HPE iLO 5 New Features

HPE iLO 5 Update

This guest post is brought to you by Armin Kerl, if you fancy trying you hand at blogging check out our guest posting opportunities.

iLO5 is now over a year old and quietly HPE have implemented some nice enhancements. Let me describe some of the new features.

With iLO Firmware 1.40 the “iLO Advanced Premium Security” licensed features moved to the “iLO Advanced” license. So, the iLO ASPE License have gone.

To get all the following new features, the update of iLO Firmware alone is not enough. You need some more updates. Here is an overview, that works for me:

Firmware versions

Security Dashboard

The Security Dashboard collects some security settings and displays an overview of the security status. Most systems will now display a red warning.

Server security status
You can set the first three to ignore and it goes to yellow.


To get the green status the only way is to change the required to minimum.

Virtual NIC

Now, take a look at Security > Access Settings > iLO
You will find a new entry: “Virtual NIC”

ILO virtual NIC
What happens if you enable it? Example on Windows (support for Windows 2016, 2019, SLES 12, 15, RHEL 7.6). The OS will detect a new NIC and this NIC will get a fixed IP address: 16.1.15.1 (this an HPE reserved IP)

rtual NIC ILO device manager
This IP is internal only to the Server and does not go outside.
Now you are able to connect to the iLO with this fixed IP address.

Why would you need to do this?
– If you need access to the iLO and have no iLO network connection
– If you need access to the iLO and don’t want to Install the iLO OS driver

When not to use this feature. I have had some trouble when setting up a Windows Cluster and the cluster detected this NIC.

Update Service Settings

Scroll Down to Security > Access Settings > Update Service

Update service settings

This prevents a firmware downgrade to an compromised version.
Attention: permanently means for ever, there is no way to go back.

Intelligent System Tuning

The Performance Monitoring show some historical performance data.

Threshold Alerts
On the bottom page you can set Threshold Alerts. The Workload Performance Advisor compares the historical performance and recommends BIOS settings to enhance the performance.

secure erase ILO

Secure Erase

At the end the best. This has been a customer request for some time to secure erase the complete system. This would be useful If for example you want to resell you old server or have reached the end of your lease and need to wipe the whole system.

Start Intelligent Provisioning


If needed, skip the “First Time Wizard” > Perform Maintenance

HPE ILO Secure erase
Here it is, the “One-button secure erase.”

It not only deletes the volume, it:
– Resets the server to factory defaults
– Wipes the NAND (all ILO settings, logs)
– Erases all secondary storage
– Is compliant to NIST 800-88r1
O.K., this are the main new Features, thanks’ for reading.

Armin

Updating ProLiant Servers with HPE SUM

HPE SUM (Smart Update Manager) can be used to quickly update ProLiant hosts. This is a central console that will allow you to scan your ProLiant hosts, recommends updates and then apply them with little interaction.  This is far quicker than doing it manually and ensures that the correct packages are applied in the right order. The procedure to use HPE SUM is as follows

1 Download SPP ( Service Pack for ProLiant).  This contains not only all the patches you will need but also SUM (Smart Update Manager)

2 Once you have downloaded SPP run the ISO, when mounted you will need to run the launch_hpsum batch file.  Chose to run as Administrator

3 When started HPE SUM will appear in a web browser.  The home screen shows options to update the local server, add a baseline and to add remote nodes.

First we will add the baseline, From the drop down menu choose baseline library, add baseline , in the location field location If you are using SPP set the baseline path to CD Drive letter:\packages

4 Next we need to add the servers we wish to patch. Once you are in the Nodes screen choose, Add Node you will then see the following screen.  At a minimum you will need to fill out

  • IP Address / Hostname
  • Node type – Windows, ESX etc
  • Baseline to apply – If you are using SPP set the baseline path to CD Drive letter:\packages
  • Credentials

5 When you click on a host it will say checking / installing perquisites . Once that is complete you will get the option to perform an inventory

Select the baseline you created earlier

6 When the inventory is complete you will see the option to review and deploy updates

In the next screen choose the updates you wish to apply

iLO service port

HPE iLO Service port – How to use it?

The HPE ProLiant Gen10 Server has iLO 5 which now has a new iLO USB port on the front. This new ILO 5 service port has some useful features and use cases which guest blogger Armin is Kerl going to be showing you how to use. Your can learn more about Armin in the guest blogger hall of fame.

iLO service port

What is The HPE iLO 5 Service Port?

The iLO service port can be used for:

  • Downloading the Active Health System Log to a supported USB flash drive.
  • Connecting a client (such as a laptop) with a supported USB to a Ethernet adapter in order to access the iLO web interface, remote console, CLI, iLO RESTful API, or scripts.

How to use the iLO 5 Service Port

Getting connected is a simple two step process:

  1. Use a supported USB to Ethernet adapter to connect a client laptop to the Service Port (the USB port labeled iLO, on the front of the server).

The iLO Service Port supports USB Ethernet adapters that contain one of the following chips by ASIX Electronics Corporation: AX88772, AX88772A, AX88772B, AX88772C. Hewlett Packard Enterprise recommends the HPE USB to ethernet adapter with part number: Q7Y55A

In this example I am using this No-Name Adapter

USB 2 LAN Dongle

  1. Connect to iLO through a browser by using this fixed IPv4 address: 169.254.1.2.
    (The Client will get a DHCP IP Address from the iLO.)

iLO Login page

After the Login, we see the Standard iLO Menu:

iLO Menu

Also accessing the iLO Remote Console is possible:

iLO Remote Console

Here is my Laptop with attached ProLiant Server:

Laptop connected to ILO 5 service port

When to use the service port

I see two main use cases.

  1. Setup of a new Server in the lab
    In the past we connected the PC by the iLO LAN Port.
    However, there are problems with this approach:
    – If we use our company LAN, there is DHCP but then I cannot configure the customer IP.
    – If we use the customer IP, there is no DHCP and we need to attach monitor/keyboard first.
    Now I am able to patch it to my PC, simply connect to the fixed IP Address and can configure the Server iLO with Customer IP Address.
  2. At a Customer Site
    Most Customers are no longer using KVM Switches and Consoles, they use iLO for Remote access. But if iLO connection is not possible (unknown IP, not cabled), they have to attach a local Monitor and Keyboard/Mouse. Now we can simply plug in the USB2LAN Adapter and connect a Laptop.

My Enhancement

I tried to connect the USB2LAN Adapter via a Nano Wi-Fi-Access Point.

This was the particular model:

Nano Router

Here is the Nano Router config:

WiFi information

WiFi IP address

iLO 5 with WiFi

Now I am able to connect to the server without any cables by using Wi-Fi.
This works not only in my lab but in the workplace. 🙂