant series embedded server and fault management. iLO 4 provides system administrators with secureremote management capabilities regardless of the server status or location, and it is available whenever theserver is connected to a power source, even if the server main power switch is in the Off position.HP Proliant servers are designed so that administrative functions that are performed locally can also beperformed remotely. iLO 4 enables remote access to the operating system console, control over the serverpower, and hardware reset functionality, and works with the server to enable remote network booting througha variety of methods.The iLO 4 architecture ensures the availability of the majority of iLO 4 functionality, regardless of the stateof the host operating system. The HP Lights-Out Online Configuration Utility is available for Windows andLinux operating systems. Additionally, iLO 4 provides Microsoft device driver support, improved .NETframework support, and HP SIM1 SSO2 support.iLO 4 functions out-of-the-box without additional software installation. It functions regardless of the servers’state of operation, and uses a local account database or directory service to authenticate and authorize itsusers. iLO 4 can be accessed from any location via a web browser and works hand-in-hand with HP SystemsInsight Manager, Insight Control, and Insight Dynamics.Advanced features of iLO 4, available via licensing, include (but are not limited to) the following: graphicalremote console, multi-user collaboration, power and thermal optimization, health monitoring, virtual media,and console video recording and playback. The advanced features offer sophisticated remote administrationof servers in dynamic data center and remote locations. A comparison of standard and advanced functionalityis shown in Table 1.Table 1 – Comparison of HP iLO 4 Advanced and Standard FeaturesiLO 4iLO 4Advanced for Standard forBladeBladeSystemsSystemsiLO 4AdvancediLO 4StandardVirtual Keyboard, Video, Mouse(KVM3)Full text andFull text andgraphic modes graphic modes(pre-OS4 & OS)(pre-OS)Full text andgraphic modes(pre-OS & OS)Full text andgraphic modes(pre-OS)Global Team Collaboration(Virtual KVM)Up to 6 ServerAdministratorsUp to 6 ServerAdministratorsConsole Record and Replay Virtual Power FeatureiLO Remote Administration SIM – System Insight ManagerSSO – Single Sign-On3 KVM – Keyboard, Video, Mouse4 OS – Operating System12HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 4 of 27

Security Policy, Version 1.2FeatureFebruary 10, 2016iLO 4iLO 4Advanced for Standard forBladeBladeSystemsSystemsVirtual Media Virtual Folders Browser OnlyiLO 4AdvancediLO 4Standard SSH6 OnlySSH OnlySSH OnlySSH Only ROM7-Based Setup Utility(RBSU) Option ROM Configuration forArrays (ORCA) Present Power Reading Power Usage Reporting Ambient Temperature Reporting Dynamic Power Capping Power Supply High-EfficiencyMode Sea of Sensors Remote Serial ConsoleVirtual Unit Indicator DisplaySimplified Server SetupPower Management &Control Embedded System HealthPower On Self Test (POST) andFailure Sequence Replay iLO and Server IntegratedManagement Log Advanced Server Management(ASM) Alert Administrator (SNMP8Passthrough) System Health & ConfigurationDisplay Access SecurityDirectory ServicesAuthentication Locally Stored Accounts SSH – Secure ShellROM – Read-Only Memory8 SNMP – Simple Network Management Protocol67HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 5 of 27

Security Policy, Version 1.2FeatureFebruary 10, 2016iLO 4iLO 4Advanced for Standard forBladeBladeSystemsSystemsiLO 4AdvancediLO 4StandardInterfacesBrowser Command Line Extensible Markup Language(XML)/Perl Scripting Integrated Remote Console forWindows Clients Java Applet Client for Windowsand Linux Clients Transport Layer Security (TLS) Secure Shell (SSH) RC4/AES9 (Virtual KVM) 10 Dedicated Network InterfaceController (NIC) Shared Network Port Security ProtocolsNetwork ConnectivityiLO 4 is deployed in the form of an ASIC11, a system-on-a-chip with an independent 400MHz RISCmicroprocessor (ARM926EJ) running an embedded real-time operating system. The iLO 4 ASIC comes inthree flavors referred to as “GLP-3”, “GLP-4”, and “Sabine12”. iLO 4 ASICs for HP ProLiant Gen8/Gen9servers virtualize system controls to help simplify server setup, engage health monitoring, provide power andthermal control, and promote remote administration of HP ProLiant ML, DL, SL, and BL servers.Figure 1 shows a iLO 4 ASIC.AES – Advanced Encryption StandardFeature only available while not operating in the Approved mode of operation11 ASIC – Application-Specific Integrated Circuit12 Sabine and GLP-4 are identical except that Sabine has a cache used by drive arrays.910HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 6 of 27

Security Policy, Version 1.2February 10, 2016Figure 1 – iLO 4 ASICThe HP iLO 413 Cryptographic Module includes the iLO 4 ASIC and its associated memory componentsincorporated directly onto the motherboards of HP Proliant servers.The HP iLO 4 Cryptographic Module is validated at the FIPS 140-2 section levels listed in Table 2.Table 2 – Security Level Per FIPS 140-2 SectionSectionSection TitleLevel1Cryptographic Module Specification12Cryptographic Module Ports and Interfaces13Roles, Services, and Authentication14Finite State Model15Physical Security16Operational Environment7Cryptographic Key Management18EMI/EMC1519Self-tests110Design Assurance111Mitigation of Other AttacksN/A14N/AiLO – Integrated Lights-OutN/A – Not Applicable15 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility1314HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 7 of 27

Security Policy, Version 1.2February 10, 20162.2 Module SpecificationThe iLO 4 Cryptographic Module is a hardware module with a multiple-chip embedded embodiment. Theoverall security level of the module is 1. The cryptographic boundary of the module surrounds the iLO 4ASIC, Flash memory, battery-backed NVRAM16, and DDR317 SDRAM18 (see Table 3 for part numbers ofthese components).Table 3 – Module Component Part NumbersHP Part NumberModule /610107002Flash Memory (16MB19)820595-001820595-001Battery-Backed NVRAM (GLP-3/Sabine:256KB20)(GLP-4: 1MB)820597-001820596-001DDR3 SDRAM820594-001820594-001The module also includes the iLO 4 firmware and the circuit traces between the module’s physicalcomponents. With the exception of power and ground pins, all data pins on the Flash and RAM21 chips leaddirectly to the iLO 4 ASIC and do not cross the module boundary. The cryptographic boundary of the moduleand the relationship among the various internal components of the module are depicted in Figure 2 below.NVRAM – Non-Volatile Random Access MemoryDDR3 – Double Data Rate v318 SDRAM – Synchronous Dynamic Random Access Memory19 MB – Megabyte20 KB – Kilobyte21 RAM – Random Access Memory1617HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 8 of 27

Security Policy, Version 1.2February 10, 2016SouthBridgePWMGPOUSB 2.0PCI-E x1LPCGPINVRAMExpansion Bus (PECI)Analog Video Out33MhzXTAL48MhzKBDPS/2 IntfMousePS/2 Intf16xGLP/SabineLegendData InputData OutputModuleBoundaryControl InputSystemNICNC-SISPIiLO FlashSPIHostMemoryUART APrimary Ethernet IntfI2C (8x)Secondary Ethernet IntfSystem I2CPeripheralsDDR-3VGA/DVIXCVRor SDcardPHYStatus OutputFigure 2 – iLO 4 Hardware Block DiagramThe cryptographic module was tested and found compliant using the specific part numbers shown in Table3. However, HP affirms that the iLO Sabine, GLP-3, and GLP-4 ASICs specified in this module will performthe same in all HP Proliant servers regardless of the specific SDRAM, NVRAM, or flash memory chips used.All HP hardware components must meet HP’s rigorous part requirements and demonstrate the HP-requiredfunctionality.The module uses the FIPS-Approved algorithm implementations in hardware as listed in Table 4.Table 4 – FIPS-Approved Algorithm Implementations in HardwareAlgorithmAdvanced Encryption Standard (AES) in OFB22 mode (128-bit)Certificate NumberSabineGLP-3GLP-4339934013398Additionally, the module uses FIPS-Approved algorithms implemented in firmware as listed in Table 5.22OFB – Output FeedbackHP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 9 of 27

Security Policy, Version 1.2February 10, 2016Table 5 – FIPS-Approved Algorithm Implementations in FirmwareAlgorithmAES Encryption/Decryption in CBC23, ECB24 modes (128, 192, 256-bit)25CertificateNumber3400AES GCM Encryption/Decryption/Generation/Verification (128, 192,256-bit)3400Triple-DES26 Encryption/Decryption in CBC, ECB modes (3-key)1924RSA27 (FIPS 186-4) Key Generation (2048, 3072-bit), Signature Generation(2048, 3072-bit), Signature Verification (2048, 3072-bit)1740RSA (FIPS 186-2) Signature Verification (1024, 1536, 2048, 3072, 4096-bit)1740DSA29 (FIPS 186-4) Key Generation (2048, 3072-bit), SignatureGeneration (2048, 3072-bit), Signature Verification (2048, 3072-bit)959ECDSA30 (FIPS 186-4) PKG/PKV/SigGen/SigVer for P-256 and P-384curves676SHA31-1, SHA-256, SHA-384, SHA-5122814HMAC32 with SHA-1, SHA-256, SHA-384, SHA-5123334352169NIST SP 800-90A based CTR DRBG (with 128-bit AES), noderivation function814Section 4.2, TLS – KDF36 (SP 800-135)37502Section 5.2, SSH – KDF (SP 800-135)502Note: Additional information concerning RSA, DSA, and SHA-1, and specific guidance on transitions to the use of strongercryptographic keys and more robust algorithms, is contained in NIST Special Publication 800-131A.The module utilizes the following non-Approved algorithm implementations that are allowed for use in anApproved mode of operation: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bitsof encryption strength)EC38 Diffie-Hellman (key agreement; key establishment methodology provides between 128 and192 bits of encryption strength)MD395 (for TLS use)CBC – Cipher-Block ChainingECB – Electronic Codebook25 GCM – Galois/Counter Mode26 DES – Data Encryption Standard27 RSA – Rivest, Shamir, and Adleman29 DSA – Digital Signature Algorithm30 ECDSA – Elliptical Curve Digital Signature Algorithm31 SHA – Secure Hash Algorithm32 HMAC – (Keyed) Hash Messaged Authentication Code33 SP – Special Publication34 CTR – Counter35 DRBG – Deterministic Random Bit Generator36 KDF – Key Derivation Function37 The corresponding protocols of this KDF, TLS and SSH, have not been tested by CAVP and CMVP.38 EC – Elliptical Curve39 MD – Message Digest2324HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 10 of 27

Security Policy, Version 1.2 February 10, 2016RSA (key wrapping; key establishment methodology provides between 112 and 256 bits ofencryption strength)NDRNG40 used for entropy gathering2.3 Module InterfacesiLO 4 offers a WebUI41 (accessible over TLS) and a Command Line (CLI) (accessible over SSH)management interfaces. The module’s design separates the physical ports into five logically distinctcategories. They are: Data Input Data Output Control Input Status Output PowerThe iLO 4 ASIC provides several power and ground interfaces to the module, as do the Flash and RAMchips. The physical ports and interfaces of the module comprise the individual pins on the iLO 4 ASIC asdescribed by logical interfaces in Table 6. All of these interfaces are also separated into logical interfacesdefined by FIPS 140-2 in Table 6 below.Table 6 – FIPS 140-2 Logical Interface MappingsPhysical Interface(ASIC Pins)QuantityFIPS 140-2 InterfaceLPC42/PCIe431 Data InputData OutputUSB 2.0441 Data InputData OutputControl InputStatus OutputPECI451 Data InputData OutputVGA46/DVI471 Data OutputStatus OutputClock In2 Data InputGPIO482 Control InputStatus OutputNDRNG – Non-Deterministic Random Number GeneratorWebUI – Web User Interface42 LPC – Low Pin Count43 PCIe – Peripheral Component Interconnect Express44 USB – Universal Serial Bus45 PECI – Platform Environmental Control Interface46 VGA – Video Graphics Array47 DVI – Digital Visual Interface48 GPIO – General Purpose Input Output4041HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 11 of 27

Security Policy, Version 1.2Physical Interface(ASIC Pins)February 10, 2016QuantityFIPS 140-2 InterfacePS/2492 Data InputControl InputI2C501 Data InputData OutputGMII51/MII52 (PrimaryEthernet)1 Data InputData OutputControl InputStatus OutputRMII53/MII (SecondaryEthernet)1 Data InputData OutputControl InputStatus OutputUART543 Control InputStatus OutputPWM558 Data OutputSPI562 Data InputData OutputPower4 Power Input2.4 Roles and ServicesThe module supports two roles that operators may assume: a Crypto-Officer (CO) role and a User role. Theroles are explicitly assumed by using a username and a password.2.4.1 Crypto-Officer RoleThe Crypto-Officer role has the ability to configure the module. This role is assigned when the first operatorlogs into the system using the default username and password. Only the Crypto-Officer can create otherusers and provision the iLO 4 to operate in FIPS-Approved mode. Crypto-Officer services are provided viathe supported secure protocols, specifically Transport Layer Security (TLS) and SSH. Descriptions of theservices available to the Crypto-Officer are provided in Table 7. Please note that the keys and CSPs listed inthe table indicate the type of access required using the following notation: R – Read: The CSP57 is read.W – Write: The CSP is established, generated, modified, or zeroized.PS/2 – Personal System/2I2C – Inter-Integrated Circuit51 GMII – Gigabit Media Independent Interface52 MII – Media Independent Interface53 RMII – Reduced Media Independent Interface54 UART – Universal Asynchronous Receiver/Transmitter55 PWM – Power Management56 SPI – Serial Peripheral Interface57 CSP – Critical Security Parameter4950HP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 12 of 27

Security Policy, Version 1.2 February 10, 2016X – Execute: The CSP is used within an Approved or Allowed security function or authenticationmechanism.Table 7 – Crypto-Officer ServicesServiceDescriptionInputsOutputsCSP and Type ofAccessAuthenticateAuthenticate CO to module Command Commandandresponse /parameters StatusoutputPassword – R/XAdd, remove,modify or assignusers and rolesCreate, edit, and deleteCommand Commandusers; Define user accounts andresponse /and assign permissionsparameters StatusoutputPassword – W/R/XView systeminformationView and monitor systeminformation, event logs,power settings, etc.CommandCommandresponse /StatusoutputPassword – R/XView networkstatisticsView and monitor networkinformation and statisticsCommandCommandresponse /StatusoutputPassword – R/XConfigure themodule and hostserverConfigure and manage theCommandmodule and host systemandparameters such as Remote parametersconsole, virtual media,power management,network management andhost serverCommandresponse /StatusoutputPassword – R/XActivate ordeactivate licensedfeaturesEnable advanced featuresCommandincluding graphical remoteandconsole, multi-userparameterscollaboration, power andthermal optimization, healthmonitoring, virtual media,and console video recordingand playbackCommandresponse /StatusoutputPassword – R/XSet FIPS modeSet the FIPS mode flagCommandCommandresponse /StatusoutputPassword – R/XZeroize keys andCSPsZeroize all the keys andCSPs stored within iLOCommandCommandresponse /StatusoutputAll – R/W/XHP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 13 of 27

Security Policy, Version 1.2ServiceFebruary 10, 2016OutputsCSP and Type ofAccessDescriptionInputsAdminister TLScertificatesAdd, remove, or view rootand specific certificates forHTTPS58 connectionsCommandCommandresponse /StatusoutputPassword – R/XRSA private/public keys –R/XShow statusIndicate whether theCommandmodule is in FIPS-ApprovedmodeCommandresponse /StatusoutputPassword – R/XPerform self-testsPerform power-up self-tests Reset oron demandPowerCycleStatusoutputNoneAccess the modulevia SSH/CLILogin to the module via CLI Commandusing SSH protocol toperform CO servicesCommandresponse /StatusoutputPassword – R/XDSA Public key – R/XDSA Private key – R/XSSH Session key – R/W/XSSH Authentication Key –R/W/XAccess the modulevia TLS/WebUILogin to the module viaWebUI using TLS protocolto perform CO servicesCommandCommandresponse /StatusoutputPassword – R/XRSA Public key – R/XRSA Private key – R/XECDSA Public key – R/XTLS Session key – R/W/XTLS Authentication Key –R/W/XFirmware UpgradeLoad new firmware andperform an integrity testusing an RSA digitalsignature verificationCommandStatusoutputFirwmare UpgradeAuthentication Key – R/X2.4.2 User RoleThe User role has the ability to monitor the module configurations and the host system. Descriptions of theservices available to the User role are provided in the Table 8.Table 8 – User ser logs into moduleChange PasswordChange the user’s password Command Commandandresponse /parameters Statusoutput58Command Commandandresponse /parameters StatusoutputCSP and Type ofAccessPassword – R/XPassword – R/W/XHTTPS – Hypertext Transfer Protocol SecureHP iLO 4 Cryptographic Module 2016 Hewlett Packard Enterprise Development LPThis document may be freely reproduced and distributed whole and intact including this copyright notice.Page 14 of 27

Security Policy, Version 1.2ServiceFebruary 10, 2016DescriptionInputOutputCSP and Type ofAccessView systeminformationView and monitor systeminformation, event logs,power settings, etc.CommandCommandresponse /StatusoutputNoneView networkstatisticsView and monitor networkinformation and statisticsCommandCommandresponse /StatusoutputPassword – R/XShow statusIndicate whether theCommandmodule is in FIPS-ApprovedmodeCommandresponse /StatusoutputPassword – R/XPerform self-testsPerform Power-up SelfTests on demandStatusoutputNoneAccess the modulevia CLILogin to the module via CLI Commandusing SSH protocol toperform user servicesCommandresponse /StatusoutputPassword – R/XDSA Public key – R/XDSA Private key – R/XSSH Session key – R/W/XSSH Authentication Key –R/W/XAccess the modulevia WebUILogin to the module viaWebUI using TLS protocolto perform user servicesCommandresponse /StatusoutputPassword – R/XRSA Public key – R/XRSA Private key – R/XECDSA Public key – R/XTLS Session key – R/W/XTLS Authent

Insight Manager, Insight Control, and Insight Dynamics. Advanced features of iLO 4, available via licensing, include (but are not limited to) the following: graphical remote console, multi-user collaboration, power and thermal optimization, health monitoring,