HPE iLO 5 New Features

HPE iLO 5 Update

This guest post is brought to you by Armin Kerl, if you fancy trying you hand at blogging check out our guest posting opportunities.

iLO5 is now over a year old and quietly HPE have implemented some nice enhancements. Let me describe some of the new features.

With iLO Firmware 1.40 the “iLO Advanced Premium Security” licensed features moved to the “iLO Advanced” license. So, the iLO ASPE License have gone.

To get all the following new features, the update of iLO Firmware alone is not enough. You need some more updates. Here is an overview, that works for me:

Firmware versions

Security Dashboard

The Security Dashboard collects some security settings and displays an overview of the security status. Most systems will now display a red warning.

Server security status
You can set the first three to ignore and it goes to yellow.


To get the green status the only way is to change the required to minimum.

Virtual NIC

Now, take a look at Security > Access Settings > iLO
You will find a new entry: “Virtual NIC”

ILO virtual NIC
What happens if you enable it? Example on Windows (support for Windows 2016, 2019, SLES 12, 15, RHEL 7.6). The OS will detect a new NIC and this NIC will get a fixed IP address: 16.1.15.1 (this an HPE reserved IP)

rtual NIC ILO device manager
This IP is internal only to the Server and does not go outside.
Now you are able to connect to the iLO with this fixed IP address.

Why would you need to do this?
– If you need access to the iLO and have no iLO network connection
– If you need access to the iLO and don’t want to Install the iLO OS driver

When not to use this feature. I have had some trouble when setting up a Windows Cluster and the cluster detected this NIC.

Update Service Settings

Scroll Down to Security > Access Settings > Update Service

Update service settings

This prevents a firmware downgrade to an compromised version.
Attention: permanently means for ever, there is no way to go back.

Intelligent System Tuning

The Performance Monitoring show some historical performance data.

Threshold Alerts
On the bottom page you can set Threshold Alerts. The Workload Performance Advisor compares the historical performance and recommends BIOS settings to enhance the performance.

secure erase ILO

Secure Erase

At the end the best. This has been a customer request for some time to secure erase the complete system. This would be useful If for example you want to resell you old server or have reached the end of your lease and need to wipe the whole system.

Start Intelligent Provisioning


If needed, skip the “First Time Wizard” > Perform Maintenance

HPE ILO Secure erase
Here it is, the “One-button secure erase.”

It not only deletes the volume, it:
– Resets the server to factory defaults
– Wipes the NAND (all ILO settings, logs)
– Erases all secondary storage
– Is compliant to NIST 800-88r1
O.K., this are the main new Features, thanks’ for reading.

Armin

iLO service port

HPE iLO Service port – How to use it?

The HPE ProLiant Gen10 Server has iLO 5 which now has a new iLO USB port on the front. This new ILO 5 service port has some useful features and use cases which guest blogger Armin is Kerl going to be showing you how to use. Your can learn more about Armin in the guest blogger hall of fame.

iLO service port

What is The HPE iLO 5 Service Port?

The iLO service port can be used for:

  • Downloading the Active Health System Log to a supported USB flash drive.
  • Connecting a client (such as a laptop) with a supported USB to a Ethernet adapter in order to access the iLO web interface, remote console, CLI, iLO RESTful API, or scripts.

How to use the iLO 5 Service Port

Getting connected is a simple two step process:

  1. Use a supported USB to Ethernet adapter to connect a client laptop to the Service Port (the USB port labeled iLO, on the front of the server).

The iLO Service Port supports USB Ethernet adapters that contain one of the following chips by ASIX Electronics Corporation: AX88772, AX88772A, AX88772B, AX88772C. Hewlett Packard Enterprise recommends the HPE USB to ethernet adapter with part number: Q7Y55A

In this example I am using this No-Name Adapter

USB 2 LAN Dongle

  1. Connect to iLO through a browser by using this fixed IPv4 address: 169.254.1.2.
    (The Client will get a DHCP IP Address from the iLO.)

iLO Login page

After the Login, we see the Standard iLO Menu:

iLO Menu

Also accessing the iLO Remote Console is possible:

iLO Remote Console

Here is my Laptop with attached ProLiant Server:

Laptop connected to ILO 5 service port

When to use the service port

I see two main use cases.

  1. Setup of a new Server in the lab
    In the past we connected the PC by the iLO LAN Port.
    However, there are problems with this approach:
    – If we use our company LAN, there is DHCP but then I cannot configure the customer IP.
    – If we use the customer IP, there is no DHCP and we need to attach monitor/keyboard first.
    Now I am able to patch it to my PC, simply connect to the fixed IP Address and can configure the Server iLO with Customer IP Address.
  2. At a Customer Site
    Most Customers are no longer using KVM Switches and Consoles, they use iLO for Remote access. But if iLO connection is not possible (unknown IP, not cabled), they have to attach a local Monitor and Keyboard/Mouse. Now we can simply plug in the USB2LAN Adapter and connect a Laptop.

My Enhancement

I tried to connect the USB2LAN Adapter via a Nano Wi-Fi-Access Point.

This was the particular model:

Nano Router

Here is the Nano Router config:

WiFi information

WiFi IP address

iLO 5 with WiFi

Now I am able to connect to the server without any cables by using Wi-Fi.
This works not only in my lab but in the workplace. 🙂