HPE released recently this new firmware 1.40 for its iLO5 (Integrated Lights Out) on-system management function inside their Proliant and Apollo server line, which is so impacting that it is worth to write an article about it.

I hear too often: firmware updates? Naaah no time for this… And everything works, why change?

Well, read further! I am not going to repeat the entire release notes from what was published with the iLO5 1.40 firmware, but highlight the most important ones. Ands you will see it is worth to update your iLO’s!

 

License simplification

The important news here is that the iLO Advanced Premium Security license, that was required for features like Automatic Secure Recovery, Runtime FW Validation and Secure Erase of User Data, will be merged with the iLO Advanced license, at the price of the Advanced license with no additional cost… Great news!

For those who purchased the iLO Advanced license, upgrade to the newest iLO firmware and you will get all these features!

 

Security Dashboard

The new firmware adds also some additional security features in the system. Starting with a Security Dashboard:

iLO will be checking permanently 8 security settings for you:

  • IPMI/DCMI over LAN = disabled
  • Minimum Password Length >= 8
  • Require Login for iLO RBSU = enabled
  • Password Complexity = enabled
  • Security Override Switch = off
  • Authentication failure login = on
  • Secure boot = on
  • Last firmware scan result = ok

Ignore switches give you control to override the setting. Status will be typically displayed with green, yellow or red status.

I assume/hope/expect this information will be reported further to OneView one day as well for centralized security compliance checking… To be continued for sure.

 

One-button Secure Erase

The title says it all… There will be an option (one button) through Intelligent Provisioning where the administrator can erase all data from the system, including:

  • Configuration Settings
  • Passwords
  • Secure Boot Key Database
  • iLO Advanced License
  • iLO User Accounts
  • Information Stored in TPM
  • TLS Certificates
  • User Defined Defaults
  • Active Health System
  • iLO FW Repository
  • FW Recovery Set
  • Persistent Memory
  • Information on HDDs.*

This function replaces an existing procedure of 15 pages involving many steps… This feature is NIST compliant as well!

 

Other features

The list is too long to mention: performance telemetry visibility, NVMe wear level display, firmware downgrade policy enhancements, enhanced virtual NIC functionality, server tuning recommendations through Workload Performance Advisor, and so on…

 

Upgrade time!

 

Be social and share!