Understanding the security features of HPE OneView > Controlling access to the appliance console

  

 next

Controlling access to the appliance console

Use the hypervisor management software to restrict access to the appliance, which prevents unauthorized users from accessing the password reset and service access features. See Restricting console access.

Typical legitimate uses for access to the console are:

  • Troubleshooting network configuration issues

  • Resetting an appliance administrator password

    For information on how to reset the administrator password, see Reset the administrator password.

  • Enabling service access by an on-site authorized support representative

The virtual appliance console is displayed in a graphical console; password reset and Hewlett Packard Enterprise Services access use a non-graphical console.

Switching from one console to another (VMware vSphere and Microsoft Hyper-V)

  1. Open the virtual appliance console.

  2. Press and hold Ctrl+Alt.

  3. Press and release the space bar (VMware vSphere only).

  4. Press and release F1 to select the non-graphical console or F2 to select the graphical console.

Switching from one console to another (KVM)

  1. Open the Virtual Machine Manager.

  2. In the Menu bar, select Send KeyCtrl+Alt+F1 for the non-graphical console or select Send KeyCtrl+Alt+F2 for the graphical console.

Enable or disable authorized services access

When you first start up the appliance, you can choose to enable or disable access by on-site authorized support representatives. By default, on-site authorized support representatives are allowed to access your system through the appliance console and diagnose issues that you have reported.

Support access is a root-level shell, which enables the on-site authorized support representative to debug any problems on the appliance and obtain a one-time password using a challenge/response mechanism similar to the one for a password reset.

Any time after the initial configuration of the appliance, an Infrastructure administrator can enable or disable services access through the UI with the following procedure:

Prerequisites 

  • Minimum required privileges: Infrastructure administrator

Enabling or disabling authorized services access

  1. From the main menu, select Settings.

  2. Click the Edit icon in the Security panel.

    The Edit Security window opens.

  3. Select the appropriate setting for Service console access:

    • Disabled to prevent access to the console.

    • Enabled to allow access to the console.

  4. Click OK.

You can also use an appliance/settings REST API to enable or disable services access.
[NOTE: ]

NOTE: Hewlett Packard Enterprise recommends that you enable access. Otherwise, the authorized support representative will not be able to access the appliance to correct troubleshoot issues.

Restricting console access

You can restrict console access to the virtual appliance through secure management practices of the hypervisor itself.

For VMware vSphere, this information is available from the VMware website:

http://www.vmware.com

In particular, search for topics related to vSphere's Console Interaction privilege and best practices for managing VMware's roles and permissions.

For Microsoft Hyper-V, restrict access to the console through role-based access. For information, see the Microsoft website:

http://www.microsoft.com

prev

 

up

 next

Ports required for HPE OneView 

home

 Algorithms for securing the appliance

Copyright © 2013, 2016 Hewlett Packard Enterprise Development LP